[Dovecot-news] v2.0.alpha1 released

Timo Sirainen tss at iki.fi
Tue Oct 13 01:45:23 EEST 2009


http://dovecot.org/releases/2.0/alpha/dovecot-2.0.alpha1.tar.gz
http://dovecot.org/releases/2.0/alpha/dovecot-2.0.alpha1.tar.gz.sig

So here's the first alpha version of Dovecot v2.0. There are still a
couple of things left to do, but in general it should work for most
people. I started using it for my own mails a few days ago and it seems
to work without errors.

Largest changes since v1.2:

	* Global ACLs are now looked up using namespace prefixes. For example
	  if you previously had INBOX. namespace prefix and a global ACL for
	  "INBOX.Sent", it's now looked up from "INBOX.Sent" file instead of
	  "Sent" as before.

	+ Redesigned master process. It's now more modular and there is less
	  code running as root.
	+ Configuration supports now per-local/remote ip/network settings.
	+ dsync utility does a two-way mailbox synchronization.
	+ LMTP server and proxying.
	+ Added mdbox (multi-dbox) mail storage backend.
	+ doveadm utility can be used to do all kinds of administration
	  functions. Old dovecotpw and *view utilities now exist in its
	  subcommands.

Some things left to do:

 - Do something about backwards compatibility with v1.x. Either make it
read v1.x config files or provide some config conversion utility.

- dsync still has some bugs

- config process is a bit too slow. config handling in general could use
some caching all around. no need to ask configuration for each login
unless there are per-remote-ip settings.

- some kind of an optional connection policy server could be useful.
mainly to finally implement tcp-wrappers support.

 - mail_uid, mail_gid, mail_chroot settings don't really work now. I
think this actually needs a bit larger change, which is probably a good
idea in any case:

After successfully authenticating, login process needs to get imap/pop3
process executed. Currently this is done by transferring the connection
fd to master process, doing userdb lookup and then forking and execing
the imap/pop3 process.

The new behavior I'm thinking is that after auth, login process would
connect to imap/pop3 unix socket in the login/ directory. That would
cause master process to fork a new imap/pop3 process (running as root).
Login process would send the necessary auth information via the unix
socket, possibly transfer also the fd, and imap/pop3 would do the userdb
lookup and then drop privileges.

This change has some pros:
 - Master process will no longer temporarily hold some extra fds and use
extra memory during auth lookups. If auth process is hanging these could
cause problems.
 - Master process will no longer have any special auth handling code and
I can remove type=auth-source and type=auth services.
 - Of course fixes the mail_* setting issue, because all of this is now
done by imap/pop3 process, which knows about these settings.
 - Creating support for "multiple imap/pop3 post-login connections in a
single process" should be pretty easy to implement with this. The
imap/pop3 unix socket just needs to be listened by a new process in the
middle that keeps track of what imap/pop3 processes exist and can
redirect the new connections to those.

But also some cons:
 - drop_priv_before_exec=yes no longer works, unless the uid/gid is
hardcoded to the service {} block.
 - Each imap/pop3 process needs to do a connect() to auth server at
startup, adding a bit to the latency.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot-news/attachments/20091012/72df41a3/attachment.bin 


More information about the Dovecot-news mailing list