summaryrefslogtreecommitdiffstats
path: root/NEWS
diff options
context:
space:
mode:
Diffstat (limited to 'NEWS')
-rw-r--r--NEWS5768
1 files changed, 5768 insertions, 0 deletions
diff --git a/NEWS b/NEWS
new file mode 100644
index 0000000..272ff18
--- /dev/null
+++ b/NEWS
@@ -0,0 +1,5768 @@
+v2.3.21 2023-09-15 Aki Tuomi <aki.tuomi@open-xchange.com>
+
+ * lib-oauth2: Allow JWT tokens to be validated with missing typ field.
+ The typ field is left out by some key issuers to conserve space,
+ notably kubernetes. Now missing typ is tolerated, but if present, it
+ still must be "jwt".
+ + auth: Auth passdb and userdb reply can contain "event_<name>=value"
+ which will be added to login event and mail user event respectively.
+ + lib-master: Set process title during various initialization stages to
+ clearly describe what the process is waiting on.
+ + lib-storage: The mail_temp_scan_interval is now fuzzed incrementing it
+ by 0..30% based on username's hash to reduce the chance of load spikes.
+ + lib-storage: The temp file scan has been moved from the open of the
+ mailbox to the close, to reduce the latency perceived by users.
+ + stats: If metric has fields specified, all these fields are
+ exported as counters to prometheus exposition.
+ See https://doc.dovecot.org/configuration_manual/stats/openmetrics/.
+ - *-login: Processes might have crashed when a SSL connection disconnects
+ uncleanly.
+ - acl: When plugin was loaded \HasChildren and \HasNoChildren flags
+ were calculated incorrectly for mailboxes containing '*' and '%'
+ in their names.
+ - auth: Crash occured if a connection to PostgreSQL database server
+ failed during startup.
+ - auth: Logins with invalid passwords (e.g. unknown scheme) in passdb
+ were failing with "password mismatch" instead of "internal error".
+ - auth: XOAUTH2 and OAUTHBEARER mechanisms were not giving out protocol
+ specific error message on all errors. This especially broke OIDC
+ discovery.
+ - dbox: When last_temp_file_scan header wasn't set (especially after
+ dsync migration), the next mailbox open always triggers the temp file
+ scan. This could have caused a load spike after migrations. Fixed by
+ using the mailbox directory's atime when the header isn't set, which
+ usually moves the scan time into the future.
+ - dict-redis: A crash would occur on transaction rollback.
+ - dsync: Infinite loop causing out of memory would occur when handling
+ mailbox deletion from remote end and hierarchy separators would differ.
+ - dsync: Incremental dsync failed for folder names ending with '%',
+ unless BROKENCHAR was set. Also folder names with '%' elsewhere in
+ them caused each incremental dsync to unnecessarily rename the folder
+ to a temporary name and back. v2.3.19 regression.
+ - imap-hibernate: If an IMAP client unhibernation timed out with
+ "(version received)", the unhibernation could still have successfully
+ finished later on and continued working normally. This was rather
+ confusing, because imap-hibernate already logged that the client got
+ disconnected. Avoid this by forcing the connection to shutdown on
+ unhibernation timeout.
+ - imapc: Crashed when a folder mapped through the virtual plugin
+ disappears from the storage.
+ - imapc: EXPUNGE, EXISTS or FETCH replies from a server for a previously
+ selected mailbox could have been processed as if they belonged to the
+ new mailbox currently being selected. This could have caused warnings.
+ - lib-http: Dovecot HTTP server (doveadm, stats/openmetrics) may have
+ disconnected HTTP clients before the response is fully sent. This
+ happened only on busy servers where kernel's socket buffers were
+ rather full.
+ - lib-http: Fixed a potential crash on http-server if a client
+ disconnected early. v2.3.18 regression.
+ - lib-index: Index file corruption could have caused a crash. Fixes:
+ Panic: file mail-transaction-log-view.c: line 165 (mail_transaction_log_view_set):
+ assertion failed: (min_file_seq <= max_file_seq).
+ - lib-index: Purging an existing >1GB cache file can crash. Now cache
+ files still above 1GB after purging are removed. Fixes:
+ Panic: file mail-index-util.c: line 10 (mail_index_uint32_to_offset):
+ assertion failed: (offset < 0x40000000)
+ - lib-lua: A HTTP client could not resolve DNS names in mail processes,
+ because it expected "the dns-client" socket to exist in the current
+ directory.
+ - lib-oauth2: Dovecot would send client_id and client_secret as POST
+ parameters to the introspection server. These need to be optionally in
+ Basic auth instead.
+ - lib-oauth2: JWT aud validation was not performed if aud was missing
+ from a token, but was configured on Dovecot.
+ - lib-oauth2: JWT key type check was too strict.
+ - lib-oauth2: JWT token audience was not validated against client_id as
+ required by the specification.
+ - lib-ssl-iostream: Using the ssl_require_crl=yes setting may have caused
+ CRL check failures for outgoing SSL/TLS connections, although it was
+ supposed to affect checking CRLs only for client-side SSL
+ certificates. v2.3.17 regression.
+ - lib-sql: MySQL driver leaked memory when connection failed.
+ - lib-storage: Various fixes when running into out of disk space.
+ - master: Service idle_kill setting didn't work properly on busy
+ servers. It was very unlikely that any process was idling long enough
+ to become killed. Also the idle_kill handling code was using quite a
+ lot of CPU on the master process when there were a lot of processes
+ (e.g. imap). The new behavior is to track the lowest number of idling
+ processes every idle_kill time interval and then kill that many idling
+ processes.
+ - mdbox: Temp file scan was done for always empty directories.
+ - mdbox: The fdatasync() call was done in wrong parent directory when
+ writing mails. Also on a failure it crashed instead of logging an error.
+ - notify_status: The plugin crashes if any user initialization fails.
+ - pop3: Sending command with the ':' character caused an assert-crash.
+ v2.3.18 regression. Fixes: Panic: event_reason_code_prefix(): name has ':'
+ - stats: Fix panic when a nonexistent event exporter was referenced while
+ adding a new metric dynamically via doveadm stats add. This produces
+ a proper error now.
+ - stats: If process exported a lot of events and then exited, some of
+ the last events may have become lost.
+ - stats: Invalid Prometheus label names were created with specific
+ histogram group_by configurations. Prometheus rejected these labels.
+ - welcome: The plugin didn't execute in some situations that created
+ INBOX but didn't open it, e.g. if GETMETADATA was used before the
+ INBOX was opened.
+
+v2.3.20 2022-12-22 Aki Tuomi <aki.tuomi@open-xchange.com>
+
+ + Add dsync_features=no-header-hashes. When this setting is enabled and
+ one dsync side doesn't support mail GUIDs (i.e. imapc), there is no
+ fallback to using header hashes. Instead, dsync assumes that all mails
+ with identical IMAP UIDs contains the same mail contents. This can
+ significantly improve dsync performance with some IMAP servers that
+ don't support caching Date/Message-ID headers.
+ + lua: HTTP client has more settings now, see
+ https://doc.dovecot.org/admin_manual/lua/#dovecot.http.client
+ + replicator: "doveadm replicator status" command now outputs when the
+ next sync is expected for the user.
+ - LAYOUT=index: duplicate GUIDs were not cleaned out. Also the list
+ recovery was not optimal.
+ - auth: Assert crash would occur when iterating multiple userdb
+ backends.
+ - director: Logging into director using master user with
+ auth_master_user_separator character redirected user to a wrong
+ backend, unless master_user_separator setting was also set to the same
+ value. Merged these into auth_master_user_separator.
+ - dsync: Couldn't always fix folder GUID conflicts automatically with
+ Maildir format. This resulted in replication repeatedly failing
+ with "Remote lost mailbox GUID".
+ - dsync: Failed to migrate INBOX when using namespace prefix=INBOX/,
+ resulting in "Remote lost mailbox GUID" errors.
+ - dsync: INBOX was created too early with namespace prefix=INBOX/,
+ resulting a GUID conflict. This may have been resolved automatically,
+ but not always.
+ - dsync: v2.3.18 regression: Wrong imapc password with dsync caused
+ Panic: file lib-event.c: line 506 (event_pop_global):
+ assertion failed: (event == current_global_event)
+ - imapc: Requesting STATUS for a mailbox with imapc and INDEXPVT
+ configured did not return correct (private) unseen counts.
+ - lib-dict: Process would crash when committing data to redis without
+ dict proxy.
+ - lib-mail: Corrupted cached BODYSTRUCTURE caused panic during FETCH.
+ Fixes: Panic: file message-part-data.c: line 579 (message_part_is_attachment):
+ assertion failed: (data != NULL). v2.3.13 regression.
+ - lib-storage: mail_attribute_dict with dict-sql failed when it tried to
+ lookup empty dict keys.
+ - lib: ioloop-kqueue was missing include breaking some BSD builds.
+ - lua-http: Dovecot Lua HTTP client could not resolve DNS names in mail
+ processes, because it expected "dns-client" socket to exist in the
+ current directory.
+ - oauth2: Using %{oauth2:name} variables could cause useless
+ introspections.
+ - pop3: Sending POP3 command with ':' character caused an assert-crash.
+ v2.3.18 regression.
+ - replicator: Replication queue had various issues, potentially causing
+ replication requests to become stuck.
+ - stats: Invalid Prometheus label names were created with specific
+ histogram group_by configurations. Prometheus rejected these labels.
+
+v2.3.19.1 2022-06-14 Aki Tuomi <aki.tuomi@open-xchange.com>
+
+ - doveadm deduplicate: Non-duplicate mails were deleted.
+ v2.3.19 regression.
+ - auth: Crash would occur when iterating multiple backends.
+ Fixes: Panic: file userdb-blocking.c:
+ line 125 (userdb_blocking_iter_next): assertion failed: (ctx->conn != NULL)
+
+v2.3.19 2022-05-10 Aki Tuomi <aki.tuomi@open-xchange.com>
+
+ + Added mail_user_session_finished event, which is emitted when the mail
+ user session is finished (e.g. imap, pop3, lmtp). It also includes
+ fields with some process statistics information.
+ See https://doc.dovecot.org/admin_manual/list_of_events/ for more
+ information.
+ + Added process_shutdown_filter setting. When an event matches the filter,
+ the process will be shutdown after the current connection(s) have
+ finished. This is intended to reduce memory usage of long-running imap
+ processes that keep a lot of memory allocated instead of freeing it to
+ the OS.
+ + auth: Add cache hit indicator to auth passdb/userdb finished events.
+ See https://doc.dovecot.org/admin_manual/list_of_events/ for more
+ information.
+ + doveadm deduplicate: Performance is improved significantly.
+ + imapc: COPY commands were sent one mail at a time to the remote IMAP
+ server. Now the copying is buffered, so multiple mails can be copied
+ with a single COPY command.
+ + lib-lua: Add a Lua interface to Dovecot's HTTP client library. See
+ https://doc.dovecot.org/admin_manual/lua/ for more information.
+ - auth: Cache lookup would use incorrect cache key after username change.
+ - auth: Improve handling unexpected LDAP connection errors/hangs.
+ Try to fix up these cases by reconnecting to the LDAP server and
+ aborting LDAP requests earlier.
+ - auth: Process crashed if userdb iteration was attempted while auth-workers
+ were already full handling auth requests.
+ - auth: db-oauth2: Using %{oauth2:name} variables caused unnecessary
+ introspection requests.
+ - dict: Timeouts may have been leaked at deinit.
+ - director: Ring may have become unstable if a backend's tag was changed.
+ It could also have caused director process to crash.
+ - doveadm kick: Numeric parameter was treated as IP address.
+ - doveadm: Proxying can panic when flushing print output. Fixes
+ Panic: file ioloop.c: line 865 (io_loop_destroy): assertion failed:
+ (ioloop == current_ioloop).
+ - doveadm sync: BROKENCHAR was wrongly changed to '_' character when
+ migrating mailboxes. This was set by default to %, so any mailbox
+ names containing % characters were modified to "_25".
+ - imapc: Copying or moving mails with doveadm to an imapc mailbox could
+ have produced "Error: Syncing mailbox '[...]' failed" Errors. The
+ operation itself succeeded but attempting to sync the destination
+ mailbox failed.
+ - imapc: Prevent index log synchronization errors when two or more imapc
+ sessions are adding messages to the same mailbox index files, i.e.
+ INDEX=MEMORY is not used.
+ - indexer: Process was slowly leaking memory for each indexing request.
+ - lib-fts: fts header filters caused binary content to be sent to the
+ indexer with non-default configuration.
+ - doveadm-server: Process could hang in some situations when printing
+ output to TCP client, e.g. when printing doveadm sync state.
+ - lib-index: dovecot.index.log files were often read and parsed entirely,
+ rather than only the parts that were actually necessary. This mainly
+ increased CPU usage.
+ - lmtp-proxy: Session ID forwarding would cause same session IDs being
+ used when delivering same mail to multiple backends.
+ - log: Log prefix update may have been lost if log process was busy.
+ This could have caused log prefixes to be empty or in some cases
+ reused between sessions, i.e. log lines could have been logged for the
+ wrong user/session.
+ - mail_crypt: Plugin crashes if it's loaded only for some users. Fixes
+ Panic: Module context mail_crypt_user_module missing.
+ - mail_crypt: When LMTP was delivering mails to both recipients with mail
+ encryption enabled and not enabled, the non-encrypted recipients may
+ have gotten mails encrypted anyway. This happened when the first
+ recipient was encrypted (mail_crypt_save_version=2) and the 2nd
+ recipient was not encrypted (mail_crypt_save_version=0).
+ - pop3: Session would crash if empty line was sent.
+ - stats: HTTP server leaked memory.
+ - submission-login: Long credentials, such as OAUTH2 tokens, were refused
+ during SASL interactive due to submission server applying line length
+ limits.
+ - submission-login: When proxying to remote host, authentication was not
+ using interactive SASL when logging in using long credentials such as
+ OAUTH2 tokens. This caused authentication to fail due to line length
+ constraints in SMTP protocol.
+ - submission: Terminating the client connection with QUIT command after
+ mail transaction is started with MAIL command and before it is
+ finished with DATA/BDAT can cause a segfault crash.
+ - virtual: doveadm search queries with mailbox-guid as the only parameter
+ crashes: Panic: file virtual-search.c: line 77 (virtual_search_get_records):
+ assertion failed: (result != 0)
+
+v2.3.18 2022-02-03 Aki Tuomi <aki.tuomi@open-xchange.com>
+
+ * Removed mail_cache_lookup_finished event. This event wasn't especially
+ useful, but it increased CPU usage significantly.
+ * fts: Don't index inline base64 encoded content in FTS indexes using
+ the generic tokenizer. This reduces the FTS index sizes by removing
+ input that is very unlikely to be searched for. See
+ https://doc.dovecot.org/configuration_manual/fts/tokenization for
+ details on how base64 is detected. Only applies when using libfts.
+ * lmtp: Session IDs are now preserved through proxied connections, so
+ LMTP sessions can be tracked. This slightly changes the LMTP session
+ ID format by appending ":Tn" (transaction), ":Pn" (proxy connection)
+ and ":Rn" (recipient) counters after the session ID prefix.
+ + Events now have "reason_code" field, which can provide a list of
+ reasons why the event is happening. See
+ https://doc.dovecot.org/admin_manual/event_reasons/
+ + New events are added. See https://doc.dovecot.org/admin_manual/list_of_events/
+ + fts: Added fts_header_excludes and fts_header_includes settings to
+ specify which headers to index. See
+ https://doc.dovecot.org/settings/plugin/fts-plugin#plugin-fts-setting-fts-header-excludes
+ for configuration details.
+ + fts: Initialize the textcat language detection library only once per
+ process. This can reduce CPU usage if fts_languages setting has multiple
+ languages listed and service indexer-worker { service_count } isn't 1.
+ Only applies when using libfts.
+ + lib-storage: Reduced CPU usage significantly for some operations that
+ accessed lots of emails (e.g. fetching all flags in a folder, SORT, ...)
+ + lib: DOVECOT_PREREQ() - Add micro version which enables compiling
+ external plugins against different versions of Dovecot.
+ + lmtp: Added new lmtp_verbose_replies setting that makes errors sent to
+ the LMTP client much more verbose with details about why exactly
+ backend proxy connections or commands are failing.
+ + submission: Support implicit SASL EXTERNAL with
+ submission_client_workarounds=implicit-auth-external. This allows
+ automatically logging in when SSL client certificate is present.
+ - *-login: Statistics were disabled if stats process connection was lost.
+ - auth: Authentication master user login fails with SCRAM-* SASL mechanisms.
+ - auth: With auth_cache_verify_password_with_worker=yes, passdb extra
+ fields in the auth cache got lost.
+ - doveadm: Fixed crash if zlib_save_level setting was specified,
+ but zlib_save was unset. v2.3.15 regression.
+ - doveadm: Proxying can panic when flushing print output. v2.3.17
+ regression. Fixes:
+ Panic: file ioloop.c: line 865 (io_loop_destroy): assertion failed:
+ (ioloop == current_ioloop)
+ - doveadm: stats add --group-by parameter didn't work.
+ - fts: Using email-address fts tokenizer could result in excessive memory
+ usage with garbage email input. This could cause the indexer-worker
+ processes to fail due to reaching the VSZ memory size limit.
+ Only applies when using libfts.
+ - imap: A SEARCH command timing out while fts returns indexes may timeout
+ returning "NO [SERVERBUG]", while it should return "NO [INUSE]" instead.
+ - imap: LIST-EXTENDED doesn't return STATUS for all folders. Sending
+ LIST .. RETURN (SUBSCRIBED STATUS (...)) did not return STATUS for
+ folders that are not subscribed when they have a child folder that is
+ subscribed as mandated by IMAP RFCs.
+ - imapc: Mailbox vsize calculation crashed with
+ Panic: file index-mailbox-size.c: line 344 (index_mailbox_vsize_hdr_add_missing):
+ assertion failed: (mails_left > 0)
+ - indexer: If indexer-worker crashes, the request it was processing gets
+ stuck in the indexer process. This stops indexing for the folder until
+ indexer process is restarted. v2.3.14 regression.
+ - indexer: Process was slowly leaking memory for each indexing request.
+ - lib-event: Unnamed events were wrongly filtered out for event/metric
+ filters like "event=abc OR something_independent_of_event_name".
+ - lib-index: 64-bit big endian CPUs handle last_used field in
+ dovecot.index.cache wrong.
+ - lib-ssl-iostream: Fix buggy OpenSSL error handling without assert-crashing.
+ If there is no error available, log it as an error instead of crashing.
+ The previous fix for this in v2.3.11 was incomplete. Fixes
+ Panic: file istream-openssl.c: line 51 (i_stream_ssl_read_real):
+ assertion failed: (errno != 0)
+ - lmtp: Out-of-memory issues can happen when proxying large messages to
+ LMTP backend servers that accept the message data too slow.
+ - master: HAProxy header parsing has read buffer overflow if provided
+ header size is invalid. This happens only if inet_listener
+ { haproxy=yes } is configured and only if the remote IP address is in
+ haproxy_trusted_networks.
+ - old_stats: Plugin kept increasing memory usage, which became
+ noticeable with long-running imap sessions.
+ - stats: Dynamically adding same metric multiple times causes multiple stats.
+ - submission-login: Authentication does not accept OAUTH2 token (or
+ other very long credentials) because it considers the line to be too long.
+ - submission-login: Process can crash if HELO is pipelined with an
+ invalid domain.
+ - submission-proxy: Don't use SASL-IR if it would make the AUTH command
+ line longer than 512 bytes.
+ - submission: Service would crash if relay server authentication failed.
+ - virtual: FTS search in a virtual folder could crash if there are
+ duplicate mailbox GUIDs. This mainly happened when user had both INBOX
+ and INBOX/INBOX folders and the namespace prefix was INBOX/. Fixes
+ Panic: file hash.c: line 252 (hash_table_insert_node):
+ assertion failed: (opcode == HASH_TABLE_OP_UPDATE)
+ - virtual: If mailbox opening fails, the backend mailbox is leaked and
+ process crashes when client disconnects. Fixes
+ Panic: file mail-user.c: line 232 (mail_user_deinit):
+ assertion failed: ((*user)->refcount == 1)
+ - virtual: Searching headers in virtual folders didn't always use
+ full-text search indexes, if fts_enforced=no or body.
+
+v2.3.17.1 2021-12-07 Aki Tuomi <aki.tuomi@open-xchange.com>
+
+ - dsync: Add back accidentically removed parameters.
+ - lib-ssl-iostream: Fix assert-crash when OpenSSL returned syscall error
+ without errno.
+ - master: Dovecot failed to start if ssl_ca was too large.
+
+v2.3.17 2021-10-28 Aki Tuomi <aki.tuomi@open-xchange.com>
+
+ * Dovecot now logs a warning if time seems to jump forward at least
+ 100 milliseconds.
+ * dict: Lines logged by the dict process now contain the dict name as
+ the prefix.
+ * lib-index: mail_cache_fields, mail_always_cache_fields and
+ mail_never_cache_fields now verifies that the listed header names are
+ valid. Especially the UTF8 "–" character has sometimes been wrongly
+ used instead of the ASCII "-".
+ + *-login: Added login_proxy_rawlog_dir setting to capture
+ rawlogs between proxy and backend.
+ + dict: The server process now keeps the last 10 idle dict backends
+ cached for maximum of 30 seconds. Practically this acts as a
+ connection pool for dict-redis and dict-ldap. Note that this doesn't
+ affect dict-sql, because it already had its own internal cache.
+ + doveadm: New stats add/remove commands added to support changing the
+ metrics configuration on runtime.
+ + lazy_expunge: Added lazy_expunge_exclude settings to disable
+ lazy_expunge for specific folders. \Special-use flags can be used as
+ folder names.
+ + lib-lua: Added a new helper function dovecot.restrict_global_variables()
+ to disable or enable defining new global variables.
+ - LAYOUT=index List index rebuild was missing.
+ - LAYOUT=index: Duplicate GUIDs were not detected.
+ - acl: When using acl_ignore_namespace Dovecot attempted to access or
+ create dovecot-acl-list even when the namespace should have been
+ ignored. For virtual namespaces this could have yielded errors about
+ "Read-only file system" or "Permission denied".
+ - auth: Setting the "master" passdb field to empty value would
+ cause proxying to fail with an authentication error.
+ Now an empty "master" field is ignored.
+ - doveadm-server: Duplicate error lines were sent for failed commands.
+ This didn't normally cause visible problems, except when using
+ wildcards in usernames or -A parameter to go through multiple users.
+ - doveadm-server: Logs written by doveadm-server were often missing log
+ prefixes, especially mail_log_prefix for mail commands. Logs sent to
+ doveadm TCP client were also missing log prefixes.
+ - doveadm: v2.3 regression: batch command always crashes.
+ - doveadm: v2.3.11 regression: Commands failed if ssl_cert or
+ ssl_key files weren't readable by the user running doveadm, even
+ though doveadm didn't actually use these settings
+ - imap-hibernate: Process may crash at deinit:
+ Panic: file ioloop.c: line 928 (io_loop_destroy): assertion failed:
+ (ioloop->cur_ctx == NULL).
+ - imap: Using imap_fetch_failure=no-after can cause assert-crash
+ with some IMAP commands if reading the mail fails (e.g. wrong cached
+ mail size). Fixes:
+ Panic: file index-mail-headers.c: line 198 (index_mail_parse_header_init):
+ assertion failed: (!mail->data.header_parser_initialized)
+ - imap: v2.3.10 regression: When using INDEXPVT to enable private
+ \Seen flags (for shared or public namespaces) the STORE command did
+ not send untagged replies for the \Seen flag changes.
+ - imap: v2.3.15 regression: If PREVIEW/SNIPPET is not the final FETCH
+ option in the command, the IMAP FETCH response is broken.
+ - imap: v2.3.15 regression: MOVE command leaks mailbox if it can't be
+ opened and crashes at deinit:
+ Panic: file mail-user.c: line 229 (mail_user_deinit): assertion failed:
+ ((*user)->refcount == 1).
+ - imapc: Copying nonexistent mail via imapc could have crashed. Fixes:
+ Panic: file mail-storage.c: line 2385 (mailbox_transaction_commit_get_changes):
+ assertion failed: (ret < 0 || seq_range_count(&changes_r->saved_uids) == save_count ||
+ array_count(&changes_r->saved_uids) == 0).
+ - indexer: v2.3.15 regression: Process crashes if indexer-client
+ disconnects while it's waiting for command reply. This happened for
+ example if IMAP SEARCH triggered long fts indexing and the IMAP
+ client disconnected while waiting for the reply.
+ - indexer: v2.3.15 regression: Process may have crashed in some situations.
+ - indexer: v2.3.15 regression: indexer-worker processes may not have
+ reached the process_limit in some situations, possibly even using just
+ one indexer-worker process even though there were many indexing
+ requests queued.
+ - lib-compression: Reading lz4 compressed mdbox mails may crash. Fixes:
+ Panic: file istream.c: line 345 (i_stream_read_memarea):
+ assertion failed: (!stream->blocking).
+ - lib-compression: bench-compress crashes due to xz being read-only.
+ - lib-lua: Fix linking libdict_lua for non-GNU linkers when Lua support
+ is disabled.
+ - lib-mail: There was no limit on how large an email header name could be.
+ Processable header names are now limited to 1000 bytes.
+ - lib-oauth2: Dovecot disallowed JWT tokens if their validity time was
+ older than token creation time (nbf < iat).
+ - lib-storage: Reduce memory footprint of certain storage operations.
+ - lib-storage: When listing mailboxes with storage name escape
+ characters (^ or .) as part of the mailbox name, the listing could
+ show corrupted mailbox names. Due to an issue in handling escaped
+ parent folders, the listing of other mailbox names would become
+ corrupted by prepending parts of the previously listed mailboxes
+ parent folder as prefix to the actual mailbox names. The corruption
+ can occur when using LAYOUT=INDEX and maildir or obox, or when using
+ the listescape plugin.
+ - mail-crypt: Fix "-O" argument for "doveadm mailbox cryptokey password"
+ command to be a boolean, and not expect a string.
+ - submission-login: Add support for not authenticating to next hop in
+ submission proxying.
+ - submission-login: EHLO was not sent again after XCLIENT when doing
+ submission proxying.
+ - virtual: Mailboxes do not correctly detect underlying mailboxes
+ getting re-created even though they have a different UIDVALIDITY or
+ GUID.
+
+v2.3.16 2021-08-06 Timo Sirainen <timo.sirainen@open-xchange.com>
+
+ * Any unexpected exit() will now result in a core dump. This can
+ especially help notice problems when a Lua script causes exit(0).
+ * auth-worker process is now restarted when the number of auth
+ requests reaches service auth-worker { service_count }. The default
+ is still unlimited.
+
+ + Event improvements: Added data_stack_grow event and http-client
+ category. See https://doc.dovecot.org/admin_manual/list_of_events/
+ + oauth2: Support RFC 7628 openid-configuration element. This allows
+ clients to support OAUTH2 for any server, not just a few hardcoded
+ servers like they do now. See openid_configuration_url setting in
+ dovecot-oauth2.conf.ext.
+ + mysql: Single statements are no longer enclosed with BEGIN/COMMIT.
+ + dovecot-sysreport --core supports multiple core files now and does
+ not require specifying the binary path.
+ + imapc: When imap_acl plugin is loaded and imapc_features=acl is used,
+ IMAP ACL commands are proxied to the remote server. See
+ https://doc.dovecot.org/configuration_manual/mail_location/imapc/
+ + dict-sql now supports the "UPSERT" syntax for SQLite and PostgreSQL.
+ + imap: If IMAP client disconnects during a COPY command, the copying
+ is aborted, and changes are reverted. This may help to avoid many
+ email duplicates if client disconnects during COPY and retries it
+ after reconnecting.
+ - master process was using 100% CPU if service attempted to create more
+ processes due to process_min_avail, but process_limit was already
+ reached. v2.3.15 regression.
+ - Using attachment detection flags wrongly logged unnecessary "Failed
+ to add attachment keywords" errors. v2.3.13 regression.
+ - IMAP QRESYNC: Expunging UID 1 mail resulted in broken VANISHED
+ response, which could have confused IMAP clients. v2.3.13 regression.
+ - imap: STORE didn't send untagged replies for \Seen changes for
+ (shared) mailboxes using INDEXPVT. v2.3.10 regression.
+ - rawlog_dir setting would not log input that was pipelined after
+ authentication command.
+ - Fixed potential infinite looping with autoexpunging.
+ - Log event exporter: Truncate long fields to 1000 bytes
+ - LAYOUT=index: ACL inheritance didn't work when creating mailboxes
+ - Event filters: Unquoted '?' wildcard caused a crash at startup
+ - fs-metawrap: Fix to handling zero sized files
+ - imap-hibernate: Fixed potential crash at deinit.
+ - acl: dovecot-acl-list files were written for acl_ignore_namespaces
+ - program-client (used by Sieve extprograms, director_flush_socket)
+ may have missed status response from UNIX and network sockets,
+ resulting in unexpected failures.
+
+v2.3.15 2021-06-21 Aki Tuomi <aki.tuomi@open-xchange.com>
+
+ * CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in
+ JWT tokens. This may be used to supply attacker controlled keys to
+ validate tokens, if attacker has local access.
+ * CVE-2021-33515: On-path attacker could have injected plaintext commands
+ before STARTTLS negotiation that would be executed after STARTTLS
+ finished with the client.
+ * Disconnection log messages are now more standardized across services.
+ They also always now start with "Disconnected" prefix.
+ * Dovecot now depends on libsystemd for systemd integration.
+ * Removed support for Lua 5.2. Use version 5.1 or 5.3 instead.
+ * config: Some settings are now marked as "hidden". It's discouraged to
+ change these settings. They will no longer be visible in doveconf
+ output, except if they have been changed or if doveconf -s parameter
+ is used. See https://doc.dovecot.org/settings/advanced/ for details.
+ * imap-compress: Compression level is now algorithm specific.
+ See https://doc.dovecot.org/settings/plugin/compress-plugin/
+ * indexer-worker: Convert "Indexed" info logs to an event named
+ "indexer_worker_indexing_finished". See
+ https://doc.dovecot.org/admin_manual/list_of_events/#indexer-worker-indexing-finished
+ + Add TSLv1.3 support to min_protocols.
+ + Allow configuring ssl_cipher_suites. (for TLSv1.3+)
+ + acl: Add acl_ignore_namespace setting which allows to entirely ignore
+ ACLs for the listed namespaces.
+ + imap: Support official RFC8970 preview/snippet syntax. Old methods of
+ retrieving preview information via IMAP commands ("SNIPPET and PREVIEW
+ with explicit algorithm selection") have been deprecated.
+ + imapc: Support INDEXPVT for imapc storage to enable private
+ message flags for cluster wide shared mailboxes.
+ + lib-storage: Add new events: mail_opened, mail_expunge_requested,
+ mail_expunged, mail_cache_lookup_finished. See
+ https://doc.dovecot.org/admin_manual/list_of_events/#mail
+ + zlib, imap-compression, fs-compress: Support compression levels that
+ the algorithm supports. Before, we would allow hardcoded value between
+ 1 to 9 and would default to 6. Now we allow using per-algorithm value
+ range and default to whatever default the algorithm specifies.
+ - *-login: Commands pipelined together with and just after the authenticate
+ command cause these commands to be executed twice. This applies to all
+ protocols that involve user login, which currently comprises of imap,
+ pop3, submisision and managesieve.
+ - *-login: Processes are supposed to disconnect the oldest non-logged in
+ connection when process_limit was reached. This didn't actually happen
+ with the default "high-security mode" (with service_count=1) where each
+ connection is handled by a separate process.
+ - *-login: When login process reaches client/process limits, oldest
+ client connections are disconnected. If one of these was still doing
+ anvil lookup, this caused a crash. This could happen only if the login
+ process limits were very low or if the server was overloaded.
+ - Fixed building with link time optimizations (-flto).
+ - auth: Userdb iteration with passwd driver does not always return all
+ users with some nss drivers.
+ - dsync: Shared INBOX not synced when "mail_shared_explicit_inbox" was
+ disabled. If a user has a shared mailbox which is another user's INBOX,
+ dsync didn't include the mailbox in syncing unless explicit naming is
+ enabled with "mail_shared_explicit_inbox" set to "yes".
+ - dsync: Shared namespaces were not synced with "-n" flag.
+ - dsync: Syncing shared INBOX failed if mail_attribute_dict was not set.
+ If a user has a shared mailbox that is another user's INBOX, dsync
+ failed to export the mailbox if mail attributes are disabled.
+ - fts-solr, fts-tika: Using both Solr FTS and Tika may have caused HTTP
+ requests to assert-crash: Panic: file http-client-request.c: line 1232
+ (http_client_request_send_more): assertion failed: (req->payload_input != NULL)
+ - fts-tika: 5xx errors returned by Tika server as indexing failures.
+ However, Tika can return 5xx for some attachments every time.
+ So the 5xx error should be retried once, but treated as success if it
+ happens on the retry as well. v2.3 regression.
+ - fts-tika: v2.3.11 regression: Indexing messages with fts-tika may have
+ resulted in Panic: file message-parser.c: line 802 (message_parser_deinit_from_parts):
+ assertion failed: (ctx->nested_parts_count == 0 || i_stream_have_bytes_left(ctx->input))
+ - imap: SETMETADATA could not be used to unset metadata values.
+ Instead NIL was handled as a "NIL" string. v2.3.14 regression.
+ - imap: IMAP BINARY FETCH crashes at least on empty base64 body:
+ Panic: file index-mail-binary.c: line 358 (blocks_count_lines):
+ assertion failed: (block_count == 0 || block_idx+1 == block_count)
+ - imap: If IMAP client using the NOTIFY command was disconnected while
+ sending FETCH notifications to the client, imap could crash with
+ Panic: Trying to close mailbox INBOX with open transactions.
+ - imap: Using IMAP COMPRESS extension can cause IMAP connection to hang
+ when IMAP commands are >8 kB long.
+ - imapc: If remote server sent BYE but didn't immediately disconnect, it
+ could cause infinite busy-loop.
+ - lib-index: Corrupted cache record size in dovecot.index.cache file
+ could have caused a crash (segfault) when accessing it.
+ - lib-oauth2: JWT token time validation now works correctly with
+ 32-bit systems.
+ - lib-ssl-iostream: Checking hostnames against an SSL certificate was
+ case-sensitive.
+ - lib-storage: Corrupted mime.parts in dovecot.index.cache may have
+ resulted in Panic: file imap-bodystructure.c: line 206 (part_write_body):
+ assertion failed: (text == ((part->flags & MESSAGE_PART_FLAG_TEXT) != 0))
+ - lib-storage: Index rebuilding (e.g. via doveadm force-resync) didn't
+ preserve the "hdr-pop3-uidl" header. Because of this, the next pop3
+ session could have accessed all of the emails' metadata to read their
+ POP3 UIDL (opening dbox files).
+ - listescape: When using the listescape plugin and a shared namespace
+ the plugin didn't work properly anymore resulting in errors like:
+ "Invalid mailbox name: Name must not have '/' character."
+ - lmtp: Connection crashes if connection gets disconnected due to
+ multiple bad commands and the last bad command is BDAT.
+ - lmtp: The Dovecot-specific LMTP parameter XRCPTFORWARD was blindly
+ forwarded by LMTP proxy without checking that the backend has support.
+ This caused a command parameter error from the backend if it was
+ running an older Dovecot release. This could only occur in more complex
+ setups where the message was proxied twice; when the proxy generated
+ the XRCPTFORWARD parameter itself the problem did not occur, so this
+ only happened when it was forwarded.
+ - lmtp: The LMTP proxy crashes with a panic when the remote server
+ replies with an error while the mail is still being forwarded through
+ a DATA/BDAT command.
+ - lmtp: Username may have been missing from lmtp log line prefixes when
+ it was performing autoexpunging.
+ - master: Dovecot would incorrectly fail with haproxy 2.0.14 service
+ checks.
+ - master: Systemd service: Dovecot announces readiness for accepting
+ connections earlier than it should. The following environment variables
+ are now imported automatically and can be omitted from
+ import_environment setting: NOTIFY_SOCKET LISTEN_FDS LISTEN_PID.
+ - master: service { process_min_avail } was launching processes too
+ slowly when master was forking a lot of processes.
+ - util: Make the health-check.sh example script POSIX shell compatible.
+
+v2.3.14.1 2021-06-21 Aki Tuomi <aki.tuomi@open-xchange.com>
+
+ * CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in
+ JWT tokens. This may be used to supply attacker controlled keys to
+ validate tokens, if attacker has local access.
+ * CVE-2021-33515: On-path attacker could have injected plaintext commands
+ before STARTTLS negotiation that would be executed after STARTTLS
+ finished with the client.
+ - lib-index: Corrupted mime.parts in dovecot.index.cache may have
+ resulted in Panic: file imap-bodystructure.c: line 206 (part_write_body):
+ assertion failed: (text == ((part->flags & MESSAGE_PART_FLAG_TEXT) != 0))
+ - imap: SETMETADATA could not be used to unset metadata values.
+ Instead NIL was handled as a "NIL" string. v2.3.14 regression.
+
+V2.3.14 2021-03-04 Aki Tuomi <aki.tuomi@open-xchange.com>
+
+ * Added new aliases for some variables. Usage of the old ones is possible,
+ but discouraged. (These were partially added already to v2.3.13.)
+ See https://doc.dovecot.org/configuration_manual/config_file/config_variables/
+ for more information.
+ * Optimize imap/pop3/submission/managesieve proxies to use less CPU at
+ the cost of extra memory usage.
+ * Remove autocreate, expire, snarf and mail-filter plugins.
+ * Remove cydir storage driver.
+ * Remove XZ/LZMA write support. Read support will be removed in future release.
+ * doveadm -D: Add timestamps to debug output even when LOG_STDERR_TIMESTAMP
+ environment variable is not set. Timestamp format is taken from
+ log_timestamp setting.
+ * If BROKENCHAR or listescape plugin is used, the escaped folder names
+ may be slightly different from before in some situations. This is
+ unlikely to cause issues, although caching clients may redownload the
+ folders.
+ * imapc: It now enables BROKENCHAR=~ by default to escape remote folder
+ names if necessary. This also means that if there are any '~'
+ characters in the remote folder names, they will be visible as "~7e".
+ * imapc: When using local index files folder names were escaped on
+ filesystem a bit differently. This affects only if there are folder
+ names that actually require escaping, which isn't so common. The old
+ style folders will be automatically deleted from filesystem.
+ * stats: Update exported metrics to be compliant with OpenMetrics standard.
+ + doveadm: Add an optional '-p' parameter to metadata list command. If
+ enabled, "/private", and "/shared" metadata prefixes will be prepended
+ to the keys in the list output.
+ + doveconf: Support environment variables in config files. See
+ https://doc.dovecot.org/configuration_manual/config_file/config_file_syntax/#environment-variables
+ for more details.
+ + indexer-worker: Change indexer to disconnect from indexer-worker
+ after each request. This allows service indexer-worker's service_count &
+ idle_kill settings to work. These can be used to restart indexer-worker
+ processes once in a while to reduce their memory usage.
+ - auth: "nodelay" with various authentication mechanisms such as apop
+ and digest-md5 crashed AUTH process if authentication failed.
+ - auth: Auth lua script generating an error triggered an assertion
+ failure: Panic: file db-lua.c: line 630 (auth_lua_call_password_verify):
+ assertion failed: (lua_gettop(script->L) == 0).
+ - configure: Fix libunwind detection to work on other than x86_64 systems.
+ - doveadm-server: Process could crash if logging was done outside command
+ handling. For example http-client could have done debug logging
+ afterwards, resulting in either segfault or Panic:
+ file http-client.c: line 642 (http_client_context_close):
+ assertion failed: (cctx->clients_list == NULL).
+ - dsync: Folder name escaping with BROKENCHAR didn't work completely
+ correctly. This especially caused problems with dsync-migrations using
+ imapc where some of the remote folder names may not have been accessible.
+ - dsync: doveadm sync + imapc doesn't always sync all mails when doing
+ an incremental sync (-1), which could lead to mail loss when it's used
+ for migration. This happens only when GUIDs aren't used (i.e.
+ imapc without imapc_features=guid-forced).
+ - fts-tika: When tika server returns error, some mails cause Panic:
+ file message-parser.c: line 802 (message_parser_deinit_from_parts):
+ assertion failed: (ctx->nested_parts_count == 0 || i_stream_have_bytes_left(ctx->input))
+ - lib-imap: imapc parsing illegal BODYSTRUCTUREs with NILs could have
+ resulted in crashes. This exposed that Dovecot was wrongly accepting
+ atoms in "nstring" handling. Changed the IMAP parsing to be more
+ strict about this now.
+ - lib-index: If dovecot.index.cache has corrupted message size, fetching
+ BODY/BODYSTRUCTURE may cause assert-crash:
+ Panic: file index-mail.c: line 1140 (index_mail_parse_body_finish):
+ assertion failed: (mail->data.parts != NULL).
+ - lib-index: Minor error handling and race condition fixes related to
+ rotating dovecot.index.log. These didn't usually cause problems,
+ unless the log files were rotated rapidly.
+ - lib-lua: Lua scripts using coroutines or lua libraries using coroutines
+ (e.g., cqueues) panicked.
+ - Message PREVIEW handled whitespace wrong so first space would get
+ eaten from between words.
+ - FTS and message PREVIEW (snippet) parsed HTML &entities case-sensitively.
+ - lib-mail: When max nested MIME parts were reached, IMAP BODYSTRUCTURE
+ was written in a way that may have caused confusion for IMAP clients
+ and also Dovecot itself when parsing it. The truncated part is now
+ written out using application/octet-stream MIME type.
+ - lib-oauth2: HS512 and HS384 JWT token algorithms crash when you try to
+ use them: Panic: file hmac.c: line 26 (hmac_init): assertion failed:
+ (meth->context_size <= MAC_MAX_CONTEXT_SIZE).
+ - event filters: NOT keyword did not have the correct associativity.
+ NOT a AND b were getting parsed as NOT (a AND b) instead of
+ (NOT a) AND b.
+ - Ignore ECONNRESET when closing socket. This avoids logging useless
+ errors on systems like FreeBSD.
+ - event filters: event filter syntax error may lead to Panic:
+ file event-filter.c: line 137 (event_filter_parse): assertion failed:
+ (state.output == NULL)
+ - lib: timeval_cmp_margin() was broken on 32-bit systems. This could
+ potentially have caused HTTP timeouts to be handled incorrectly.
+ - log: instance_name wasn't used as syslog ident by the log process.
+ - master: After a service reached process_limit and client_limit, it
+ could have taken up to 1 second to realize that more client connections
+ became available. During this time client connections could have been
+ unnecessarily rejected and a warning logged:
+ Warning: service(...): process_limit (...) reached, client connections are being dropped
+ - stats: Crash would occur when generating openmetrics data for metrics
+ using aggregating functions.
+ - stats: Event filters comparing against empty strings crash the stats
+ process.
+
+v2.3.13 2021-01-04 Aki Tuomi <aki.tuomi@open-xchange.com>
+
+ * CVE-2020-24386: Specially crafted command can cause IMAP hibernate to
+ allow logged in user to access other people's emails and filesystem
+ information.
+ * Metric filter and global event filter variable syntax changed to a
+ SQL-like format. See https://doc.dovecot.org/configuration_manual/event_filter/
+ * auth: Added new aliases for %{variables}. Usage of the old ones is
+ possible, but discouraged.
+ * auth: Removed RPA auth mechanism, SKEY auth mechanism, NTLM auth
+ mechanism and related password schemes.
+ * auth: Removed passdb-sia, passdb-vpopmail and userdb-vpopmail.
+ * auth: Removed postfix postmap socket
+ + auth: Added new fields for auth server events. These fields are now
+ also available for all auth events. See
+ https://doc.dovecot.org/admin_manual/list_of_events/#authentication-server
+ for details.
+ + imap-hibernate: Added imap_client_hibernated, imap_client_unhibernated
+ and imap_client_unhibernate_retried events. See
+ https://doc.dovecot.org/admin_manual/list_of_events/ for details.
+ + lib-index: Added new mail_index_recreated event. See
+ https://doc.dovecot.org/admin_manual/list_of_events/#mail-index-recreated
+ + lib-sql: Support TLS options for cassandra driver. This requires
+ cpp-driver v2.15 (or later) to work reliably.
+ + lib-storage: Missing $HasAttachment / $HasNoAttachment flags are now
+ added to existing mails if mail_attachment_detection_option=add-flags
+ and it can be done inexpensively.
+ + login proxy: Added login_proxy_max_reconnects setting (default 3) to
+ control how many reconnections are attempted.
+ + login proxy: imap/pop3/submission/managesieve proxying now supports
+ reconnection retrying on more than just connect() failure. Any error
+ except a non-temporary authentication failure will result in reconnect
+ attempts.
+ - auth: Lua passdb/userdb leaks stack elements per call, eventually
+ causing the stack to become too deep and crashing the auth or
+ auth-worker process.
+ - auth: SASL authentication PLAIN mechanism could be used to trigger
+ read buffer overflow. However, this doesn't seem to be exploitable in
+ any way.
+ - auth: v2.3.11 regression: GSSAPI authentication fails because dovecot
+ disallows NUL bytes for it.
+ - dict: Process used too much CPU when iterating keys, because each key
+ used a separate write() syscall.
+ - doveadm-server: Crash could occur if logging was done outside command
+ handling. For example http-client could have done debug logging
+ afterwards, resulting in either segfault or
+ Panic: file http-client.c: line 642 (http_client_context_close):
+ assertion failed: (cctx->clients_list == NULL).
+ - doveadm-server: v2.3.11 regression: Trying to connect to doveadm server
+ process via starttls assert-crashed if there were no ssl=yes listeners:
+ Panic: file master-service-ssl.c: line 22 (master_service_ssl_init):
+ assertion failed: (service->ssl_ctx_initialized).
+ - fts-solr: HTTP requests may have assert-crashed:
+ Panic: file http-client-request.c: line 1232 (http_client_request_send_more):
+ assertion failed: (req->payload_input != NULL)
+ - imap: IMAP NOTIFY could crash with a segmentation fault due to a bad
+ configuration that causes errors. Sending the error responses to the
+ client can cause the segmentation fault. This can for example happen
+ when several namespaces use the same mail storage location.
+ - imap: IMAP NOTIFY used on a shared namespace that doesn't actually
+ exist (e.g. public namespace for a nonexistent user) can crash with a panic:
+ Panic: Leaked view for index /tmp/home/asdf/mdbox/dovecot.list.index: Opened in (null):0
+ - imap: IMAP session can crash with QRESYNC extension if many changes
+ are done before asking for expunged mails since last sync.
+ - imap: Process might hang indefinitely if client disconnects after
+ sending some long-running commands pipelined, for example FETCH+LOGOUT.
+ - lib-compress: Mitigate crashes when configuring a not compiled in
+ compression. Errors with compression configuration now distinguish
+ between not supported and unknown.
+ - lib-compression: Using xz/lzma compression in v2.3.11 could have
+ written truncated output in some situations. This would result in
+ "Broken pipe" read errors when trying to read it back.
+ - lib-compression: zstd compression could have crashed in some situations:
+ Panic: file ostream.c: line 287 (o_stream_sendv_int): assertion failed: (!stream->blocking)
+ - lib-dict: dict client could have crashed in some rare situations when
+ iterating keys.
+ - lib-http: Fix several assert-crashes in HTTP client.
+ - lib-index: v2.3.11 regression: When mails were expunged at the same
+ time as lots of new content was being saved to the cache (e.g. cache
+ file was lost and is being re-filled) a deadlock could occur with
+ dovecot.index.cache / dovecot.index.log.
+ - lib-index: v2.3.11 regression: dovecot.index.cache file was being
+ purged (rewritten) too often when it had a field that hadn't been
+ accessed for over 1 month, but less than 2 months. Every cache file
+ change caused a purging in this situation.
+ - lib-mail: MIME parts were not returned correctly by Dovecot MIME parser.
+ Regression caused by fixing CVE-2020-12100.
+ - lib-mail: When max nested MIME parts were reached, IMAP BODYSTRUCTURE
+ was written in a way that may have caused confusion for both IMAP
+ clients and Dovecot itself when parsing it. The truncated part is now
+ written out using application/octet-stream MIME type.
+ - lib-mail: v2.3.11 regression: Mail delivery / parsing crashed when the
+ 10000th MIME part was message/rfc822 (or if parent was multipart/digest):
+ Panic: file message-parser.c: line 167 (message_part_append):
+ assertion failed: (ctx->total_parts_count <= ctx->max_total_mime_parts).
+ - lib-oauth2: Dovecot incorrectly required oauth2 server introspection
+ reply to contain username with invalid token.
+ - lib-ssl-iostream, lib-dcrypt: Fix building with OpenSSL that has
+ deprecated APIs disabled.
+ - lib-storage: When mail's size is different from the cached one (in
+ dovecot.index.cache or Maildir S=size in the filename), this is
+ handled by logging "Cached message size smaller/larger than expected"
+ error. However, in some situations this also ended up crashing with:
+ Panic: file istream.c: line 315 (i_stream_read_memarea):
+ assertion failed: (old_size <= _stream->pos - _stream->skip).
+ - lib-storage: v2.3 regression: Copying/moving mails was taking much more
+ memory than before. This was mainly visible when copying/moving
+ thousands of mails in a single transaction.
+ - lib-storage: v2.3.11 regression: Searching messages assert-crashed
+ (without FTS): Panic: file message-parser.c: line 174 (message_part_finish):
+ assertion failed: (ctx->nested_parts_count > 0).
+ - lib: Dovecot v2.3 moved signal handlers around in ioloops,
+ causing more CPU usage than in v2.2.
+ - lib: Fixed JSON parsing: '\' escape sequence may have wrongly resulted
+ in error if it happened to be at read boundary. Any NUL characters and
+ '\u0000' will now result in parsing error instead of silently
+ truncating the data.
+ - lmtp, submission: Server may hang if SSL client connection disconnects
+ during the delivery. If this happened repeated, it could have ended
+ up reaching process_limit and preventing any further lmtp/submission
+ deliveries.
+ - lmtp: Proxy does not always properly log TLS connection problems as
+ errors; in some cases, only a debug message is logged if enabled.
+ - lmtp: The LMTP service can hang when commands are pipelined. This can
+ particularly occur when one command in the middle of the pipeline fails.
+ One example of this occurs for proxied LMTP transactions in which the
+ final DATA or BDAT command is pipelined after a failing RCPT command.
+ - login-proxy: The login_source_ips setting has no effect, and therefore
+ the proxy source IPs are not cycled through as they should be.
+ - master: Process was using 100% CPU in some situations when a broken
+ service was being throttled.
+ - pop3-login: POP3 login would fail with "Input buffer full" if the
+ initial response for SASL was too long.
+ - stats: Crash would occur when generating openmetrics data for metrics
+ using aggregating functions.
+
+v2.3.11.3 2020-07-29 Aki Tuomi <aki.tuomi@open-xchange.com>
+
+ - pop3-login: Login didn't handle commands in multiple IP packets properly.
+ This mainly affected large XCLIENT commands or a large SASL initial
+ response parameter in the AUTH command.
+ - pop3: pop3_deleted_flag setting was broken, causing:
+ Panic: file seq-range-array.c: line 472 (seq_range_array_invert):
+ assertion failed: (range[count-1].seq2 <= max_seq)
+
+v2.3.11.2 2020-07-13 Aki Tuomi <aki.tuomi@open-xchange.com>
+
+ - auth: Lua passdb/userdb leaks stack elements per call, eventually
+ causing the stack to become too deep and crashing the auth or
+ auth-worker process.
+ - lib-mail: v2.3.11 regression: MIME parts not returned correctly by
+ Dovecot MIME parser.
+ - pop3-login: Login would fail with "Input buffer full" if the initial
+ response for SASL was too long.
+
+v2.3.11 2020-06-17 Aki Tuomi <aki.tuomi@open-xchange.com>
+
+ * CVE-2020-12100: Parsing mails with a large number of MIME parts could
+ have resulted in excessive CPU usage or a crash due to running out of
+ stack memory.
+ * CVE-2020-12673: Dovecot's NTLM implementation does not correctly check
+ message buffer size, which leads to reading past allocation which can
+ lead to crash.
+ * CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
+ address that has the empty quoted string as local-part causes the lmtp
+ service to crash.
+ * CVE-2020-12674: Dovecot's RPA mechanism implementation accepts
+ zero-length message, which leads to assert-crash later on.
+ * Events: Fix inconsistency in events. See event documentation in
+ https://doc.dovecot.org.
+ * imap_command_finished event's cmd_name field now contains "unknown"
+ for unknown commands. A new "cmd_input_name" field contains the
+ command name exactly as it was sent.
+ * lib-index: Renamed mail_cache_compress_* settings to mail_cache_purge_*.
+ Note that these settings are mainly intended for testing and usually
+ shouldn't be changed.
+ * events: Renamed "index" event category to "mail-index".
+ * events: service:<name> category is now using the name from
+ configuration file.
+ * dns-client: service dns_client was renamed to dns-client.
+ * log: Prefixes generally use the service name from configuration file.
+ For example dict-async service will now use
+ "dict-async(pid): " log prefix instead of "dict(pid): "
+ * *-login: Changed logging done by proxying to use a consistent prefix
+ containing the IP address and port.
+ * *-login: Changed disconnection log messages to be slightly clearer.
+ + dict: Add events for dictionaries.
+ + lib-index: Finish logging with events.
+ + oauth2: Support local validation of JWT tokens.
+ + stats: Add support for dynamic histograms and grouping. See
+ https://doc.dovecot.org/configuration_manual/stats/.
+ + imap: Implement RFC 8514: IMAP SAVEDATE
+ + lib-index: If a long-running transaction (e.g. SORT/FETCH on a huge
+ folder) adds a lot of data to dovecot.index.cache file, commit those
+ changes periodically to make them visible to other concurrent sessions
+ as well.
+ + stats: Add OpenMetrics exporter for statistics. See
+ https://doc.dovecot.org/configuration_manual/stats/openmetrics/.
+ + stats: Support disabling stats-writer socket by setting
+ stats_writer_socket_path="".
+ - auth-worker: Process keeps slowly increasing its memory usage and
+ eventually dies with "out of memory" due to reaching vsz_limit.
+ - auth: Prevent potential timing attacks in authentication secret
+ comparisons: OAUTH2 JWT-token HMAC, imap-urlauth token, crypt() result.
+ - auth: Several auth-mechanisms allowed input to be truncated by NUL
+ which can potentially lead to unintentional issues or even successful
+ logins which should have failed.
+ - auth: When auth policy returned a delay, auth_request_finished event
+ had policy_result=ok field instead of policy_result=delayed.
+ - auth: auth process crash when auth_policy_server_url is set to an
+ invalid URL.
+ - dict-ldap: Crash occurs if var_expand template expansion fails.
+ - dict: If dict client disconnected while iteration was still running,
+ dict process could have started using 100% CPU, although it was still
+ handling clients.
+ - doveadm: Running doveadm commands via proxying may hang, especially
+ when doveadm is printing a lot of output.
+ - imap: "MOVE * destfolder" goes to a loop copying the last mail to the
+ destination until the imap process dies due to running out of memory.
+ - imap: Running "UID MOVE 1:* Trash" on an empty folder goes to infinite
+ loop.
+ - imap: SEARCH doesn't support $.
+ - lib-compress: Buffer over-read in zlib stream read.
+ - lib-dns: If DNS lookup times out, lib-dns can cause crash in calling
+ process.
+ - lib-index: Fixed several bugs in dovecot.index.cache handling that
+ could have caused cached data to be lost.
+ - lib-index: Writing to >=1 GB dovecot.index.cache files may cause
+ assert-crashes:
+ Panic: file mail-index-util.c: line 37 (mail_index_uint32_to_offset):
+ assertion failed: (offset < 0x40000000)
+ - lib-ssl-iostream: Fix buggy OpenSSL error handling without
+ assert-crashing. If there is no error available, log it as an error
+  instead of crashing:
+ Panic: file iostream-openssl.c: line 599 (openssl_iostream_handle_error):
+ assertion failed: (errno != 0)
+ - lib-ssl-iostream: ssl_key_password setting did not work.
+ - submission: A segfault crash may occur when the client or server
+ disconnects while a non-transaction command like NOOP or VRFY is still
+ being processed.
+ - virtual: Copying/moving mails with IMAP into a virtual folder assert-crashes:
+ Panic: file cmd-copy.c: line 152 (fetch_and_copy): assertion failed:
+ (copy_ctx->copy_count == seq_range_count(&copy_ctx->saved_uids))
+
+v2.3.10 2020-03-06 Aki Tuomi <aki.tuomi@open-xchange.com>
+
+ * Disable retpoline migitations by default. These can cause severe
+ performance regressions, so they should be only enabled when
+ applicable.
+ * IMAP MOVE now commits transactions in batches of 1000 mails. This
+ helps especially with lazy_expunge when moving a lot of mails. It
+ mainly avoids situations where multiple IMAP sessions are running the
+ same MOVE command and duplicating the mails in the lazy_expunge folder.
+ With this change there can still be some duplication, but the MOVE
+ always progresses forward. Also if the MOVE fails at some point, the
+ changes up to the last 1000 mails are still committed instead of
+ rolled back. Note that the COPY command behavior hasn't changed,
+ because it is required by IMAP standard to be an atomic operation.
+ * IMAP EXPUNGE and CLOSE now expunges mails in batches of 1000 mails.
+ This helps especially with lazy_expunge when expunging a lot of mails
+ (e.g. millions) to make sure that the progress always moves forward
+ even if the process is killed.
+ * Autoexpunging now expunges mails in batches of 1000 mails. This helps
+ especially with lazy_expunge when expunging a lot of mails
+ (e.g. millions) to make sure that the progress always moves forward
+ even if the process is killed.
+ + Add tool for generating sysreport called dovecot-sysreport.
+ This generates a bundle of information usually needed for support
+ requests.
+ + Add support for the new IMAP \Important SPECIAL-USE flag (RFC 8457).
+ + Add metric { group_by } setting. This allows automatically creating
+ new metrics based on the fields you want to group statistics by.
+ NOTE: This feature is considered experimental and syntax is subject
+ to change in future release.
+ + auth: Support SCRAM-SHA-256 authentication mechanism.
+ + imap: Support the new IMAP STATUS=SIZE extension.
+ + Use TCP_QUICKACK to reduce latency for some TCP connections.
+ + quota-status: Made the service more robust against erroneous use with
+ Postfix ACL policies other than smtpd_recipient_restrictions.
+ + Add "revision" field support to imap_id_send setting. Using
+ "revision *" will send in IMAP ID command response the short commit
+ hash of the Dovecot git source tree HEAD (same as in dovecot --version).
+ + IMAP ENVELOPE includes now all addresses when there are multiple
+ headers (From, To, Cc, etc.) The standard way of having multiple
+ addresses is to just list them all in a single header. It's
+ non-standard to have multiple headers. However, since MTAs allow these
+ mails to pass through and different software may handle them in
+ different ways, it's better from security point of view to show all
+ the addresses.
+ + Event filters now support using "field_name=" to match a field that
+ doesn't exist or has an empty value. For example use "error=" to match
+ only events that didn't fail.
+ - acl: INBOX ACLs shouldn't apply for IMAP GETMETADATA/SETMETADATA
+ commands.
+ - cassandra: CASS_ERROR_SERVER_WRITE_FAILURE error should also be
+ treated as "uncertain write failure".
+ - dict-redis: Using quota_clone configured with dict-redis could have
+ crashed when Redis responded slowly.
+ - imap-hibernate: Communication trouble with imap-master leads to
+ segfault.
+ - imap-hibernate: Unhibernation retrying wasn't working.
+ - imap: Fixed auth lookup privilege problem when imap process was reused
+ and user was being un-hibernated.
+ - Fix potential crash when copying/moving mails within the same folder.
+ This happened only when there were a lot of fields in dovecot.index.cache.
+ - lib-index: Recreating dovecot.index.cache file could have crashed when
+ merging bitmask fields.
+ - lib-index: Using public/shared folders with INDEXPVT configured to use
+ private \Seen flags, trying to search seen/unseen in an empty folder
+ crashes with segfault.
+ - lib-mail: Large base64-encoded mails weren't decoded properly.
+ This could have affected searching/indexing mails and message snippet
+ generation.
+ - lib-mail: Message with only quoted text could have caused message
+ snippet to ignore its 200 character limit and return the entire
+ message. This was added also to dovecot.index.cache file, which
+ increased disk space and memory usage unnecessarily.
+ v2.3.9.2 regression (previous versions cached the quoted snippet as
+ empty). In a large mail quoted text could have become wrongly added
+ to the snippet, possibly mixed together with non-quoted text.
+ - lib-smtp: client could have assert-crashed if STARTTLS handshake
+ finished earlier than usually.
+ - lib-ssl-iostream: remove -static flag for lib-ssl-iostream linking to
+ prevent a compile issue.
+ - lib-storage: Mailbox synchronization may have assert-crashed in some
+ rare situations.
+ - lib-storage: mdbox didn't preserve date.saved with dsync.
+ - lib: Don't require EAI_{ADDRFAMILY,NODATA}, breaks FreeBSD
+ - master: Some services could respawn unthrottled if they crash during
+ startup.
+ - push-notification: Do not send push_notification_finished event if
+ nothing was done. This happens when mail transaction is started and
+ ended with no changes.
+ - quota-status: Addresses with special characters in the local part caused
+ problems in the interaction between Postfix and Dovecot. Postfix sent
+ its own internal representation in the recipient field, while Dovecot
+ expected a valid RFC5321 mailbox address.
+ - submission-login: SESSION was not correctly encoded field for the
+ XCLIENT command. Particularly, a '+' character introduced by the
+ session ID's Base64 encoding causes problems.
+ - submission: Fix submission_max_mail_size to work correctly on 32-bit
+ systems.
+ - submission: Trusted connections crashed in second connection's EHLO
+ if submission-login { service_count } is something else than 1 (which
+ is the default).
+ - submission: XCLIENT command was never used in the protocol exchange
+ with the relay MTA when submission_backend_capabilities is configured,
+ even when the relay MTA was properly configured to accept the XCLIENT
+ command.
+
+v2.3.9.3 2020-02-12 Aki Tuomi <aki.tuomi@open-xchange.com>
+
+ * CVE-2020-7046: Truncated UTF-8 can be used to DoS
+ submission-login and lmtp processes.
+ * CVE-2020-7957: Specially crafted mail can crash snippet generation.
+
+v2.3.9.2 2019-12-13 Aki Tuomi <aki.tuomi@open-xchange.com>
+
+ - Mails with empty From/To headers can also cause crash
+ in push notification drivers.
+
+v2.3.9.1 2019-12-13 Aki Tuomi <aki.tuomi@open-xchange.com>
+
+ * CVE-2019-19722: Mails with group addresses in From or To fields
+ caused crash in push notification drivers.
+
+v2.3.9 2019-12-04 Aki Tuomi <aki.tuomi@open-xchange.com>
+
+ * Changed several event field names for consistency and to avoid
+ conflicts in parent-child event relationships:
+ * SMTP server command events: Renamed "name" to "cmd_name"
+ * Events inheriting from a mailbox: Renamed "name" to "mailbox"
+ * Server connection events have only "remote_ip", "remote_port",
+ "local_ip" and "local_port".
+ * Removed duplicate "client_ip", "ip" and "port".
+ * Mail storage events: Removed "service" field.
+ Use "service:<name>" category instead.
+ * HTTP client connection events: Renamed "host" to "dest_host" and
+ "port" to "dest_port"
+ * auth: Drop Postfix socketmap support. It hasn't been working
+ with recent Postfix versions for a while now.
+ * push-notification-lua: The "subject" field is now decoded to UTF8
+ instead of kept as MIME-encoded.
+ + push-notification-lua: Added new "from_address", "from_display_name",
+ "to_address" and "to_display_name" fields. The display names are
+ decoded to UTF8.
+ + Added various new fields to existing events.
+ See http://doc.dovecot.net/admin_manual/list_of_events.html
+ + Add lmtp_add_received_header setting. It can be used to prevent LMTP
+ from adding "Received:" headers.
+ + doveadm: Support SSL/STARTTLS for proxied doveadm connections based on
+ doveadm_ssl setting and proxy ssl/tls settings.
+ + Log filters support now "service:<name>", which matches all events for
+ the given service. It can also be used as a category.
+ + lib: Use libunwind to get abort backtraces with function names
+ where available.
+ + lmtp: When the LMTP proxy changes the username (from passdb lookup)
+ add an appropriate ORCPT parameter.
+ - lmtp: Add lmtp_client_workarounds setting to implement workarounds for
+ clients that send MAIL and RCPT commands with additional spaces before
+ the path and for clients that omit <> brackets around the path.
+ See example-config/conf.d/20-lmtp.conf.
+ - lda/lmtp: Invalid MAIL FROM addresses were rejcted too aggressively.
+ Now mails from addresses with unicode characters are delivered, but
+ their Return-Path header will be <> instead of the given MAIL FROM
+ address.
+ - lmtp: The lmtp_hdr_delivery_address setting is ignored.
+ - imap: imap_command_finished event's "args" and "human_args" parameters
+ were always empty.
+ - mbox: Seeking in zlib and bzip2 compressed input streams didn't work
+ correctly.
+ - imap-hibernate: Process crashed when client got destroyed while it was
+ attempted to be unhibernated, and the unhibernation fails.
+ - *-login: Proxying may have crashed if SSL handshake to the backend
+ failed immediately. This was unlikely to happen in normal operation.
+ - *-login: If TLS handshake to upstream server failed during proxying,
+ login process could crash due to invalid memory access.
+ - *-login: v2.3 regression: Using SASL authentication without initial
+ response may have caused SSL connections to hang. This happened often
+ at least with PHP's IMAP library.
+ - *-login: When login processes are flooded with authentication attempts
+ it starts logging errors about "Authentication server sent unknown id".
+ This is still expected. However, it also caused the login process to
+ disconnect from auth server and potentially log some user's password
+ in the error message.
+ - dict-sql: SQL prepared statements were not shared between sessions.
+ This resulted in creating a lot of prepared statements, which was
+ especially inefficient when using Cassandra backend with a lot of
+ Cassandra nodes.
+ - auth: auth_request_finished event didn't have success=yes parameter
+ set for successful authentications.
+ - auth: userdb dict - Trying to list users crashed.
+ - submission: Service could be configured to allow anonymous
+ authentication mechanism and anonymous user access.
+ - LAYOUT=index: Corrupted dovecot.list.index caused folder creation to
+ panic.
+ - doveadm: HTTP server crashes if request target starts with double "/".
+ - dsync: Remote dsync started hanging if the initial doveadm
+ "dsync-server" command was sent in the same TCP packet as the
+ following dsync handshake. v2.3.8 regression.
+ - lib: Several "input streams" had a bug that in some rare situations
+ might cause it to access freed memory. This could lead to crashes or
+ corruption.
+ The only currently known effect of this is that using zlib plugin with
+ external mail attachments (mail_attachment_dir) could cause fetching
+ the mail to return a few bytes of garbage data at the beginning of the
+ header. Note that the mail wasn't saved corrupted, but fetching it
+ caused corrupted mail to be sent to the client.
+ - lib-storage: If a mail only has quoted content, use the quoted text
+ for generating message snippet (IMAP PREVIEW) instead of returning
+ empty snippet.
+ - lib-storage: When vsize header was rebuilt, newly calculated message
+ sizes were added to dovecot.index.cache instead of being directly
+ saved into vsize records in dovecot.index.
+ - lib: JSON generator was escaping UTF-8 characters unnecessarily.
+
+v2.3.8 2019-10-08 Aki Tuomi <aki.tuomi@open-xchange.com>
+
+ + Added mail_delivery_started and mail_delivery_finished events, see
+ https://doc.dovecot.org/admin_manual/list_of_events/ for details.
+ + dsync-replication: Don't replicate users who have "noreplicate" extra
+ field in userdb.
+ + doveadm service status: Show total number of processes created.
+ + When logging to syslog, use instance_name setting's value for the
+ ident. This commonly is added as a log prefix.
+ + Base64 encoding/decoding code was rewritten with additional features.
+ It shouldn't cause any user visible changes.
+ - v2.3.7 regression: If a folder only receives new mails without any
+ other mail access, dovecot.index.log keeps growing forever and
+ dovecot.index keeps being rewritten for every mail delivery.
+ - dsync-replication may lose keywords after syncing mails restored from
+ another replica. This only happened if the mail only had keywords and
+ no system flags.
+ - event filters: Non-textual event fields could not be filtered using
+ wildcards.
+ - auth: Scope parameter was missing from OAuth password grant
+ request.
+ - doveadm client-server communication may hang in some situations.
+ It is also using unnecessarily small TCP/IP packet sizes.
+ - doveadm who and kick did not flush protocol output correctly.
+ - imap: SETMETADATA with literal value would delete the metadata value
+ instead of updating it.
+ - imap: When client issues FETCH PREVIEW (LAZY=FUZZY) command, the
+ caching decisions should be updated so that newly saved mails will
+ have the preview cached.
+ - With mail_nfs_index=yes and/or mail_nfs_storage=yes setuid/setgid
+ permission bits in some files may have become dropped with some NFS
+ servers. Changed NFS flushing to now use chmod() instead of chown().
+ - quota: warnings did not work if quota root was noenforcing
+ - acl: Global ACL file ignored the last line if it didn't end with LF.
+ - doveadm stats dump: With JSON formatter output numbers using the
+ number type instead of as strings
+ - lmtp_proxy: Ensure that real_* variables are correctly set when using
+ lmtp_proxy.
+ - event exporter: http-post driver had hardcoded timeout and did not
+ support DNS lookups or TLS connections.
+ - auth: Fix user iteration to work with userdb passwd with glibc v2.28.
+ - auth: auth service can crash if auth-policy JSON response is invalid
+ or returned too fast.
+ - In some rare situations "ps" output could have shown a lot of "?"
+ characters after Dovecot process titles.
+ - When dovecot.index.pvt is empty, an unnecessary error is logged:
+ Error: .../dovecot.index.pvt reset, view is now inconsistent
+ - SMTP address encoder duplicated initial double quote character when
+ the localpart of an address ended in '..'. For example
+ "user+..@example.com" became ""user+.."@example.com in a
+ sieve redirect.
+
+v2.3.7.1 2019-07-23 Timo Sirainen <timo.sirainen@open-xchange.com>
+
+ - Fix TCP_NODELAY errors being logged on non-Linux OSes
+ - lmtp proxy: Fix assert-crash when client uses BODY=8BITMIME
+ - Remove wrongly added checks in namespace prefix checking
+
+v2.3.7 2019-07-12 Aki Tuomi <aki.tuomi@open-xchange.com>
+
+ * fts-solr: Removed break-imap-search parameter
+ + Added more events for the new statistics, see
+ https://doc.dovecot.org/admin_manual/list_of_events/
+ + mail-lua: Add IMAP metadata accessors, see
+ https://doc.dovecot.org/admin_manual/lua/
+ + Add event exporters that allow exporting raw events to log files and
+ external systems, see
+ https://doc.dovecot.org/configuration_manual/event_export/
+ + SNIPPET is now PREVIEW and size has been increased to 200 characters.
+ + Add body option to fts_enforced. This triggers building FTS index only
+ on body search, and an error using FTS index fails the search rather
+ than reads through all the mails.
+ - Submission/LMTP: Fixed crash when domain argument is invalid in a
+ second EHLO/LHLO command.
+ - Copying/moving mails using Maildir format loses IMAP keywords in the
+ destination if the mail also has no system flags.
+ - mail_attachment_detection_options=add-flags-on-save caused email body
+ to be unnecessarily opened when FETCHing mail headers that were
+ already cached.
+ - mail attachment detection keywords not saved with maildir.
+ - dovecot.index.cache may have grown excessively large in some
+ situations. This happened especially when using autoexpunging with
+ lazy_expunge folders. Also with mdbox format in general the cache file
+ wasn't recreated as often as it should have.
+ - Autoexpunged mails weren't immediately deleted from the disk. Instead,
+ the deletion from disk happened the next time the folder was opened.
+ This could have caused unnecessary delays if the opening was done by
+ an interactive IMAP session.
+ - Dovecot's TCP connections sometimes add extra 40ms latency due to not
+ enabling TCP_NODELAY. HTTP and SMTP/LMTP connections weren't
+ affected, but everything else was. This delay wasn't always visible -
+ only in some situations with some message/packet sizes.
+ - imapc: Fix various crash conditions
+ - Dovecot builds were not always reproducible.
+ - login-proxy: With shutdown_clients=no after config reload the
+ existing connections could no longer be listed or kicked with doveadm.
+ - "doveadm proxy kick" with -f parameter caused a crash in some
+ situations.
+ - Auth policy can cause segmentation fault crash during auth process
+ shutdown if all auth requests have not been finished.
+ - Fix various minor bugs leading into incorrect behaviour in mailbox
+ list index handling. These rarely caused noticeable problems.
+ - LDAP auth: Iteration accesses freed memory, possibly crashing
+ auth-worker
+ - local_name { .. } filter in dovecot.conf does not correctly support
+ multiple names and wildcards were matched incorrectly.
+ - replicator: dsync assert-crashes if it can't connect to remote TCP
+ server.
+ - config: Memory leak in config process when ssl_dh setting wasn't
+ set and there was no ssl-parameters.dat file.
+ This caused config process to die once in a while
+ with "out of memory".
+
+v2.3.6 2019-04-30 Aki Tuomi <aki.tuomi@open-xchange.com>
+
+ * CVE-2019-11494: Submission-login crashed with signal 11 due to null
+ pointer access when authentication was aborted by disconnecting.
+ * CVE-2019-11499: Submission-login crashed when authentication was
+ started over TLS secured channel and invalid authentication message
+ was sent.
+ * auth: Support password grant with passdb oauth2.
+ + Use system default CAs for outbound TLS connections.
+ + Simplify array handling with new helper macros.
+ + fts_solr: Enable configuring batch_size and soft_commit features.
+ - lmtp/submission: Fixed various bugs in XCLIENT handling, including a
+ hang when XCLIENT commands were sent infinitely to the remote server.
+ - lmtp/submission: Forwarded multi-line replies were erroneously sent
+ as two replies to the client.
+ - lib-smtp: client: Message was not guaranteed to contain CRLF
+ consistently when CHUNKING was used.
+ - fts_solr: Plugin was no longer compatible with Solr 7.
+ - Make it possible to disable certificate checking without
+ setting ssl_client_ca_* settings.
+ - pop3c: SSL support was broken.
+ - mysql: Closing connection twice lead to crash on some systems.
+ - auth: Multiple oauth2 passdbs crashed auth process on deinit.
+ - HTTP client connection errors infrequently triggered a segmentation
+ fault when the connection was idle and not used for a particular
+ client instance.
+
+v2.3.5.2 2019-04-18 Timo Sirainen <tss@iki.fi>
+
+ * CVE-2019-10691: Trying to login with 8bit username containing
+ invalid UTF8 input causes auth process to crash if auth policy is
+ enabled. This could be used rather easily to cause a DoS. Similar
+ crash also happens during mail delivery when using invalid UTF8 in
+ From or Subject header when OX push notification driver is used.
+
+v2.3.5.1 2019-03-28 Timo Sirainen <tss@iki.fi>
+
+ * CVE-2019-7524: Missing input buffer size validation leads into
+ arbitrary buffer overflow when reading fts or pop3 uidl header
+ from Dovecot index. Exploiting this requires direct write access to
+ the index files.
+
+v2.3.5 2019-03-05 Timo Sirainen <tss@iki.fi>
+
+ + Lua push notification driver: mail keywords and flags are provided
+ in MessageNew and MessageAppend events.
+ + submission: Implement support for plugins.
+ + auth: When auth_policy_log_only=yes, only log what the policy server
+ response would do without actually doing it.
+ + auth: Always log policy server decisions with auth_verbose=yes
+ - v2.3.[34]: doveadm log errors: Output was missing user/session
+ - lda: Debug log lines could have shown slightly corrupted
+ - login proxy: Login processes may have crashed in various ways when
+ login_proxy_max_disconnect_delay was set.
+ - imap: Fix crash with Maildir+zlib if client disconnects during APPEND
+ - lmtp proxy: Fix potential assert-crash
+ - lmtp/submission: Fix crash when SMTP client transaction times out
+ - submission: Split large XCLIENT commands to 512 bytes per command,
+ so Postfix accepts them.
+ - submission: Fix crash when client sends invalid BURL command
+ - submission: relay backend: VRFY command: Avoid forwarding 500 and
+ 502 replies back to client.
+ - lib-http: Fix potential assert-crash when DNS lookup fails
+ - lib-fts: Fix search query generation when one language ignores a
+ token (e.g. via stopwords).
+
+v2.3.4 2018-11-23 Timo Sirainen <tss@iki.fi>
+
+ * The default postmaster_address is now "postmaster@<user domain or
+ server hostname>". If username contains the @domain part, that's
+ used. If not, then the server's hostname is used.
+ * "doveadm stats dump" now returns two decimals for the "avg" field.
+
+ + Added push notification driver that uses a Lua script
+ + Added new SQL, DNS and connection events.
+ See https://wiki2.dovecot.org/Events
+ + Added "doveadm mailbox cache purge" command.
+ + Added events API support for Lua scripts
+ + doveadm force-resync -f parameter performs "index fsck" while opening
+ the index. This may be useful to fix some types of broken index files.
+ This may become the default behavior in a later version.
+ - director: Kicking a user crashes if login process is very slow
+ - pop3_no_flag_updates=no: Don't expunge DELEted and RETRed messages
+ unless QUIT is sent.
+ - auth: Fix crypt() segfault with glibc-2.28+
+ - imap: Running UID FILTER script with errors assert-crashes
+ - dsync, pop3-migration: POP3 UIDLs weren't added to
+ dovecot.index.cache while mails were saved.
+ - dict clients may have been using 100% CPU while waiting for dict
+ server to finish commands.
+ - doveadm user: Fixed user listing via HTTP API
+ - All levels of Cassandra log messages were logged as Dovecot errors.
+ - http/smtp client may have crashed after SSL handshake
+ - Lua auth converted strings that looked like numbers into numbers.
+
+
+v2.3.3 2018-10-01 Timo Sirainen <tss@iki.fi>
+
+ * doveconf hides more secrets now in the default output.
+ * ssl_dh setting is no longer enforced at startup. If it's not set and
+ non-ECC DH key exchange happens, error is logged and client is
+ disconnected.
+
+ + Added log_debug=<filter> setting.
+ + Added log_core_filter=<log filter> setting.
+ + quota-clone: Write to dict asynchronously
+ + --enable-hardening attempts to use retpoline Spectre 2 mitigations
+ + lmtp proxy: Support source_ip passdb extra field.
+ + doveadm stats dump: Support more fields and output stddev by default.
+ + push-notification: Add SSL support for OX backend.
+ - NUL bytes in mail headers can cause truncated replies when fetched.
+ - director: Conflicting host up/down state changes may in some rare
+ situations ended up in a loop of two directors constantly overwriting
+ each others' changes.
+ - director: Fix hang/crash when multiple doveadm commands are being
+ handled concurrently.
+ - director: Fix assert-crash if doveadm disconnects too early
+ - virtual plugin: Some searches used 100% CPU for many seconds
+ - dsync assert-crashed with acl plugin in some situations.
+ - mail_attachment_detection_options=add-flags-on-save assert-crashed
+ with some specific Sieve scripts.
+ - Mail snippet generation crashed with mails containing invalid
+ Content-Type:multipart header.
+ - Log prefix ordering was different for some log lines.
+ - quota: With noenforcing option current quota usage wasn't updated.
+ - auth: Kerberos authentication against Samba assert-crashed.
+ - stats clients were unnecessarily chatty with the stats server.
+ - imapc: Fixed various assert-crashes when reconnecting to server.
+ - lmtp, submission: Fix potential crash if client disconnects while
+ handling a command.
+ - quota: Fixed compiling with glibc-2.26 / support libtirpc.
+ - fts-solr: Empty search values resulted in 400 Bad Request errors
+ - fts-solr: default_ns parameter couldn't be used
+ - submission server crashed if relay server returned over 7 lines in
+ a reply (e.g. to EHLO)
+
+v2.3.2.1 2018-07-09 Timo Sirainen <tss@iki.fi>
+
+ - SSL/TLS servers may have crashed during client disconnection
+ - lmtp: With lmtp_rcpt_check_quota=yes mail deliveries may have
+ sometimes assert-crashed.
+ - v2.3.2: "make check" may have crashed with 32bit systems
+
+v2.3.2 2018-06-29 Timo Sirainen <tss@iki.fi>
+
+ * old-stats plugin: Don't temporarily enable PR_SET_DUMPABLE while
+ opening /proc/self/io. This may still cause security problems if the
+ process is ptrace()d at the same time. Instead, open it while still
+ running as root.
+ + doveadm: Added mailbox cache decision&remove commands. See
+ doveadm-mailbox(1) man page for details.
+ + doveadm: Added rebuild attachments command for rebuilding
+ $HasAttachment or $HasNoAttachment flags for matching mails. See
+ doveadm-rebuild(1) man page for details.
+ + cassandra: Use fallback_consistency on more types of errors
+ + lmtp proxy: Support outgoing SSL/TLS connections
+ + lmtp: Add lmtp_rawlog_dir and lmtp_proxy_rawlog_dir settings.
+ + submission: Add support for rawlog_dir
+ + submission: Add submission_client_workarounds setting.
+ + lua auth: Add password_verify() function and additional fields in
+ auth request.
+ - doveadm-server: TCP connections are hanging when there is a lot of
+ network output. This especially caused hangs in dsync-replication.
+ - Using multiple type=shared mdbox namespaces crashed
+ - mail_fsync setting was ignored. It was always set to "optimized".
+ - lua auth: Fix potential crash at deinit
+ - SSL/TLS servers may have crashed if client disconnected during
+ handshake.
+ - SSL/TLS servers: Don't send extraneous certificates to client when
+ alt certs are used.
+ - lda, lmtp: Return-Path header without '<' may have assert-crashed.
+ - lda, lmtp: Unencoded UTF-8 in email address headers may assert-crash
+ - lda: -f parameter didn't allow empty/null/domainless address
+ - lmtp, submission: Message size limit was hardcoded to 40 MB.
+ Exceeding it caused the connection to get dropped during transfer.
+ - lmtp: Fix potential crash when delivery fails at DATA stage
+ - lmtp: login_greeting setting was ignored
+ - Fix to work with OpenSSL v1.0.2f
+ - systemd unit restrictions were too strict by default
+ - Fix potential crashes when a lot of log output was produced
+ - SMTP client may have assert-crashed when sending mail
+ - IMAP COMPRESS: Send "end of compression" marker when disconnecting.
+ - cassandra: Fix consistency=quorum to work
+ - dsync: Lock file generation failed if home directory didn't exist
+ - Snippet generation for HTML mails didn't ignore &entities inside
+ blockquotes, producing strange looking snippets.
+ - imapc: Fix assert-crash if getting disconnected and after
+ reconnection all mails in the selected mailbox are gone.
+ - pop3c: Handle unexpected server disconnections without assert-crash
+ - fts: Fixes to indexing mails via virtual mailboxes.
+ - fts: If mails contained NUL characters, the text around it wasn't
+ indexed.
+ - Obsolete dovecot.index.cache offsets were sometimes used. Trying to
+ fetch a field that was just added to cache file may not have always
+ found it.
+
+v2.3.1 2018-02-29 Aki Tuomi <aki.tuomi@dovecot.fi>
+
+ * Submission server support improvements and bug fixes
+ - Lots of bug fixes to submission server
+ * API CHANGE: array_idx_modifiable will no longer allocate space
+ - Particularly affects how you should check MODULE_CONTEXT result, or
+ use REQUIRE_MODULE_CONTEXT.
+
+ + mail_attachment_detection_options setting controls when
+ $HasAttachment and $HasNoAttachment keywords are set for mails.
+ + imap: Support fetching body snippets using FETCH (SNIPPET) or
+ (SNIPPET (LAZY=FUZZY))
+ + fs-compress: Automatically detect whether input is compressed or not.
+ Prefix the compression algorithm with "maybe-" to enable the
+ detection, for example: "compress:maybe-gz:6:..."
+ + Added settings to change dovecot.index* files' optimization behavior.
+ See https://wiki2.dovecot.org/IndexFiles#Settings
+ + Auth cache can now utilize auth workers to do password hash
+ verification by setting auth_cache_verify_password_with_worker=yes.
+ + Added charset_alias plugin. See
+ https://wiki2.dovecot.org/Plugins/CharsetAlias
+ + imap_logout_format and pop3_logout_format settings now support all of
+ the generic variables (e.g. %{rip}, %{session}, etc.)
+ + Added auth_policy_check_before_auth, auth_policy_check_after_auth
+ and auth_policy_report_after_auth settings.
+ + master: Support HAProxy PP2_TYPE_SSL command and set "secured"
+ variable appropriately
+ - Invalid UCS4 escape in HTML can cause crashes
+ - imap: IMAP COMPRESS -enabled clietn crashes on disconnect
+ - lmtp: Fix crash when user is over quota
+ - lib-lda: Parsing Return-Path header address fails when it contains
+ CFWS
+ - auth: SASL with Exim fails for AUTH commands without an initial
+ response
+ - imap: SPECIAL-USE capability isn't automatically added
+ - auth: LDAP subqueries do not support standard auth variables in
+ var-expand
+ - auth: SHA256-CRYPT and SHA512-CRYPT schemes do not work
+ - lib-index: mail_always/never_cache_fields are not used for existing
+ cache files
+ - imap: Fetching headers leaks memory if search doesn't find any mails
+ - lmtp: ORCPT support in RCPT TO
+ - imap-login: Process sometimes ends up in infinite loop
+ - sdbox: Rolled back save/copy transaction doesn't delete temp files
+ - mail: lock_method=dotlock causes crashes
+
+v2.3.0.1 2018-02-28 Timo Sirainen <tss@iki.fi>
+
+ * CVE-2017-15130: TLS SNI config lookups may lead to excessive
+ memory usage, causing imap-login/pop3-login VSZ limit to be reached
+ and the process restarted. This happens only if Dovecot config has
+ local_name { } or local { } configuration blocks and attacker uses
+ randomly generated SNI servernames.
+ * CVE-2017-14461: Parsing invalid email addresses may cause a crash or
+ leak memory contents to attacker. For example, these memory contents
+ might contain parts of an email from another user if the same imap
+ process is reused for multiple users. First discovered by Aleksandar
+ Nikolic of Cisco Talos. Independently also discovered by "flxflndy"
+ via HackerOne.
+ * CVE-2017-15132: Aborted SASL authentication leaks memory in login
+ process.
+ * Linux: Core dumping is no longer enabled by default via
+ PR_SET_DUMPABLE, because this may allow attackers to bypass
+ chroot/group restrictions. Found by cPanel Security Team. Nowadays
+ core dumps can be safely enabled by using "sysctl -w
+ fs.suid_dumpable=2". If the old behaviour is wanted, it can still be
+ enabled by setting:
+ import_environment=$import_environment PR_SET_DUMPABLE=1
+ - imap-login with SSL/TLS connections may end up in infinite loop
+
+v2.3.0 2017-12-22 Timo Sirainen <tss@iki.fi>
+
+ * Various setting changes, see https://wiki2.dovecot.org/Upgrading/2.3
+ * Logging rewrite started: Logging is now based on hierarchical events.
+ This makes it possible to do various things, like: 1) giving
+ consistent log prefixes, 2) enabling debug logging with finer
+ granularity, 3) provide logs in more machine readable formats
+ (e.g. json). Everything isn't finished yet, especially a lot of the
+ old logging code still needs to be translated to the new way.
+ * Statistics rewrite started: Stats are now based on (log) events.
+ It's possible to gather statistics about any event that is logged.
+ See http://wiki2.dovecot.org/Statistics for details
+ * ssl_dh setting replaces the old generated ssl-parameters.dat
+ * IMAP: When BINARY FETCH finds a broken mails, send [PARSE] error
+ instead of [UNKNOWNCTE]
+ * Linux: core dumping via PR_SET_DUMPABLE is no longer enabled by
+ default due to potential security reasons (found by cPanel Security
+ Team).
+
+ + Added support for SMTP submission proxy server, which includes
+ support for BURL and CHUNKING extension.
+ + LMTP rewrite. Supports now CHUNKING extension and mixing of
+ local/proxy recipients.
+ + auth: Support libsodium to add support for ARGON2I and ARGON2ID
+ password schemes.
+ + auth: Support BLF-CRYPT password scheme in all platforms
+ + auth: Added LUA scripting support for passdb/userdb.
+ See https://wiki2.dovecot.org/AuthDatabase/Lua
+ - Input streams are more reliable now when there are errors or when
+ the maximum buffer size is reached. Previously in some situations
+ this could have caused Dovecot to try to read already freed memory.
+ - Output streams weren't previously handling failures when writing a
+ trailer at the end of the stream. This mainly affected encrypt and
+ zlib compress ostreams, which could have silently written truncated
+ files if the last write happened to fail (which shouldn't normally
+ have ever happened).
+ - virtual plugin: Fixed panic when fetching mails from virtual
+ mailboxes with IMAP BINARY extension.
+ - doveadm-server: Fix potential hangs with SSL connections
+ - doveadm proxy: Reading commands' output from v2.2.33+ servers could
+ have caused the output to be corrupted or caused a crash.
+ - Many other smaller fixes
+
+v2.2.36.3 2019-03-28 Timo Sirainen <tss@iki.fi>
+
+ * CVE-2019-7524: Missing input buffer size validation leads into
+ arbitrary buffer overflow when reading fts or pop3 uidl header
+ from Dovecot index. Exploiting this requires direct write access to
+ the index files.
+
+v2.2.36.1 2019-02-05 Timo Sirainen <tss@iki.fi>
+
+ * CVE-2019-3814: If imap/pop3/managesieve/submission client has
+ trusted certificate with missing username field
+ (ssl_cert_username_field), under some configurations Dovecot
+ mistakenly trusts the username provided via authentication instead
+ of failing.
+ * ssl_cert_username_field setting was ignored with external SMTP AUTH,
+ because none of the MTAs (Postfix, Exim) currently send the
+ cert_username field. This may have allowed users with trusted
+ certificate to specify any username in the authentication. This bug
+ didn't affect Dovecot's Submission service.
+
+ - pop3_no_flag_updates=no: Don't expunge RETRed messages without QUIT
+ - director: Kicking a user assert-crashes if login process is very slow
+ - lda/lmtp: Fix assert-crash with some Sieve scripts when
+ mail_attachment_detection_options=add-flags-on-save
+ - fs-compress: Using maybe-gz assert-crashed when reading 0 sized file
+ - Snippet generation crashed with invalid Content-Type:multipart
+
+v2.2.36 2018-05-23 Timo Sirainen <tss@iki.fi>
+
+ * login-proxy: If ssl_require_crl=no, allow revoked certificates.
+ Also don't do CRL checks for incoming client certificates.
+ * stats plugin: Don't temporarily enable PR_SET_DUMPABLE while opening
+ /proc/self/io. This may still cause security problems if the process
+ is ptrace()d at the same time. Instead, open it while still running
+ as root.
+
+ + doveadm: Added mailbox cache decision&remove commands. See
+ doveadm-mailbox(1) man page for details.
+ + doveadm: Added rebuild attachments command for rebuilding
+ $HasAttachment or $HasNoAttachment flags for matching mails. See
+ doveadm-rebuild(1) man page for details.
+ + cassandra: Use fallback_consistency on more types of errors
+ - cassandra: Fix consistency=quorum to work
+ - dsync: Lock file generation failed if home directory didn't exist
+ - In some configs if namespace root directory didn't yet exist, Dovecot
+ failed to create mailboxes.lock when trying to create mailboxes
+ - Snippet generation for HTML mails didn't ignore &entities inside
+ blockquotes, producing strange looking snippets.
+ - imapc: Fix assert-crash if getting disconnected and after
+ reconnection all mails in the selected mailbox are gone.
+ - pop3c: Handle unexpected server disconnections without assert-crash
+ - fts: Fixes to indexing mails via virtual mailboxes.
+ - fts: If mails contained NUL characters, the text around it wasn't
+ indexed.
+ - Obsolete dovecot.index.cache offsets were sometimes used. Trying to
+ fetch a field that was just added to cache file may not have always
+ found it.
+ - dict-sql: Fix crash when reading NULL value from database
+
+v2.2.35 2018-03-19 Aki Tuomi <aki.tuomi@dovecot.fi>
+
+ - charset_alias: compile fails with Solaris Studio, reported by
+ John Woods.
+ - Fix local name handling in v2.2.34 SNI code, bug found by cPanel.
+ - imapc: Don't try to add mails to index if they already exist there.
+ - imapc: If email is modified in istream_opened hook, mail size isn't
+ updated.
+ - lib-dcrypt: When reading encrypted data, more data would not be
+ read if buffer was not consumed causing panic or hang.
+ - notify: When notify plugin is used and transaction commit fails in
+ dsync, crash occurs.
+ - sdbox: When delivering to a mailbox that is over quota, temp files
+ are not cleaned up when saving or copying fails.
+
+v2.2.34 2018-02-28 Timo Sirainen <tss@iki.fi>
+
+ * CVE-2017-15130: TLS SNI config lookups may lead to excessive
+ memory usage, causing imap-login/pop3-login VSZ limit to be reached
+ and the process restarted. This happens only if Dovecot config has
+ local_name { } or local { } configuration blocks and attacker uses
+ randomly generated SNI servernames.
+ * CVE-2017-14461: Parsing invalid email addresses may cause a crash or
+ leak memory contents to attacker. For example, these memory contents
+ might contain parts of an email from another user if the same imap
+ process is reused for multiple users. First discovered by Aleksandar
+ Nikolic of Cisco Talos. Independently also discovered by "flxflndy"
+ via HackerOne.
+ * CVE-2017-15132: Aborted SASL authentication leaks memory in login
+ process.
+ * Linux: Core dumping is no longer enabled by default via
+ PR_SET_DUMPABLE, because this may allow attackers to bypass
+ chroot/group restrictions. Found by cPanel Security Team. Nowadays
+ core dumps can be safely enabled by using "sysctl -w
+ fs.suid_dumpable=2". If the old behaviour is wanted, it can still be
+ enabled by setting:
+ import_environment=$import_environment PR_SET_DUMPABLE=1
+ * doveconf output now includes the hostname.
+
+ + mail_attachment_detection_options setting controls when
+ $HasAttachment and $HasNoAttachment keywords are set for mails.
+ + imap: Support fetching body snippets using FETCH (SNIPPET) or
+ (SNIPPET (LAZY=FUZZY))
+ + fs-compress: Automatically detect whether input is compressed or not.
+ Prefix the compression algorithm with "maybe-" to enable the
+ detection, for example: "compress:maybe-gz:6:..."
+ + Added settings to change dovecot.index* files' optimization behavior.
+ See https://wiki2.dovecot.org/IndexFiles#Settings
+ + Auth cache can now utilize auth workers to do password hash
+ verification by setting auth_cache_verify_password_with_worker=yes.
+ + Added charset_alias plugin. See
+ https://wiki2.dovecot.org/Plugins/CharsetAlias
+ + imap_logout_format and pop3_logout_format settings now support all of
+ the generic variables (e.g. %{rip}, %{session}, etc.)
+ + Added auth_policy_check_before_auth, auth_policy_check_after_auth
+ and auth_policy_report_after_auth settings.
+ - v2.2.33: doveadm-server: Various fixes related to log handling.
+ - v2.2.33: doveadm failed when trying to access UNIX socket that didn't
+ require authentication.
+ - v2.2.33: doveadm log reopen stopped working
+ - v2.2.30+: IMAP stopped advertising SPECIAL-USE capability
+ - v2.2.30+: IMAP stopped sending untagged OK/NO storage notifications
+ - replication: dsync sends unnecessary replication notification for
+ changes it does internally. NOTE: Folder creates, renames, deletes
+ and subscribes still trigger unnecessary replication notifications,
+ but these should be rather rare.
+ - mail_always/never_cache_fields setting changes weren't applied for
+ existing dovecot.index.cache files.
+ - Fix compiling and other problems with OpenSSL v1.1
+ - auth policy: With master user logins, lookup using login username.
+ - FTS reindexed all mails unnecessarily after loss of
+ dovecot.index.cache file
+ - mdbox rebuild repeatedly fails with "missing map extension"
+ - SSL connections may have been hanging with imapc or doveadm client.
+ - cassandra: Using protocol v3 (Cassandra v2.1) caused memory leaks and
+ also timestamps weren't set to queries.
+ - fs-crypt silently ignored public/private keys specified in
+ configuration (mail_crypt_global_public/private_key) and just
+ emitted plaintext output.
+ - lock_method=dotlock caused crashes
+ - imapc: Reconnection may cause crashes and other errors
+
+v2.2.33.2 2017-10-20 Timo Sirainen <tss@iki.fi>
+
+ - doveadm: Fix crash in proxying (or dsync replication) if remote is
+ running older than v2.2.33
+ - auth: Fix memory leak in %{ldap_dn}
+ - dict-sql: Fix data types to work correctly with Cassandra
+
+v2.2.33.1 2017-10-10 Timo Sirainen <tss@iki.fi>
+
+ - dovecot-lda was logging to stderr instead of to the log file.
+
+v2.2.33 2017-10-10 Timo Sirainen <tss@iki.fi>
+
+ * doveadm director commands wait for the changes to be visible in the
+ whole ring before they return. This is especially useful in testing.
+ * Environments listed in import_environment setting are now set or
+ preserved when executing standalone commands (e.g. doveadm)
+
+ + doveadm proxy: Support proxying logs. Previously the logs were
+ visible only in the backend's logs.
+ + Added %{if}, see https://wiki2.dovecot.org/Variables#Conditionals
+ + Added a new notify_status plugin, which can be used to update dict
+ with current status of a mailbox when it changes. See
+ https://wiki2.dovecot.org/Plugins/NotifyStatus
+ + Mailbox list index can be disabled for a namespace by appending
+ ":LISTINDEX=" to location setting.
+ + dsync/imapc: Added dsync_hashed_headers setting to specify which
+ headers are used to match emails.
+ + pop3-migration: Add pop3_migration_ignore_extra_uidls=yes to ignore
+ mails that are visible in POP3 but not IMAP. This could happen if
+ new mails were delivered during the migration run.
+ + pop3-migration: Further improvements to help with Zimbra
+ + pop3-migration: Cache POP3 UIDLs in imapc's dovecot.index.cache
+ if indexes are enabled. These are used to optimize incremental syncs.
+ + cassandra, dict-sql: Use prepared statements if protocol version>3.
+ + auth: Added %{ldap_dn} variable for passdb/userdb ldap
+ - acl: The "create" (k) permission in global acl-file was sometimes
+ ignored, allowing users to create mailboxes when they shouldn't have.
+ - sdbox: Mails were always opened when expunging, unless
+ mail_attachment_fs was explicitly set to empty.
+ - lmtp/doveadm proxy: hostip passdb field was ignored, which caused
+ unnecessary DNS lookups if host field wasn't an IP
+ - lmtp proxy: Fix crash when receiving unexpected reply in RCPT TO
+ - quota_clone: Update also when quota is unlimited (broken in v2.2.31)
+ - mbox, zlib: Fix assert-crash when accessing compressed mbox
+ - doveadm director kick -f parameter didn't work
+ - doveadm director flush <host> resulted flushing all hosts, if <host>
+ wasn't an IP address.
+ - director: Various fixes to handling backend/director changes at
+ abnormal times, especially while ring was unsynced. These could have
+ resulted in crashes, non-optimal behavior or ignoring some of the
+ changes.
+ - director: Use less CPU in imap-login processes when moving/kicking
+ many users.
+ - lmtp: Session IDs were duplicated/confusing with multiple RCPT TOs
+ when lmtp_rcpt_check_quota=yes
+ - doveadm sync -1 fails when local mailboxes exist that do not exist
+ remotely. This commonly happened when lazy_expunge mailbox was
+ autocreated when incremental sync expunged mails.
+ - pop3: rawlog_dir setting didn't work
+
+
+v2.2.32 2017-08-24 Timo Sirainen <tss@iki.fi>
+
+ * imapc: Info-level line is logged every time when successfully
+ connected to the remote server. This includes local/remote IP/port,
+ which can be useful for matching against external logs.
+ * config: Log a warning if plugin { key=no } is used explicitly.
+ v2.3 will support "no" properly in plugin settings, but for now
+ any value at all for a boolean plugin setting is treated as "yes",
+ even if it's written as explicit "no". This change will now warn
+ that it most likely won't work as intended.
+
+ + Various optimizations to avoid accessing files/directories when it's
+ not necessary. Especially avoid accessing mail root directories when
+ INDEX directories point to a different filesystem.
+ + mail_location can now include ITERINDEX parameter. This tells Dovecot
+ to perform mailbox listing from the INDEX path instead of from the
+ mail root path. It's mainly useful when the INDEX storage is on a
+ faster storage.
+ + mail_location can now include VOLATILEDIR=<path> parameter. This
+ is used for creating lock files and in future potentially other
+ files that don't need to exist permanently. The path could point to
+ tmpfs for example. This is especially useful to avoid creating lock
+ files to NFS or other remote filesystems. For example:
+ mail_location=sdbox:~/sdbox:VOLATILEDIR=/tmp/volatile/%2.256Nu/%u
+ + mail_location's LISTINDEX=<path> can now contain a full path.
+ This allows storing mailbox list index to a different storage
+ than the rest of the indexes, for example to tmpfs.
+ + mail_location can now include NO-NOSELECT parameter. This
+ automatically deletes any \NoSelect mailboxes that have no children.
+ These mailboxes are sometimes confusing to users.
+ + mail_location can now include BROKENCHAR=<char> parameter. This can
+ be useful with imapc to access mailbox names that aren't valid mUTF-7
+ charset from remote servers.
+ + If mailbox_list_index_very_dirty_syncs=yes, the list index is no
+ longer refreshed against filesystem when listing mailboxes. This
+ allows the mailbox listing to be done entirely by only reading the
+ mailbox list index.
+ + Added mailbox_list_index_include_inbox setting to control whether
+ INBOX's STATUS information should be cached in the mailbox list
+ index. The default is "no", but it may be useful to change it to
+ "yes", especially if LISTINDEX points to tmpfs.
+ + userdb can return chdir=<path>, which override mail_home for the
+ chdir location. This can be useful to avoid accessing home directory
+ on login.
+ + userdb can return postlogin=<socket> to specify per-user imap/pop3
+ postlogin socket path.
+ + cassandra: Add support for result paging by adding page_size=<n>
+ parameter to the connect setting.
+ + dsync/imapc, pop3-migration plugin: Strip also trailing tabs from
+ headers when matching mails. This helps with migrations from Zimbra.
+ + imap_logout_format supports now %{appended} and %{autoexpunged}
+ + virtual plugin: Optimize IDLE to use mailbox list index for finding
+ out when something has changed.
+ + Added apparmor plugin. See https://wiki2.dovecot.org/Plugins/Apparmor
+ - virtual plugin: A lot of fixes. In many cases it was also working
+ very inefficiently or even incorrectly.
+ - imap: NOTIFY parameter parsing was incorrectly "fixed" in v2.2.31.
+ It was actually (mostly) working in previous versions, but broken
+ in v2.2.31.
+ - Modseq tracking didn't always work correctly. This could have caused
+ imap unhibernation to fail or IMAP QRESYNC/CONDSTORE extensions to
+ not work perfectly.
+ - mdbox: "Inconsistency in map index" wasn't fixed automatically
+ - dict-ldap: %variable values used in the LDAP filter weren't escaped.
+ - quota=count: quota_warning = -storage=.. was never executed (try #2).
+ v2.2.31 fixed it for -messages, but not for -storage.
+ - imapc: >= 32 kB mail bodies were supposed to be cached for subsequent
+ FETCHes, but weren't.
+ - quota-status service didn't support recipient_delimiter
+ - acl: Don't access dovecot-acl-list files with acl_globals_only=yes
+ - mail_location: If INDEX dir is set, mailbox deletion deletes its
+ childrens' indexes. For example if "box" is deleted, "box/child"
+ index directory was deleted as well (but mails were preserved).
+ - director: v2.2.31 caused rapid reconnection loops to directors
+ that were down.
+
+v2.2.31 2017-06-26 Timo Sirainen <tss@iki.fi>
+
+ * LMTP: Removed "(Dovecot)" from added Received headers. Some
+ installations want to hide it, and there's not really any good reason
+ for anyone to have it.
+
+ + Add ssl_alt_cert and ssl_alt_key settings to add support for
+ having both RSA and ECDSA certificates.
+ + dsync/imapc, pop3-migration plugin: Strip trailing whitespace from
+ headers when matching mails. This helps with migrations from Zimbra.
+ + acl: Add acl_globals_only setting to disable looking up
+ per-mailbox dovecot-acl files.
+ + Parse invalid message addresses better. This mainly affects the
+ generated IMAP ENVELOPE replies.
+ - v2.2.30 wasn't fixing corrupted dovecot.index.cache files properly.
+ It could have deleted wrong mail's cache or assert-crashed.
+ - v2.2.30 mail-crypt-acl plugin was assert-crashing
+ - v2.2.30 welcome plugin wasn't working
+ - Various fixes to handling mailbox listing. Especially related to
+ handling nonexistent autocreated/autosubscribed mailboxes and ACLs.
+ - Global ACL file was parsed as if it was local ACL file. This caused
+ some of the ACL rule interactions to not work exactly as intended.
+ - auth: forward_* fields didn't work properly: Only the first forward
+ field was working, and only if the first passdb lookup succeeded.
+ - Using mail_sort_max_read_count sometimes caused "Broken sort-*
+ indexes, resetting" errors.
+ - Using mail_sort_max_read_count may have caused very high CPU usage.
+ - Message address parsing could have crashed on invalid input.
+ - imapc_features=fetch-headers wasn't always working correctly and
+ caused the full header to be fetched.
+ - imapc: Various bugfixes related to connection failure handling.
+ - quota=imapc sent unnecessary FETCH RFC822.SIZE to server when
+ expunging mails.
+ - quota=count: quota_warning = -storage=.. was never executed
+ - quota=count: Add support for "ns" parameter
+ - dsync: Fix incremental syncing for mails that don't have Date or
+ Message-ID headers.
+ - imap: Fix hang when client sends pipelined SEARCH +
+ EXPUNGE/CLOSE/LOGOUT.
+ - oauth2: Token validation didn't accept empty server responses.
+ - imap: NOTIFY command has been almost completely broken since the
+ beginning. I guess nobody has been trying to use it.
+
+
+v2.2.30.2 2017-06-06 Timo Sirainen <tss@iki.fi>
+
+ - auth: Multiple failed authentications within short time caused
+ crashes
+ - push-notification: OX driver crashed at deinit
+
+v2.2.30.1 2017-05-31 Timo Sirainen <tss@iki.fi>
+
+ - quota_warning scripts weren't working in v2.2.30
+ - vpopmail still wasn't compiling
+
+v2.2.30 2017-05-30 Timo Sirainen <tss@iki.fi>
+
+ * auth: Use timing safe comparisons for everything related to
+ passwords. It's unlikely that these could have been used for
+ practical attacks, especially because Dovecot delays and flushes all
+ failed authentications in 2 second intervals. Also it could have
+ worked only when passwords were stored in plaintext in the passdb.
+ * master process sends SIGQUIT to all running children at shutdown,
+ which instructs them to close all the socket listeners immediately.
+ This way restarting Dovecot should no longer fail due to some
+ processes keeping the listeners open for a long time.
+
+ + auth: Add passdb { mechanisms=none } to match separate passdb lookup
+ + auth: Add passdb { username_filter } to use passdb only if user
+ matches the filter. See https://wiki2.dovecot.org/PasswordDatabase
+ + dsync: Add dsync_commit_msgs_interval setting. It attempts to commit
+ the transaction after saving this many new messages. Because of the
+ way dsync works, it may not always be possible if mails are copied
+ or UIDs need to change.
+ + imapc: Support imapc_features=search without ESEARCH extension.
+ + imapc: Add imapc_features=fetch-bodystructure to pass through remote
+ server's FETCH BODY and BODYSTRUCTURE.
+ + imapc: Add quota=imapc backend to use GETQUOTA/GETQUOTAROOT on the
+ remote server.
+ + passdb imap: Add allow_invalid_cert and ssl_ca_file parameters.
+ + If dovecot.index.cache corruption is detected, reset only the one
+ corrupted mail instead of the whole file.
+ + doveadm mailbox status: Add "firstsaved" field.
+ + director_flush_socket: Add old host's up/down and vhost count as parameters
+ - More fixes to automatically fix corruption in dovecot.list.index
+ - dsync-server: Fix support for dsync_features=empty-header-workaround
+ - imapc: Various bugfixes, including infinite loops on some errors
+ - IMAP NOTIFY wasn't working for non-INBOX if IMAP client hadn't
+ enabled modseq tracking via CONDSTORE/QRESYNC.
+ - fts-lucene: Fix it to work again with mbox format
+ - Some internal error messages may have contained garbage in v2.2.29
+ - mail-crypt: Re-encrypt when copying/moving mails and per-mailbox keys
+ are used. Otherwise the copied mails can't be opened.
+ - vpopmail: Fix compiling
+
+v2.2.29.1 2017-04-12 Timo Sirainen <tss@iki.fi>
+
+ - imapc reconnection fix was forgotten from 2.2.29 release, which also
+ made "make check" fail in a unit test
+ - dict-sql: Merging multiple UPDATEs to a single statement wasn't
+ actually working.
+ - Fixed building with vpopmail
+
+v2.2.29 2017-04-10 Timo Sirainen <tss@iki.fi>
+
+ * passdb/userdb dict: Don't double-expand %variables in keys. If dict
+ was used as the authentication passdb, using specially crafted
+ %variables in the username could be used to cause DoS (CVE-2017-2669)
+ * When Dovecot encounters an internal error, it logs the real error and
+ usually logs another line saying what function failed. Previously the
+ second log line's error message was a rather uninformative "Internal
+ error occurred. Refer to server log for more information." Now the
+ real error message is duplicated in this second log line.
+ * lmtp: If a delivery has multiple recipients, run autoexpunging only
+ for the last recipient. This avoids a problem where a long
+ autoexpunge run causes LMTP client to timeout between the DATA
+ replies, resulting in duplicate mail deliveries.
+ * config: Don't stop the process due to idling. Otherwise the
+ configuration is reloaded when the process restarts.
+ * mail_log plugin: Differentiate autoexpunges from regular expunges
+ * imapc: Use LOGOUT to cleanly disconnect from server.
+ * lib-http: Internal status codes (>9000) are no longer visible in logs
+ * director: Log vhost count changes and HOST-UP/DOWN
+
+ + quota: Add plugin { quota_max_mail_size } setting to limit the
+ maximum individual mail size that can be saved.
+ + imapc: Add imapc_features=delay-login. If set, connecting to the
+ remote IMAP server isn't done until it's necessary.
+ + imapc: Add imapc_connection_retry_count and
+ imapc_connection_retry_interval settings.
+ + imap, pop3, indexer-worker: Add (deinit) to process title before
+ autoexpunging runs.
+ + Added %{encrypt} and %{decrypt} variables
+ + imap/pop3 proxy: Log proxy state in errors as human-readable string.
+ + imap/pop3-login: All forward_* extra fields returned by passdb are
+ sent to the next hop when proxying using ID/XCLIENT commands. On the
+ receiving side these fields are imported and sent to auth process
+ where they're accessible via %{passdb:forward_*}. This is done only
+ if the sending IP address matches login_trusted_networks.
+ + imap-login: If imap_id_retain=yes, send the IMAP ID string to
+ auth process. %{client_id} expands to it in auth process. The ID
+ string is also sent to the next hop when proxying.
+ + passdb imap: Use ssl_client_ca_* settings for CA validation.
+ - fts-tika: Fixed crash when parsing attachment without
+ Content-Disposition header. Broken by 2.2.28.
+ - trash plugin was broken in 2.2.28
+ - auth: When passdb/userdb lookups were done via auth-workers, too much
+ data was added to auth cache. This could have resulted in wrong
+ replies when using multiple passdbs/userdbs.
+ - auth: passdb { skip & mechanisms } were ignored for the first passdb
+ - oauth2: Various fixes, including fixes to crashes
+ - dsync: Large Sieve scripts (or other large metadata) weren't always
+ synced.
+ - Index rebuild (e.g. doveadm force-resync) set all mails as \Recent
+ - imap-hibernate: %{userdb:*} wasn't expanded in mail_log_prefix
+ - doveadm: Exit codes weren't preserved when proxying commands via
+ doveadm-server. Almost all errors used exit code 75 (tempfail).
+ - ACLs weren't applied to not-yet-existing autocreated mailboxes.
+ - Fixed a potential crash when parsing a broken message header.
+ - cassandra: Fallback consistency settings weren't working correctly.
+ - doveadm director status <user>: "Initial config" was always empty
+ - imapc: Various reconnection fixes.
+
+v2.2.28 2017-02-24 Timo Sirainen <tss@iki.fi>
+
+ * director: "doveadm director move" to same host now refreshes user's
+ timeout. This allows keeping user constantly in the same backend by
+ just periodically moving the user there.
+ * When new mailbox is created, use initially INBOX's
+ dovecot.index.cache caching decisions.
+ * Expunging mails writes GUID to dovecot.index.log now only if the
+ GUID is quickly available from index/cache.
+ * pop3c: Increase timeout for PASS command to 5 minutes.
+ * Mail access errors are no longer ignored when searching or sorting.
+ With IMAP the untagged SEARCH/SORT reply is still sent the same as
+ before, but NO reply is returned instead of OK.
+
+ + Make dovecot.list.index's filename configurable. This is needed when
+ there are multiple namespaces pointing to the same mail root
+ (e.g. lazy_expunge namespace for mdbox).
+ + Add size.virtual to dovecot.index when folder vsizes are accessed
+ (e.g. quota=count). This is mainly a workaround to avoid slow quota
+ recalculation performance when message sizes get lost from
+ dovecot.index.cache due to corruption or some other reason.
+ + auth: Support OAUTHBEARER and XOAUTH2 mechanisms. Also support them
+ in lib-dsasl for client side.
+ + auth: Support filtering by SASL mechanism: passdb { mechanisms }
+ + Shrink the mail processes' memory usage by not storing settings
+ duplicated unnecessarily many times.
+ + imap: Add imap_fetch_failure setting to control what happens when
+ FETCH fails for some mails (see example-config).
+ + imap: Include info about last command in disconnection log line.
+ + imap: Created new SEARCH=X-MIMEPART extension. It's currently not
+ advertised by default, since it's not fully implemented.
+ + fts-solr: Add support for basic authentication.
+ + Cassandra: Support automatically retrying failed queries if
+ execution_retry_interval and execution_retry_times are set.
+ + doveadm: Added "mailbox path" command.
+ + mail_log plugin: If plugin { mail_log_cached_only=yes }, log the
+ wanted fields only if it doesn't require opening the email.
+ + mail_vsize_bg_after_count setting added (see example-config).
+ + mail_sort_max_read_count setting added (see example-config).
+ + pop3c: Added pop3c_features=no-pipelining setting to prevent using
+ PIPELINING extension even though it's advertised.
+
+ - Index files: day_first_uid wasn't updated correctly since v2.2.26.
+ This caused dovecot.index.cache to be non-optimal.
+ - imap: SEARCH/SORT may have assert-crashed in
+ client_check_command_hangs
+ - imap: FETCH X-MAILBOX may have assert-crashed in virtual mailboxes.
+ - imap: Running time in tagged command reply was often wrongly 0.
+ - search: Using NOT n:* or NOT UID n:* wasn't handled correctly
+ - director: doveadm director kick was broken
+ - director: Fix crash when using director_flush_socket
+ - director: Fix some bugs when moving users between backends
+ - imapc: Various error handling fixes and improvements
+ - master: doveadm process status output had a lot of duplicates.
+ - autoexpunge: If mailbox's rename timestamp is newer than mail's
+ save-timestamp, use it instead. This is useful when autoexpunging
+ e.g. Trash/* and an entire mailbox is deleted by renaming it under
+ Trash to prevent it from being autoexpunged too early.
+ - autoexpunge: Multiple processes may have been trying to expunge the
+ same mails simultaneously. This was problematic especially with
+ lazy_expunge plugin.
+ - auth: %{passdb:*} was empty in auth-worker processes
+ - auth-policy: hashed_password was always sent empty.
+ - dict-sql: Merge multiple UPDATEs to a single statement if possible.
+ - fts-solr: Escape {} chars when sending queries
+ - fts: fts_autoindex_exclude = \Special-use caused crashes
+ - doveadm-server: Fix leaks and other problems when process is reused
+ for multiple requests (service_count != 1)
+ - sdbox: Fix assert-crash on mailbox create race
+ - lda/lmtp: deliver_log_format values weren't entirely correct if Sieve
+ was used. especially %{storage_id} was broken.
+ - lmtp_user_concurrency_limit didn't work if userdb changed username
+
+v2.2.27 2016-12-03 Timo Sirainen <tss@iki.fi>
+
+ * dovecot.list.index.log rotation sizes/times were changed so that
+ the .log file stays smaller and .log.2 is deleted sooner.
+
+ + Added mail_crypt plugin that allows encryption of stored emails.
+ See http://wiki2.dovecot.org/Plugins/MailCrypt
+ + stats: Global stats can be sent to Carbon server by setting
+ stats_carbon_server=ip:port
+ + imap/pop3 proxy: If passdb returns proxy_not_trusted, don't send
+ ID/XCLIENT
+ + Added generic hash modifier for %variables:
+ %{<hash algorithm>;rounds=<n>,truncate=<bits>,salt=s>:field}
+ Hash algorithm is any of the supported ones, e.g. md5, sha1, sha256.
+ Also "pkcs5" is supported using SHA256. For example: %{sha256:user}
+ or %{md5;truncate=32:user}.
+ + Added support for SHA3-256 and SHA3-512 hashes.
+ + config: Support DNS wildcards in local_name, e.g.
+ local_name *.example.com { .. } matches anything.example.com, but
+ not multiple.anything.example.com.
+ + config: Support multiple names in local_name, e.g.
+ local_name "1.example.com 2.example.com" { .. }
+ - Fixed crash in auth process when auth-policy was configured and
+ authentication was aborted/failed without a username set.
+ - director: If two users had different tags but the same hash,
+ the users may have been redirected to the wrong tag's hosts.
+ - Index files may have been thought incorrectly lost, causing
+ "Missing middle file seq=.." to be logged and index rebuild.
+ This happened more easily with IMAP hibernation enabled.
+ - Various fixes to restoring state correctly in un-hibernation.
+ - dovecot.index files were commonly 4 bytes per email too large. This
+ is because 3 bytes per email were being wasted that could have been
+ used for IMAP keywords.
+ - Various fixes to handle dovecot.list.index corruption better.
+ - lib-fts: Fixed assert-crash in address tokenizer with specific input.
+ - Fixed assert-crash in HTML to text parsing with specific input
+ (e.g. for FTS indexing or snippet generation)
+ - doveadm sync -1: Fixed handling mailbox GUID conflicts.
+ - sdbox, mdbox: Perform full index rebuild if corruption is detected
+ inside lib-index, which runs index fsck.
+ - quota: Don't skip quota checks when moving mails between different
+ quota roots.
+ - search: Multiple sequence sets or UID sets in search parameters
+ weren't handled correctly. They were incorrectly merged together.
+
+v2.2.26.0 2016-10-28 Timo Sirainen <tss@iki.fi>
+
+ - Fixed some compiling issues.
+ - auth: Fixed assert-crash when using NTLM or SKEY mechanisms and
+ multiple passdbs.
+ - auth: Fixed crash when exporting to auth-worker passdb extra fields
+ that had empty values.
+ - dsync: Fixed assert-crash in dsync_brain_sync_mailbox_deinit
+
+v2.2.26 2016-10-27 Timo Sirainen <tss@iki.fi>
+
+ * master: Removed hardcoded 511 backlog limit for listen(). The kernel
+ should limit this as needed.
+ * doveadm import: Source user is now initialized the same as target
+ user. Added -U parameter to override the source user.
+ * Mailbox names are no longer limited to 16 hierarchy levels. We'll
+ check another way to make sure mailbox names can't grow larger than
+ 4096 bytes.
+
+ + Added a concept of "alternative usernames" by returning user_* extra
+ field(s) in passdb. doveadm proxy list shows these alt usernames in
+ "doveadm proxy list" output. "doveadm director&proxy kick" adds
+ -f <passdb field> parameter. The alt usernames don't have to be
+ unique, so this allows creation of user groups and kicking them in
+ one command.
+ + auth: passdb/userdb dict allows now %variables in key settings.
+ + auth: If passdb returns noauthenticate=yes extra field, assume that
+ it only set extra fields and authentication wasn't actually performed.
+ + auth: passdb static now supports password={scheme} prefix.
+ + auth, login_log_format_elements: Added %{local_name} variable, which
+ expands to TLS SNI hostname if given.
+ + imapc: Added imapc_max_line_length to limit maximum memory usage.
+ + imap, pop3: Added rawlog_dir setting to store IMAP/POP3 traffic logs.
+ This replaces at least partially the rawlog plugin.
+ + dsync: Added dsync_features=empty-header-workaround setting. This
+ makes incremental dsyncs work better for servers that randomly return
+ empty headers for mails. When an empty header is seen for an existing
+ mail, dsync assumes that it matches the local mail.
+ + doveadm sync/backup: Added -I <max size> parameter to skip too
+ large mails.
+ + doveadm sync/backup: Fixed -t parameter and added -e for "end date".
+ + doveadm mailbox metadata: Added -s parameter to allow accessing
+ server metadata by using empty mailbox name.
+ + Added "doveadm service status" and "doveadm process status" commands.
+ + director: Added director_flush_socket. See
+ http://wiki2.dovecot.org/Director#Flush_socket
+ + doveadm director flush: Users are now moved only max 100 at a time to
+ avoid load spikes. --max-parallel parameter overrides this.
+ + Added FILE_LOCK_SLOW_WARNING_MSECS environment, which logs a warning
+ if any lock is waited on or kept for this many milliseconds.
+
+ - master process's listener socket was leaked to all child processes.
+ This might have allowed untrusted processes to capture and prevent
+ "doveadm service stop" comands from working.
+ - login proxy: Fixed crash when outgoing SSL connections were hanging.
+ - auth: userdb fields weren't passed to auth-workers, so %{userdb:*}
+ from previous userdbs didn't work there.
+ - auth: Each userdb lookup from cache reset its TTL.
+ - auth: Fixed auth_bind=yes + sasl_bind=yes to work together
+ - auth: Blocking userdb lookups reset extra fields set by previous
+ userdbs.
+ - auth: Cache keys didn't include %{passdb:*} and %{userdb:*}
+ - auth-policy: Fixed crash due to using already-freed memory if policy
+ lookup takes longer than auth request exists.
+ - lib-auth: Unescape passdb/userdb extra fields. Mainly affected
+ returning extra fields with LFs or TABs.
+ - lmtp_user_concurrency_limit>0 setting was logging unnecessary
+ anvil errors.
+ - lmtp_user_concurrency_limit is now checked before quota check with
+ lmtp_rcpt_check_quota=yes to avoid unnecessary quota work.
+ - lmtp: %{userdb:*} variables didn't work in mail_log_prefix
+ - autoexpunge settings for mailboxes with wildcards didn't work when
+ namespace prefix was non-empty.
+ - Fixed writing >2GB to iostream-temp files (used by fs-compress,
+ fs-metawrap, doveadm-http)
+ - director: Ignore duplicates in director_servers setting.
+ - director: Many fixes related to connection handshaking, user moving
+ and error handling.
+ - director: Don't break with shutdown_clients=no
+ - zlib, IMAP BINARY: Fixed internal caching when accessing multiple
+ newly created mails. They all had UID=0 and the next mail could have
+ wrongly used the previously cached mail.
+ - doveadm stats reset wasn't reseting all the stats.
+ - auth_stats=yes: Don't update num_logins, since it doubles them when
+ using with mail stats.
+ - quota count: Fixed deadlocks when updating vsize header.
+ - dict-quota: Fixed crashes happening due to memory corruption.
+ - dict proxy: Fixed various timeout-related bugs.
+ - doveadm proxying: Fixed -A and -u wildcard handling.
+ - doveadm proxying: Fixed hangs and bugs related to printing.
+ - imap: Fixed wrongly triggering assert-crash in
+ client_check_command_hangs.
+ - imap proxy: Don't send ID command pipelined with nopipelining=yes
+ - imap-hibernate: Don't execute quota_over_script or last_login after
+ un-hibernation.
+ - imap-hibernate: Don't un-hibernate if client sends DONE+IDLE in one
+ IP packet.
+ - imap-hibernate: Fixed various failures when un-hibernating.
+ - fts: fts_autoindex=yes was broken in 2.2.25 unless
+ fts_autoindex_exclude settings existed.
+ - fts-solr: Fixed searching multiple mailboxes (patch by x16a0)
+ - doveadm fetch body.snippet wasn't working in 2.2.25. Also fixed a
+ crash with certain emails.
+ - pop3-migration + dbox: Various fixes related to POP3 UIDL
+ optimization in 2.2.25.
+ - pop3-migration: Fixed "truncated email header" workaround.
+
+v2.2.25 2016-07-01 Timo Sirainen <tss@iki.fi>
+
+ * lmtp: Start tracking lmtp_user_concurrency_limit and reject already
+ at RCPT TO stage. This avoids MTA unnecessarily completing DATA only
+ to get an error.
+ * doveadm: Previously only mail settings were read from protocol
+ doveadm { .. } section. Now all settings are.
+
+ + quota: Added quota_over_flag_lazy_check setting. It avoids checking
+ quota_over_flag always at startup. Instead it's checked only when
+ quota is being read for some other purpose.
+ + auth: Added a new auth policy service:
+ http://wiki2.dovecot.org/Authentication/Policy
+ + auth: Added PBKDF2 password scheme
+ + auth: Added %{auth_user}, %{auth_username} and %{auth_domain}
+ + auth: Added ":remove" suffix to extra field names to remove them.
+ + auth: Added "delay_until=<timestamp>[+<max random secs>]" passdb
+ extra field. The auth will wait until <timestamp> and optionally some
+ randomness and then return success.
+ + dict proxy: Added idle_msecs=<n> parameter. Support async operations.
+ + Performance improvements for handling large mailboxes.
+ + Added lib-dcrypt API for providing cryptographic functions.
+ + Added "doveadm mailbox update" command
+ + imap commands' output now includes timing spent on the "syncing"
+ stage if it's larger than 0.
+ + cassandra: Added metrics=<path> to connect setting to output internal
+ statistics in JSON format every second to <path>.
+ + doveadm mailbox delete: Added -e parameter to delete only empty
+ mailboxes. Added --unsafe option to quickly delete a mailbox,
+ bypassing lazy_expunge and quota plugins.
+ + doveadm user & auth cache flush are now available via doveadm-server.
+ + doveadm service stop <services> will stop specified services while
+ leaving the rest of Dovecot running.
+ + quota optimization: Avoid reading mail sizes for backends which
+ don't need them (count, fs, dirsize)
+ + Added mailbox { autoexpunge_max_mails=<n> } setting.
+ + Added welcome plugin: http://wiki2.dovecot.org/Plugins/Welcome
+ + fts: Added fts_autoindex_exclude setting.
+ - v2.2.24's MIME parser was assert-crashing on mails having truncated
+ MIME headers.
+ - auth: With multiple userdbs the final success/failure result wasn't
+ always correct. The last userdb's result was always used.
+ - doveadm backup was sometimes deleting entire mailboxes unnecessarily.
+ - doveadm: Command -parameters weren't being sent to doveadm-server.
+ - If dovecot.index read failed e.g. because mmap() reached VSZ limit,
+ an empty index could have been opened instead, corrupting the
+ mailbox state.
+ - imapc: Fixed EXPUNGE handling when imapc_features didn't have modseq.
+ - lazy-expunge: Fixed a crash when copying failed. Various other fixes.
+ - fts-lucene: Fixed crash on index rescan.
+ - auth_stats=yes produced broken output
+ - dict-ldap: Various fixes
+ - dict-sql: NULL values crashed. Now they're treated as "not found".
+
+v2.2.24 2016-04-26 Timo Sirainen <tss@iki.fi>
+
+ * doveconf now warns if it sees a global setting being changed when
+ the same setting was already set inside some filters. (A common
+ mistake has been adding more plugins to a global mail_plugins
+ setting after it was already set inside protocol { .. }, which
+ caused the global setting to be ignored for that protocol.)
+ * LMTP proxy: Increased default timeout 30s -> 125s. This makes it
+ less likely to reach the timeout and cause duplicate deliveries.
+ * LMTP and indexer now append ":suffix" to session IDs to make it
+ unique for the specific user's delivery. (Fixes duplicate session
+ ID warnings in stats process.)
+
+ + Added dict-ldap for performing read-only LDAP dict lookups.
+ + lazy-expunge: All mails can be saved to a single specified mailbox.
+ + mailbox { autoexpunge } supports now wildcards in mailbox names.
+ + doveadm HTTP API: Added support for proxy commands
+ + imapc: Reconnect when getting disconnected in non-selected state.
+ + imapc: Added imapc_features=modseq to access MODSEQs/HIGHESTMODSEQ.
+ This is especially useful for incremental dsync.
+ + doveadm auth/user: Auth lookup performs debug logging if
+ -o auth_debug=yes is given to doveadm.
+ + Added passdb/userdb { auth_verbose=yes|no } setting.
+ + Cassandra: Added user, password, num_threads, connect_timeout and
+ request_timeout settings.
+ + doveadm user -e <value>: Print <value> with %variables expanded.
+ - Huge header lines could have caused Dovecot to use too much memory
+ (depending on config and used IMAP commands). (Typically this would
+ result in only the single user's process dying with out of memory
+ due to reaching service { vsz_limit } - not a global DoS).
+ - dsync: Detect and handle invalid/stale -s state string better.
+ - dsync: Fixed crash caused by specific mailbox renames
+ - auth: Auth cache is now disabled passwd-file. It was unnecessary and
+ it broke %variables in extra fields.
+ - fts-tika: Don't crash if it returns 500 error
+ - dict-redis: Fixed timeout handling
+ - SEARCH INTHREAD was crashing
+ - stats: Only a single fifo_listeners was supported, making it
+ impossible to use both auth_stats=yes and mail stats plugin.
+ - SSL errors were logged in separate "Stacked error" log lines
+ instead of as part of the disconnection reason.
+ - MIME body parser didn't handle properly when a child MIME part's
+ --boundary had the same prefix as the parent.
+
+v2.2.23 2016-03-30 Timo Sirainen <tss@iki.fi>
+
+ - Various fixes to doveadm. Especially running commands via
+ doveadm-server was broken.
+ - director: Fixed user weakness getting stuck in some situations
+ - director: Fixed a situation where directors keep re-sending
+ different states to each others and never becoming synced.
+ - director: Fixed assert-crash related to a slow "user killed" reply
+ - Fixed assert-crash related to istream-concat, which could have
+ been triggered at least by a Sieve script.
+
+v2.2.22 2016-03-16 Timo Sirainen <tss@iki.fi>
+
+ + Added doveadm HTTP API: See
+ http://wiki2.dovecot.org/Design/DoveadmProtocol/HTTP
+ + virtual plugin: Mailbox filtering can now be done based on the
+ mailbox metadata. See http://wiki2.dovecot.org/Plugins/Virtual
+ + stats: Added doveadm stats reset to reset global stats.
+ + stats: Added authentication statistics if auth_stats=yes.
+ + dsync, imapc, pop3c & pop3-migration: Many optimizations,
+ improvements and error handling fixes.
+ + doveadm: Most commands now stop soon after SIGINT/SIGTERM.
+ - auth: Auth caching was done too aggressively when %variables were
+ used in default_fields, override_fields or LDAP pass/user_attrs.
+ userdb result_* were also ignored when user was found from cache.
+ - imap: Fixed various assert-crashes caused v2.2.20+. Some of them
+ caught actual hangs or otherwise unwanted behavior towards IMAP
+ clients.
+ - Expunges were forgotten in some situations, for example when
+ pipelining multiple IMAP MOVE commands.
+ - quota: Per-namespaces quota were broken for dict and count backends
+ in v2.2.20+
+ - fts-solr: Search queries were using OR instead of AND as the
+ separator for multi-token search queries in v2.2.20+.
+ - Single instance storage support wasn't really working in v2.2.16+
+ - dbox: POP3 message ordering wasn't working correctly.
+ - virtual plugin: Fixed crashes related to backend mailbox deletions.
+
+v2.2.21 2015-12-11 Timo Sirainen <tss@iki.fi>
+
+ - doveadm mailbox list (and some others) were broken in v2.2.20
+ - director: Fixed making backend changes when running with only a
+ single director server.
+ - virtual plugin: Fixed crash when trying to open nonexistent
+ autocreated backend mailbox.
+
+v2.2.20 2015-12-07 Timo Sirainen <tss@iki.fi>
+
+ + Added mailbox { autoexpunge=<time> } setting. See
+ http://wiki2.dovecot.org/MailboxSettings for details.
+ + ssl_options: Added support for no_ticket
+ + imap/pop3/managesieve-login: Added postlogin_socket=path passdb extra
+ field. This allows replacing the default service
+ imap/pop3/managesieve {} settings for specific users (e.g. running
+ their imap process via valgrind or strace).
+ + doveadm fetch: Added date.sent/received/saved.unixtime
+ + fs-posix: Added mode=auto parameter to set the created files' and
+ directories' mode based on the parent dir if it has setgid-bit.
+ + director: Support backends having hostnames, which makes it possible
+ to verify their SSL certificates.
+ - director: Directors' state became desynchronized if doveadm director
+ commands were used to modify the same backend in multiple directors
+ at the same time with conflicting changes. This fix includes some
+ extra checks, which makes sure that if such a conflict still happens
+ it's automatically fixed. In some situations such an automatic fix
+ may now be unnecessarily triggered and an error logged.
+ - director: Backend tags weren't working correctly.
+ - ldap: tls_* settings weren't used for ldaps URIs.
+ - ldap, mysql: Fixed setting connect timeout.
+ - auth: userdb lookups via auth-worker couldn't change username
+ - dsync: Fixed handling deleted directories. Make sure we don't go to
+ infinite mailbox renaming loop.
+ - imap: Fixed crash in NOTIFY when there were watched namespaces that
+ didn't support NOTIFY.
+ - imap: After SETMETADATA was used, various commands (especially FETCH)
+ could have started hanging when their output was large.
+ - stats: Idle sessions weren't refreshed often enough, causing stats
+ process to forget them and log errors about unknown sessions when
+ they were updated later.
+ - stats: Fixed "Duplicate session ID" errors when LMTP delivered to
+ multiple recipients and fts_autoindex=yes.
+ - zlib plugin: Fixed copying causing cache corruption when zlib_save
+ wasn't set, but the source message was compressed.
+ - fts-solr: Fixed escaping Solr query parameters.
+ - lmtp: quota_full_tempfail=yes was ignored with
+ lmtp_rcpt_check_quota=yes
+
+v2.2.19 2015-10-02 Timo Sirainen <tss@iki.fi>
+
+ * pop3_deleted_flag has been broken since v2.2.10. Using it would
+ cause buffer overflows, which could be exploitable. However, this
+ bug would have become visible quite soon after users had deleted
+ some POP3 mails, because the pop3 processes would have started
+ crashing all the time even in normal use.
+ * "doveadm director flush" command has a changed meaning now:
+ It safely moves users to their wanted backends, instead of simply
+ forgetting the mapping entirely and leaving the existing connections
+ untouched. Use -F parameter to get the original unsafe behavior.
+
+ + Added imap-hibernate processes (see imap_hibernate_timeout setting).
+ IDLEing IMAP connections can be hibernated, which saves memory.
+ + Optimized tracking mailboxes' vsizes (= sum of all messages' sizes).
+ If mailbox_list_index=yes, it's also stored in there. This makes it
+ very efficient to look up vsizes for all mailboxes.
+ + Added a quota "count" backend, which uses the mailbox vsizes to get
+ the current quota usage. It requires using the new quota_vsizes=yes
+ setting, which tracks the messages' "virtual sizes" rather than
+ "physical sizes". Their distiction is minor and mostly irrelevant
+ nowadays (if mail sizes should be counted with LF or CRLF newlines).
+ + "doveadm director up/down" commands added. The monitoring script
+ should be using these commands instead of changing the vhost count.
+ This allows admin to manually disable a server by changing the vhost
+ count to 0 without the monitoring script changing it back.
+ + Added support for HAProxy protocol: http://wiki2.dovecot.org/HAProxy
+ + Added push-notification plugin framework, which can be used to
+ easily implement push notifications to various backends. Implemented
+ "ox" backend for notifying Open-Xchange via HTTP/json.
+ + imap_logout_format supports more variables now, e.g. number of
+ deleted messages.
+ + pop3: Added pop3_delete_type setting (related to pop3_deleted_flag).
+ + plugin { fts_enforced=yes } setting now fails body searches unless
+ it can be done via the full text search engine.
+ + Added %{passdb:*} and %{userdb:*} variables to various places
+ + auth: Added ":protected" suffix for passdb and userdb fields. If
+ used, the field doesn't overwrite an existing field.
+ + IMAP/POP3 proxy: If a backend server dies, avoid client reconnection
+ spikes by slowly disconnecting clients over time. This is enabled by
+ setting login_proxy_max_disconnect_delay=secs passdb extra field.
+ + imap: Added new read-only METADATA entries: /private/specialuse,
+ /shared/comment, /shared/admin
+ + imap: If client disconnects in the middle of a command, log how long
+ the command had been running.
+ - mdbox: Rebuilding could have caused message's reference count to
+ overflow the 16bit number in some situations, causing problems when
+ trying to expunge the duplicates.
+ - Various search fixes (fts, solr, tika, lib-charset, indexer)
+ - Various virtual plugin fixes
+ - Various fixes and optimizations to dsync, imapc and pop3-migration
+ - imap: Various RFC compliancy and crash fixes to NOTIFY
+
+v2.2.18 2015-05-15 Timo Sirainen <tss@iki.fi>
+
+ - director: Login UNIX sockets were normally detected as doveadm or
+ director ring sockets, causing it to break in existing installations.
+ - sdbox: When copying a mail in alt storage, place the destination to
+ alt storage as well.
+
+v2.2.17 2015-05-13 Timo Sirainen <tss@iki.fi>
+
+ * Dovecot no longer checks or warns if a mountpoint is removed. This
+ was causing more trouble than it was worth. Make sure that all the
+ mountpoints that Dovecot accesses aren't writable by mail processes
+ when they're unmounted.
+ * dict server wasn't properly escaping/unescaping data. Fixing this
+ broke backwards compatibility with data that contains line feeds.
+ This hopefully affects only very few installations. If you're using
+ dict to save multiline data (Sieve scripts to SQL), you may be
+ affected.
+ * imap: SPECIAL-USE capability is no longer advertised if there are
+ no special_use flags specified for any mailboxes.
+
+ + lmtp: Added lmtp_hdr_delivery_address setting to specify whether
+ to include email address in Delivered-To: and Received: headers.
+ + Added initial version of full text search library, which includes
+ language-specific text normalization and filtering. This is still
+ in development, but it's already possible to use for testing with
+ fts-lucene and fts-solr.
+ + lda, lmtp: deliver_log_format can now include %{delivery_time},
+ which expands to how many milliseconds it took to deliver the mail.
+ With LMTP %{session_time} also expands to how many milliseconds the
+ LMTP session took, not including the delivery time.
+ + lmtp proxy: Mail delivery logging includes timing information.
+ + imap: Most IMAP commands now include in the tagged reply how many
+ milliseconds it took to run the command (not counting the time spent
+ on waiting for the IMAP client to read/write data).
+ + director: Implemented director_proxy_maybe passdb extra field to
+ be able to run director and backend in the same Dovecot instance.
+ (LMTP doesn't support mixed proxy/non-proxy destinations currently.)
+ + doveadm: Added -F <file> parameter to read a list of users from the
+ given file and run the command for all the users. This is similar to
+ -A parameter reading the list of users from userdb lookup.
+ + Implemented initial Cassandra CQL support as lib-sql backend. It's
+ only usable as dict backend currently.
+ + Added quota-clone plugin to copy current quota usage to a dict.
+ - auth: If auth_master_user_separator was set, auth process could be
+ crashed by trying to log in with empty master username.
+ - imap-login, pop3-login: Fixed crash on handshake failures with new
+ OpenSSL versions (v1.0.2) when SSLv3 was disabled.
+ - auth: If one passdb fails allow_nets check, it shouldn't have failed
+ all the other passdb checks later on.
+ - imap: Server METADATA couldn't be accessed
+ - imapc: Fixed \Muted label handling in gmail-migration.
+ - imapc: Various bugfixes and improvements.
+ - Trash plugin fixes by Alexei Gradinari
+ - mbox: Fixed crash/corruption in some situations
+
+v2.2.16 2015-03-12 Timo Sirainen <tss@iki.fi>
+
+ * dbox: Resyncing (e.g. doveadm force-resync) no longer deletes
+ dovecot.index.cache file. The cache file was rarely the problem
+ so this just caused unnecessary slowness.
+ * Mailbox name limits changed during mailbox creation: Each part of
+ a hierarchical name (e.g. "x" or "y" in "x/y") can now be up to 255
+ chars long (instead of 200). This also reduces the max number of
+ hierarchical levels to 16 (instead of 20) to keep the maximum name
+ length 4096 (a common PATH_MAX limit). The 255 char limit is
+ hopefully large enough for migrations from all existing systems.
+ It's also the limit on many filesystems.
+
+ + director: Added director_consistent_hashing setting to enable
+ consistent hashing (instead of the mostly-random MD5 hashing).
+ This causes fewer user moves between backends when backend counts
+ are changed, which may improve performance (mainly due to caching).
+ + director: Added support for "tags", which allows one director ring
+ to serve multiple backend clusters with different sets of users.
+ + LMTP server: Added lmtp_user_concurrency_limit setting to limit how
+ many LMTP deliveries can be done concurrently for a single user.
+ + LMTP server: Added support for STARTTLS command.
+ + If logging data is generated faster than it can be written, log a
+ warning about it and show information about it in log process's
+ process title in ps output. Also don't allow a single service to
+ flood too long at the cost of delaying other services' logging.
+ + stats: Added support for getting global statistics.
+ + stats: Use the same session IDs as the rest of Dovecot.
+ + stats: Plugins can now create their own statistics fields
+ + doveadm server: Non-mail related commands can now also be used
+ via doveadm server (TCP socket).
+ + doveadm proxying: passdb lookup can now override doveadm_port and
+ change the username.
+ + doveadm: Search query supports now "oldestonly" parameter to stop
+ immediately on the first non-match. This can be used to optimize:
+ doveadm expunge mailbox Trash savedbefore 30d oldestonly
+ + doveadm: Added "save" command to directly save mails to specified
+ mailbox (bypassing Sieve).
+ + doveadm fetch: Added body.snippet field, which returns the first
+ 100 chars of a message without whitespace or HTML tags. The result
+ is stored into dovecot.index.cache, so it can be fetched efficiently.
+ + dsync: Added -t <timestamp> parameter to sync only mails newer than
+ the given received-timestamp.
+ + dsync: Added -F [-]<flag> parameter to sync only mails with[out] the
+ given flag/keyword.
+ + dsync: Added -a <mailbox> parameter to specify the virtual mailbox
+ containing user's all mails. If this mailbox is already found to
+ contain the wanted mail (by its GUID), the message is copied from
+ there instead of being re-saved. (This isn't efficient enough yet
+ for incremental replication.)
+ + dsync: -m parameter can now specify \Special-use names for mailboxes.
+ + imapc: Added imapc_features=gmail-migration to help migrations from
+ GMail. See http://wiki2.dovecot.org/Migration/Gmail
+ + imapc: Added imapc_features=search to support IMAP SEARCH command.
+ (Currently requires ESEARCH support from remote server.)
+ + expire plugin: Added expire_cache=yes setting to cache most of the
+ database lookups in dovecot index files.
+ + quota: If overquota-flag in userdb doesn't match the current quota
+ usage, execute a configured script.
+ + redis dict: Added support for expiring keys (:expire_secs=n) and
+ specifying the database number (:db=n)
+ - auth: Don't crash if master user login is attempted without
+ any configured master=yes passdbs
+ - Parsing UTF-8 text for mails could have caused broken results
+ sometimes if buffering was split in the middle of a UTF-8 character.
+ This affected at least searching messages.
+ - String sanitization for some logged output wasn't done properly:
+ UTF-8 text could have been truncated wrongly or the truncation may
+ not have happened at all.
+ - fts-lucene: Lookups from virtual mailbox consisting of over 32
+ physical mailboxes could have caused crashes.
+
+v2.2.15 2014-10-24 Timo Sirainen <tss@iki.fi>
+
+ * Plugins can now print a banner comment in doveconf output
+ (typically the plugin version)
+ * Replication plugin now triggers low (instead of high) priority for
+ mail copying operations.
+ * IMAP/POP3/ManageSieve proxy: If destination server can't be
+ connected to, retry connecting once per second up to the value of
+ proxy_timeout. This allows quick restarts/upgrades on the backend
+ server without returning login failures.
+ * Internal passdb lookups (e.g. done by lmtp/doveadm proxy) wasn't
+ returning failure in some situations where it should have (e.g.
+ allow_nets mismatch)
+ * LMTP uses mail_log_prefix now for logging mail deliveries instead of
+ a hardcoded prefix. The non-delivery log prefix is still hardcoded
+ though.
+
+ + passdb allow_nets=local matches lookups that don't contain an IP
+ address (internally done by Dovecot services)
+ + Various debug logging and error logging improvements
+ - Various race condition fixes to LAYOUT=index
+ - v2.2.14 virtual plugin crashed in some situations
+
+v2.2.14 2014-10-14 Timo Sirainen <tss@iki.fi>
+
+ * lmtp: Delivered-To: header no longer contains <> around the email
+ address. Other MDAs don't have it either.
+ * "Out of disk space" errors are now treated as temporary errors
+ (not the same as "Out of disk quota").
+ * replication plugin: Use replication only for users who have a
+ non-empty mail_replica setting.
+
+ + lmtp proxy: Log a line about each mail delivery.
+ + Added login_source_ips setting. This can be used to set the source IP
+ address round-robin from a pool of IPs (in case you run out of TCP
+ ports).
+ + Rawlog settings can use tcp:<host>:<port> as the path.
+ + virtual plugin: Don't keep more than virtual_max_open_mailboxes
+ (default 64) number of backend mailboxes open.
+ + SSL/TLS compression can be disabled with ssl_options=no_compression
+ + acl: Global ACL file now supports "quotes" around patterns.
+ + Added last-login plugin to set user's last-login timestamp on login.
+ + LDAP auth: Allow passdb credentials lookup also with auth_bind=yes
+ - IMAP: MODSEQ was sent in FETCH reply even if CONDSTORE/QRESYNC wasn't
+ enabled. This broke at least old Outlooks.
+ - passdb static treated missing password field the same as an empty
+ password field.
+ - mdbox: Fixed potential infinite looping when scanning a broken
+ mdbox file.
+ - imap-login, pop3-login: Fixed potential crashes when client
+ disconnected unexpectedly.
+ - imap proxy: The connection was hanging in some usage patterns. This
+ mainly affected older Outlooks.
+ - lmtp proxy: The proxy sometimes delivered empty mails in error
+ situations or potentially delivered truncated mails.
+ - fts-lucene: If whitespace_chars was set, we may have ended up
+ indexing some garbage words, growing the index size unnecessarily.
+ - -c and -i parameters for dovecot/doveadm commands were ignored if
+ the config socket was readable.
+ - quota: Quota recalculation didn't include INBOX in some setups.
+ - Mail headers were sometimes added to dovecot.index.cache in wrong
+ order. The main problem this caused was with dsync+imapc incremental
+ syncing when the second sync thought the local mailbox had changed.
+ - Fixed several race conditions with dovecot.index.cache handling that
+ may have caused unnecessary "cache is corrupted" errors.
+ - doveadm backup didn't notice if emails were missing from the middle
+ of the destination mailbox. Now it deletes and resyncs the mailbox.
+ - auth: If auth client listed userdb and disconnected before finishing,
+ the auth worker process got stuck (and eventually all workers could
+ get used up and requests would start failing).
+
+v2.2.13 2014-05-11 Timo Sirainen <tss@iki.fi>
+
+ * Fixed a DoS attack against imap/pop3-login processes. If SSL/TLS
+ handshake was started but wasn't finished, the login process
+ attempted to eventually forcibly disconnect the client, but failed
+ to do it correctly. This could have left the connections hanging
+ arond for a long time. (Affected Dovecot v1.1+)
+
+ + mdbox: Added mdbox_purge_preserve_alt setting to keep the file
+ within alt storage during purge. (Should become enforced in v2.3.0?)
+ + fts: Added support for parsing attachments via Apache Tika. Enable
+ with: plugin { fts_tika = http://tikahost:9998/tika/ }
+ + virtual plugin: Delay opening backend mailboxes until it's necessary.
+ This requires mailbox_list_index=yes to work. (Currently IMAP IDLE
+ command still causes all backend mailboxes to be opened.)
+ + mail_never_cache_fields=* means now to disable all caching. This may
+ be a useful optimization as doveadm/dsync parameter for some admin
+ tasks which shouldn't really update the cache file.
+ + IMAP: Return SPECIAL-USE flags always for LSUB command.
+ - pop3 server was still crashing in v2.2.12 with some settings
+ - maildir: Various fixes and improvements to handling compressed mails,
+ especially when they have broken/missing S=sizes in filenames.
+ - fts-lucene, fts-solr: Fixed crash on search when the index contained
+ duplicate entries.
+ - Many fixes and performance improvements to dsync and replication
+ - director was somewhat broken when there were exactly two directors
+ in the ring. It caused errors about "weak users" getting stuck.
+ - mail_attachment_dir: Attachments with the last base64-encoded line
+ longer than the rest wasn't handled correctly.
+ - IMAP: SEARCH/SORT PARTIAL was handled completely wrong in v2.2.11+
+ - acl: Global ACL file handling was broken when multiple entries
+ matched the mailbox name. (Only the first entry was used.)
+
+v2.2.12 2014-02-14 Timo Sirainen <tss@iki.fi>
+
+ - pop3 server was crashing in v2.2.11
+
+v2.2.11 2014-02-12 Timo Sirainen <tss@iki.fi>
+
+ + acl plugin: Added an alternative global ACL file that can contain
+ mailbox patterns. See http://wiki2.dovecot.org/ACL for details.
+ + imap proxy: Added proxy_nopipelining passdb setting to work around
+ other IMAP servers' bugs (MS Exchange 2013 especially).
+ + Added %{auth_user}, %{auth_username} and %{auth_domain} variables.
+ See http://wiki2.dovecot.org/Variables for details.
+ + Added support for LZ4 compression.
+ + stats: Track also wall clock time for commands.
+ + pop3_migration plugin improvements to try harder to match the UIDLs
+ correctly.
+ - imap: SEARCH/SORT PARTIAL responses may have been too large.
+ - doveadm backup: Fixed assert-crash when syncing mailbox deletion.
+
+v2.2.10 2013-11-25 Timo Sirainen <tss@iki.fi>
+
+ + auth: passdb/userdb dict rewrite to support much more complex
+ setups. See doc/example-config/dovecot-dict-auth.conf.ext.
+ The old settings will continue to work.
+ + auth: Added userdb result_success/failure/tempfail and skip
+ settings, similar to passdb's. See
+ http://wiki2.dovecot.org/UserDatabase
+ + imap: Implemented SETQUOTA command for admin user when quota_set is
+ configured. See http://master.wiki2.dovecot.org/Quota/Configuration
+ + quota: Support "*" and "?" wildcards in mailbox names in quota_rules
+ + mysql: Added ssl_verify_server_cert=no|yes parameter. This currently
+ defaults to "no" to make sure nothing breaks, but likely will become
+ "yes" in Dovecot v2.3.
+ + ldap: Added blocking=yes setting to use auth worker processes for
+ ldap lookups. This is a workaround for now to be able to use multiple
+ simultaneous LDAP connections.
+ + pop3c+dsync performance improvements
+ - quota-status: quota_grace was ignored
+ - ldap: Fixed memory leak with auth_bind=yes and without
+ auth_bind_userdn.
+ - imap: Don't send HIGHESTMODSEQ anymore on SELECT/EXAMINE when
+ CONDSTORE/QRESYNC has never before been enabled for the mailbox.
+ - imap: Fixes to handling mailboxes without permanent modseqs.
+ (When [NOMODSEQ] is returned by SELECT, mainly with in-memory
+ indexes.)
+ - imap: Various fixes to METADATA support.
+ - stats plugin: Processes that only temporarily dropped privileges
+ (e.g. indexer-worker) may have been logging errors about not being
+ able to open /proc/self/io.
+
+v2.2.9 2013-11-25 Timo Sirainen <tss@iki.fi>
+
+ + Full text search indexing can now be done automatically after
+ saving/copying mails by setting plugin { fts_autoindex=yes }
+ + replicator: Added replication_dsync_parameters setting to pass
+ "doveadm sync" parameters (for controlling what to replicate).
+ + Added mail-filter plugin
+ + Added liblzma/xz support (zlib_save=xz)
+ - v2.2.8's improved cache file handling exposed several old bugs
+ related to fetching mail headers.
+ - v2.2.7's iostream handling changes were causing some connections
+ to be disconnected before flushing their output (e.g. POP3 logout
+ message wasn't being sent)
+
+v2.2.8 2013-11-19 Timo Sirainen <tss@iki.fi>
+
+ + Mail cache lookups work for the mail being saved. This improves
+ performance by avoiding the need to parse the mail multiple times
+ when using some plugins (e.g. mail_log).
+ + Mail cache works for recently cached data also with in-memory
+ indexes.
+ + imapc: Many performance improvements, especially when working with
+ dsync. Also added imapc_feature=fetch-headers which allows using
+ FETCH BODY.PEEK[HEADER.FIELDS (..)] to avoid reading the entire
+ header.
+ + mail_location = ..:FULLDIRNAME=dbox-Mails is the same as
+ :DIRNAME=dbox-Mails, but it will also be used for
+ :INDEX and :CONTROL directories. (It should have worked this way
+ from the beginning, but can't be changed anymore without breaking
+ existing installations).
+ - Fixed infinite loop in message parsing if message ends with
+ "--boundary" and CR (without LF). Messages saved via SMTP/LMTP can't
+ trigger this, because messages must end with an "LF.". A user could
+ trigger this for him/herself though.
+ - lmtp: Client was sometimes disconnected before all the output was
+ sent to it.
+ - imap_zlib plugin caused crashes during client disconnection in
+ v2.2.7
+ - replicator: Database wasn't being exported to disk every 15 minutes
+ as it should have. Instead it was being imported, causing "doveadm
+ replicator remove" commands to not work very well.
+
+v2.2.7 2013-11-03 Timo Sirainen <tss@iki.fi>
+
+ * Some usage of passdb checkpassword could have been exploitable by
+ local users. You may need to modify your setup to keep it working.
+ See http://wiki2.dovecot.org/AuthDatabase/CheckPassword#Security
+
+ + auth: Added ability to truncate values logged by
+ auth_verbose_passwords (see 10-logging.conf comment)
+ + mdbox: Added "mdbox_deleted" storage, which can be used to access
+ messages with refcount=0. For example: doveadm import
+ mdbox_deleted:~/mdbox "" mailbox inbox subject oops
+ + ssl-params: Added ssl_dh_parameters_length setting.
+ - master process was doing a hostname.domain lookup for each created
+ process, which may have caused a lot of unnecessary DNS lookups.
+ - dsync: Syncing over 100 messages at once caused problems in some
+ situations, causing messages to get new UIDs.
+ - fts-solr: Different Solr hosts for different users didn't work.
+
+v2.2.6 2013-09-25 Timo Sirainen <tss@iki.fi>
+
+ * acl: If public/shared namespace has a shared subscriptions file for
+ all users, don't list subscription entries that are not visible to
+ the user accessing it.
+
+ + doveadm: Added "auth lookup" command for doing passdb lookup.
+ + login_log_format_elements: Added %{orig_user}, %{orig_username}
+ and %{orig_domain} expanding to the username exactly as sent by
+ the client (before any changes auth process made).
+ + Added ssl_prefer_server_ciphers setting.
+ + auth_verbose_passwords: Log the password also for unknown users.
+ + Linux: Added optional support for SO_REUSEPORT with
+ inet_listener { reuse_port=yes }
+ - director: v2.2.5 changes caused "SYNC lost" errors
+ - dsync: Many fixes and error handling improvements
+ - doveadm -A: Don't waste CPU by doing a separate config lookup
+ for each user
+ - Long-running ssl-params process no longer prevents Dovecot restart
+ - mbox: Fixed mailbox_list_index=yes to work correctly
+
+v2.2.5 2013-08-05 Timo Sirainen <tss@iki.fi>
+
+ + SSL: Added support for ECDH/ECDHE cipher suites (by David Hicks)
+ + Added some missing man pages (by Pascal Volk)
+ + quota-status: Added quota_status_toolarge setting (by Ulrich Zehl)
+ - director: Users near expiration could have been redirected to
+ different servers at the same time.
+ - pop3: Avoid assert-crash if client disconnects during LIST.
+ - mdbox: Corrupted index header still wasn't automatically fixed.
+ - dsync: Various fixes to work better with imapc and pop3c storages.
+ - ldap: sasl_bind=yes caused crashes, because Dovecot's lib-sasl
+ symbols conflicted with Cyrus SASL library.
+ - imap: Various error handling fixes to CATENATE. (Found using
+ Apple's stress test script.)
+
+v2.2.4 2013-06-25 Timo Sirainen <tss@iki.fi>
+
+ + doveadm: Added "flags" command to modify message flags.
+ + doveadm: Added "deduplicate" command to expunge message duplicates.
+ + dsync: Show the state in process title with verbose_proctitle=yes.
+ - imap/pop3 proxy: Master user logins were broken in v2.2.3
+ - sdbox/mdbox: A corrupted index header with wrong size was never
+ automatically fixed in v2.2.3.
+ - mbox: Fixed assert-crashes related to locking.
+
+v2.2.3 2013-06-17 Timo Sirainen <tss@iki.fi>
+
+ * LDA/LMTP: If new mail delivery first fails with "temporary
+ failure", tempfail the whole delivery instead of falling back to
+ delivering the mail to INBOX. (Requires new Pigeonhole as well.)
+ * doc/solr-schema.xml was updated to Solr v4.x format. Also the
+ default analyzers were changed, hopefully for the better. Note that
+ the schema can't be changed for existing Solr indexes without
+ rebuilding everything.
+ * Solr plugin does only soft commits from now on. You'll need a
+ cronjob to send a hard commit command to it every few minutes.
+
+ + Added %N modifier for variables as %H-like "new hash"
+ + sdbox, mdbox: Support POP3 message order field (for migrations)
+ + Added mailbox { driver } to specify a different mail storage
+ format for the mailbox than generally used within the namespace.
+ + Added initial lib-sasl library for client side SASL support.
+ Currently supports only PLAIN, LOGIN and plugins. Used currently
+ by IMAP and POP3 proxying when authenticating to the remote server.
+ - IMAP: If subject contained only whitespace, Dovecot returned an
+ ENVELOPE reply with a huge literal value, effectively causing the
+ IMAP client to wait for more data forever.
+ - IMAP: Various URLAUTH fixes.
+ - imapc: Various bugfixes and improvements
+ - pop3c: Various fixes to make it work in dsync (without imapc)
+ - dsync: Fixes to syncing subscriptions. Fixes to syncing mailbox
+ renames.
+
+v2.2.2 2013-05-20 Timo Sirainen <tss@iki.fi>
+
+ + zlib: Keep the last mail cached uncompressed in a temp file. This
+ fixes performance when doing small partial fetches from a large
+ mail.
+ + acl: If plugin { acl_defaults_from_inbox = yes } is set, get the
+ default ACLs for private and shared namespaces from the user's INBOX.
+ (This probably will become default in v2.3.)
+ + pop3: Added pop3_deleted_flag setting to switch POP3 deletions to
+ only hide the messages from POP3, but still be visible via IMAP.
+ - ACL plugin: Mailbox creation wasn't actually checking any ACLs
+ and always succeeded (due to some v2.2 API changes). The created
+ mailbox couldn't have been accessed though, so this couldn't have
+ caused any data leak.
+ - IMAP: Various URLAUTH fixes.
+ - IMAP: Fixed a hang with invalid APPEND parameters.
+ - IMAP LIST-EXTENDED: INBOX was never listed with \Subscribed flag.
+ - mailbox_list_index=yes still caused crashes.
+ - maildir: Fixed a crash after dovecot-keywords file was re-read.
+ - maildir: If files had reappeared unexpectedly to a Maildir, they
+ were ignored until index files were deleted.
+ - Maildir: Fixed handling over 26 keywords in a mailbox.
+ - Maildir++: Fixed mail_shared_explicit_inbox=no
+ - namespace { prefix="" list=no } was listing mailboxes.
+ - imap/pop3-login proxying: Fixed a crash if TCP connection succeeded,
+ but the remote login timed out.
+ - Case-insensitive search/sort didn't work correctly for all unicode
+ characters, as specified by i;unicode-casemap comparator. If full
+ text search indexes were used, they need to be rebuilt for old mails
+ to be handled correctly. (This bug has existed always in Dovecot.)
+
+v2.2.1 2013-04-19 Timo Sirainen <tss@iki.fi>
+
+ - mailbox_list_index=yes was broken.
+ - LAYOUT=index didn't list subscriptions.
+ - auth: Multiple master passdbs didn't work.
+ - Message parsing (e.g. during search) crashed when multipart message
+ didn't actually contain any parts.
+
+v2.2.0 2013-04-11 Timo Sirainen <tss@iki.fi>
+
+ * When creating home directories, the permissions are copied from the
+ parent directory if it has setgid-bit set. For full details, see
+ http://wiki2.dovecot.org/SharedMailboxes/Permissions
+ * "doveadm auth" command was renamed to "doveadm auth test"
+ * IMAP: ID command now advertises server name as Dovecot by default.
+ It was already trivial to guess this from command replies.
+ * dovecot.index.cache files can be safely accessed only by v2.1.11+.
+ Older versions may think they're corrupted and delete them.
+ * LDA/LMTP: If saving a mail brings user from under quota to over
+ quota, allow it based on quota_grace setting (default: 10%
+ above quota limit).
+ * pop3_lock_session=yes now uses a POP3-only dovecot-pop3-session.lock
+ file instead of actually locking the mailbox (and causing
+ IMAP/LDA/LMTP to wait for the POP3 session to close).
+ * mail_shared_explicit_inbox setting's default switched to "no".
+ * ssl_client_ca_dir setting replaced imapc_ssl_ca_dir and
+ pop3c_ssl_ca_dir settings.
+
+ + Implemented IMAP MOVE and BINARY extensions
+ + Implemented IMAP CATENATE, URLAUTH and URLAUTH=BINARY extensions
+ (by Stephan Bosch).
+ + Implemented IMAP NOTIFY extension. Requires mailbox_list_index=yes
+ to be enabled.
+ + Redesigned and rewritten dsync. The new design makes the syncing
+ faster, more reliable and more featureful. The new dsync protocol
+ isn't backwards compatible with old dsync versions (but is designed
+ to be forwards compatible with future versions).
+ + All mailbox formats now support per-user message flags for shared
+ mailboxes by using a private index. It can be enabled by adding
+ :INDEXPVT=<path> to mail location. This should be used instead of
+ :INDEX also for Maildir/mbox to improve performance.
+ + Improved mailbox list indexes. They should be usable now, although
+ still disabled by default.
+ + Added LAYOUT=index. The mailbox directories are created using their
+ GUIDs in the filesystem, while the actual GUID <-> name mapping
+ exists only in the index.
+ + LMTP proxy: Implemented XCLIENT extension for passing remote IP
+ address through proxy.
+
+v2.2.rc7 2013-04-10 Timo Sirainen <tss@iki.fi>
+
+ * checkpasword: AUTH_PASSWORD environment is no longer set.
+ * Running dsync no longer triggers quota warnings.
+
+ + dsync: Commit large transactions every 100 new messages, so if a
+ large sync crashes it doesn't have to be restarted from the
+ beginning.
+ - replicator: doveadm commands and user list export may have skipped
+ some users.
+ - Various fixes to mailbox_list_index=yes
+
+v2.2.rc6 2013-04-08 Timo Sirainen <tss@iki.fi>
+
+ * replicator: Don't create replicator-doveadm socket by default.
+ This way doveadm replicator commands don't accidentally start an
+ unconfigured replicator server.
+ + replicator: Have remote dsync notify the remote replicator that
+ a user was just synced. This way the replicators are kept roughly
+ in sync.
+ + Added ssl_client_ca_file to specify the CA certs as a file. This is
+ needed (instead of ssl_client_ca_dir) in RedHat-based systems.
+ + Added "doveadm fs" commands, mainly to debug lib-fs backends.
+ - Mailbox list indexes weren't using proper file permissions based
+ on the root directory.
+
+v2.2.rc5 2013-04-05 Timo Sirainen <tss@iki.fi>
+
+ - A few small random fixes
+
+v2.2.rc4 2013-04-05 Timo Sirainen <tss@iki.fi>
+
+ + Added "doveadm replicator" commands
+ - Larger changes to lib-http and lib-ssl-iostream error handling.
+ The API caller can now get the exact error message as a string.
+ - Various bugfixes to LDAP changes in rc3
+
+v2.2.rc3 2013-03-20 Timo Sirainen <tss@iki.fi>
+
+ + dsync: Support syncing ACLs (and Sieve scripts with Pigeonhole)
+ + ldap: Support subqueries and value pointers, see
+ http://wiki2.dovecot.org/AuthDatabase/LDAP/Userdb
+ + postmaster_address setting: Expand %d to recipient's domain
+ - Fixed a crash when decoding quoted-printable content.
+ - dsync: Various bugfixes
+
+v2.2.rc2 2013-02-15 Timo Sirainen <tss@iki.fi>
+
+ - rc1 wasn't actually usable in most configurations.
+
+v2.2.rc1 2013-02-15 Timo Sirainen <tss@iki.fi>
+
+ * See v2.2.0 notes
+
+v2.1.13 2013-01-06 Timo Sirainen <tss@iki.fi>
+
+ - Some fixes to cache file changes in v2.1.11.
+ - fts-solr: Overlong UTF8 sequences in mails were rejected by Solr and
+ caused the mails to not be indexed.
+ - virtual storage: Sorting mailbox by from/to/cc/bcc didn't work.
+
+v2.1.12 2012-11-30 Timo Sirainen <tss@iki.fi>
+
+ - dovecot-config in v2.1.11 caused build problems with Pigeonhole
+
+v2.1.11 2012-11-29 Timo Sirainen <tss@iki.fi>
+
+ * lmtp/lda: dovecot.index.cache file is no longer fully mapped to
+ memory, allowing mail deliveries to work even if the file is huge.
+ * auth: userdb passwd lookups are now done by auth worker processes
+ instead of auth master process (as it was documented, but
+ accidentally didn't work that way).
+
+ + lmtp: lmtp_rcpt_check_quota=yes setting checks quota on RCPT TO.
+ - lmtp: After successful proxying RCPT TO, the next one to a
+ nonexistent user gave tempfail error instead of "user not found".
+ - lmtp proxy: Fixed hanging if remote server was down.
+ - imap: Fixed crash when SEARCH contained multiple KEYWORD parameters.
+ - doveadm: Various fixes to handling doveadm-server connections.
+ - -i <instance name> parameter for Dovecot tools didn't work correctly.
+ - director was somewhat broken in v2.1.10. This version also includes
+ various reliability enhancements.
+ - auth: passdb imap was broken in v2.1.10.
+
+v2.1.10 2012-09-18 Timo Sirainen <tss@iki.fi>
+
+ + imap: Implemented THREAD=ORDEREDSUBJECT extension.
+ + Added "doveadm exec" command to easily execute commands from
+ libexec_dir, e.g. "doveadm exec imap -u user@domain"
+ + Added "doveadm copy" command.
+ + doveadm copy/move: Added optional user parameter to specify the
+ source username. This allows easily copying mails between different
+ users.
+ + Added namespace { disabled } setting to quickly enable/disable
+ namespaces. This is especially useful when its value is returned by
+ userdb.
+ + Added mailbox_alias plugin. It allows creating mailbox aliases using
+ symlinks.
+ + imapc storage: Added imapc_max_idle_time setting to force activity
+ on connection.
+ + fts-solr: Expunging multiple messages is now faster.
+ - director: In some conditions director may have disconnected from
+ another director (without logging about it), thinking it was sending
+ invalid data.
+ - imap: Various fixes to listing mailboxes.
+ - pop3-migration plugin: Avoid disconnection from POP3 server due
+ to idling.
+ - login processes crashed if there were a lot of local {} or remote {}
+ settings blocks.
+
+v2.1.9 2012-08-01 Timo Sirainen <tss@iki.fi>
+
+ * mail-log plugin: Log mailbox names with UTF-8 everywhere
+ (instead of mUTF-7 in some places and UTF-8 in other places)
+ * director: Changed director_username_hash setting's default from %u
+ to %Lu (= lowercase usernames). This doesn't break any existing
+ installations, but might fix some of them.
+
+ + doveadm: Added "auth cache flush [<username>]" command.
+ + Implemented dict passdb/userdb
+ + Implemented Redis and memcached dict backends, which can be used as
+ auth backends. Redis can also be used as dict-quota backend.
+ + Added plugin { quota_ignore_save_errors=yes } setting to allow saving
+ a mail when quota lookup fails with temporary failure.
+ - Full text search indexing might have failed for some messages,
+ always causing indexer-worker process to run out of memory.
+ - fts-lucene: Fixed handling SEARCH HEADER FROM/TO/SUBJECT/CC/BCC when
+ the header wasn't lowercased.
+ - fts-squat: Fixed crash when searching a virtual mailbox.
+ - pop3: Fixed assert crash when doing UIDL on empty mailbox on some
+ setups.
+ - auth: GSSAPI RFC compliancy and error handling fixes.
+ - Various fixes related to handling shared namespaces
+
+v2.1.8 2012-07-03 Timo Sirainen <tss@iki.fi>
+
+ + pop3c: Added pop3c_master_user setting.
+ - imap: Mailbox names were accidentally sent as UTF-8 instead of mUTF-7
+ in previous v2.1.x releases for STATUS, MYRIGHTS and GETQUOTAROOT
+ commands.
+ - lmtp proxy: Don't timeout connections too early when mail has a lot
+ of RCPT TOs.
+ - director: Don't crash if the director is working alone.
+ - shared mailboxes: Avoid doing "@domain" userdb lookups.
+ - doveadm: Fixed crash with proxying some commands.
+ - fts-squat: Fixed handling multiple SEARCH parameters.
+ - imapc: Fixed a crash when message had more than 8 keywords.
+ - imapc: Don't crash on APPEND/COPY if server doesn't support UIDPLUS.
+
+v2.1.7 2012-05-29 Timo Sirainen <tss@iki.fi>
+
+ * LDAP: Compatibility fix for v2.0: ldap: If attributes contain
+ ldapAttr=key=template%$ and ldapAttr doesn't exist, skip the key
+ instead of using "template" value with empty %$ part for the key.
+
+ + pop3: Added pop3_uidl_duplicates setting for changing the behavior
+ for duplicate UIDLs.
+ + director: Added "doveadm director ring remove" command.
+ - director: Don't crash with quickly disconnecting incoming director
+ connections.
+ - mdbox: If mail was originally saved to non-INBOX, and namespace
+ prefix is non-empty, don't assert-crash when rebuilding indexes.
+ - sdbox: Don't use more fds than necessary when copying mails.
+ - auth: Fixed crash with DIGEST-MD5 when attempting to do master user
+ login without master passdbs.
+ - Several fixes to mail_shared_explicit_inbox=no
+ - imapc: Use imapc_list_prefix also for listing subscriptions.
+
+v2.1.6 2012-05-07 Timo Sirainen <tss@iki.fi>
+
+ * Session ID is now included by default in auth and login process
+ log lines. It can be added to mail processes also by adding
+ %{session} to mail_log_prefix.
+
+ + Added ssl_require_crl setting, which specifies if CRL check must
+ be successful when verifying client certificates.
+ + Added mail_shared_explicit_inbox setting to specify if a shared INBOX
+ should be accessible as "shared/$user" or "shared/$user/INBOX".
+ - v2.1.5: Using "~/" as mail_location or elsewhere failed to actually
+ expand it to home directory.
+ - dbox: Fixed potential assert-crash when reading dbox files.
+ - trash plugin: Fixed behavior when quota is already over limit.
+ - mail_log plugin: Logging "copy" event didn't work.
+ - Proxying to backend server with SSL: Verifying server certificate
+ name always failed, because it was compared to an IP address.
+
+v2.1.5 2012-04-23 Timo Sirainen <tss@iki.fi>
+
+ * IMAP: When neither the session nor the mailbox has modseq tracking
+ enabled, return the mailbox as having NOMODSEQ in SELECT/EXAMINE
+ reply. Old versions in this situation always simply returned
+ HIGHESTMODSEQ as 1, which could have broken some clients.
+
+ + dict file: Added optional fcntl/flock locking (default is dotlock)
+ + fts-solr: doveadm fts rescan now resets indexes, which allows
+ reindexing mails. (This isn't a full rescan implementation like
+ fts-lucene has.)
+ + doveadm expunge: Added -d parameter to delete mailbox if it's
+ empty after expunging.
+ - IMAP: Several fixes related to mailbox listing in some configs
+ - director: A lot of fixes and performance improvements
+ - v2.1.4 didn't work without a mail home directory set
+ - mbox: Deleting a mailbox didn't delete its index files.
+ - pop3c: TOP command was sent incorrectly
+ - trash plugin didn't work properly
+ - LMTP: Don't add a duplicate Return-Path: header when proxying.
+ - listescape: Don't unescape namespace prefixes.
+
+v2.1.4 2012-04-09 Timo Sirainen <tss@iki.fi>
+
+ + Added mail_temp_scan_interval setting and changed its default value
+ from 8 hours to 1 week.
+ + Added pop3-migration plugin for easily doing a transparent IMAP+POP3
+ migration to Dovecot: http://wiki2.dovecot.org/Migration/Dsync
+ + doveadm user: Added -m parameter to show some of the mail settings.
+ - Proxying SSL connections crashed in v2.1.[23]
+ - fts-solr: Indexing mail bodies was broken.
+ - director: Several changes to significantly improve error handling
+ - doveadm import didn't import messages' flags
+ - mail_full_filesystem_access=yes was broken
+ - Make sure IMAP clients can't create directories when accessing
+ nonexistent users' mailboxes via shared namespace.
+ - Dovecot auth clients authenticating via TCP socket could have failed
+ with bogus "PID already in use" errors.
+
+v2.1.3 2012-03-16 Timo Sirainen <tss@iki.fi>
+
+ - mdbox was broken in v2.1.2
+
+v2.1.2 2012-03-15 Timo Sirainen <tss@iki.fi>
+
+ + Initial implementation of dsync-based replication. For now this
+ should be used only on non-critical systems.
+ + Proxying: POP3 now supports sending remote IP+port from proxy to
+ backend server via Dovecot-specific XCLIENT extension.
+ + Proxying: proxy_maybe=yes with host=<hostname> (instead of IP)
+ works now properly.
+ + Proxying: Added auth_proxy_self setting
+ + Proxying: Added proxy_always extra field (see wiki docs)
+ + Added director_username_hash setting to specify what part of the
+ username is hashed. This can be used to implement per-domain
+ backends (which allows safely accessing shared mailboxes within
+ domain).
+ + Added a "session ID" string for imap/pop3 connections, available
+ in %{session} variable. The session ID passes through Dovecot
+ IMAP/POP3 proxying to backend server. The same session ID is can be
+ reused after a long time (currently a bit under 9 years).
+ + passdb checkpassword: Support "credentials lookups" (for
+ non-plaintext auth and for lmtp_proxy lookups)
+ + fts: Added fts_index_timeout setting to abort search if indexing
+ hasn't finished by then (default is to wait forever).
+ - doveadm sync: If mailbox was expunged empty, messages may have
+ become back instead of also being expunged in the other side.
+ - director: If user logged into two directors while near user
+ expiration, the directors might have redirected the user to two
+ different backends.
+ - imap_id_* settings were ignored before login.
+ - Several fixes to mailbox_list_index=yes
+ - Previous v2.1.x didn't log all messages at shutdown.
+ - mbox: Fixed accessing Dovecot v1.x mbox index files without errors.
+
+v2.1.1 2012-02-23 Timo Sirainen <tss@iki.fi>
+
+ + dsync: If message with same GUID is saved multiple times in session,
+ copy it instead of re-saving.
+ - acl plugin + autocreated mailboxes crashed when listing mailboxes
+ - doveadm force-resync: Don't skip autocreated mailboxes (especially
+ INBOX).
+ - If process runs out of fds, stop listening for new connections only
+ temporarily, not permanently (avoids hangs with process_limit=1
+ services)
+ - auth: passdb imap crashed for non-login authentication (e.g. smtp).
+
+v2.1.0 2012-02-16 Timo Sirainen <tss@iki.fi>
+
+ * Plugins now use UTF-8 mailbox names rather than mUTF-7:
+ acl, autocreate, expire, trash, virtual
+ * auth_username_format default changed to %Lu. If you really want
+ case sensitive usernames, set it back to empty.
+ * Solr full text search backend changed to use mailbox GUIDs instead of
+ mailbox names, requiring reindexing everything. solr_old backend can
+ be used with old indexes to avoid reindexing, but it doesn't support
+ some newer features.
+ * Expire plugin: Only go through users listed by userdb iteration.
+ Delete dict rows for nonexistent users, unless
+ expire_keep_nonexistent_users=yes.
+ * Temporary authentication failures sent to IMAP/POP3 clients
+ now includes the server's hostname and timestamp. This makes it
+ easier to find the error message from logs.
+ * dsync was merged into doveadm. There is still "dsync" symlink
+ pointing to "doveadm", which you can use the old way for now.
+ The preferred ways to run dsync are "doveadm sync" (for old "dsync
+ mirror") and "doveadm backup".
+
+ + imapc (= IMAP client) storage allows using a remote IMAP server to
+ be used as storage. This allows using Dovecot as a smart (caching)
+ proxy or using dsync to do migration from remote IMAP server.
+ + Mailbox indexing via queuing indexer service (required for Lucene)
+ + Lucene full text search (FTS) backend rewritten with support for
+ different languages
+ + FTS finally supports "OR" search operation
+ + FTS supports indexing attachments via external programs
+ + IMAP FUZZY extension, supported by Lucene and Solr FTS backends
+ + IMAP SPECIAL-USE extension to describe mailboxes
+ + Mailbox list indexes
+ + Statistics tracking via stats service. Exported via doveadm stats.
+ + Autocreate plugin creates/subscribes mailboxes physically only when
+ the mailbox is opened for the first time. Mailbox listing shows the
+ autocreated mailboxes even if they don't physically exist.
+ + Password and user databases now support default_fields and
+ override_fields settings to specify template defaults/overrides.
+ + SCRAM-SHA-1 authentication mechanism by Florian Zeitz
+ + LDAP: Allow building passdb/userdb extra fields from multiple LDAP
+ attributes by using %{ldap:attributeName} variables in the template.
+ + Improved multi-instance support: Track automatically which instances
+ are started up and manage the list with doveadm instance commands.
+ All Dovecot commands now support -i <instance_name> parameter to
+ select the instance (instead of having to use -c <config path>).
+ See instance_name setting.
+ + auth: Implemented support for Postfix's "TCP map" sockets for
+ user existence lookups.
+ - listescape plugin works perfectly now
+
+v2.1.rc7 2012-02-15 Timo Sirainen <tss@iki.fi>
+
+ + Added ignore_on_failure setting for namespaces. If namespace
+ initialization fails with this enabled (e.g. permission denied),
+ the namespace is silently skipped for the user.
+
+v2.1.rc6 2012-02-12 Timo Sirainen <tss@iki.fi>
+
+ * Added automatic mountpoint tracking and doveadm mount commands to
+ manage the list. If a mountpoint is unmounted, error handling is
+ done by assuming that the files are only temporarily lost. This is
+ especially helpful if dbox alt storage becomes unmounted.
+ * Expire plugin: Only go through users listed by userdb iteration.
+ Delete dict rows for nonexistent users, unless
+ expire_keep_nonexistent_users=yes.
+ * LDA's out-of-quota and Sieve's reject mails now include DSN report
+ instead of MDN report.
+
+ + LDAP: Allow building passdb/userdb extra fields from multiple LDAP
+ attributes by using %{ldap:attributeName} variables in the template.
+ + doveadm log errors shows the last 1000 warnings and errors since
+ Dovecot was started.
+ + Improved multi-instance support: Track automatically which instances
+ are started up and manage the list with doveadm instance commands.
+ All Dovecot commands now support -i <instance_name> parameter to
+ select the instance (instead of having to use -c <config path>).
+ See instance_name setting.
+ + doveadm mailbox delete: Added -r parameter to delete recursively
+ + doveadm acl: Added "add" and "remove" commands.
+ + Updated to Unicode v6.1
+ - mdbox: When saving to alt storage, Dovecot didn't append as much
+ data to m.* files as it could have.
+ - dbox: Fixed error handling when saving failed or was aborted
+ - IMAP: Using COMPRESS extension may have caused assert-crashes
+ - IMAP: THREAD REFS sometimes returned invalid (0) nodes.
+ - dsync: Fixed handling non-ASCII characters in mailbox names.
+
+v2.1.rc5 2012-01-26 Timo Sirainen <tss@iki.fi>
+
+ * Temporary authentication failures sent to IMAP/POP3 clients
+ now includes the server's hostname and timestamp. This makes it
+ easier to find the error message from logs.
+
+ + auth: Implemented support for Postfix's "TCP map" sockets for
+ user existence lookups.
+ + auth: Idling auth worker processes are now stopped. This reduces
+ error messages about MySQL disconnections.
+ - director: With >2 directors ring syncing might have stalled during
+ director connect/disconnect, causing logins to fail.
+ - LMTP client/proxy: Fixed potential hanging when sending (big) mails
+ - Compressed mails with external attachments (dbox + SIS + zlib) failed
+ sometimes with bogus "cached message size wrong" errors.
+
+v2.1.rc4 was never actually released, but was accidentally tagged in hg.
+
+v2.1.rc3 2012-01-06 Timo Sirainen <tss@iki.fi>
+
+ - Added missing file that prevented v2.1.rc2 from compiling..
+
+v2.1.rc2 2012-01-06 Timo Sirainen <tss@iki.fi>
+
+ * dsync was merged into doveadm. There is still "dsync" symlink
+ pointing to "doveadm", which you can use the old way for now.
+ The preferred ways to run dsync are "doveadm sync" (for old "dsync
+ mirror") and "doveadm backup".
+
+ + IMAP SPECIAL-USE extension to describe mailboxes
+ + Added mailbox {} sections, which deprecate autocreate plugin
+ + lib-fs: Added "mode" parameter to "posix" backend to specify mode
+ for created files/dirs (for mail_attachment_dir).
+ + inet_listener names are now used to figure out what type the socket
+ is when useful. For example naming service auth { inet_listener } to
+ auth-client vs. auth-userdb has different behavior.
+ + Added pop3c (= POP3 client) storage backend.
+ - LMTP proxying code was simplified, hopefully fixing its problems.
+ - dsync: Don't remove user's subscriptions for subscriptions=no
+ namespaces.
+
+v2.1.rc1 2011-11-24 Timo Sirainen <tss@iki.fi>
+
+ * Plugins now use UTF-8 mailbox names rather than mUTF-7:
+ acl, autocreate, expire, trash, virtual
+ * auth_username_format default changed to %Lu. If you really want
+ case sensitive usernames, set it back to empty.
+ * Solr full text search backend changed to use mailbox GUIDs instead of
+ mailbox names, requiring reindexing everything. solr_old backend can
+ be used with old indexes to avoid reindexing, but it doesn't support
+ some newer features.
+
+ + imapc (= IMAP client) storage allows using a remote IMAP server to
+ be used as storage. This allows using Dovecot as a smart (caching)
+ proxy or using dsync to do migration from remote IMAP server.
+ + Mailbox indexing via queuing indexer service (required for Lucene)
+ + Lucene full text search (FTS) backend rewritten with support for
+ different languages
+ + FTS finally supports "OR" search operation
+ + FTS supports indexing attachments via external programs
+ + IMAP FUZZY extension, supported by Lucene and Solr FTS backends
+ + IMAP SPECIAL-USE extension to describe mailboxes
+ + Mailbox list indexes
+ + Statistics tracking via stats service. Exported via doveadm stats.
+ + Autocreate plugin creates/subscribes mailboxes physically only when
+ the mailbox is opened for the first time. Mailbox listing shows the
+ autocreated mailboxes even if they don't physically exist.
+ + Password and user databases now support default_fields and
+ override_fields settings to specify template defaults/overrides.
+ + SCRAM-SHA-1 authentication mechanism by Florian Zeitz
+ - listescape plugin works perfectly now
+
+v2.0.15 2011-09-16 Timo Sirainen <tss@iki.fi>
+
+ + doveadm altmove: Added -r parameter to move mails back to primary
+ storage.
+ - v2.0.14: Index reading could have eaten a lot of memory in some
+ situations
+ - doveadm index no longer affects future caching decisions
+ - mbox: Fixed crash during mail delivery when mailbox didn't yet have
+ GUID assigned to it.
+ - zlib+mbox: Fetching last message from compressed mailboxes crashed.
+ - lib-sql: Fixed load balancing and error handling when multiple hosts
+ are used.
+
+v2.0.14 2011-08-29 Timo Sirainen <tss@iki.fi>
+
+ + doveadm: Added support for running mail commands by proxying to
+ another doveadm server.
+ + Added "doveadm proxy list" and "doveadm proxy kick" commands to
+ list/kick proxy connections (via a new "ipc" service).
+ + Added "doveadm director move" to assign user from one server to
+ another, killing any existing connections.
+ + Added "doveadm director ring status" command.
+ + userdb extra fields can now return name+=value to append to an
+ existing name, e.g. "mail_plugins+= quota".
+ - script-login attempted an unnecessary config lookup, which usually
+ failed with "Permission denied".
+ - lmtp: Fixed parsing quoted strings with spaces as local-part for
+ MAIL FROM and RCPT TO.
+ - imap: FETCH BODY[HEADER.FIELDS (..)] may have crashed or not
+ returned all data sometimes.
+ - ldap: Fixed random assert-crashing with with sasl_bind=yes.
+ - Fixes to handling mail chroots
+ - Fixed renaming mailboxes under different parent with FS layout when
+ using separate ALT, INDEX or CONTROL paths.
+ - zlib: Fixed reading concatenated .gz files.
+
+v2.0.13 2011-05-11 Timo Sirainen <tss@iki.fi>
+
+ + Added "doveadm index" command to add unindexed messages into
+ index/cache. If full text search is enabled, it also adds unindexed
+ messages to the fts database.
+ + added "doveadm director dump" command.
+ + pop3: Added support for showing messages in "POP3 order", which can
+ be different from IMAP message order. This can be useful for
+ migrations from other servers. Implemented it for Maildir as 'O'
+ field in dovecot-uidlist.
+ - doveconf: Fixed a wrong "subsection has ssl=yes" warning.
+ - mdbox purge: Fixed wrong warning about corrupted extrefs.
+ - sdbox: INBOX GUID changed when INBOX was autocreated, leading to
+ trouble with dsync.
+ - script-login binary wasn't actually dropping privileges to the
+ user/group/chroot specified by its service settings.
+ - Fixed potential crashes and other problems when parsing header names
+ that contained NUL characters.
+
+v2.0.12 2011-04-12 Timo Sirainen <tss@iki.fi>
+
+ + doveadm: Added "move" command for moving mails between mailboxes.
+ + virtual: Added support for "+mailbox" entries that clear \Recent
+ flag from messages (default is to preserve them).
+ - dbox: Fixes to handling external attachments
+ - dsync: More fixes to avoid hanging with remote syncs
+ - dsync: Many other syncing/correctness fixes
+ - doveconf: v2.0.10 and v2.0.11 didn't output plugin {} section right
+
+v2.0.11 2011-03-07 Timo Sirainen <tss@iki.fi>
+
+ * dotlock_use_excl setting's default was accidentally "no" in all
+ v2.0.x releases, instead of "yes" as in v1.1 and v1.2. Changed it
+ back to "yes."
+
+ - v2.0.10: LDAP support was broken
+ - v2.0.10: dsyncing to remote often hanged (timed out in 15 mins)
+
+v2.0.10 2011-03-04 Timo Sirainen <tss@iki.fi>
+
+ * LMTP: For user+detail@domain deliveries, the +detail is again written
+ to Delivered-To: header.
+ * Skip auth penalty checks from IPs in login_trusted_networks.
+
+ + Added import_environment setting.
+ + Added submission_host setting to send mails via SMTP instead of
+ via sendmail binary.
+ + Added doveadm acl get/set/delete commands for ACL manipulation,
+ similar to how IMAP ACL extension works.
+ + Added doveadm acl debug command to help debug and fix problems
+ with why shared mailboxes aren't working as expected.
+ - IMAP: Fixed hangs with COMPRESS extension
+ - IMAP: Fixed a hang when trying to COPY to a nonexistent mailbox.
+ - IMAP: Fixed hang/crash with SEARCHRES + pipelining $.
+ - IMAP: Fixed assert-crash if IDLE+DONE is sent in same TCP packet.
+ - LMTP: Fixed sending multiple messages in a session.
+ - doveadm: Fixed giving parameters to mail commands.
+ - doveadm import: Settings weren't correctly used for the
+ import storage.
+ - dsync: Fixed somewhat random failures with saving messages to
+ remote dsync.
+ - v2.0.9: Config reload didn't notify running processes with
+ shutdown_clients=no, so they could have kept serving new clients
+ with old settings.
+
+v2.0.9 2011-01-13 Timo Sirainen <tss@iki.fi>
+
+ - Linux: Fixed a high system CPU usage / high context switch count
+ performance problem
+ - Maildir: Avoid unnecessarily reading dovecot-uidlist while opening
+ mailbox.
+ - Maildir: Fixed renaming child mailboxes when namespace had a prefix.
+ - mdbox: Don't leave partially written messages to mdbox files when
+ aborting saving.
+ - Fixed master user logins when using userdb prefetch
+ - lda: Fixed a crash when trying to send "out of quota" reply
+ - lmtp: If delivering duplicate messages to same user's INBOX,
+ create different GUIDs for them. This helps to avoid duplicate
+ POP3 UIDLs when pop3_uidl_format=%g.
+ - virtual storage: Fixed saving multiple mails in a transaction
+ (e.g. copy multiple messages).
+ - dsync: Saved messages' save-date was set to 1970-01-01.
+
+v2.0.8 2010-12-03 Timo Sirainen <tss@iki.fi>
+
+ * Services' default vsz_limits weren't being enforced correctly in
+ earlier v2.0 releases. Now that they are enforced, you might notice
+ that the default limits are too low and you need to increase them.
+ This problem will show up in logs as "out of memory" errors.
+ See default_vsz_limit and service { vsz_limit } settings.
+ * LMTP: In earlier versions if mail was delivered to user+detail@domain
+ address, LMTP server always attempted to deliver the mail to mailbox
+ named "detail". This was rather unintentional and shouldn't have been
+ the default. lmtp_save_to_detail_mailbox=yes setting now preserves
+ this behavior (default is no).
+
+ + Added systemd support (configure --with-systemdsystemunitdir).
+ Based on patch by Christophe Fergeau.
+ + Replaced broken mbox-snarf plugin with a new more generic snarf
+ plugin.
+ - dbox: Fixes to handling external mail attachments
+ - verbose_proctitle=yes didn't work for all processes in v2.0.7
+ - imap, pop3: When service { client_count } was larger than 1, the
+ log messages didn't use the correct prefix. Last logged in user's
+ prefix was always used, regardless of what user's session actually
+ logged it. Now the proper log prefix is always used.
+ - MySQL: Only the first specified host was ever used
+
+v2.0.7 2010-11-08 Timo Sirainen <tss@iki.fi>
+
+ * master: default_process_limit wasn't actually used anywhere,
+ rather the default was unlimited. Now that it is enforced, you might
+ notice that the default limit is too low and you need to increase it.
+ Dovecot logs a warning when this happens.
+ * mail-log plugin: Log mailbox name as virtual name rather than
+ physical name (e.g. namespace prefix is included in the name)
+
+ + doveadm dump: Added imapzlib type to uncompress IMAP's
+ COMPRESS DEFLATE I/O traffic (e.g. from rawlog).
+ - IMAP: Fixed LIST-STATUS when listing subscriptions with
+ subscriptions=no namespaces.
+ - IMAP: Fixed SELECT QRESYNC not to crash on mailbox close if a lot of
+ changes were being sent.
+ - quota: Don't count virtual mailboxes in quota
+ - doveadm expunge didn't always actually do the physical expunging
+ - Fixed some index reading optimizations introduced by v2.0.5.
+ - LMTP proxying fixes
+
+v2.0.6 2010-10-21 Timo Sirainen <tss@iki.fi>
+
+ * Pre-login CAPABILITY includes IDLE again. Mainly to make Blackberry
+ servers happy.
+ * auth: auth_cache_negative_ttl default was 0 in earlier v2.0.x, but it
+ was supposed to be 1 hour as in v1.x. Changed it back to 1h.
+ If you want it disabled, make sure doveconf shows it as 0.
+
+ + dbox: Added support for saving mail attachments to external files,
+ with also support for single instance storage. This feature hasn't
+ had much testing yet, so be careful with it.
+ + doveadm: Added import command for importing mails from other storages.
+ + Reduced NFS I/O operations for index file accesses
+ + dbox, Maildir: When copying messages, copy also already cached fields
+ from dovecot.index.cache
+ + mdbox: Added mdbox_preallocate_space setting (Linux+ext4/XFS only)
+ - Maildir: LDA/LMTP assert-crashed sometimes when saving a mail.
+ - Fixed leaking fds when writing to dovecot.mailbox.log.
+ - Fixed rare dovecot.index.cache corruption
+ - IMAP: SEARCH YOUNGER/OLDER wasn't working correctly
+
+v2.0.5 2010-10-01 Timo Sirainen <tss@iki.fi>
+
+ * acl: Fixed the logic of merging multiple ACL entries. Now it works as
+ documented, while previously it could have done slightly different
+ things depending on the order of the entries.
+ * virtual: Allow opening virtual mailboxes that refer to non-existing
+ mailboxes. It seems that the benefits of this outweigh the lack of
+ error message when typoing a mailbox name.
+
+ + Added some disk I/O optimizations to Maildir and index code. They're
+ especially helpful with short-lived connections like POP3.
+ + pop3: Added pop3_fast_size_lookups setting.
+ - doveconf sometimes failed with complaining about missing ssl_key
+ setting, causing e.g. dovecot-lda to fail.
+ - lda: If there's an error in configuration, doveconf didn't exit with
+ EX_TEMPFAIL as it should have.
+ - sdbox: Fixed memory leak when copying messages with hard links.
+ - zlib + sdbox combination didn't work
+ - zlib: Fixed several crashes, which mainly showed up with mbox.
+ - quota: Don't crash if user has quota disabled, but plugin loaded.
+ - doveadm fetch uid was actually returning sequence, not uid.
+ - v2.0.4's subscription listing ignored (and logged a warning about)
+ subscriptions=no namespaces' entries in some configurations.
+ (So listing shared mailboxes' subscriptions could have been broken.)
+ - acl: Fixed crashing when sometimes listing shared mailboxes via
+ dict proxy.
+
+v2.0.4 2010-09-26 Timo Sirainen <tss@iki.fi>
+
+ * multi-dbox: If :INDEX=path is specified, keep
+ storage/dovecot.map.index* files also in the index path rather than
+ in the main storage directory.
+
+ WARNING: if you specified :INDEX= with earlier mdbox installation,
+ you must now manually move the storage indexes to the expected
+ directory! Otherwise Dovecot won't see them and will rebuild the
+ indexes, possibly unexpunging some mails.
+
+ - Maildir: Copying messages with hard links sometimes caused the
+ source maildir's entire tmp/ directory to be renamed to destination
+ maildir as if it were a message.
+ - Maildir: v2.0.3 broke expunging copied messages sometimes
+ - Maildir: INBOX whose tmp/ directory was lost couldn't be opened
+ - single-dbox: Messages weren't copied with hard links
+ - vpopmail support is hopefully working again.
+ - dsync: POP3 UIDLs weren't copied with Maildir
+ - dict file: Fixed fd leak (showed up easily with LMTP + quota)
+
+v2.0.3 2010-09-17 Timo Sirainen <tss@iki.fi>
+
+ * dovecot-lda: Removed use of non-standard Envelope-To: header as a
+ default for -a. Set lda_original_recipient_header=Envelope-To to
+ returns the old behavior.
+
+ + Added support for reverse quota warnings (i.e. when quota goes back
+ under the limit). This is enabled by adding '-' to beginning of
+ quota_warning value. Based on patch by Jeroen Koekkoek.
+ + dovecot-lda: Added lda_original_recipient_header setting, which is
+ used for getting original recipient if -a isn't used.
+ + dovecot-lda: Added -r parameter to specify final recipient address.
+ (It may differ from original address for e.g. aliases.)
+ + Maildir: uidlist file can now override message's GUID, making it
+ possible for multiple messages in a mailbox to have the same GUID.
+ This also fixes dsync's message conflict resolution.
+ - dovecot-lda: If destination user isn't found, exit with EX_NOUSER,
+ not EX_TEMPFAIL.
+ - dsync: Fixed handling \Noselect mailboxes
+ - Fixed an infinite loop introduced by v2.0.2's message parser changes.
+ - Fixed a crash introduced by v2.0.2's istream-crlf changes.
+
+v2.0.2 2010-09-08 Timo Sirainen <tss@iki.fi>
+
+ * vpopmail support is disabled for now, since it's broken. You can use
+ it via checkpassword support or its sql/ldap database directly.
+
+ - maildir: Fixed "duplicate uidlist entry" errors that happened at
+ least with LMTP when mail was delivered to multiple recipients
+ - Deleting ACLs didn't cause entries to be removed from acl_shared_dict
+ - mail_max_lock_timeout setting wasn't working with all locks
+ - auth_cache_size setting's old-style value wasn't autoconverted
+ and it usually also caused a crash
+
+v2.0.1 2010-08-24 Timo Sirainen <tss@iki.fi>
+
+ * When dsync is started as root, remote dsync command is now also
+ executed as root instead of with dropped privileges.
+
+ - IMAP: QRESYNC parameters for SELECT weren't handled correctly.
+ - UTF-8 string validity checking wasn't done correctly (e.g.
+ mailbox names in Sieve fileinto)
+ - dsync: Fixed a random assert-crash with remote dsyncing
+
+v2.0.0 2010-08-16 Timo Sirainen <tss@iki.fi>
+
+ * Dovecot uses two system users for internal purposes now by default:
+ dovenull and dovecot. You need to create the dovenull user or change
+ default_login_user setting.
+ * Global ACLs are now looked up using namespace prefixes. For example
+ if you previously had INBOX. namespace prefix and a global ACL for
+ "INBOX.Sent", it's now looked up from "INBOX.Sent" file instead of
+ "Sent" as before.
+ * Maildir: File permissions are no longer based on dovecot-shared file,
+ but the mailbox directory.
+
+ + Redesigned master process. It's now more modular and there is less
+ code running as root.
+ + Configuration supports now per-local/remote ip/network settings.
+ + dsync utility does a two-way mailbox synchronization.
+ + LMTP server and proxying.
+ + Added mdbox (multi-dbox) mail storage backend.
+ + doveadm utility can be used to do all kinds of administration
+ functions. Old dovecotpw and *view utilities now exist in its
+ subcommands.
+ + imap and pop3 processes can now handle multiple connections.
+ + IMAP: COMPRESS=DEFLATE is supported by imap_zlib plugin
+ + director service helps NFS installations to redirect users always
+ to same server to avoid corruption
+
+v2.0.rc6 2010-08-13 Timo Sirainen <tss@iki.fi>
+
+ - dict quota didn't always decrease quota when messages were expunged
+ - Shared INBOX wasn't always listed with FS layout
+
+v2.0.rc5 2010-08-09 Timo Sirainen <tss@iki.fi>
+
+ - Using more than 2 plugins could have caused broken behavior
+ (more fixes for this)
+ - Listescape plugin fixes
+ - mbox: Fixed a couple of assert-crashes
+ - mdbox: Fixed potential assert-crash when saving multiple messages
+ in one transaction.
+
+v2.0.rc4 2010-08-04 Timo Sirainen <tss@iki.fi>
+
+ + director: Added director_doveadm_port for accepting doveadm
+ TCP connections.
+ + doveadm: Added client/server architecture support for running mail
+ commands. Enable this by setting doveadm_worker_count to non-zero.
+ + mail-log: Added support for mailbox_create event.
+ + imap_capability = +XFOO BAR can be used to add capabilities instead
+ of replacing the whole capability string.
+ + virtual storage: Added support for IDLE notifications.
+ - doveadm mailbox status: Fixed listing non-ASCII mailbox names.
+ - doveadm fetch: Fixed output when fetching message header or body
+ - doveadm director map/add/remove: Fixed handling IP address as
+ parameter.
+ - dsync: A few more fixes
+
+v2.0.rc3 2010-07-20 Timo Sirainen <tss@iki.fi>
+
+ * Single-dbox is now called "sdbox" instead of "dbox".
+ "dbox" will stay as an alias for it for now.
+
+ + Added mail_temp_dir setting, used by deliver and lmtp for creating
+ temporary mail files. Default is /tmp.
+ + doveadm: Added "director map" command to list user -> host mappings.
+ - imap: Fixed checking if list=children namespace has children.
+ - director: If all login processes died, director stopped reading
+ proxy-notify input and caused future login processes to hang
+ - mail_log plugin configuration was broken
+ - Using more than 2 plugins could have caused broken behavior
+ - mdbox: Race condition fixes related to copying and purging
+ - dsync: Lots of fixes
+
+v2.0.rc2 2010-07-09 Timo Sirainen <tss@iki.fi>
+
+ - Fixed a crash with empty mail_plugins
+ - Fixed sharing INBOX to other users
+ - mdbox: Rebuilding storage was broken in rc1
+ - dsync was broken for remote syncs in rc1
+ - director+LMTP proxy wasn't working correctly
+ - v1.x config parser failed with some settings if pigeonhole wasn't
+ installed.
+ - virtual: If non-matching messages weren't expunged within same
+ session, they never got expunged.
+
+v2.0.rc1 2010-07-02 Timo Sirainen <tss@iki.fi>
+
+ * See v2.0.0 notes
+
+v1.2.6 2009-10-05 Timo Sirainen <tss@iki.fi>
+
+ * Upgraded to Unicode 5.2.0
+
+ + Added authtest utility for doing passdb and userdb lookups.
+ + login: ssl_security string now also shows the used compression.
+ - quota: Don't crash with non-Maildir++ quota backend.
+ - imap proxy: Fixed crashing with some specific password characters.
+ - dovecot --exec-mail was broken.
+ - Avoid assert-crashing when two processes try to create index at the
+ same time.
+
+v1.2.5 2009-09-13 Timo Sirainen <tss@iki.fi>
+
+ * Authentication: DIGEST-MD5 and RPA mechanisms no longer require
+ user's login realm to be listed in auth_realms. It only made
+ configuration more difficult without really providing extra security.
+ * zlib plugin: Don't allow clients to save compressed data directly.
+ This prevents users from exploiting (most of the) potential security
+ holes in zlib/bzlib.
+
+ + Added pop3_save_uidl setting.
+ + dict quota: When updating quota and user isn't already in dict,
+ recalculate and save the quota.
+ - file_set_size() was broken with OSes that didn't support
+ posix_fallocate() (almost everyone except Linux), causing all kinds
+ of index file errors.
+ - v1.2.4 index file handling could have caused an assert-crash
+ - IMAP: Fixes to QRESYNC extension.
+ - virtual plugin: Crashfix
+ - deliver: Don't send rejects to any messages that have Auto-Submitted
+ header. This avoids emails loops.
+ - Maildir: Performance fixes, especially with maildir_very_dirty_syncs.
+ - Maildir++ quota: Limits weren't read early enough from maildirsize
+ file (when quota limits not enforced by Dovecot)
+ - Message decoding fixes (mainly for IMAP SEARCH, Sieve).
+
+v1.2.4 2009-08-17 Timo Sirainen <tss@iki.fi>
+
+ * acl: When looking up ACL defaults, use global/local default files
+ if they exist. So it's now possible to set default ACLs by creating
+ dovecot-acl file to the mail root directory.
+
+ + imap/pop3 proxy: If proxy destination is known to be down,
+ fail connections to it immediately.
+ + imap/pop3 proxy: Added proxy_timeout passdb extra field to specify
+ proxy's connect timeout.
+ - Fixed a crash in index file handling.
+ - Fixed a crash in saving messages where message contained a CR
+ character that wasn't followed by LF (and the CR happened to be the
+ last character in an internal buffer).
+ - v1.2.3 crashed when listing shared namespace prefix.
+ - listescape plugin: Several fixes.
+ - autocreate plugin: Fixed autosubscribing to mailboxes in
+ subscriptions=no namespaces.
+
+v1.2.3 2009-08-07 Timo Sirainen <tss@iki.fi>
+
+ * Mailbox names with control characters can't be created anymore.
+ Existing mailboxes can still be accessed though.
+
+ + Allow namespace prefix to be opened as mailbox, if a mailbox
+ already exists in the root dir.
+ - Maildir: dovecot-uidlist was being recreated every time a mailbox
+ was accessed, even if nothing changed.
+ - listescape plugin was somewhat broken
+ - Compiling fixes for non-Linux/BSDs
+ - imap: tb-extra-mailbox-sep workaround was broken.
+ - ldap: Fixed hang when >128 requests were sent at once.
+ - fts_squat: Fixed crashing when searching virtual mailbox.
+ - imap: Fixed THREAD .. INTHREAD crashing.
+
+v1.2.2 2009-07-27 Timo Sirainen <tss@iki.fi>
+
+ * GSSAPI: More changes to authentication. Hopefully good now.
+ * lazy_expunge plugin: Drop \Deleted flag when moving message.
+
+ + dovecot -n/-a now outputs also lda settings.
+ + dovecot.conf !include now supports globs (e.g.
+ !include /etc/dovecot/*.conf). Based on patch by Thomas Guthmann.
+ + acl: Support spaces in user/group identifiers.
+ + shared mailboxes: If only %%n is specified in prefix, default to
+ current user's domain.
+ - Dovecot master process could hang if it received signals too rapidly.
+ - Fixed "corrupted index cache file" errors (and perhaps others) caused
+ by e.g. IMAP's FETCH BODY[] command.
+ - IMAP: When QRESYNC is enabled, don't crash when a new mail is
+ received while IDLEing.
+ - IMAP: FETCH X-* parameters weren't working.
+ - Maildir++ quota: Quota was sometimes updated wrong when it was
+ being recalculated.
+ - Searching quoted-printable message body internally converted "_"
+ characters to spaces and didn't match search keys with "_".
+ - Messages in year's first/last day may have had broken timezones
+ with OSes not having struct tm->tm_gmtoff (e.g. Solaris).
+ - virtual plugin: If another session adds a new mailbox to index,
+ don't crash.
+
+v1.2.1 2009-07-09 Timo Sirainen <tss@iki.fi>
+
+ * GSSAPI: Changed logging levels and improved the messages.
+ Changed the way cross-realm authentication handling is done,
+ hopefully it's working now for everyone.
+ * imap/pop3 logins now fail if home directory path is relative.
+ v1.2.0 deliver was already failing with these and they could have
+ caused problems even with v1.1.
+ * IMAP: Custom authentication failure messages are now prefixed with
+ [ALERT] to get more clients to actually show them.
+
+ + Improved some error messages.
+ - pop3: AUTH PLAIN was broken when SASL initial response wasn't given.
+ - mbox: New mailboxes were created with UIDVALIDITY 1.
+ - quota-fs was defaulting to group quota instead of user quota.
+ - Fixed ACLs to work with mbox.
+ - Fixed fchmod(-1, -1) errors with BSDs
+ - convert plugin / convert-tool: Fixed changing hierarchy separators
+ in mailbox names when alt_hierarchy_char isn't set.
+
+v1.2.0 2009-07-01 Timo Sirainen <tss@iki.fi>
+
+ * When creating files or directories to mailboxes, Dovecot now uses
+ the mailbox directory's permissions and GID for them. Previous
+ versions simply used 0600 mode always. For backwards compatibility
+ dovecot-shared file's permissions still override these with Maildir.
+ * SQL dictionary (quota) configuration file is different than in v1.1.
+ See doc/dovecot-dict-sql-example.conf for the new format.
+ * deliver -m: Mailbox name is now assumed to be in UTF-8 format,
+ not modified-UTF7. Stephan Bosch's new Sieve implementation also
+ assumes UTF-8 format in fileinto parameters.
+
+ + Full support for shared mailboxes and IMAP ACL extension.
+ The code is mainly from Sascha Wilde and Bernhard Herzog.
+ + IMAP: Added support for extensions: CONDSTORE, QRESYNC, ESEARCH,
+ ESORT, SEARCHRES, WITHIN, ID and CONTEXT=SEARCH.
+ + SEARCH supports INTHREAD search key, but the rest of the INTHREAD
+ draft isn't implemented yet so it's not advertised in capability.
+ + THREAD REFS algorithm where threads are sorted by their latest
+ message instead of the thread root message. There is also no base
+ subject merging.
+ + IMAP: Implemented imap-response-codes draft.
+ + Thread indexes for optimizing IMAP THREAD command and INTHREAD
+ search key.
+ + Added userdb checkpassword (by Sascha Wilde)
+ + Virtual mailboxes: http://wiki.dovecot.org/Plugins/Virtual
+ + Autocreate plugin: http://wiki.dovecot.org/Plugins/Autocreate
+ + Listescape plugin: http://wiki.dovecot.org/Plugins/Listescape
+
+v1.2.rc8 2009-06-30 Timo Sirainen <tss@iki.fi>
+
+ - Fixed building LDAP as plugin
+ - Fixed starting up in OS X
+
+v1.2.rc7 2009-06-27 Timo Sirainen <tss@iki.fi>
+
+ * Removed configure --with-deliver, --with-pop3d and --disable-ipv6
+ parameters.
+
+ + Improved permission related error messages.
+ - mbox: Don't write garbage to mbox if message doesn't have a body.
+ - virtual: Fixed saving messages with keywords.
+ - virtual: Fixed infinite looping bug.
+ - zlib: Fixed error handling.
+
+v1.2.rc6 2009-06-22 Timo Sirainen <tss@iki.fi>
+
+ * imap proxy: Pass through to client unexpected untagged replies
+ from remote server (e.g. alerts).
+ * Solr: Don't use "any" copyfield, it doubles the index size.
+ * mail_location: Allow using ":" characters in dir names by escaping
+ it as "::".
+
+ - mbox: Don't crash with invalid From_-lines.
+ - IMAP: Don't crash if IDLE command is pipelined after a long-running
+ UID FETCH or UID SEARCH.
+ - ACL / shared mailbox fixes
+ - Some metadata files were incorrectly getting 0666 permissions.
+
+v1.2.rc5 2009-06-04 Timo Sirainen <tss@iki.fi>
+
+ * auth_cache_negative_ttl is now used also for password mismatches
+ (currently only with plaintext authentication mechanisms).
+
+ + Added support for EXTERNAL SASL mechanism.
+ + FETCH X-SAVEDATE can now be used to get messages' save timestamps
+ + deliver_log_format: %s is now in UTF8
+ - If message body started with a space, some operations could have
+ assert-crashed.
+ - Fixed using LDAP support as a plugin
+ - Fixes to virtual mailboxes.
+
+v1.2.rc4 2009-05-17 Timo Sirainen <tss@iki.fi>
+
+ * If /dev/arandom exists, use it instead of /dev/urandom (OpenBSD).
+ * When logging to a file, the lines now start with a timestamp instead
+ of "dovecot: " prefix.
+
+ + IMAP: When multiple commands are pipelined, try harder to combine
+ their mailbox syncing together. For example with Maildir pipelining
+ STORE 1:* +FLAGS \Deleted and EXPUNGE commands the files won't
+ be unnecessarily rename()d before being unlink()ed.
+ + imap-proxy: Send backend's CAPABILITY if it's different from what
+ was sent to client before.
+ + IMAP: struct mail now keeps track of all kinds of statistics, such
+ as number of open()s, stat()s, bytes read, etc. These fields could
+ be exported by some kind of a statistics plugin (not included yet).
+ + IMAP: SEARCH command now dynamically figures out how to run about
+ 0.20 .. 0.25 seconds before seeing if there's other work to do.
+ This makes the SEARCH performance much better.
+ - Fixes to shared mailbox handling.
+ - Fixes to virtual mailboxes.
+ - THREAD command could have crashed.
+ - Fixes to expire-tool.
+ - mbox: Don't break if From_-line is preceded by CRLF (instead of LF).
+ - dict process wasn't restarted after SIGHUP was sent to master.
+
+v1.2.rc3 2009-04-16 Timo Sirainen <tss@iki.fi>
+
+ * IMAP proxy no longer simply forwards tagged reply from
+ remote authentication command. It's now done only if the remote
+ server sent a [resp-code], otherwise all failure strings are
+ converted to Dovecot's "Authentication failed." to make sure that
+ if remote isn't using Dovecot it won't reveal user's existence.
+
+ + Quota roots can now specify which namespace's quota they're
+ tracking. This is probably the most useful for giving public
+ namespaces a quota.
+ + Added imap_idle_notify_interval setting.
+ - Fixes to shared mailbox handling
+ - Fixes to virtual mailboxes
+ - Fixed compiling with some FreeBSD and NetBSD versions
+ - THREAD REFS still might have returned one (0) at the beginning.
+ - deliver wasn't using mail_access_groups setting.
+ - Fixed some error handling in maildir and index code.
+
+v1.2.rc2 2009-04-03 Timo Sirainen <tss@iki.fi>
+
+ - rquota.x file was missing from rc1 distribution, causing compiling
+ to fail.
+
+v1.2.rc1 2009-04-03 Timo Sirainen <tss@iki.fi>
+
+ * See v1.2.0 notes
+
+v1.1.5 2008-10-22 Timo Sirainen <tss@iki.fi>
+
+ * Dovecot prints an informational message about authentication problems
+ at startup. The message goes away after the first successful
+ authentication. This hopefully reduces the number of "Why doesn't
+ my authentication work?" questions.
+
+ + Maildir/dbox: Try harder to assign unique UIDVALIDITY values to
+ mailboxes to avoid potential problems when recreating or renaming
+ mailboxes. The UIDVALIDITY is tracked using dovecot-uidvalidity*
+ files in the mail root directory.
+ + Many logging improvements
+ - In some conditions Dovecot could have stopped using existing cache
+ file and never used it again until it was deleted.
+ - pop3 + Maildir: Make sure virtual sizes are always written to
+ dovecot-uidlist. This way if the indexes are lost Dovecot will never
+ do a huge amount of work to recalculate them.
+ - mbox: Fixed listing mailboxes in namespaces with prefix beginning
+ with '~' or '/' (i.e. UW-IMAP compatibility namespaces didn't work).
+ - dict quota: Don't crash when recalculating quota (when quota warnings
+ enabled).
+ - Fixes to handling "out of disk space/quota" failures.
+ - Blocking passdbs/userdbs (e.g. PAM, MySQL) could have failed lookups
+ sometimes when auth_worker_max_request_count was non-zero.
+ - Fixed compiling with OpenBSD
+
+v1.1.4 2008-10-05 Timo Sirainen <tss@iki.fi>
+
+ - SORT: Yet another assert-crashfix when renumbering index sort IDs.
+ - ACL plugin fixes: Negative rights were actually treated as positive
+ rights. 'k' right didn't prevent creating parent/child/child mailbox.
+ ACL groups weren't working.
+ - Maildir++ quota: Fixes to rebuilding when quota limit wasn't
+ specified in Dovecot (0 limit or limit read from maildirsize).
+ - mbox: Several bugfixes causing errors and crashes.
+ - Several fixes to expire plugin / expire-tool.
+ - lock_method=dotlock could have deadlocked with itself.
+ - Many error handling fixes and log message improvements.
+
+v1.1.3 2008-09-02 Timo Sirainen <tss@iki.fi>
+
+ * mail_max_userip_connections limit no longer applies to master user
+ logins.
+
+ + login_log_format_elements: Added %k to show SSL protocol/cipher
+ information. Not included by default.
+ + imap/pop3-proxy: If auth_verbose=yes, log proxy login failures.
+ + deliver: Added -s parameter to autosubscribe to autocreated mailboxes.
+ - message parser fixes - hopefully fixes an infinite looping problem
+ - SORT: One more assert-crashfix when renumbering index sort IDs.
+ - mbox: Saving may have truncated the mail being saved
+ - mbox: Several other bugfixes
+ - mail_full_filesystem_access=yes was broken when listing mailboxes
+ (it still is with maildir++ layout).
+ - maildirlock utility was somewhat broken
+ - zlib plugin: bzip2 support was somewhat broken
+ - NFS: Make sure writing to files via output streams don't
+ assert-crash when write() returns only partial success.
+
+v1.1.2 2008-07-24 Timo Sirainen <tss@iki.fi>
+
+ + Added full text search indexing support for Apache Lucene Solr
+ server: http://wiki.dovecot.org/Plugins/FTS/Solr
+ + IMAP SORT: Added X-SCORE sort key for use with Solr searches.
+ + zlib plugin supports now bzip2 also.
+ + quota: All backends now take noenforcing parameter.
+ + Maildir: Add ,S=<size> to maildir filename whenever quota plugin
+ is loaded, even when not using Maildir++ quota.
+ + deliver: Allow lda section to override plugin settings.
+ + deliver: Giving a -m <namespace prefix> parameter now silently saves
+ the mail to INBOX. This is useful for e.g. -m INBOX/${extension}
+ + Added a new maildirlock utility for write-locking Dovecot Maildir.
+ + dict-sql: Support non-MySQL databases by assuming they implement the
+ "INSERT .. ON DUPLICATE KEY" using an INSERT trigger.
+ - SORT: Fixed several crashes/errors with sort indexing.
+ - IMAP: BODYSTRUCTURE is finally RFC 3501 compliant. Earlier versions
+ didn't include Content-Location support.
+ - IMAP: Fixed bugs with listing INBOX.
+ - Maildir: maildirfolder file wasn't created when dovecot-shared
+ file existed on the root directory
+ - deliver didn't expand %variables in namespace location settings.
+ - zlib: Copying non-compressed messages resulted in empty mails
+ (except when hardlink-copying between maildirs).
+ - mbox-snarf plugin was somewhat broken
+ - deliver + Maildir: If uidlist couldn't be locked while saving,
+ we might have assert-crashed
+ - mbox: Fixed an assert-crash with \Recent flag handling
+
+v1.1.1 2008-06-22 Timo Sirainen <tss@iki.fi>
+
+ - Maildir: When migrating from v1.0 with old format dovecot-uidlist
+ files, Dovecot may have appended lines to it using the new format and
+ later broken with "UID larger than next_uid" error.
+
+v1.1.0 2008-06-21 Timo Sirainen <tss@iki.fi>
+
+No changes since v1.1.rc13. Below are the largest changes since v1.0:
+
+ * After Dovecot v1.1 has modified index or dovecot-uidlist files,
+ they can't be opened anymore with Dovecot versions earlier than
+ v1.0.2.
+ * See doc/wiki/Upgrading.1.1.txt (or for latest changes,
+ http://wiki.dovecot.org/Upgrading/1.1) for list of changes since
+ v1.0 that you should be aware of when upgrading.
+
+ + IMAP: Added support for UIDPLUS and LIST-EXTENDED extensions.
+ + IMAP SORT: Sort keys are indexed, which makes SORT commands faster.
+ + When saving messages, update cache file immediately with the data
+ that we expect client to fetch later.
+ + NFS caches are are flushed whenever needed. See mail_nfs_storage and
+ mail_nfs_index settings.
+ + Out of order command execution (SEARCH, FETCH, LIST), nonstandard
+ command cancellation (X-CANCEL <tag>)
+ + IMAP: STATUS-IN-LIST draft implementation
+ + Expire plugin can be used to keep track of oldest messages in
+ specific mailboxes. A nightly run can then quickly expunge old
+ messages from the mailboxes that have them. The tracking is done
+ using lib-dict, so you can use either Berkeley DB or SQL database.
+ + Namespaces are supported everywhere now.
+ + Namespaces have new list and subscriptions settings.
+ + Full text search indexing support with Lucene and Squat backends.
+ + OTP and S/KEY authentication mechanisms (by Andrey Panin).
+ + mbox and Maildir works with both Maildir++ and FS layouts. You can
+ change these by appending :LAYOUT=maildir++ or :LAYOUT=fs to
+ mail_location.
+ + LDAP: Support templates in pass_attrs and user_attrs
+ + Support for listening in multiple IPs/ports.
+ + Quota plugin rewrite: Support for multiple quota roots, warnings,
+ allow giving storage size in bytes or kilo/mega/giga/terabytes,
+ per-mailbox quota rules.
+ + Filesystem quota backend supports inode limits, group quota and
+ RPC quota for NFS.
+ + SEARCH and SORT finally compare non-ASCII characters
+ case-insensitively. We use i;unicode-casemap algorithm.
+ + Config files support splitting values to multiple lines with \
+
+v1.1.rc13 2008-06-20 Timo Sirainen <tss@iki.fi>
+
+ - mbox: Fixed a crash when adding a new X-IMAPbase: header with
+ keywords.
+ - Message parser: Fixed assert-crash if cached MIME structure was
+ broken.
+ - Squat: Potential crashfix with mmap_disable=yes.
+
+v1.1.rc12 2008-06-19 Timo Sirainen <tss@iki.fi>
+
+ - mbox: Don't give "Can't find next message offset" warnings when
+ plugin (e.g. quota) accesses the message being saved.
+ - deliver: Settings inside protocol imap {} weren't ignored.
+
+v1.1.rc11 2008-06-19 Timo Sirainen <tss@iki.fi>
+
+ - dovecot-uidlist is now recreated if it results in file shrinking
+ over 25%.
+ - Some other minor fixes
+
+v1.1.rc10 2008-06-13 Timo Sirainen <tss@iki.fi>
+
+ * LIST X-STATUS renamed to LIST STATUS and fixed its behavior with
+ LIST-EXTENDED options. It's now compatible with STATUS-IN-LIST
+ draft 00.
+
+ - Message parsing could have sometimes produced incorrect results,
+ corrupting BODY/BODYSTRUCTURE replies and perhaps others.
+ - SORT: Fixed several bugs
+ - FreeBSD 7.0: Environment clearing wasn't working correctly.
+ This caused "environment corrupted" problems at least with deliver
+ trying to call sendmail and running Dovecot from inetd.
+ - HP-UX: Several fixes to get it to work (by Christian Corti)
+ - Fixes to using expire plugin with SQL dictionary.
+ - dbox fixes
+
+v1.1.rc9 2008-06-09 Timo Sirainen <tss@iki.fi>
+
+ + Maildir: When hardlink-copying a file, copy the W=<vsize> in the
+ filename if it exists in the original filename.
+ - mbox: With rc8 empty lines were inserted in the middle of saved
+ mails' headers.
+ - maildir: Fixed problems with opening newly saved messages which we
+ saw in index file but couldn't see in dovecot-uidlist. Happened only
+ when messages weren't saved via Dovecot (deliver or IMAP).
+ - Several bugfixes to handling sort indexes
+ - deliver: Boolean settings that were supposed to default to "yes" were
+ set to "no" unless explicitly defined in dovecot.conf:
+ dotlock_use_excl, maildir_copy_with_hardlinks, mbox_dirty_syncs,
+ mbox_lazy_writes.
+
+v1.1.rc8 2008-06-03 Timo Sirainen <tss@iki.fi>
+
+ + deliver: Added -p parameter to provide path to delivered mail.
+ This allows maildir to save identical mails to multiple recipients
+ using hard links.
+ - rc6/rc7 broke POP3 with non-Maildir formats
+ - mbox: Saving a message without a body or the end-of-headers line
+ could have caused an assert-crash later.
+ - Several dbox fixes
+
+v1.1.rc7 2008-05-30 Timo Sirainen <tss@iki.fi>
+
+ - Fixed compiling problems with non-Linux OSes
+
+v1.1.rc6 2008-05-30 Timo Sirainen <tss@iki.fi>
+
+ * Index file format changed a bit. If an older Dovecot v1.1 reads
+ index files updated by rc6+, they may give "Invalid header record
+ size" or "ext reset: invalid record size" warnings. v1.0 won't give
+ these errors.
+ * IMAP: LIST .. RETURN (X-STATUS) command return now LIST entries
+ before STATUS entries.
+ * zlib plugin: Uncompress if the message begins with zlib header
+ instead of looking at the 'Z' flag. This fixes copying with hard
+ links. Based on a patch by Richard Platel.
+
+ + IMAP: SORT index handling code was half-rewritten to fix several bugs
+ when multiple sessions were sorting at the same time. The new code is
+ hopefully also faster.
+ + Maildir: If POP3 UIDL extra field is found from dovecot-uidlist,
+ it's used instead of the default UIDL format (or X-UIDL: header).
+ This allows easily preserving UIDLs when migrating from other POP3
+ servers. Patch by Nicholas Von Hollen @ Mailtrust.
+ + Maildir: ,W=<vsize> is now always added to maildir filenames
+ + deliver: Avoid reading dovecot-uidlist's contents if possible.
+ + Added %T modifier = Trim whitespace from end of string
+ - IMAP: Fixed some bugs in LIST-EXTENDED implementation.
+ - IMAP: If client tries to change the selected mailbox state while
+ another command is still running, wait until the command is finished.
+ This fixes some crashes and other unwanted behavior.
+ - allow_nets userdb setting was broken with big endian CPUs
+
+v1.1.rc5 2008-05-05 Timo Sirainen <tss@iki.fi>
+
+ + Support cross-realm Kerberos 5 authentication. Based on patch by
+ Zachary Kotlarek.
+ + Added dict_db_config setting to point to a Berkeley DB config file.
+ + If mail_chroot ends with "/.", remove chroot prefix from home
+ directory.
+ - Fixed several bugs and memory leaks in ACL plugin. LIST and LSUB
+ may have listed mailboxes where user had no 'l' access. STORE could
+ have been used to update any flags without appropriate access.
+ - mbox: Valid-looking From_-lines in message bodies caused the message
+ to be split to two messages (broken since v1.0).
+ - Plugin initialization hooks were called in wrong order, possibly
+ causing problems when multiple plugins were used at the same time.
+ - Expire plugin was broken
+ - LIST-EXTENDED options were ignored.
+ - LDAP: Static attribute names weren't working correctly
+ - deliver: mail_uid and mail_gid settings weren't used.
+ - pop3 + maildir++ quota: maildirsize file wasn't created if it
+ didn't exist already.
+ - dnotify: Waiting for dotlock to be deleted used 100% CPU
+
+v1.1.rc4 2008-04-01 Timo Sirainen <tss@iki.fi>
+
+ * Fixed two buffer overflows in str_find_init(). It was used by
+ SEARCH code when searching for headers or message body. Added code
+ to catch these kind of overflows when compiling with --enable-debug.
+ Found by Diego Liziero.
+
+ + LDAP: Added debug_level and ldaprc_path settings (OpenLDAP-only)
+ + Squat: Added fts_squat = partial=n full=m settings. See the wiki.
+ - dbox metadata updating fixes.
+ - quota: backend=n didn't work
+ - SEARCH RECENT may have returned non-recent messages if index files
+ were created by v1.0.
+ - If mailbox was opened as read-only with EXAMINE, STOREs were
+ permanently saved.
+ - LDAP: Templates were somewhat broken (by richs at whidbey.net)
+
+v1.1.rc3 2008-03-09 Timo Sirainen <tss@iki.fi>
+
+ * Fixed a security hole in blocking passdbs (MySQL always. PAM, passwd
+ and shadow if blocking=yes) where user could specify extra fields
+ in the password. The main problem here is when specifying
+ "skip_password_check" introduced in v1.0.11 for fixing master user
+ logins, allowing the user to log in as anyone without a valid
+ password.
+
+ - mail_privileged_group was broken in some systems (OS X, Solaris?)
+
+v1.1.rc2 2008-03-08 Timo Sirainen <tss@iki.fi>
+
+ * mail_extra_groups setting was commonly used insecurely. This setting
+ is now deprecated. Most users should switch to using
+ mail_privileged_group setting, but if you really need the old
+ functionality use mail_access_groups instead.
+
+ + Expire plugin now supports wildcards in mailbox names.
+ + dbox: Expire plugin supports moving old mails to alternative
+ dbox directory
+ + Maildir++ quota: quota_rule=?:<rule> specifies a default rule
+ which is used only if the maildirsize file doesn't exist.
+ + If SSL/TLS connection isn't closed cleanly, log the last error
+ in the disconnection line.
+ + EXPUNGE: If new \Deleted messages were found while expunging,
+ do it again and expunge them as well (Outlook workaround)
+ - IMAP: SEARCH, LIST and THREAD command correctness fixes
+ - Maildir++ quota: Quota rules and warnings with % rules didn't work
+ if the default limits were taken from maildirsize file.
+ - Maildir++ quota: If both byte and message limits weren't specified,
+ maildirsize file was recalculated all the time
+ - mbox: Flag and keyword updates may have gotten lost in some
+ situations (happens with v1.0 too)
+ - ldap: Don't crash if userdb lookup fails
+ - Squat fixes and performance improvements
+
+v1.1.rc1 2008-02-21 Timo Sirainen <tss@iki.fi>
+
+ * See v1.1.0 notes
+
+v1.0.10 2007-12-29 Timo Sirainen <tss@iki.fi>
+
+ * Security hole with LDAP+auth cache: If base setting contained
+ %variables they weren't included in auth cache key, which broke
+ caching. This could have caused different users with same passwords
+ to log in as each other.
+
+ - LDAP: Fixed potential infinite looping when connection to LDAP
+ server was lost and there were queued requests.
+ - mbox: More changes to fix problems caused by v1.0.8 and v1.0.9.
+ - Maildir: Fixed a UIDLIST_IS_LOCKED() assert-crash in some conditions
+ (caused by changes in v1.0.9)
+ - If protocols=none, don't require imap executables to exist
+
+v1.0.9 2007-12-11 Timo Sirainen <tss@iki.fi>
+
+ + Maildir: Don't wait on dovecot-uidlist.lock when we just want to
+ find out a new filename for the message.
+ - mbox: v1.0.8 changes sometimes caused FETCH to fail with
+ "got too little data", disconnecting the client.
+ - Fixed a memory leak when FETCHing message header/body multiple
+ times within a command (e.g. BODY[1] BODY[2])
+ - IMAP: Partial body fetching was still slow with mboxes
+
+v1.0.8 2007-11-28 Timo Sirainen <tss@iki.fi>
+
+ + Authentication: Added "password_noscheme" field that can be used
+ instead of "password". "password" treats "{prefix}" as a password
+ scheme while "password_noscheme" treats it as part of the password
+ itself. So "password_noscheme" should be used if you're storing
+ passwords as plaintext. Non-plaintext passwords never begin
+ with "{", so this isn't a problem with them.
+ - IMAP: Partial body fetching was sometimes non-optimal, causing
+ the entire message to be read for every FETCH command.
+ - deliver failed to save the message when envelope sender address
+ contained spaces.
+ - Maildir++ quota: We could have randomly recalculated quota when
+ it wasn't necessary.
+ - Login process could have crashed after logging in if client sent
+ data before "OK Logged in" reply was sent (i.e. before master had
+ replied that login succeeded).
+ - Don't assert-crash when reading dovecot.index.logs generated by
+ Dovecot v1.1.
+ - Authentication: Don't assert-crash if password beings with "{" but
+ doesn't contain "}".
+ - Authentication cache didn't work when using settings that changed
+ the username (e.g. auth_username_format).
+
+v1.0.7 2007-10-29 Timo Sirainen <tss@iki.fi>
+
+ - deliver: v1.0.6's "From " line ignoring could have written to a
+ bad location in stack, possibly causing problems.
+
+v1.0.6 2007-10-28 Timo Sirainen <tss@iki.fi>
+
+ * IDLE: Interval between mailbox change notifies is now 1 second,
+ because some clients keep a long-running IDLE connection and use
+ other connections to actually read the mails.
+ * SORT: If Date: header is missing or broken, fallback to using
+ INTERNALDATE (as the SORT draft nowadays specifies).
+
+ + deliver: If message begins with a "From " line, ignore it.
+ + zlib plugin: If maildir file has a "Z" flag, open it with zlib.
+ - CREATE: Don't assert-crash if trying to create namespace prefix.
+ - SEARCH: Fixes to handling NOT operator with sequence ranges.
+ - LDAP reconnection fixes
+ - Maildir: Don't break when renaming mailboxes with '*' or '%'
+ characters and children.
+ - mbox: Fixed "file size unexpectedly shrinked" error in some
+ conditions.
+ - quota+mbox: Don't fail if trying to delete a directory.
+ - Fixes to running from inetd
+
+v1.0.5 2007-09-09 Timo Sirainen <tss@iki.fi>
+
+ - deliver: v1.0.4 broke home directory handling
+ - maildir: Creating mailboxes didn't use dovecot-shared's group for
+ cur/new/tmp directories.
+
+v1.0.4 2007-09-08 Timo Sirainen <tss@iki.fi>
+
+ * Assume a MIME message if Content-Type: header exists, even if
+ Mime-Version: header doesn't.
+
+ - IMAP: CREATE ns_prefix/box/ didn't work right when namespace prefix
+ existed.
+ - deliver: plugin {} settings were overriding settings from userdb.
+ - mbox: Expunging the first message might not have worked always
+ - PostgreSQL: If we can't connect to server, timeout queries after
+ a while instead of trying forever.
+ - Solaris: sendfile() support was broken and could have caused
+ 100% CPU usage and the connection hanging.
+
+v1.0.3 2007-08-01 Timo Sirainen <tss@iki.fi>
+
+ - deliver: v1.0.2's bounce fix caused message to be always saved to
+ INBOX even if Sieve script had discard, reject or redirect commands.
+ - LDAP: auth_bind=yes and empty auth_bind_userdn leaked memory
+ - ACL plugin: If user was given i (insert) right for a mailbox, but
+ not all s/t/w (seen, deleted, other flags) rights, COPY and APPEND
+ commands weren't supposed to allow saving those flags. This is
+ technically a security fix, but it's unlikely this caused problems
+ for anyone.
+ - ACL plugin: i (insert) right didn't work unless user was also given
+ l (lookup) right.
+ - Solaris: Fixed filesystem quota for autofs mounts.
+
+v1.0.2 2007-07-15 Timo Sirainen <tss@iki.fi>
+
+ * dbox isn't built anymore by default. It will be redesigned so it
+ shouldn't be used.
+
+ + Maildir: Support reading dovecot-uidlist (v3) files created by
+ Dovecot v1.1.
+ - Maildir: "UIDVALIDITY changed" errors could happen with newly
+ created mailboxes
+ - If "INBOX." namespace was used, LIST returned it with \HasNoChildren
+ which caused some clients not to show any other mailboxes.
+ - Maildir++ quota: If multiple processes were updating maildirsize
+ at the same time, we failed with "Unknown error".
+ - IMAP: IDLE didn't actually disconnect client after 30 minutes of
+ inactivity.
+ - LDAP passdb/userdb was leaking memory
+ - deliver: %variables in plugin {} weren't expanded
+ - deliver: Don't bounce the mail if Sieve plugin returns failure
+
+v1.0.1 2007-06-15 Timo Sirainen <tss@iki.fi>
+
+ * deliver: If Return-Path doesn't contain user and domain, don't try
+ to bounce the mail (this is how it was supposed to work earlier too)
+ * deliver: %variables in mail setting coming from userdb aren't
+ expanded anymore (again how it should have worked). The expansion
+ could have caused problems if paths contained any '%' characters.
+
+ + Print Dovecot version number with dovecot -n and -a
+ + deliver: Added -e parameter to write rejection error to stderr and
+ exit with EX_NOPERM instead of sending the rejection by executing
+ sendmail.
+ + dovecot --log-error logs now a warning, an error and a fatal
+ - Trying to start Dovecot while it's already running doesn't anymore
+ wipe out login_dir and break the running Dovecot.
+ - maildir: Fixed "UID larger than next_uid" errors which happened
+ sometimes when dovecot-uidlist file didn't exist but index files did
+ (usually because mailbox didn't have any messages when it was
+ selected for the first time)
+ - maildir: We violated maildir spec a bit by not having keyword
+ characters sorted in the filename.
+ - maildir: If we don't have write access to cur/ directory, treat the
+ mailbox as read-only. This fixes some internal error problems with
+ trying to use read-only maildirs.
+ - maildir: Deleting a symlinked maildir failed with internal error.
+ - mbox: pop3_uidl_format=%m wasn't working right
+ - mbox: If non-filesystem quota was enabled, we could have failed
+ with "Unexpectedly lost From-line" errors while saving new messages
+ - mysql auth: %c didn't work. Patch by Andrey Panin
+ - APPEND / SEARCH: If internaldate was outside valid value for time_t,
+ we returned BAD error for APPEND and SEARCH never matched. With 64bit
+ systems this shouldn't have happened. With 32bit systems the valid
+ range is usually for years 1902..2037.
+ - COPY: We sent "Hang in there.." too early sometimes and checked it
+ too often (didn't break anything, but was slower than needed).
+ - deliver: Postfix's sendmail binary wasn't working with mail_debug=yes
+ - Don't corrupt ssl-parameters.dat files when running multiple Dovecot
+ instances.
+ - Cache compression caused dovecot.index.cache to be completely deleted
+ with big endian CPUs if 64bit file offsets were used (default)
+ - Fixed "(index_mail_parse_header): assertion failed" crash
+
+v1.0.0 2007-04-13 Timo Sirainen <tss@iki.fi>
+
+ + Documentation updated.
+
+v1.0.rc32 2007-04-12 Timo Sirainen <tss@iki.fi>
+
+ - LDAP, auth_bind=no: Don't crash if doing non-plaintext ldap passdb
+ lookup for unknown user. This also broke deliver when userdb static
+ was used.
+ - LDAP, auth_bind=yes and userdb ldap: We didn't wait until bind was
+ finished before sending the userdb request, which could have caused
+ problems.
+ - LDAP: Don't break when compiling with OpenLDAP v2.3 library
+ - Convert plugin: Don't create "maildirfolder" file to Maildir root.
+
+v1.0.rc31 2007-04-08 Timo Sirainen <tss@iki.fi>
+
+ - mbox: Give "mbox file was modified while we were syncing" error only
+ if we detect some problems in the mbox file. The check can't be
+ trusted with NFS.
+ - Convert plugin: If directory for destination storage doesn't exist,
+ create it.
+ - Convert plugin: Mailbox names weren't converted in subscription list.
+
+v1.0.rc30 2007-04-06 Timo Sirainen <tss@iki.fi>
+
+ * PAM: Lowercase the PAM service name when calling with "args = *".
+ Linux PAM did this internally already, but at least BSD didn't.
+ If your PAM file used to be in /etc/pam.d/IMAP or POP3 file you'll
+ need to lowercase it now.
+
+ + Send list of CA names to client when using
+ ssl_verify_client_cert=yes.
+ - IMAP: If message body started with line feed, it wasn't counted
+ in BODY and BODYSTRUCTURE replies' line count field.
+ - deliver didn't load plugins before chrooting
+
+v1.0.rc29 2007-03-28 Timo Sirainen <tss@iki.fi>
+
+ * Security fix: If zlib plugin was loaded, it was possible to open
+ gzipped mbox files outside the user's mail directory.
+
+ + Added auth_gssapi_hostname setting.
+ - IMAP: LIST "" "" didn't return anything if there didn't exist a
+ namespace with empty prefix. This broke some clients.
+ - If Dovecot is tried to be started when it's already running, don't
+ delete existing auth sockets and break the running Dovecot
+ - If deliver failed too early it still returned exit code 89 instead
+ of EX_TEMPFAIL.
+ - deliver: INBOX fallbacking with -n parameter wasn't working.
+ - passdb passwd and shadow couldn't be used as master or deny databases
+ - IDLE: inotify didn't notice changes in mbox file
+ - If index file directory couldn't be created, disable indexes instead
+ of failing to open the mailbox.
+ - rawlog wasn't working with chrooting
+ - Several other minor fixes
+
+v1.0.rc28 2007-03-23 Timo Sirainen <tss@iki.fi>
+
+ * deliver + userdb static: Verify the user's existence from passdb,
+ unless allow_all_users=yes
+ * dovecot --exec-mail: Log to configured log files instead of stderr
+ * Added "-example" part to doc/dovecot-sql-example.conf and
+ doc/dovecot-ldap-example.conf. They are now also installed to
+ $sysconfdir with "make install".
+
+ + When copying/syncing a lot of mails, send "* OK Hang in there"
+ replies to client every 15 seconds so it doesn't just timeout the
+ connection.
+ + Added idxview and logview utilities to examine Dovecot's index files
+ + passdb passwd and shadow support blocking=yes setting now also
+ + mbox: If mbox file changes unexpectedly while we're writing to it,
+ log an error.
+ + deliver: Ignore -m "" parameter to make calling it easier.
+ + deliver: Added new -n parameter to disable autocreating mailboxes.
+ It affects both -m parameter and Sieve plugin's fileinto action
+ - mbox: Using ~/ in the mail root directory caused a ~ directory to be
+ created (instead of expanding it to home directory)
+ - auth cache: If unknown user was found from cache, we didn't properly
+ return "unknown user" status, which could have caused problems in
+ deliver.
+ - mbox: Fixed "UID inserted in the middle of mailbox" in some
+ conditions with broken X-UID headers
+ - Index view syncing fixes
+ - rc27 didn't compile with some non-GCC compilers
+ - vpopmail support didn't compile in rc27
+ - NFS check with chrooting broke home direcotry for the first login
+ - deliver: If user lookup returned "unknown user", it logged
+ "BUG: Unexpected input"
+ - convert plugin didn't convert INBOX
+
+v1.0.rc27 2007-03-13 Timo Sirainen <tss@iki.fi>
+
+ + mbox and index file code handles silently out of quota/disk
+ space errors (maildir still has problems). They will give the user
+ a "Not enough disk space" error instead of flooding the log file.
+ + Added fsync_disable setting.
+ + mail-log plugin: Log the mailbox name, except if it's INBOX
+ + dovecot-auth: Added a lot more debug logging to passdbs and userdbs
+ + dovecot-auth: Added %c variable which expands to "secured" with
+ SSL/TLS/localhost.
+ + dovecot-auth: Added %m variable which expands to auth mechanism name
+ - maildir++ quota: With ignore=box setting the quota was still updated
+ for the mailbox even though it was allowed to go over quota (but
+ quota recalculation ignored the box).
+ - Index file handling fixes
+ - mbox syncing fixes
+ - Wrong endianness index files still weren't silently rebuilt
+ - IMAP quota plugin: GETQUOTAROOT returned the mailbox name wrong the
+ namespace had a prefix or if its separator was non-default
+ - IMAP: If client was appending multiple messages with MULTIAPPEND
+ and LITERAL+ extensions and one of the appends failed, Dovecot
+ treated the rest of the mail data as IMAP commands.
+ - If mail was sent to client with sendfile() call, we could have
+ hanged the connection. This could happen only if mails were saved
+ with CR+LF linefeeds.
+
+v1.0.rc26 2007-03-07 Timo Sirainen <tss@iki.fi>
+
+ * Changed --with-headers to --enable-header-install
+ * If time moves backwards only max. 5 seconds, sleep until we're back
+ in the original present instead of killing ourself. An error is
+ still logged.
+
+ - IMAP: With namespace prefixes LSUB prefix.* listed INBOX.INBOX.
+ - deliver: Ignore mbox metadata headers from the message input.
+ X-IMAP header crashed deliver.
+ - deliver: If mail_debug=yes, drop out DEBUG environment before
+ calling sendmail binary. Postfix's sendmail didn't really like it.
+ - mbox: X-UID brokenness fixes broke rc25 even with valid X-UID headers.
+ Now the code should finally work right.
+ - Maildir: When syncing a huge maildir, touch dovecot-uidlist.lock file
+ once in a while to make sure it doesn't get overwritten by another
+ process.
+ - Maildir++ quota: We didn't handle NUL bytes in maildirsize files very
+ well. Now the file is rebuilt when they're seen (NFS problem).
+ - Index/view handling fix should fix some crashes/errors
+ - If index files were moved to a different endianness machine, Dovecot
+ logged all sorts of errors instead of silently rebuilding them.
+ - Convert plugin didn't change hierarchy separators in mailbox names.
+ - PostgreSQL authentication could have lost requests once in a while
+ with a heavily loaded server.
+ - Login processes could have crashed in some situations
+ - auth cache crashed with non-plaintext mechanisms
+
+v1.0.rc25 2007-03-01 Timo Sirainen <tss@iki.fi>
+
+ * If time moves backwards, Dovecot kills itself instead of giving
+ random problems.
+
+ + Added --with-headers configure option to install .h files.
+ Binary package builders could use this to create some dovecot-dev
+ package to make compiling plugins easier.
+ - PLAIN authentication: Don't crash dovecot-auth with invalid input.
+ - IMAP APPEND: Don't crash if saving fails
+ - IMAP LIST: If prefix.INBOX has children and we're listing under
+ prefix.%, don't drop the prefix.
+ - mbox: Broken X-UID headers still weren't handled correctly.
+ - mail-log plugin: Fixed deleted/undeleted logging.
+
+v1.0.rc24 2007-02-22 Timo Sirainen <tss@iki.fi>
+
+ * Dovecot now fails to load plugins that were compiled for different
+ Dovecot version, unless version_ignore=yes is set. This needs to be
+ explicitly set in plugins, so out-of-tree plugins won't have this
+ check by default.
+
+ - pop3_lock_session=yes could cause deadlocks, and with maildir the
+ uidlist lock could have been overridden after 2 minutes causing
+ problems
+ - PAM wasted CPU by calling a timeout function 1000x too often
+ - Trash plugin was more or less broken with multiple namespaces and
+ with multiple trash mailboxes
+
+v1.0.rc23 2007-02-20 Timo Sirainen <tss@iki.fi>
+
+ * deliver doesn't ever exit with Dovecot's internal exit codes anymore.
+ All its internal exit codes are changed to EX_TEMPFAIL.
+ * mbox: X-Delivery-ID header is now dropped when saving mails.
+ * mbox: If pop3_uidl_format=%m, we generate a unique X-Delivery-ID
+ header when saving mails to make sure the UIDL is unique.
+
+ + PAM: blocking=yes in args uses an alternative way to do PAM checks.
+ Try it if you're having problems with PAM.
+ + userdb passwd: blocking=yes in args makes the userdb lookups be done
+ in auth worker processes. Set it if you're doing remote NSS lookups
+ (eg. nss_ldap problems are fixed by this).
+ + If PAM child process hasn't responded in two minutes, send KILL
+ signal to it (only with blocking=no)
+ - IMAP: APPEND ate all CPU while waiting for more data from the client
+ (broken in rc22)
+ - mbox: Broken X-UID headers assert-crashed sometimes
+ - mbox: When saving a message to an empty mbox file it got an UID
+ which immediately got incremented.
+ - mbox: Fixed some wrong "uid-last unexpectedly lost" errors.
+ - auth cache: In some situations we crashed if passdb had extra_fields.
+ - auth cache: Special extra_fields weren't saved to auth cache.
+ For example allow_nets restrictions were ignored for cached entries.
+ - A lot of initial login processes could cause auth socket errors
+ in log file at startup, if dovecot-auth started slowly. Now the
+ login processes are started only after dovecot-auth has finished
+ initializing itself.
+ - imap/pop3 proxy: Don't crash if the remote server disconnects before
+ we're logged in.
+ - deliver: Don't bother trying to save the mail twice into the default
+ mailbox (eg. if it's over quota).
+ - mmap_disable=yes + non-Linux was really slow with large
+ dovecot.index.cache files
+ - MySQL couldn't be used as a masterdb
+ - Trash plugin was more or less broken
+ - imap/pop3 couldn't load plugins if they chrooted
+ - imap/pop3-login process could crash in some conditions
+ - checkpassword-reply crashed if USER/HOME wasn't set
+
+v1.0.rc22 2007-02-06 Timo Sirainen <tss@iki.fi>
+
+ + pop3: Commit the transaction even if client didn't QUIT so cached
+ data gets saved.
+ - Fixed another indexing bug in rc19 and later which caused
+ transactions to be skipped in some situations, causing all kinds of
+ problems.
+ - mail_log_max_lines_per_sec was a bit broken and caused crashes with
+ dovecot -a
+ - BSD filesystem quota was counted wrong. Patch by Manuel Bouyer
+ - LIST: If namespace has a prefix and inbox=no, don't list
+ prefix.inbox if it happens to exist when listing for %.
+
+v1.0.rc21 2007-02-02 Timo Sirainen <tss@iki.fi>
+
+ - Cache file handling could have crashed rc20
+
+v1.0.rc20 2007-02-02 Timo Sirainen <tss@iki.fi>
+
+ + dovecot: Added --log-error command line option to log an error, so
+ the error log is easily found.
+ + Added mail_log_max_lines_per_sec setting. Change it to avoid log
+ throttling with mail_log plugin.
+ - Changing message flags was more or less broken in rc19
+ - ACL plugin still didn't work without separate control directory
+ - Some mbox handling fixes, including fixing an infinite loop
+ - Some index file handling fixes
+ - maildir quota: Fixed a file descriptor leak
+ - If auth_cache was enabled and userdb returned "user unknown"
+ (typically only deliver can do that), dovecot-auth crashed.
+ - mail_log plugin didn't work with pop3
+
+v1.0.rc19 2007-01-23 Timo Sirainen <tss@iki.fi>
+
+ - ACL plugin didn't work unless control dir was separate from maildir
+ - More index file handling fixes
+
+v1.0.rc18 2007-01-22 Timo Sirainen <tss@iki.fi>
+
+ * ACL plugin + Maildir: Moved dovecot-acl file from control directory
+ to maildir. To prevent accidents caused by this change, Dovecot
+ kills itself if it finds dovecot-acl file from the control directory.
+ * When opening a maildir, check if tmp/'s atime is over 8h old. If it
+ is, delete files in it with ctime older than 36h. However if
+ atime - ctime > 36h, it means that there's nothing to be deleted and
+ the scanning isn't done. We update atime ourself if filesystem is
+ mounted with noatime.
+ * base_dir doesn't need to be group-readable, don't force it.
+ * mail_read_mmaped setting is deprecated and possibly broken. It's now
+ removed from dovecot-example.conf, but it still works for now.
+ * Removed also umask setting from dovecot-example.conf since currently
+ it doesn't do what it's supposed to.
+
+ + Authentication cache caches now also userdb data.
+ + Added mail_log plugin to log various mail operations. Currently it
+ logs mail copies, deletions, expunges and mailbox deletions.
+ - dict quota: messages=n parameter actually changed storage limit.
+ - A lot of fixes to handling index files. This should fix almost all
+ of the problems ever reported.
+ - LDAP: auth_bind=yes was more or less broken.
+ - Saved mails and dovecot-keywords file didn't set the group from
+ dovecot-shared file.
+ - Fixed potential assert-crash while searching messages
+ - Fixed some crashes with invalid X-UID headers in mboxes
+ - If you didn't have a namespace with empty prefix, giving STATUS
+ command for a non-existing namespace caused the connection to give
+ "NO Unknown namespace" errors for all the future commands.
+
+v1.0.rc17 2007-01-07 Timo Sirainen <tss@iki.fi>
+
+ - MySQL authentication caused username to show up as "OK" in rc16.
+
+v1.0.rc16 2007-01-05 Timo Sirainen <tss@iki.fi>
+
+ * IMAP: When trying to fetch an already expunged message, Dovecot used
+ to just disconnect client. Now it instead replies with dummy NIL
+ data.
+ * Priority numbers in plugin names have changed. If you're installing
+ from source, you should delete the existing plugin files before
+ installing the new ones, otherwise you'll get errors.
+ * Maildir: We're using rename() to move files from tmp/ to new/ now.
+ See http://wiki.dovecot.org/MailboxFormat/Maildir -> "Issues with
+ the specification" for reasoning why this is safe. This makes saving
+ mails faster, and also makes Dovecot usable with Mac OS X's HFS+
+ (after you also set dotlock_use_excl=yes, see below).
+
+ + Added dotlock_use_excl setting. If enabled, dotlocks are created
+ directly using O_EXCL flag, instead of by creating a temporary file
+ which is hardlinked. O_EXCL is faster, but may not work with NFS.
+ + If Dovecot crashes with Linux or Solaris, it'll log a
+ "Raw backtrace". It's worse than gdb's backtrace, but better than
+ nothing.
+ + Added maildir_copy_preserve_filename=yes setting.
+ + Added a lazy-expunge plugin to allow users to unexpunge their mails.
+ + maildir quota: Added ignore setting to maildir quota, which allows
+ ignoring quota in Trash mailbox.
+ + dict quota: If dictionary doesn't yet contain the quota, calculate
+ it by going through all the mails in all the mailboxes.
+ + login_log_format_elements: Added %a=local port and %b=remote port
+ + Added -i and -o options to rawlog to restrict logging only to
+ input or output.
+ - Doing a STATUS command for a selected mailbox (not a recommended
+ IMAP client behavior) caused Dovecot to sync the mailbox silently.
+ This could have lost eg. EXPUNGE events from clients, causing them
+ to use wrong sequence numbers.
+ - deliver was treating boolean settings set to "no" as if they were
+ "yes" (they were supposed to be commented out for "no")
+ - Running "dovecot" with -a or -n option while Dovecot was running
+ deleted all authentication sockets, which caused all the future
+ logins to fail.
+ - maildir: RENAME and DELETE didn't touch control directory if it was
+ different from maildir or index dir.
+ - We treated internal userdb lookup errors as "user unknown" errors.
+ In such situations this caused deliver to think the user didn't
+ exist and the mail get bounced.
+ - pam: Setting cache_key crashed
+ - shared maildir: dovecot-keywords file's mode wasn't taken from
+ dovecot-shared file.
+ - dovecotpw wasn't working with PowerPC
+
+v1.0.rc15 2006-11-19 Timo Sirainen <tss@iki.fi>
+
+ * Fixed an off-by-one buffer overflow in cache file handling. The
+ code is executed only with mmap_disable=yes and only if index files
+ are used (ie. INDEX=MEMORY is safe).
+ * passdb checkpassword: Handle vpopmail's non-standard exit codes.
+
+ - rc14 sometimes assert-crashed if .log.2 file existed in a mailbox
+ (earlier versions leaked memory and file descriptors)
+ - io_add() assert-crashfixes
+ - Potential SSL hang fix at the beginning of the connection
+
+v1.0.rc14 2006-11-12 Timo Sirainen <tss@iki.fi>
+
+ * LDAP: Don't try to use ldap_bind() with empty passwords, since
+ Windows 2003 AD skips password checking with them and just returns
+ success.
+ * verbose_ssl=yes: Don't bother logging "syscall failed: EOF"
+ messages. No-one cares about them.
+
+ + Dovecot sources should now compile without any warnings with gcc 3.2+
+ - rc13 crashed if client disconnected while IDLEing
+ - LDAP: auth_bind=yes fixes
+ - %variables: Fixed zero padding handling and documented it. %0.1n
+ shouldn't enable it, and it really shouldn't stay for the next
+ %variable. -sign also shouldn't stay for the next variable.
+ - Don't leak opened .log.2 transaction logs.
+ - Fixed a potential hang in IDLE command (probably really rare).
+ - Fixed potential problems with client disconnecting while master was
+ handling the login.
+ - quota plugin didn't work in Mac OS X
+
+v1.0.rc13 2006-11-08 Timo Sirainen <tss@iki.fi>
+
+ + deliver: If we're executing as a normal system user, get the HOME
+ environment from passwd if it's not set. This makes it possible to
+ run deliver from .forward.
+ - Older compilers caused LDAP authentication to crash
+ - Dying LDAP connections weren't handled exactly correctly in rc11,
+ although it seemed to work usually
+ - Fixed crashes and memory leaks with AUTHENTICATE command
+ - Fixed crashes and leaks with IMAP/POP3 proxying
+ - maildir: Changing a mailbox while another process was saving a
+ message there at the same may have caused the changes to not be made
+ into the maildir, which could have caused other problems later..
+
+v1.0.rc12 2006-11-05 Timo Sirainen <tss@iki.fi>
+
+ - rc11 didn't compile with some compilers
+ - default_mail_env fallbacking was broken with --exec-mail
+
+v1.0.rc11 2006-11-05 Timo Sirainen <tss@iki.fi>
+
+ * Renamed default_mail_env to mail_location. default_mail_env still
+ works for backwards compatibility.
+ * deliver: When sending rejects, don't include Content-Type in the
+ rejected mail's headers.
+ * LDAP changes:
+ * If auth binds are used, bind back to the default dn before doing
+ a search. Otherwise it could fail if a user gave an invalid
+ password.
+ * Initial binding at connect is now done asynchronously.
+ * Use pass_attrs even with auth_bind=yes since it may contain
+ useful non-password fields.
+
+ + passdb checkpassword: Give TCPLOCALIP and TCPREMOTEIP and PROTO=TCP
+ environments to the checkpassword binary so we're UCSPI (and vchkpw)
+ compatible.
+ - mbox handling was a bit broken in rc10
+ - Using Dovecot via inetd kept crashing dovecot master
+ - deliver: Don't crash with -f "". Changed the default from envelope
+ to be "MAILER-DAEMON".
+ - INBOX wasn't shown with LSUB command if only prefixed namespaces
+ were used.
+ - passdb ldap: Reconnecting to LDAP server wasn't working with
+ auth binds.
+ - passdb sql: Non-plaintext authentication didn't work
+ - MySQL passdb ignored all non-password checks, such as allow_nets
+ - trash plugin was broken
+
+v1.0.rc10 2006-10-16 Timo Sirainen <tss@iki.fi>
+
+ * When matching allowed_nets IPs, convert IPv6-mapped-IPv4 addresses
+ to actual IPv4 addresses first.
+
+ + IMAP: Try to avoid sending duplicate/useless message flag updates
+ + Added support for non-plaintext authentication for vpopmail if it
+ returns plaintext passwords. Based on patch by Remi Gacogne.
+ + Added %D modified to return "sub.domain.org" as
+ "sub,dc=domain,dc=org" (for LDAP queries). Patch by Andrey Panin.
+ - rc9 broke cache files in 64bit systems
+ - deliver works now with mail_chroot
+ - auth cache didn't work properly with multiple passdbs
+ - Fixes to handling CRLF linefeeds in mboxes.
+
+v1.0.rc9 2006-10-14 Timo Sirainen <tss@iki.fi>
+
+ * 64bit systems: dovecot.index.cache file will be rebuilt because
+ some time fields have been changed from 64bit fields to 32bit
+ fields. Now the same cache file can be used in both 32bit and
+ 64bit systems without it being rebuilt.
+ * Added libmysqlclient workaround to conflicting sha1_result symbol,
+ which caused Dovecot to fail logging into MySQL.
+
+ + dovecot.index.cache file opening is delayed until it's actually
+ needed. This reduces disk accesses a bit with eg. STATUS commands.
+ + auth_cache: Try to handle changing passwords automatically: If
+ password verification fails, but the last one had succeeded, don't
+ use the cache. This works only with plaintext auth.
+ - dovecot.index.cache: We didn't properly detect if some fields were
+ different length than we expected, which caused assert crashes
+ - Lots of fixes to login/master process handling
+ - mbox: Fixed a bug causing "X-IMAPbase uid-last unexpectedly lost
+ in mbox file" errors, and possibly others.
+
+v1.0.rc8 2006-10-09 Timo Sirainen <tss@iki.fi>
+
+ * GSSAPI: Changed POP3 service name to "pop", which is what the
+ standard says
+ * "mbox:/var/mail/%u" no longer works as the mail location. You'll
+ have to specify the mail root explicitly, just like the examples
+ always have: "mbox:~/mail:INBOX=/var/mail/%u"
+
+ + SHA1, LDAP-MD5, PLAIN-MD5, PLAIN-MD4: The password can be now either
+ hex or base64 encoded. The encoding is detected automatically based
+ on the password string length.
+ + Allow running only Dovecot master and dovecot-auth processes with
+ protocols=none setting
+ + deliver: -f <envelope sender> parameter can be used to set mbox
+ From_-line's sender address
+ + deliver: Log all mail saves and failures
+ + Tru64 SIA passdb support. Patch by Simon L Jackson.
+ - INBOX was listed twice in mailbox list if namespace prefix was used
+ - INBOX-prefixed namespaces were a bit broken
+ - kqueue: Fix 100% CPU usage
+ - deliver: Duplicate storage was a bit broken
+ - dictionary code was broken (ie. dict quota)
+ - SIGHUP caused crashes sometimes
+
+v1.0.rc7 2006-08-18 Timo Sirainen <tss@iki.fi>
+
+ * Require that Dovecot master process's version number matches the
+ child process's, unless version_ignore=yes. Usually it's an
+ accidental installation problem if the version numbers don't match.
+ * Maildir: Create maildirfolder file when creating new maildirs.
+
+ + ldap+prefetch: Use global uid/gid settings if LDAP query doesn't
+ return them
+ + %variables: Negative offsets count from the end of the string.
+ Patch by Johannes Berg.
+ - kqueue ioloop code rewrite
+ - notify=kqueue might have caused connection hangs sometimes
+ - deliver: If message body contained a valid mbox From_ line, it
+ and the rest of the message was skipped.
+ - mbox: We got into infinite loops if trying to open a 2 byte sized
+ file as mbox.
+ - Don't crash with ssl_disable=yes
+ - quota plugin caused compiling problems with some OSes
+ - mbox: After saving a mail to a synced mbox, we lost the sync which
+ caused worse performance
+
+v1.0.rc6 2006-08-07 Timo Sirainen <tss@iki.fi>
+
+ * Removed login_max_logging_users setting since it was somewhat weird
+ in how it worked. Added login_max_connections to replace it with
+ login_process_per_connection=no, and with =yes its functionality
+ is now within login_max_processes_count.
+
+ + Added --with-linux-quota configure option to specify which Linux
+ quota version to use, in case it's not correct in sys/quota.h.
+ Usually used as --with-linux-quota=2
+ + acl plugins: If .DEFAULT file exists in global ACL root directory,
+ use it as the default ACLs for all mailboxes.
+ - Fixes to login process handling, especially with
+ login_process_per_connection=no.
+ - Back to the original SSL proxy code but with one small fix, which
+ hopefully fixes the occational hangs with it
+ - Several fixes to handling LIST command more correctly.
+
+v1.0.rc5 2006-08-02 Timo Sirainen <tss@iki.fi>
+
+ - Saving to mboxes still caused assert-crashes
+
+v1.0.rc4 2006-08-02 Timo Sirainen <tss@iki.fi>
+
+ - Saving to mboxes caused assert-crashes
+
+v1.0.rc3 2006-08-02 Timo Sirainen <tss@iki.fi>
+
+ - SSL connections hanged sometimes, especially when saving messages.
+ - mbox: Mail bodies were saved with CR+LF linefeeds
+ - Mail forwarding was broken with deliver/Sieve
+ - dbox fixes. Might actually be usable now.
+ - Index file handling fixes with keywords
+ - Cache file was incorrectly used in some situations, which probably
+ caused problems sometimes.
+ - Maildir++ quota: Don't count "." and ".." directory sizes to quota.
+ After rewriting maildirsize file keep its fd open so that we can
+ later update it. Patch by Alexander Zagrebin
+
+v1.0.rc2 2006-07-04 Timo Sirainen <tss@iki.fi>
+
+ * disable_plaintext_auth=yes: Removed hardcoded 127.* and ::1 IP
+ checks. Now we just assume that the connection is secure if the
+ local IP matches the remote IP address.
+ * SSL code rewrite which hopefully makes it work better than before.
+ Seems to work correctly, but if you suddently have trouble with SSL
+ connections this is likely the reason.
+
+ + verbose_ssl=yes: Log also SSL alerts and BIO errors
+ - If namespace's location field wasn't set, the default location
+ was supposed to be used but it wasn't.
+ - When copying ssl-parameters.dat file from /var/lib to /var/run its
+ permissions went wrong if it couldn't be copied with hard linking.
+ - Fixed filesystem quota plugin to work with BSDs.
+ - Maildir: Saving mails didn't work if quota plugin was enabled (again)
+ - Maildir: Messages' received time wasn't saved properly when
+ saving/copying multiple messages at a time. Also if using quota
+ plugin the S= size was only set for the first saved file, and even
+ that was wrong.
+ - passdb passwd-file: Don't require valid uid/gid fields if file
+ isn't also being used as a userdb.
+ - PostgreSQL: Handle failures better so that there won't be
+ "invalid fd" errors in logs.
+ - Don't try to expunge messages if the mailbox is read-only. It'll
+ just cause our index files to go out of sync with the real
+ mailbox and cause errors.
+ - ANONYMOUS authentication mechanism couldn't work because
+ anonymous_username setting wasn't passed from master process.
+
+v1.0.rc1 2006-06-28 Timo Sirainen <tss@iki.fi>
+
+ * PAM: If user's password is expired, give "Password expired" error
+ message to the user. Now actually working thanks to Vaidas Pilkauskas
+ * Relicensed dovecot-auth, lib-sql and lib-ntlm to MIT license. See
+ COPYING file for more information.
+ * Abuse prevention: When creating a mailbox, limit the number of
+ hierarchies (up to 20) and the length of the mailbox name within
+ a hierarchy (up to 200 characters).
+ * mbox: If saved mail doesn't end with LF, add it ourself so that the
+ mails always have one empty line before the next From-line.
+
+ + Added --with-statedir configure option which defaults to
+ $localstatedir/lib/dovecot. ssl-parameters.dat is permanently
+ stored in that directory and is copied to login_dirs from there.
+ + IMAP: Support SASL-IR extension (SASL initial response)
+ + Support initial SASL response with LOGIN mechanism. Patch by Anders
+ Karlsson
+ + Added PLAIN-MD4 password scheme. Patch by Andrey Panin.
+ + Added support for XFS disk quotas. Patch by Pawel Jarosz
+ + If another process deletes the opened mailbox, try to handle it
+ without writing errors to log file. Handles the most common cases.
+ + Added TLS support for LDAP if the library supports it.
+ - SEARCH command was more or less broken with OR and NOT conditions
+ - Dovecot corrupted mbox files which had CR+LF linefeeds in headers
+ - MySQL code could have crashed while escaping strings
+ - MD4 code with NTLM authentication was broken with 64bit systems.
+ Patch by Andrey Panin
+ - Plugin loading was broken in some OSes (eg. FreeBSD)
+ - Several fixes to handling empty values in configuration file
+ - Several fixes to dictionary quota backend and dict server.
+ Also changed how they're configured.
+ - deliver: Fixed plugin handling settings
+ - mbox_min_index_size handling was somewhat broken
+ - passdb passwd-file: extra_args field wasn't read unless the file
+ was also used as userdb.
+
+v1.0.beta9 2006-06-13 Timo Sirainen <tss@iki.fi>
+
+ * PAM: Don't call pam_setcred() unless setcred=yes PAM passdb
+ argument was given.
+ * Moved around settings in dovecot-example.conf to be in more logical
+ groups.
+
+ + Local delivery agent (deliver binary) works again.
+ + LDAP: Added support for SASL binding. Patch by Geert Jansen
+ + ssl_verify_client_cert: Check CRLs. If auth_verbose=yes, log
+ invalid sent certificates. If verbose_ssl=yes, log even the valid
+ certificates. When using the username from the certificate, use
+ CommonName. Based on patch by HenkJan Wolthuis
+ + PAM: Set PAM_TTY which is needed by some PAM plugins
+ + dovecot --exec-mail ext <binary path> can now be used to start
+ binaries which want dovecot.conf to be read, for example the
+ convert-tool.
+ - Expunging needed to be done twice if client used STORE +FLAGS.SILENT
+ command to set the \Deleted flags
+ - Added sql_escape_string() to lib-sql API and use it instead of
+ normal \-escaping.
+ - ACL plugin fixes
+ - DIGEST-MD5: Trying to use subsequent authentication crashed
+ dovecot-auth.
+ - Fetching BODY when BODYSTRUCTURE was already cached caused the
+ reply to be broken in some cases
+ - Lots of fixes for index file handling
+ - dbox fixes and changes
+ - mbox syncing broke if some extraneous/broken headers were removed
+ (eg. extra X-IMAPbase headers in mails)
+ - Running Dovecot from inetd work now properly with POP3
+ - Quota plugin fixes for calculating the quota correctly
+
+v1.0.beta8 2006-05-12 Timo Sirainen <tss@iki.fi>
+
+ * Fixed a security hole with mbox: "1 LIST .. *" command could
+ list all directories and files under the mbox root directory, so
+ if your mails were stored in eg. /var/mail/%u/ directory, the
+ command would list everything under /var/mail.
+
+ + Unless nfs_check=no or mmap_disable=yes, check for the first login
+ if the user's index directory exists in NFS mount. If so, refuse to
+ run. This is done only on first login to avoid constant extra
+ overhead.
+ + If we have plugins set and imap_capability unset, figure out the
+ IMAP capabilities automatically by running imap binary at startup.
+ The generated capability list isn't updated until Dovecot is
+ restarted completely, so if you add or remove IMAP plugins you
+ should restart. If you have problems related to this, set
+ imap_capabilities setting manually to work around it.
+ + Added auth_username_format setting
+ - pop3_lock_session setting wasn't really working
+ - Lots of fixes related to quota handling. It's still not working
+ perfectly though.
+ - Lots of index handling fixes, especially with mmap_disable=yes
+ - Maildir: saving mails could have sometimes caused "Append with UID
+ n, but next_uid = m" errors
+ - flock() locking never timeouted because ignoring SIGALRM caused the
+ system call just to be restarted when SIGALRM occurred (probably not
+ with all OSes though?)
+ - kqueue: Fixed "Unrecognized event". Patch by Vaclav Haisman
+
+v1.0.beta7 2006-04-12 Timo Sirainen <tss@iki.fi>
+
+ + Added shutdown_clients setting to control if existing imap/pop3
+ processes should be killed when master is.
+ - Master login fixes, PLAIN authentication was still broken..
+
+v1.0.beta6 2006-04-12 Timo Sirainen <tss@iki.fi>
+
+ * The login and master usernames were reversed when using
+ master_user_separator (now the order is UW-IMAP compatible).
+ * Killing dovecot master process now kills all IMAP and POP3
+ processes also.
+
+ + -a parameter to dovecot prints now all settings that Dovecot uses.
+ -n prints all settings that are different from defaults.
+ + Added pop3_lock_session setting
+ + %M modifier returns string's MD5 sum. Patch by Ben Winslow
+ - PLAIN SASL authentication wasn't working properly, causing failed
+ logins with some clients (broken in beta4)
+ - Fixes to Maildir++ quota, should actually work now
+ - Don't crash if passwd-file has entries without passwords
+ (eg. deny=yes databases)
+ - Fixed prefetch userdb to work nicely with other userdbs
+ - If master process runs out of file descriptors, don't go to
+ infinite loop (unlikely to have happened unless the OS's default
+ fd limit was too low)
+ - Fixed non-plaintext password lookups from LDAP. Patch by Lior Okman
+ - %U modifier was actually lowercasing the string. Patch by Ben Winslow
+
+v1.0.beta5 2006-04-04 Timo Sirainen <tss@iki.fi>
+
+ - Beta4's SSL proxying rewrite worked worse than I thought.
+ Reverted it back to original code.
+
+v1.0.beta4 2006-04-02 Timo Sirainen <tss@iki.fi>
+
+ * Changed the default lock_method back to fcntl. Apparently flock
+ gives problems with some systems.
+ * mbox: mailboxes beginning with '.' are now also listed
+ * Replaced mail_use_modules and mail_modules settings with mail_plugins
+ and mail_plugin_dir. Now instead of loading all plugins from the
+ directory, you'll have to give a list of plugins to load. If the
+ plugin couldn't be loaded, the process exits instead of just
+ ignoring the problem (this is important with ACL plugin).
+
+ + Added support for "master users" who can log in as other people.
+ The master username can be given either in authorization ID
+ string with SASL PLAIN mechanism or by setting
+ auth_master_user_separator and giving it within the normal username
+ string.
+ + Added ACL plugin with ACL file backend. This however doesn't mean
+ that there yet exists a proper shared folder support. If master user
+ logged in as someone else, the ACLs are checked as the master user.
+ + Added some Dovecot extensions to checkpassword passdb, see ChangeLog
+ + Updated passwd-file format to allow specifying any key=value fields
+ + Maildir++ quota support and several quota fixes
+ + passdb supporting extra fields: Added "allow_nets" option which takes
+ a comma separated list of IPs/networks where to allow user to log in.
+ + NFS: Handle ESTALE errors the best way we can
+ + IMAP now writes to log when client disconnects
+ + In shared mailboxes (if dovecot-shared file exists) \Seen flags are
+ now kept only in index files, so as long as each user has a separate
+ index file they have separate \Seen flags.
+ - Fixes to DIGEST-MD5 realm handling so it works with more clients
+ - BODYSTRUCTURE -> BODY conversion from cache file was broken with
+ mails containing message/rfc822 parts.
+ - Fixed several memory leaks
+ - We could have sent client FETCH notifications about messages before
+ telling about them with EXISTS
+ - Compiling fixes for Solaris and some other OSes
+ - Fixed problem with internal timeout handling code, which caused eg.
+ outlook-idle workaround to break.
+ - If /dev/urandom didn't exist, we didn't seed OpenSSL's random number
+ generator properly. Patch by Vilmos Nebehaj.
+ - Maildir: Recent flags weren't always immediately removed from mails
+ when mailbox was opened.
+ - Several changes to SSL proxying code, hopefully making it work
+ better.
+
+v1.0.beta3 2006-02-08 Timo Sirainen <tss@iki.fi>
+
+ * Dotlock code changed to timeout faster in some situations when
+ the lock file is old.
+ + Added support for loading SQL drivers dynamically (see INSTALL file
+ for how to build them)
+ + Keywords are stored to dboxes, and other dbox improvements.
+ + dict-sql could actually work now, making quota-in-sql-database
+ possibly working now (not fully tested)
+ + Added mail storage conversion plugin to convert automatically from
+ one mailbox format to another while user logs in. Doesn't preserve
+ UIDVALIDITY/UIDs though.
+ + Added plugin { .. } section to dovecot.conf for passing parameters
+ to plugins (see dovecot-example.conf).
+ + Added ssl-build-param binary which is used to generate
+ ssl-parameters.dat. Main dovecot binary doesn't anymore link to
+ SSL libraries, and this also makes the process title be clearer
+ about why the process is eating all the CPU.
+ - Fix building without OpenSSL
+ - Fixed memory leak in MySQL driver
+ - Fixes to checkpassword
+ - Broken Content-Length header could have broken mbox opening
+ - Fixed potential hangs after APPEND command
+ - Fixed potential crashes in dovecot-auth and imap/pop3-login
+ - zlib plugin now links with -lz so it could actually work
+ - kqueue fixes by Vaclav Haisman
+
+v1.0.beta2 2006-01-22 Timo Sirainen <tss@iki.fi>
+
+ + Added SQLite support. Patch by Jakob Hirsch.
+ + Added auth_debug_passwords setting. If it's not enabled, hide all
+ password strings from logs.
+ + Added mail_cache_min_mail_count and mbox_min_index_size settings
+ which can be used to make Dovecot do less disk writes in small
+ mailboxes where they don't benefit that much.
+ + Added --build-ssl-parameters parameter to dovecot binary
+ - SSL parameters were being regenerated every 10 minutes, although
+ not with all systems.
+ - Fixed dovecot-auth crashing at startup. Happened only with some
+ specific compilers.
+ - base_dir was supposed to be set world-readable, not world-writable
+
+v1.0.beta1 2006-01-16 Timo Sirainen <tss@iki.fi>
+
+ * Almost a complete rewrite since 0.99.x, but some of the major
+ changes are:
+
+ + Index file code rewritten to do less disk I/O, wait locks less and
+ in generate be smarter. They also support being in clustered
+ filesystems and NFS support is mostly working also.
+ + Mail caching is smarter. Only the data that client requests is
+ cached. Before Dovecot opened and cached all mails when mailbox was
+ opened the first time, which was slow.
+ + Mbox handling code rewritten to be much faster, safer and correct
+ + New authentication mechanisms: APOP, GSSAPI, LOGIN, NTLM and RPA.
+ + LDAP supports authentication binds
+ + Authentication server can cache password database lookups
+ + Support for multiple authentication databases
+ + Namespace configuration
+ + Dovecot works with shared
+
+v0.99.10 2003-06-26 Timo Sirainen <tss@iki.fi>
+
+ * Default PAM service name changed to "dovecot". This means that
+ if you're using PAM, you most likely have to do
+ mv /etc/pam.d/imap /etc/pam.d/dovecot
+ If you wish to keep using imap, see doc/auth.txt.
+
+ * ~/rawlog directory changed to ~/dovecot.rawlog
+
+ + Faster and better maildir synchronization. We support read-only
+ maildirs and out-of-quota conditions are handled a lot better.
+ dovecot-uidlist file still isn't out-of-quota-safe though, but you
+ can keep it in another location where quota isn't checked. For
+ example:
+ default_mail_env = Maildir:~/Maildir:
+ INDEX=/noquota/%u:CONTROL=/noquota/%u
+ + Read-only mboxes are supported now.
+ + Only NOOP and CHECK now always do a mailbox sync checking. Other
+ commands sync max. once in 5 seconds, plus always from indexes.
+ This should reduce I/O a bit.
+ + All NUL characters are translated to ascii #128 before sending to
+ client. RFC prohibits sending NULs and this is how UW-IMAP handles
+ it as well.
+ + Make ENVELOPE, BODY and BODYSTRUCTURE replies more compact by
+ removing multiple LWSPs and translating TABs to spaces. RFC doesn't
+ specifically require this, but this seems to be the wanted
+ behaviour..
+ + Added ANONYMOUS SASL mechanism.
+ + More flexible user chrooting configuration in home directories:
+ "<chroot>/./<homedir>"
+ + Added support for dynamically loadable IMAP/POP3 modules. See
+ INSTALL file for more information.
+ - Partial fetches were broken if mails had CR+LF linefeeds
+ - SEARCH DELETED didn't return anything if all messages were deleted
+ - OpenSSL support was broken in many installations because we were
+ chrooted and it couldn't open /dev/urandom.
+ - PAM: Giving wrong password blocked the whole process for two
+ seconds. Now we create a new process for each check.
+ - Lots of other smaller bugfixes and better error handling
+
+v0.99.9.1 2003-05-03 Timo Sirainen <tss@iki.fi>
+
+ - Messages having lines longer than 8192 bytes caused problems.
+ - There was some problems when opening a mbox first time that had been
+ empty for a while.
+ - Didn't compile with OpenBSD.
+ - POP3 server crashed sometimes instead of printing error message.
+ - If cached IMAP envelope contained literals, SEARCHing in it wrote
+ errors to log file. For example if subject contained highascii, '"'
+ or '\' characters this happened.
+
+v0.99.9 2003-04-28 Timo Sirainen <tss@iki.fi>
+
+ * WARNING: mbox rewriting works now faster, but it's less likely to
+ notice external message flag changes (it wasn't perfect before
+ either). This also means that if you're not using index files,
+ Dovecot may not notice changes made by another Dovecot process.
+ This will be fixed later.
+
+ + Message UIDs are now permanently stored outside index files.
+ Deleting indexes is now possible without any kind of data loss and
+ in-memory indexes are now usable.
+ + mbox rewriting leaves extra space into X-Keywords header. It's
+ shrinked or grown when updating message flag headers to avoid
+ rewriting the rest of the file.
+ + imap-login and pop3-login can now be started from inetd. Privilege
+ separation is still used, so it executes dovecot and dovecot-auth
+ processes which are left on the background.
+ + PostgreSQL authentication support, patch by Alex Howansky
+ - Large multiline headers (over 8kB) broke Dovecot before. Now they're
+ parsed one line at a time and we try to avoid reading them fully into
+ memory.
+ - SEARCH OR was broken
+ - Partial BODY[] fetches were broken
+ - Timezones were still set wrong when parsing dates
+ - Using non-synchronized literals (LITERAL+) broke APPEND
+ - Renaming maildir subfolders inserted extra "." in the middle.
+ - Subfolders were a bit broken with maildir
+ - Invalid PLAIN auth request crashed auth process.
+
+v0.99.8 2003-02-25 Timo Sirainen <tss@iki.fi>
+
+ * NOTE: Configuration file has changed a bit: auth_userinfo was
+ replaced by userdb and passdb. *_port were merged into *_listen.
+ Disabling listening in imaps port is now done by changing protocols
+ setting.
+
+ * Maildir: .customflags location has changed for INBOX. If you have
+ set any custom flags, move Maildir/.INBOX/.customflags into
+ Maildir/.customflags or they will be lost.
+
+ * mbox: Autodetect /var/mail/%u and /var/spool/mail/%u as INBOXes
+ if they're found and mail_default_env isn't set.
+
+ * passwd-file: File format changed a bit. If you used realm or mail
+ fields, you'll have to fix the file. See doc/auth.txt for description
+ of the format.
+
+ + Fully featured POP3 server included. Disabled by default.
+ + Support for LITERAL+, MULTIAPPEND, UNSELECT, IDLE, CHILDREN and
+ LISTEXT extensions.
+ + LDAP authentication support.
+ + Internal API cleanups made Dovecot faster and take less memory
+ + auth_verbose logs now all authentication failures
+ + Support for Solaris 9 sendfilev()
+ + New setting: mail_full_filesystem_access allows clients to access the
+ whole filesystem by simply giving the path before the mailbox name
+ (eg. SELECT ~user/mail/box, LIST "" /tmp/%). While this allows users
+ to share mailboxes, it's not recommended since Dovecot's index files
+ can't be safely shared.
+ + New setting: client_workarounds.
+ + Dynamically loadable authentication modules. Binary package builders
+ should consider using it for at least LDAP.
+ + mbox: Content-Length is saved now to each saved message, so it's
+ now safe to have lines beginning with "From ".
+ + mbox: mail_read_mmaped = no works with it now
+ + Indexes can be kept in memory by adding :INDEX=MEMORY to MAIL
+ environment. There's not much point to do this now though, since the
+ UIDs won't be saved.
+ - COPY now behaves as RFC2060 says: "If the COPY command is
+ unsuccessful for any reason, server implementations MUST restore the
+ destination mailbox to its state before the COPY attempt."
+ - LIST and LSUB rewrite, should fix several bugs in them
+ - maildir_copy_with_hardlinks = yes was broken.
+ - mboxes in subfolders weren't selectable.
+ - STORE didn't accept multiple flags without () around them
+ - PLAIN SASL-authentication was a bit broken.
+ - IMAP dates were parsed a few hours wrong
+ - STATUS command removed \Recent flags from messages
+ - Several bugfixes to SEARCH command, especially related to multiple
+ search conditions
+ - If auth/login process died unexpectedly at startup, the exit status
+ or killing signal wasn't logged.
+ - mbox parsing might have crashed sometimes
+ - mbox: when saving mails, internal headers were allowed in input,
+ sometimes causing problems (eg. duplicate headers) when appending
+ and copying messages
+ - mbox: X-Keywords headers were duplicated
+ - Some small fixes to how messages are saved to Maildir
+ - Next command after STARTTLS was ignored which left the connection
+ stuck sometimes
+ - Dovecot was pretty much broken with FreeBSD
+
+v0.99.7 2003-01-14 Timo Sirainen <tss@iki.fi>
+
+ + Rewrote doc/index.txt, small updates to doc/design.txt and
+ doc/multiaccess.txt
+ - New hash table code was broken with removing, which broke several
+ things. Fixed, but it's still a bit ugly code though..
+
+v0.99.6 2003-01-13 Timo Sirainen <tss@iki.fi>
+
+ + THREAD=REFERENCES extension support. ORDEREDSUBJECT would be easy to
+ add, but I think it's pretty useless.
+ + SORT is much faster now.
+ + mbox: If ~/mail directory isn't found, create it.
+ + Log login usernames
+ * Some coding style changes (less typedefs)
+ - Mails with nested MIME parts might have caused incorrect BODY and
+ BODYSTRUCTURE fetches and sometimes might have crashed dovecot
+ (assert at imap-bodystructure.c). If client had already successfully
+ done the BODY fetching a couple of times, the bug couldn't happen
+ anymore since Dovecot then began caching the BODY data. So, this
+ mostly happened with new users.
+ - non-UID SEARCH might gave wrong replies in certain conditions.
+ - SORT replied always with UIDs instead of sequences.
+ - If authentication was aborted by client ("*" reply to AUTHENTICATE),
+ the login process crashed later.
+ - STATUS command gave invalid reply for mailboxes with spaces in name
+ - Timezones were parsed wrong with message dates
+ - Digest-MD5: We used "qop-options" instead of "qop", which was
+ incompatible with at least Cyrus SASL.
+ - Realms in passwd-file were buggy
+ - Literals didn't work when logging in
+ - Crashed if it had to wait for mbox lock
+ - With invalid configuration auth and login processes were just dying
+ and master filling log files infinitely.
+ - We didn't work with some 64bit systems
+
+v0.99.5 2003-01-02 Timo Sirainen <tss@iki.fi>
+
+ * This release includes a lot of code cleanups, especially related to
+ security. Direct buffer modifying was replaced in several places
+ with a new buffer API, which provides a safe way to do it. Code that
+ looks unsafe contains @UNSAFE tag to make auditing easier.
+
+ + Support for SORT extension. Originally I thought about not
+ implementing any extensions before 1.0, but too many people want
+ webmails which want SORT. THREAD is another extension which they
+ want, but we don't support it yet.
+ + imap_listen and imaps_listen settings now accept "*" and "::" to
+ specify if we want to listen in IPv4 or IPv6 addresses. "::" may
+ also listen in all IPv4 addresses depending on the OS (Linux does,
+ BSD doesn't)
+ + New setting: default_mail_env can be used to specify where to find
+ users mailbox. Default is still to use autodetection.
+ + New setting: imap_log_path to log logins etc. informational messages
+ to different file.
+ + We support now separate mbox file for INBOX folder, no need for
+ symlink kludging anymore.
+ + Support for keeping index files in different location than actual
+ mailboxes.
+ ? Disabled mailbox_check_interval setting by default, it breaks
+ Evolution.
+ - SEARCH was still somewhat buggy, especially with laggy networks.
+ Also body/header searches might have crashed or at least used
+ memory too much
+ - Deleting messages in the middle of mbox caused dovecot to reindex
+ the following messages as new messages (ie. change UIDs and set
+ \Recent flag).
+ - Digest-MD5 auth: Initial server challenge packet was missing a comma,
+ which might have made it incompatible with some implementations.
+ - Some more fixes to unnecessarily high memory usage
+ - SELECT and EXAMINE often printed UNSEEN reply or maybe complained
+ about corrupted indexes. Happened usually only with mbox.
+ - FETCH BODYSTRUCTURE gave incorrect reply, breaking pine
+ - LIST was pretty buggy with mbox subfolders
+ - CHECK command returned just "missing parameters" error
+ - DELETE didn't work with mbox folders
+ - CREATE mailbox<hierarchy separator> failed always.
+ - CREATE and RENAME didn't create required hierarchies with mbox
+ - RFC822 date parser didn't handle single digit days correctly.
+ - login_process_per_connection = yes didn't work with imaps port
+ connections which is exactly where it was mostly wanted.
+ - ssl_disabled = yes didn't disable listening in imaps port
+ - process limiting code didn't compile everywhere (eg. FreeBSD).
+ - Linux sendfile() was never detected
+ - We didn't work at all with gcc/PowerPC
+
+v0.99.4 2002-12-01 Timo Sirainen <tss@iki.fi>
+
+ - Command parser had several bugs when it didn't have enough data to
+ parse the full command in one call, ie. network lags etc. triggered
+ those bugs sometimes. This was the last "weird bug" I know of.
+ - Mbox indexes got broken when updating cached fields
+ - Fixed a few memory leaks and unneededly high memory usage while
+ caching envelopes
+ - Fixes to searching from message body and header
+ - --with-ssldir didn't do anything and the default was empty
+
+v0.99.3 2002-11-26 Timo Sirainen <tss@iki.fi>
+
+ - mail_read_mmaped = no (default) caused mbox corruption with EXPUNGE.
+ mmap()ing is forced for now.
+
+v0.99.2 2002-11-26 Timo Sirainen <tss@iki.fi>
+
+ + If we have to wait for a lock longer, the client is now notified
+ about it every 30 seconds.
+ - Default settings still pointed to lib directory instead of the
+ libexec directory where the binaries were actually installed
+ - vpopmail support had to be kludged to fix a bug in vpopmail library
+ which sometimes left extra character after the user name.
+ - Login process crashed if master process didn't let some user login.
+ Normally this couldn't happen without error in configuration.
+ - select() based I/O loop wasn't working so Dovecot didn't work in
+ eg. OSX. Also PAM authentication wasn't detected with OSX.
+ - Didn't compile with NetBSD-current
+
+v0.99.1 2002-11-25 Timo Sirainen <tss@iki.fi>
+
+ + Added doc/mkcert.sh script to easily generate yourself a self-signed
+ certificate. Modify doc/dovecot-openssl.cnf before running it.
+ + --with-ssldir configure option to specify default path for /etc/ssl
+ + Added ssl_disable setting to config file
+ - OpenSSL wasn't checked properly by configure
+ - vpopmail authentication module didn't compile
+ - We should install the binaries into libexec dir, not lib
+ - doc/configuration.txt and doc/mail-storages.txt were missing
+
+v0.99.0 2002-11-24 Timo Sirainen <tss@iki.fi>
+
+ + Replaced hash file with binary tree file which makes Dovecot stay
+ fast with large mailboxes after expunging multiple mails.
+ + Several speed improvements with SEARCH
+ + SEARCH CHARSET support using iconv(), although case-insensitive
+ searching is currently supported only for ASCII characters.
+ + OpenSSL support.
+ + Support for regenerating Diffie Hellman and RSA parameters with
+ specified intervals. NOTE: currently doesn't work with OpenSSL.
+ + Support for each login connection being handled in it's own process.
+ This is the default as it's more safe especially with SSL.
+ + mbox locking is now safe, other processes can't modify the mbox file
+ while we're reading it.
+ + Notify clients with "EXISTS" almost immediately after new mail is
+ received.
+ + Rawlog: Support for saving user connections into files - useful for
+ debugging.
+ + Content-Language is finally parsed correctly
+ + Lots of smaller speed optimizations
+ - Partial BODY[] fetches weren't working properly
+ - BODY[section] was buggy with message/rfc822 MIME parts
+ - STARTTLS wasn't working
+ - \* flag was missing from PERMANENTFLAGS.
+ - Comments inside <> mail addresses crashed.
+ - imap-login printed UTC timestamps to logfiles
+ - passwd-file wasn't reread the the file changed
+ - PAM authentication was implemented wrong, which caused it to break
+ with some PAM plugins.
+ - Lots of smaller fixes, mostly to do with reliability
+
+v0.98.4 2002-10-06 Timo Sirainen <tss@iki.fi>
+
+ * Just a final release before replacing hash file with a binary tree.
+
+ - When fetching messages larger than 256k, sometimes Dovecot missed
+ to send CR causing corrupted data at end of message and possibly
+ complete failure depending on IMAP client.
+ - Fetching BODY or BODYSTRUCTURE for message having content-type of
+ message/rfc822 didn't correctly add () around the envelope data.
+ - Several fixes to make it compile with HP/UX ANSI C compiler.
+ Also fixed several warnings it showed up.
+
+v0.98.3 2002-10-01 Timo Sirainen <tss@iki.fi>
+
+ * Sorry, just noticed a very stupid bug which caused evolution 1.2
+ beta to crash. I always thought it was just evolution's fault :)
+ - Several fields in BODY / BODYSTRUCTURE replies weren't quoted
+
+v0.98.2 2002-09-30 Timo Sirainen <tss@iki.fi>
+
+ + --with-file-offset-size=32 can now be used to select 32bit file
+ offsets. Using them should be a bit faster and take a bit less
+ disk and memory (also needed to compile Dovecot successfully with
+ TinyCC).
+ + maildir_copy_with_hardlinks option works now
+ + Check new mail and notify about it to client also after
+ commands which don't allow full syncing (FETCH, STORE, SEARCH).
+ Also always send RECENT after EXISTS notify.
+ + If we're out of disk space while opening mailbox, notify about it
+ with ALERT.
+ - STORE and SEARCH didn't handle properly message sequence numbers
+ when some in the middle were externally deleted
+ - SEARCH: Only first search condition was checked.
+ - mbox: Message flags given to APPEND were ignored.
+ - mbox: index was corrupted when changing flags for multipart MIME
+ messages
+ - Out of disk space-handling wasn't working properly with .customflags
+ file
+ - if auth processes were killed, login processes weren't reconnecting
+ to them
+
+v0.98.1 2002-09-24 Timo Sirainen <tss@iki.fi>
+
+ + Faster and safer mbox rewriting when flags are updated
+ - Didn't save messages larger then 8192 bytes
+ - Several mbox breakages
+
+v0.98 2002-09-23 Timo Sirainen <tss@iki.fi>
+
+ + mbox support is finally working. There's still some reliability
+ fixes left but overall it should be quite usable.
+ + vpopmail authentication support
+ + We should be able to deal with "out of diskspace/quota" conditions
+ properly, by keeping the indexes in memory and allowing user to
+ delete mails to get more space.
+ + Several speed enhancements
+ + New configuration file option: overwrite_incompatible_index to force
+ using ".imap.index" file, overwriting it if it isn't compatible
+ - Handle invalid message headers reliably
+ - Tons of bugfixes and code cleanups everywhere
+
+v0.97 2002-08-29 Timo Sirainen <tss@iki.fi>
+
+ + Large mails are handled in 256kB blocks, so mail size no longer
+ has hardly any effect on memory usage
+ + 64bit file offsets are used if supported by system. This means
+ Dovecot is fully capable of handling >2G mails in those systems.
+ With 32bit offsets >2G mails may not behave too well, but should
+ not crash either.
+ + I fixed lots of potential integer overflows. This should make us
+ fully crash-free no matter what happens (index file corruption
+ mostly). I didn't verify everything too carefully yet, so more
+ auditing is still needed before we fully reach that goal.
+ + Implemented several missing tasks / optimizations to index handling.
+ It should now stay fast after longer usage periods.
+ + New configuration file options: log_path, log_timestamp, imaps_listen
+ + "Critical errors" are now hidden from users, ie. any error message
+ that is not a direct reply to user error is written into log file
+ and user gets only "Internal error [timestamp]".
+ + Nonblocking SSL handshaking
+ + Lots of code cleanups
+ - Lots of mbox fixes, it seems to be somewhat reliable now
+ - Year in Date-field was parsed wrong
+ - Appending mail to mbox didn't work right
+ - Always verify that mailbox names are valid (especially they shouldn't
+ contain "../")
+
+v0.96 2002-08-08 Timo Sirainen <tss@iki.fi>
+
+ * Changed to LGPL v2.1 license
+
+ + STARTTLS support and optional disabling of plaintext authentication
+ (LOGINDISABLED capability)
+ + Support for custom message flags, each folder can have 26 different.
+ + New configuration file options: imap_listen, max_logging_users,
+ max_imap_processes
+ + You can specify config file location to imap-master with -c <path>
+ + All IMAP processes can now write to specified log file instead of
+ syslog. Either do this by setting IMAP_LOGFILE environment, or
+ give -l <path> parameter to imap-master.
+ + Some cleanups to remove warnings with BSDs
+ + Changed all %s .. strerror(errno) -> %m
+ + Rewritten memory pool code
+ - imap-master didn't close all the fds for executed processes
+ - iobuffer code was buggy and caused the connection to terminate
+ sometimes
+ - make install overwrote the existing dovecot.conf file, so it's now
+ named as dovecot-example.conf
+
+v0.95 2002-07-31 Timo Sirainen <tss@iki.fi>
+
+ + Initial SSL support using GNU TLS, tested with v0.5.1.
+ TLS support is still missing.
+ + Digest-MD5 authentication method
+ + passwd-file authentication backend
+ + Code cleanups
+ - Found several bugs from mempool and ioloop code, now we should
+ be stable? :)
+ - A few corrections for long header field handling
+
+v0.94 2002-07-29 Timo Sirainen <tss@iki.fi>
+
+ * Supports running completely non-root now. imap-auth however is a
+ bit problematic as we don't support passwd-file yet.
+ - Memory alignment fixes mostly
+ - Other misc. bugfixes