Tags · dovecot/core

2.4.1

Release v2.4.1

* auth: Change unix_listener/auth-userdb/group = $SET:default_internal_group
  This change needs dovecot_config_version=2.4.1.
* auth: lua - Remove support for single string result.
* imap: Unconditionally advertise SPECIAL-USE capability.
* lib-dcrypt: Install dcrypt_openssl.so into dovecot modules directory.
* lib-master: For glibc, default MALLOC_MMAP_THRESHOLD_=131072.
* lib-storage: Change default mail_cache_fields to:
  hdr.date hdr.subject hdr.from hdr.sender hdr.reply-to hdr.to
  hdr.cc hdr.bcc hdr.in-reply-to hdr.message-id
  date.received size.virtual imap.bodystructure mime.parts hdr.references
  hdr.importance hdr.x-priority hdr.x-open-xchange-share-url
  pop3.uidl pop3.order. This change needs dovecot_config_version=2.4.1.
* lib-var-expand: Use moduledir instead of pkglibdir for crypt.
* lmtp: Change the default lmtp_user_concurrency_limit to 10.
  This change needs dovecot_config_version=2.4.1.
* lmtp: Change the default service_restart_request_count to 1.
  This change needs dovecot_config_version=2.4.1.
+ auth: Allow configuring passdb/userdb sql to use auth-workers.
+ config: Add default group @mailbox_defaults = english.
+ config: Improve "Unknown setting" error with more details and
  suggestions.
+ doveconf: Add -U parameter to ignore unknown settings in config file.
+ fts-flatcurve: Support lock files in VOLATILEDIR.
+ imap-acl: Add support for the IMAP LIST-MYRIGHTS capability (RFC 8440).
+ imap-client: Support ANONYMOUS authentication.
+ imap: Implement support for the REPLACE capability.
- auth: ldap - Passdb fields were ignored with
  passdb_ldap_bind_userdn=yes.
- auth: lua - Fix error result handling in lua passdb/userdb.
- auth: oauth2 - When building oauth2 failure reply, memory would leak.
- config: local_name handling would work wrong with multiple names and
  wildcards.
- fts-flatcurve: A potential crash could occur when searching virtual
  mailboxes.
  Fixes: Panic: file fts-search.c: line 87 (level_scores_add_vuids):
  assertion failed: (array_count(&vuids_arr) == array_count(&br->scores))
- fts-flatcurve: Maybe queries were done wrong.
- fts-flatcurve: Non-selectable mailboxes were not ignored when doing
  optimize/rescan.
- fts-flatcurve: Signal 11 crash could happen with fts rescan.
- fts: Fix crash caused by event object lifecycle mishandling.
- imap-hibernate: Client counters would get reset on unhibernation,
  affecting imap_logout_format variables.
- imap: Crash would occur with Maildir when trying to send INPROGRESS
  during mailbox syncing.
- ldap: Dovecot could not be compiled without LDAP.
- lib-dcrypt: Output stream encryption can cause assert crash if
  attempting to encrypt over 64 GiB of data with GCM. This is still not
  supported with GCM, but it fails better.
- lib-http: HTTP client context memory usage was increasing.
- lib-http: Pipeline corruption could happen after 100 Continue response.
- lib-settings: Variable expansion initialization could crash with
  Panic: file settings.c: line 1560 (settings_var_expand_init_add):
  assertion failed: (I_MAX(num_tables, num_provs) == num_ctx)
- lib-smtp: Pipelining initial SASL response after AUTH was broken.
- lib-var-expand: If filter failed, memory leak would occur.
- lib-var-expand: Older bison versions did not have error symbol for
  handling causing unexpected behaviour on the parser on error conditions.
- quota: Quota calculations had minor bugs causing small errors.

Mar 28, 2025
7d8c0e5
zip
tar.gz
Notes
Downloads

2.4.0

Release v2.4.0

* config: dovecot_config_version must be the first non-comment
  line in configuration file.
* config: dovecot_storage_version must be in the configuration
  file.
* config: Many configuration options have changed so old configuration
  files do not work without rewrite. See
  https://doc.dovecot.org/main/installation/upgrade/2.3-to-2.4.html
* config: New variable expansion syntax has been introduced, see
  https://doc.dovecot.org/main/core/settings/variables.html
* config: Some default settings have changed.
* config: plugin {} section has been removed.
* *-login: With ssl=required, connections from login_trusted_networks
  are now also required to be SSL/TLS encrypted.
* acl: Use ACL settings instead of Global ACL Directories.
* auth-worker: auth_worker_max_count is replaced with
  service auth-worker { process_limit }.
* auth: Weak password schemes are disabled by default, use
  auth_allow_weak_schemes to enable them.
* auth_debug, mail_debug: Use log_debug filter instead.
* config: All sections require a name, for example passdb/userdb:
  passdb static {
     password=secret
   }
* db2: Remove Berkeley DB support.
* dict-memcached: This is removed, use Redis instead.
* director: Feature has been removed. See potential replacement at
  https://github.com/dovecot/tools/blob/main/director.lua
* doveadm: USER environment variable is only supported with
  --no-userdb-lookup. One of -u, -F or -A must be used
  otherwise.
* doveconf: Option -n is now default when running doveconf.
* dsync: Use doveadm sync instead, legacy symlink has been removed.
* fs-sis: Feature is now deprecated and has been made read-only.
  It will be removed in future release.
* fts-lucene, fts-squat: These have been removed, use fts-flatcurve or
  fts-solr instead.
* imap-login: IMAP compression is now handled in proxies.
* imap_quota: SETQUOTA / quota_set has been removed.
* imap_zlib: This plugin is no longer needed, it's always enabled.
* imapc: All features are enabled by default, imapc_features can be used
  to explicitly disable features that are not wanted.
* lib-storage: mbox driver is now frozen.
* mail_compress: XZ and LZMA algorithm support has been removed.
* mailbox-alias: Plugin has been removed.
* old_stats, auth_stats: These have been removed.
* openssl: Minimum supported version of OpenSSL is now 1.1.1.
* openssl: Add support for OpenSSL 3.x
* quota-dict, quota-dirsize: These have been removed, use quota-count
  instead. You can use quota_clone to copy quota usage to some database.
* replicator: Feature has been removed. Use NFS or some other shared
  filesystem instead, or run doveadm sync in crontab.
* stats: The bytes_in and bytes_out field in several events have been
  renamed as net_in_bytes and net_out_bytes.
* zlib: Renamed to mail_compress plugin.
+ Experimental SMTPUTF8 and IMAP UTF8=ACCEPT support has been added.
  Needs --enable-experimental-mail-utf8 configure option and
  mail_utf8_extensions=yes setting.
+ Long running mail commands can be aborted with Ctrl-C / doveadm kick.
+ auth: LDAP driver now supports multi-value attributes.
+ auth: Add support for SCRAM-SHA-1-PLUS and SCRAM-SHA-256-PLUS.
+ auth: Add support for TLS channel binding.
+ auth: Support sending JA3 hash to policy server.
+ configure: Detect latest Lua version.
+ *-login: Support for TLS Server Name has been improved to allow pre-login
  settings. For example capabilities to be changed based on TLS Server Name.
+ *-login: Support for TLS ALPN has been added, connections with mismatching
  application are now refused. Missing ALPN is accepted.
+ fts-flatcurve: New Xapian based FTS plugin has been added.
+ imap: Support for INPROGRESS untagged messages as per RFC 9585.
+ lib-lua: Expose Dovecot DNS client.
+ lib-lua: Expose Dovecot HTTP client.
+ lib-sasl: Support SCRAM-SHA mechanisms.
+ lmtp: SNI support has been added which allows settings to be applied
  based on TLS Server Name.
+ sqlite: Support WAL mode.
+ stats: Submetric name size has been increased.
+ submission: Add submission_add_received_header setting to protect
  sender identity by suppressing the Received: header.
- Many bugs have been fixed.

Jan 24, 2025
daeb6bc
zip
tar.gz
Notes
Downloads

* Removed mail_cache_lookup_finished event. This event wasn't especially
useful, but it increased CPU usage significantly.
* fts: Don't index inline base64 encoded content in FTS indexes using
the generic tokenizer. This reduces the FTS index sizes by removing
input that is very unlikely to be searched for. See
https://doc.dovecot.org/configuration_manual/fts/tokenization for
details on how base64 is detected. Only applies when using libfts.
* lmtp: Session IDs are now preserved through proxied connections, so
LMTP sessions can be tracked. This slightly changes the LMTP session
ID format by appending ":Tn" (transaction), ":Pn" (proxy connection)
and ":Rn" (recipient) counters after the session ID prefix.
+ Events now have "reason_code" field, which can provide a list of
reasons why the event is happening. See
https://doc.dovecot.org/admin_manual/event_reasons/
+ New events are added. See https://doc.dovecot.org/admin_manual/list_of_events/
+ fts: Added fts_header_excludes and fts_header_includes settings to
specify which headers to index. See
https://doc.dovecot.org/settings/plugin/fts-plugin#plugin-fts-setting-fts-header-excludes
for configuration details.
+ fts: Initialize the textcat language detection library only once per
process. This can reduce CPU usage if fts_languages setting has multiple
languages listed and service indexer-worker { service_count } isn't 1.
Only applies when using libfts.
+ lib-storage: Reduced CPU usage significantly for some operations that
accessed lots of emails (e.g. fetching all flags in a folder, SORT, ...)
+ lib: DOVECOT_PREREQ() - Add micro version which enables compiling
external plugins against different versions of Dovecot.
+ lmtp: Added new lmtp_verbose_replies setting that makes errors sent to
the LMTP client much more verbose with details about why exactly
backend proxy connections or commands are failing.
+ submission: Support implicit SASL EXTERNAL with
submission_client_workarounds=implicit-auth-external. This allows
automatically logging in when SSL client certificate is present.
- *-login: Statistics were disabled if stats process connection was lost.
- auth: Authentication master user login fails with SCRAM-* SASL mechanisms.
- auth: With auth_cache_verify_password_with_worker=yes, passdb extra
fields in the auth cache got lost.
- doveadm: Fixed crash if zlib_save_level setting was specified,
but zlib_save was unset. v2.3.15 regression.
- doveadm: Proxying can panic when flushing print output. v2.3.17
regression. Fixes:
Panic: file ioloop.c: line 865 (io_loop_destroy): assertion failed:
(ioloop == current_ioloop)
- doveadm: stats add --group-by parameter didn't work.
- fts: Using email-address fts tokenizer could result in excessive memory
usage with garbage email input. This could cause the indexer-worker
processes to fail due to reaching the VSZ memory size limit.
Only applies when using libfts.
- imap: A SEARCH command timing out while fts returns indexes may timeout
returning "NO [SERVERBUG]", while it should return "NO [INUSE]" instead.
- imap: LIST-EXTENDED doesn't return STATUS for all folders. Sending
LIST .. RETURN (SUBSCRIBED STATUS (...)) did not return STATUS for
folders that are not subscribed when they have a child folder that is
subscribed as mandated by IMAP RFCs.
- imapc: Mailbox vsize calculation crashed with
Panic: file index-mailbox-size.c: line 344 (index_mailbox_vsize_hdr_add_missing):
assertion failed: (mails_left > 0)
- indexer: If indexer-worker crashes, the request it was processing gets
stuck in the indexer process. This stops indexing for the folder until
indexer process is restarted. v2.3.14 regression.
- indexer: Process was slowly leaking memory for each indexing request.
- lib-event: Unnamed events were wrongly filtered out for event/metric
filters like "event=abc OR something_independent_of_event_name".
- lib-index: 64-bit big endian CPUs handle last_used field in
dovecot.index.cache wrong.
- lib-ssl-iostream: Fix buggy OpenSSL error handling without assert-crashing.
If there is no error available, log it as an error instead of crashing.
The previous fix for this in v2.3.11 was incomplete. Fixes
Panic: file istream-openssl.c: line 51 (i_stream_ssl_read_real):
assertion failed: (errno != 0)
- lmtp: Out-of-memory issues can happen when proxying large messages to
LMTP backend servers that accept the message data too slow.
- master: HAProxy header parsing has read buffer overflow if provided
header size is invalid. This happ
8029
ens only if inet_listener
{ haproxy=yes } is configured and only if the remote IP address is in
haproxy_trusted_networks.
- old_stats: Plugin kept increasing memory usage, which became
noticeable with long-running imap sessions.
- stats: Dynamically adding same metric multiple times causes multiple stats.
- submission-login: Authentication does not accept OAUTH2 token (or
other very long credentials) because it considers the line to be too long.
- submission-login: Process can crash if HELO is pipelined with an
invalid domain.
- submission-proxy: Don't use SASL-IR if it would make the AUTH command
line longer than 512 bytes.
- submission: Service would crash if relay server authentication failed.
- virtual: FTS search in a virtual folder could crash if there are
duplicate mailbox GUIDs. This mainly happened when user had both INBOX
and INBOX/INBOX folders and the namespace prefix was INBOX/. Fixes
Panic: file hash.c: line 252 (hash_table_insert_node):
assertion failed: (opcode == HASH_TABLE_OP_UPDATE)
- virtual: If mailbox opening fails, the backend mailbox is leaked and
process crashes when client disconnects. Fixes
Panic: file mail-user.c: line 232 (mail_user_deinit):
assertion failed: ((*user)->refcount == 1)
- virtual: Searching headers in virtual folders didn't always use
full-text search indexes, if fts_enforced=no or body.

Feb 3, 2022
9dd8408
zip
tar.gz

2.3.17.1

Release v2.3.17.1

- dsync: Add back accidentically removed parameters.
- lib-ssl-iostream: Fix assert-crash when OpenSSL returned syscall error
  without errno.
- master: Dovecot failed to start if ssl_ca was too large.

Dec 7, 2021
476cd46
zip
tar.gz

2.3.17

Release v2.3.17

* Dovecot now logs a warning if time seems to jump forward at least
  100 milliseconds.
* dict: Lines logged by the dict process now contain the dict name as
  the prefix.
* lib-index: mail_cache_fields, mail_always_cache_fields and
  mail_never_cache_fields now verifies that the listed header names are
  valid. Especially the UTF8 "–" character has sometimes been wrongly
  used instead of the ASCII "-".
+ *-login: Added login_proxy_rawlog_dir setting to capture
  rawlogs between proxy and backend.
+ dict: The server process now keeps the last 10 idle dict backends
  cached for maximum of 30 seconds. Practically this acts as a
  connection pool for dict-redis and dict-ldap. Note that this doesn't
  affect dict-sql, because it already had its own internal cache.
+ doveadm: New stats add/remove commands added to support changing the
  metrics configuration on runtime.
+ lazy_expunge: Added lazy_expunge_exclude settings to disable
  lazy_expunge for specific folders. \Special-use flags can be used as
  folder names.
+ lib-lua: Added a new helper function dovecot.restrict_global_variables()
  to disable or enable defining new global variables.
- LAYOUT=index List index rebuild was missing.
- LAYOUT=index: Duplicate GUIDs were not detected.
- acl: When using acl_ignore_namespace Dovecot attempted to access or
  create dovecot-acl-list even when the namespace should have been
  ignored. For virtual namespaces this could have yielded errors about
  "Read-only file system" or "Permission denied".
- auth: Setting the "master" passdb field to empty value would
  cause proxying to fail with an authentication error.
  Now an empty "master" field is ignored.
- doveadm-server: Duplicate error lines were sent for failed commands.
  This didn't normally cause visible problems, except when using
  wildcards in usernames or -A parameter to go through multiple users.
- doveadm-server: Logs written by doveadm-server were often missing log
  prefixes, especially mail_log_prefix for mail commands. Logs sent to
  doveadm TCP client were also missing log prefixes.
- doveadm: v2.3 regression: batch command always crashes.
- doveadm: v2.3.11 regression: Commands failed if ssl_cert or
  ssl_key files weren't readable by the user running doveadm, even
  though doveadm didn't actually use these settings
- imap-hibernate: Process may crash at deinit:
  Panic: file ioloop.c: line 928 (io_loop_destroy): assertion failed:
  (ioloop->cur_ctx == NULL).
- imap: Using imap_fetch_failure=no-after can cause assert-crash
  with some IMAP commands if reading the mail fails (e.g. wrong cached
  mail size). Fixes:
  Panic: file index-mail-headers.c: line 198 (index_mail_parse_header_init):
  assertion failed: (!mail->data.header_parser_initialized)
- imap: v2.3.10 regression: When using INDEXPVT to enable private
  \Seen flags (for shared or public namespaces) the STORE command did
  not send untagged replies for the \Seen flag changes.
- imap: v2.3.15 regression: If PREVIEW/SNIPPET is not the final FETCH
  option in the command, the IMAP FETCH response is broken.
- imap: v2.3.15 regression: MOVE command leaks mailbox if it can't be
  opened and crashes at deinit:
  Panic: file mail-user.c: line 229 (mail_user_deinit): assertion failed:
  ((*user)->refcount == 1).
- imapc: Copying nonexistent mail via imapc could have crashed. Fixes:
  Panic: file mail-storage.c: line 2385 (mailbox_transaction_commit_get_changes):
  assertion failed: (ret < 0 || seq_range_count(&changes_r->saved_uids) == save_count ||
  array_count(&changes_r->saved_uids) == 0).
- indexer: v2.3.15 regression: Process crashes if indexer-client
  disconnects while it's waiting for command reply. This happened for
  example if IMAP SEARCH triggered long fts indexing and the IMAP
  client disconnected while waiting for the reply.
- indexer: v2.3.15 regression: Process may have crashed in some situations.
- indexer: v2.3.15 regression: indexer-worker processes may not have
  reached the process_limit in some situations, possibly even using just
  one indexer-worker process even though there were many indexing
  requests queued.
- lib-compression: Reading lz4 compressed mdbox mails may crash. Fixes:
  Panic: file istream.c: line 345 (i_stream_read_memarea):
  assertion failed: (!stream->blocking).
- lib-compression: bench-compress crashes due to xz being read-only.
- lib-lua: Fix linking libdict_lua for non-GNU linkers when Lua support
  is disabled.
- lib-mail: There was no limit on how large an email header name could be.
  Processable header names are now limited to 1000 bytes.
- lib-oauth2: Dovecot disallowed JWT tokens if their validity time was
  older than token creation time (nbf < iat).
- lib-storage: Reduce memory footprint of certain storage operations.
- lib-storage: When listing mailboxes with storage name escape
  characters (^ or .) as part of the mailbox name, the listing could
  show corrupted mailbox names. Due to an issue in handling escaped
  parent folders, the listing of other mailbox names would become
  corrupted by prepending parts of the previously listed mailboxes
  parent folder as prefix to the actual mailbox names. The corruption
  can occur when using LAYOUT=INDEX and maildir or obox, or when using
  the listescape plugin.
- mail-crypt: Fix "-O" argument for "doveadm mailbox cryptokey password"
  command to be a boolean, and not expect a string.
- submission-login: Add support for not authenticating to next hop in
  submission proxying.
- submission-login: EHLO was not sent again after XCLIENT when doing
  submission proxying.
- virtual: Mailboxes do not correctly detect underlying mailboxes
  getting re-created even though they have a different UIDVALIDITY or
  GUID.

Oct 28, 2021
e2aa53d
zip
tar.gz

PreviousNext

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

2.4.1

2.4.0

2.3.21.1

2.3.21

2.3.20

2.3.19.1

2.3.19

2.3.18

2.3.17.1

2.3.17

Tags: dovecot/core