[Dovecot] v2.2.7 released
http://dovecot.org/releases/2.2/dovecot-2.2.7.tar.gz http://dovecot.org/releases/2.2/dovecot-2.2.7.tar.gz.sig
* Some usage of passdb checkpassword could have been exploitable by
local users. You may need to modify your setup to keep it working.
See http://wiki2.dovecot.org/AuthDatabase/CheckPassword#Security
+ auth: Added ability to truncate values logged by
auth_verbose_passwords (see 10-logging.conf comment)
+ mdbox: Added "mdbox_deleted" storage, which can be used to access
messages with refcount=0. For example: doveadm import
mdbox_deleted:~/mdbox "" mailbox inbox subject oops
+ ssl-params: Added ssl_dh_parameters_length setting.
- master process was doing a hostname.domain lookup for each created
process, which may have caused a lot of unnecessary DNS lookups.
- dsync: Syncing over 100 messages at once caused problems in some
situations, causing messages to get new UIDs.
- fts-solr: Different Solr hosts for different users didn't work.On 3.11.2013, at 22.08, Timo Sirainen <tss@iki.fi> wrote:
- Some usage of passdb checkpassword could have been exploitable by local users. You may need to modify your setup to keep it working. See http://wiki2.dovecot.org/AuthDatabase/CheckPassword#Security
Oh, forgot to mention here: This problem was found by the cPanel people (cPanel uses checkpassword). They also reserved CVE-2013-6171 for this.
Thanks again for the released.
Timo Sirainen <tss@iki.fi> wrote:
On 3.11.2013, at 22.08, Timo Sirainen <tss@iki.fi> wrote:
- Some usage of passdb checkpassword could have been exploitable by local users. You may need to modify your setup to keep it working. See http://wiki2.dovecot.org/AuthDatabase/CheckPassword#Security
Oh, forgot to mention here: This problem was found by the cPanel people (cPanel uses checkpassword). They also reserved CVE-2013-6171 for this.
Dovecot-news mailing list Dovecot-news@dovecot.org http://dovecot.org/cgi-bin/mailman/listinfo/dovecot-news
-- Senior IT Manager Metropolitan Schools 013 750 2255
This message was sent from my Android mobile. I was out from the office at that time.
- Timo Sirainen <tss@iki.fi>:
http://dovecot.org/releases/2.2/dovecot-2.2.7.tar.gz http://dovecot.org/releases/2.2/dovecot-2.2.7.tar.gz.sig
Works like a charm here.
- master process was doing a hostname.domain lookup for each created process, which may have caused a lot of unnecessary DNS lookups.
Cool
-- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt@charite.de | http://www.charite.de
On 03/11/2013 21:08, Timo Sirainen wrote:
- mdbox: Added "mdbox_deleted" storage, which can be used to access messages with refcount=0. For example: doveadm import mdbox_deleted:~/mdbox "" mailbox inbox subject oops
Hi Timo,
We're currently running Dovecot 2.1.16.
To ease the recovery process, in case of accidental mail deletion, we're using the lazy_expunge plugin to keep deleted mail in a user hidden namespace during a couple of days before they really get deleted.
Could this be replaced by this new feature? I guess the mdbox_deleted storage get emptied after a purge (which is what we're doing every night)?
Regards, Gilles.
participants (4)
-
Eric Kom
-
Gilles Chauvin
-
Ralf Hildebrandt
-
Timo Sirainen