ProHoster > Blog > internet news > New version of POP3 and IMAP4 server Dovecot 2.3.21

New version of POP3 and IMAP4 server Dovecot 2.3.21

A new version of the multi-platform high-performance POP3/IMAP4 server Dovecot 2.3.21 has been published, supporting the POP3 and IMAP4rev1 protocols with popular extensions such as SORT, THREAD and IDLE, and authentication and encryption mechanisms (SASL, TLS, SCRAM). Dovecot remains fully compatible with classic mbox and Maildir, using external indexes to improve performance. Plugins can be used to expand functionality (for example, quotas and ACLs are implemented through plugins). The project code is distributed under LGPL and MIT licenses.

Major changes:

  • lib-oauth2: Allow validation of JWT tokens with missing "typ" field. The "typ" field is not used by some key issuers to save space, notably kubernetes. Now the absence of "typ" is acceptable, but if it is present it must still be "jwt".
  • auth: The "Auth" response from passdb and userdb may contain the value "event_" =value" which will be added to the login event and mail user event respectively.
  • lib-master: Sets the process title at various stages of initialization to clarify what the process is waiting for.
  • lib-storage: The mail_temp_scan_interval is now increased by 0...30% based on the username hash to reduce the likelihood of load spikes.
  • lib-storage: Moved temporary file scanning from the moment the mailbox is opened to the moment it is closed to reduce the delay experienced by users.
  • stats: If fields are specified in the metric, then all these fields are exported as counters to prometheus in exposition format.
  • "*-login": Processes could crash if the SSL connection was inadvertently terminated. - acl: When loading the plugin, the \\HasChildren and \\HasNoChildren flags were incorrectly calculated for mailboxes containing '*' and '%' in their names.
  • auth: A crash occurred when connecting to the PostgreSQL DBMS during startup failed.
  • auth: When logging in with invalid passwords (for example, with an unknown scheme), passdb was throwing the error "password mismatch" instead of an "internal error".
  • auth: The XOAUTH2 and OAUTHBEARER mechanisms did not issue a protocol-specific error message on any errors. This particularly hampered the detection of OIDC.
  • dbox: If the last_temp_file_scan header was not set (especially after a dsync migration), then the next time the mailbox was opened, a scan of temporary files would always be launched. This could cause a load spike after migrations. Fixed using mailbox directory atime when there is no header, which usually pushes scan time into the future.
  • dict-redis: Transaction rollback failed.
  • dsync: When deleting a mailbox on the remote end, when the hierarchy delimiters did not match, an infinite loop occurred, resulting in an out-of-memory event.
  • dsync: Incremental dsync was not performed on folder names ending in '%' unless BROKENCHAR was set. Also, folder names with '%' in other places caused the folder to be unnecessarily renamed to a temporary name and back again with each incremental dsync. Regression v2.3.19.
  • imap-hibernate: If an IMAP client timed out with a "(version received)" message while unlocking, the unlock could later complete successfully and continue normal operation. This was confusing because imap-hibernate had already detected that the client had disconnected. You can avoid this by forcing the connection to end with a hibernation timeout.
  • imapc: Crash when a folder displayed via a virtual plugin disappears from the storage.
  • imapc: EXPUNGE, EXISTS, or FETCH responses from the server for a previously selected mailbox could be treated as if they belonged to the new mailbox currently selected. This could result in warnings.
  • lib-http: The Dovecot HTTP server (doveadm, stats/openmetrics) could disconnect HTTP clients before the response was fully sent. This only happened on busy servers where the kernel socket buffers were very full.
  • lib-http: Fixed a possible crash of the http server if the client disconnects early. Regression in 2.3.18.
  • lib-index: Corruption of the index file could cause a crash. Resolved: Panic: file mail-transaction-log-view.c: line 165 (mail_transaction_log_view_set): assertion failed: (min_file_seq <= max_file_seq).
  • lib-index: Clearing an existing cache file larger than 1 GB could cause a crash. Now, after clearing, cache files that are still larger than 1 GB are deleted. Fixed: Panic: file mail-index-util.c: line 10 (mail_index_uint32_to_offset): assertion failed: (offset < 0x40000000).
  • lib-lua: The HTTP client was unable to resolve DNS names in mail processes because it expected the "dns-client" socket to be in the current directory.
  • lib-oauth2: Dovecot sent client_id and client_secret as POST parameters to the introspection server. However, with Basic auth their use is optional.
  • lib-oauth2: Validation of JWT "aud" was not performed if "aud" was not in the token but was configured in Dovecot.
  • lib-oauth2: JWT key type check is too strict.
  • lib-oauth2: The JWT token audience was not checked against client_id as required by the specification.
  • lib-ssl-iostream: Using the ssl_require_crl=yes option could cause CRL checking to fail for outgoing SSL/TLS connections, although it was intended to only affect CRL checking for client SSL certificates. v2.3.17 regression.
  • lib-sql: MySQL driver leaked memory when connecting failed.
  • lib-storage: Various fixes for low disk space.
  • master: Setting idle_kill service did not work properly on busy servers. It was very unlikely that any process was idle long enough to get killed. In addition, with a large number of processes (for example, imap), the idle_kill processing code used quite a lot of CPU on the main process. Now each idle_kill time interval will monitor the smallest number of idle processes and then kill that number.
  • mdbox: Checking temporary files was performed for always empty directories.
  • mdbox: When writing emails, the fdatasync() call was executed in the wrong parent directory. Also, when it crashed, it crashed instead of writing an error to the log.
  • notify_status: The plugin crashes when user initialization fails. - pop3: Sending a command with a ':' resulted in an "assert-crash". Regression in release 2.3.18.
  • stats: Fixed a panic that occurred when accessing a non-existent event exporter when dynamically adding a new metric using the β€œdoveadm stats add” command. Now the correct error is given.
  • stats: If a process exported many events and then exited, some of the latest events may have been lost.
  • stats: Incorrect Prometheus label names were created with certain histogram group_by configurations. Prometheus rejected these tags.
  • welcome: The plugin failed in some situations where an INBOX was created but not opened, for example if GETMETADATA was used before opening the INBOX.

Source: opennet.ru

Add a comment