Dovecot is een mailserver met ondersteuning voor imap, pop3, ipv6, ssl en tls, en valt deels onder een MIT- en deels onder een Lgplv2.1-licentie. Voor het opslaan van mailberichten kan gebruik worden gemaakt van maildir-, mbox- en het zelf ontwikkelde dbox-formaat. Daarnaast kunnen mta's zoals Postfix 2.3+ en Exim 4.64+ hun smtp-authenticatieproces zonder tussenstappen uitvoeren bij Dovecot. De ontwikkelaar heeft versie 2.2.30.2 uitgebracht met de volgende aankondiging:
v2.2.30.2 released
Hopefully the last 2.2.30.x..v2.2.30.1 released
- auth: Multiple failed authentications within short time caused crashes
- push-notification: OX driver crashed at deinit
Due to some release process changes I didn't notice that one important bugfix wasn't included in the v2.2.30 release branch before I made the release. So fixing it here with v2.2.30.1. Also included another less important fix.Also I guess should mention that in v2.2.30+ the "script" service's protocol changed to a new version. If anyone had written their own script services (not using the included "script" binary) they would need some changes. I haven't heard of anyone having done that though.
- quota_warning scripts weren't working in v2.2.30
- vpopmail still wasn't compiling
v2.2.30 released
- auth: Use timing safe comparisons for everything related to passwords. It's unlikely that these could have been used for practical attacks, especially because Dovecot delays and flushes all failed authentications in 2 second intervals. Also it could have worked only when passwords were stored in plaintext in the passdb.
- master process sends SIGQUIT to all running children at shutdown, which instructs them to close all the socket listeners immediately. This way restarting Dovecot should no longer fail due to some processes keeping the listeners open for a long time.
- auth: Add passdb { mechanisms=none } to match separate passdb lookup
- auth: Add passdb { username_filter } to use passdb only if user matches the filter. See https://wiki2.dovecot.org/PasswordDatabase
- dsync: Add dsync_commit_msgs_interval setting. It attempts to commit the transaction after saving this many new messages. Because of the way dsync works, it may not always be possible if mails are copied or UIDs need to change.
- imapc: Support imapc_features=search without ESEARCH extension.
- imapc: Add imapc_features=fetch-bodystructure to pass through remote server's FETCH BODY and BODYSTRUCTURE.
- imapc: Add quota=imapc backend to use GETQUOTA/GETQUOTAROOT on the remote server.
- passdb imap: Add allow_invalid_cert and ssl_ca_file parameters.
- If dovecot.index.cache corruption is detected, reset only the one corrupted mail instead of the whole file.
- doveadm mailbox status: Add "firstsaved" field.
- director_flush_socket: Add old host's up/down and vhost count as parameters
- More fixes to automatically fix corruption in dovecot.list.index
- dsync-server: Fix support for dsync_features=empty-header-workaround
- imapc: Various bugfixes, including infinite loops on some errors
- IMAP NOTIFY wasn't working for non-INBOX if IMAP client hadn't enabled modseq tracking via CONDSTORE/QRESYNC.
- fts-lucene: Fix it to work again with mbox format
- Some internal error messages may have contained garbage in v2.2.29
- mail-crypt: Re-encrypt when copying/moving mails and per-mailbox keys are used. Otherwise the copied mails can't be opened.
- vpopmail: Fix compiling
:strip_icc():strip_exif()/u/101865/crop5e04c97889698_cropped.jpeg?f=community){kind=small}
