"SfR Fresh" - the SfR Freeware/Shareware Archive 
As a special service "SfR Fresh" has tried to format the requested source page into HTML format using source code syntax highlighting with prefixed line numbers.
Alternatively you can here view or download the uninterpreted source code file.
That can be also achieved for any archive member file by clicking within an archive contents listing on the first character of the file(path) respectively on the according byte size field.
1 - com.apple.launchd.peruser.65534: PID 172 "imap"
2 has no account to back it! Real/effective/saved UIDs
3 - change it to use login processes' UID/GID?
4 - mbox: SEARCH TEXT breaks cache / MIME structure somehow?
5 - deliver quota exceeded: saved failed -> sieve generic error ->
6 sieve_execute_bytecode() failed
7 - file ostream-crlf.c: line 339 (_send_istream): assertion failed: ((size_t)ret <= iov.iov_len)
8 - mmap_disable: updated cache header doesn't invalidate other processes' cache?
9 - mail_index_move_to_memory() should lock the index..
10 - mbox: UID renumbering doesn't really work after all?
11 - maildir: we could finish writing dovecot-uidlist.lock before rename()ing
12 any files from tmp/, so if it fails we'll abort the mail saving
13 - file_cache: we're growing the mmap in page size blocks, which is horribly
14 slow if mremap() doesn't exist.
15 - quota: delay counting the quota until it's really needed
16 - login_max_processes_count shouldn't count proxying processes
17 - maildir_copy_with_hardlinks: We're currently first hardlinking to tmp/ and
18 then rename()ing. This wouldn't be necessary if uidlist syncing noticed
19 that someone else already had added them to uidlist, and the existing UIDs
20 could be assigned to them in the index.
21 - maildir_copy_preserve_filename=yes has a race condition causing "Append with
22 UID n, but next_uid = y" errors when quota plugin is loaded. Practically
23 won't happen except in stress testing.
24 - maildir_copy_with_hardlinks=yes is problematic with shared folders where
25 the file mode should change..
26 - still problems with CRLF mboxes..
27
28 - Allow %variables in mail_chroot setting
29 - something should be done to umask setting. we should be creating files with
30 0666 or 0777 and rely on umask, but we shouldn't do that unless we're sure
31 that the umask is the wanted one (ie. imap/pop3 process wasn't started
32 directly)
33 - filesystem group quota patch
34 - ssl_verify_client_cert isn't working if the SSL cert doesn't have CRL
35
36 - keywords:
37 - add some limits to how many there can be
38 - don't return \* in PERMANENTFLAGS when we're full
39 - remove unused keywords?
40
41 - caching
42 - force bits should be used only for nonregistered fields
43 - change envelope parsing not to use get_headers() so imap.envelope can
44 actually be cached without all the headers..
45 - compression should drop fields with last_used <
46 (latest_mail_index_date - month)
47 - we could try compressing same field values into a single
48 location in cache file.
49 - support caching all message headers. this could be useful when
50 indexes are in local disk but actual mails are accessed through NFS.
51
52 - mbox
53 - dirty state should be stored to index (with mbox_very_dirty_syncs)
54 - after some locking timeouts: mbox-lock.c: line 518 (mbox_lock):
55 assertion failed: (lock_type == F_RDLCK || mbox->mbox_lock_type != F_RDLCK)
56 - controldir for mboxes too and place subscriptions file there?
57 - size.physical isn't cached, but should it even be? ..
58 - syncing existing indexes takes 4x longer than creating new one, why?
59 - how well does dirty sync + status work? it reads the last mail every
60 time? not very good..
61 - always add empty line. make the parser require it too? syncing should
62 make sure there always exists two LFs at end of file. raw-mbox-stream
63 should make sure the last message ends with LF even if it doesn't exist
64 in the file
65 - Quote "From ", unquote ">From "
66 - COPY doesn't work to itself (lock assert crash, for now just disallowed)
67 - keep mbox lock for two extra seconds after sync (do we really need to?)
68 - move /var/mail/user to ~/mbox if ~/mbox exists.. supposedly this
69 could be useful if /var/mail doesn't have quota, but ~/mail does.
70 now, what do we then do if we can move only some of the mails?..
71 - if we can't create dotlock file for mbox, make sure it still can be
72 selected in read-only state
73
74 - maildir
75 - if indexes exist but dovecot-uidlist doesn't, it's not tried to be
76 recreated
77 - with pop3 don't move messages from new/ to cur/ before RETR
78 - when sorting maildir files, sort based on Mxxxx first so the files are
79 sorted always in ascending order. required for proper out-of-quota
80 uidlist handling
81 - physical separator could be configurable
82
83 - dbox
84 - keyword list header locking isn't correct now. saving uses file's
85 dotlock, sync uses sync lock. and what about reading?... (I think this
86 is fixed?)
87 - append_offset in header shouldn't be trusted
88 - show in index if there are expunge-flagged mails in the mailbox
89 - pop3_lock_session doesn't work
90
91 - index
92 - dd if=/dev/zero of=dovecot.index bs=1024 count=1 -> NOOP -> crash!
93 - delete >30min old dovecot.index.log.2 files when opening index?
94 - optimize initial left_idx in _view_lookup_uid_range()
95 - if log file is lost, generate it from old and new index
96 - transaction log: when replacing log with a same sequence, we remove it
97 from log's file list, but we don't do anything to existing log views.
98 this can crash later in mail_transaction_log_view_set() because 'first'
99 is from log list, while we're comparing it into view->tail which it never
100 is. also overwriting it leaks memory..
101 - read-only support for mailboxes where we don't have write-access
102
103 - namespaces
104 - namespaces: add new "auto_disable" flag so if the mailbox can't be opened
105 (eg. file doesn't exist), just ignore the problem and disable the
106 namespace
107 - subscribe <namespace prefix> doesn't work.
108 - namespaces don't work in plugins: acl, trash, convert
109 - subscriptions file should contain namespace prefixes. at least optionally.
110 there's the subscriptions = yes setting now for namespaces.. do it so that
111 if prefix = "" has subscriptions, it contains prefixes. otherwise not.
112 - for shared/public namespaces default to "no"
113
114 - lib-storage
115 - rename: allow moving between storages, as long as they're of same type
116 - calls fsync()s etc. less often (when copying). optionally disable them.
117 - x search charset asdf all -> should fail
118 - subscribe: IMAP(anonymous): open(anonymous/mail/.temp...) failed: Permission denied
119 - should we allow following symlinks in mbox/maildirs? they are now.
120 - if we implement shared mailboxes with shared indexes, never do that or
121 others could symlink your personal mailboxes and see the indexes
122 created for it which may contain envelope etc. data
123 - this allows circular mailbox hierarchies which should be prevented by
124 eg. allowing max. 20 hierarchies.
125
126 - login
127 - when pipelining login command + post-login commands, login process should
128 pass the command to imap/pop3 process (at least one pop3 client does this)
129 - imap-login: Master sent reply with unknown tag 1. client closed
130 connection at the exact same time master was logging it in?
131 see master_request_abort()
132 - Digest-MD5: support integrity protection, and maybe crypting. Do it
133 through login process like SSL is done?
134 - x login foo bar
135 x NO Authentication failed.
136 x login cras pass
137 * BYE Disconnected for inactivity.
138 ^ but it's not disconnecting! (buggy dovecot-auth not replying)
139 probably because userdb lookup didn't reply, and fd was already sent
140 for master.. should imap-login be handling it anymore?..
141 - imap-login: Authenticate PLAIN failed: Authentication failed:
142 Authentication server isn't connected, try again later.. [127.0.0.1]
143 ^ NO Authentication failed. (should be Temporary login failure!)
144 - if auth process dies, login process should retry authentication if
145 possible. or if not, disconnect the client so it doesn't think the auth
146 failed.
147 - send client IP immediately after accept() to master process. make sure
148 master shows the IP if login dies unexpectedly. master should probably
149 also kill the login process if it doesn't kill itself soon enough.. or
150 maybe just log the IP immediately.
151
152 - auth
153 - pam service name could contain %vars
154 - add %c to dovecot-auth
155 - ability to specify default password scheme with passwd-file
156 - with blocking passdb we're not caching lookups if the password was wrong
157 - non-plaintext authentication doesn't support all features:
158 - multiple passdbs don't work, only the first one is used
159 - auth cache's last_success password change check doesn't exist
160 - if PAM child process doesn't finish within a minute, kill it
161 - PAM / checkpassword should use passdb-blocking
162 - support specifying hex/base64 encoding in password scheme. for example
163 {plain-md5.base64}
164 - auth cache: cache userdb data too.
165 - remove system_user and allow returning multiple gids instead.
166 - SIGHUP restarts auth processes .. but does it wait until they've finished
167 with all requests? no.
168 - does dovecot-auth really break when it runs out of fds?
169 - dovecot-auth should limit how fast authentication requests are allowed
170 from login processes. especially if there's one login/connection the speed
171 should be something like once/sec. also limit how fast to accept new
172 connections.
173 - support read-only logins. user could with alternative password get only
174 read-access to mails so mails could be read relatively safely with
175 untrusted computers. Maybe always send [ALERT] about the previous
176 read-only login time with IP?
177 - dovecot-auth workers: create a separate dovecot-pam worker which shares
178 pretty much all code with dovecot-auth worker but isn't linked against
179 any libraries. or..? this might be difficult to do, especially because the
180 workers currently can handle any kind of passdb/userb requests. perhaps
181 there should be a completely separate simple PAM authenticator binary.
182
183 - master
184 - Support listening in multiple sockets
185 - per-user/ip limits..
186 - configurable syslog prefix
187 - SIGHUP rather shouldn't restart listening sockets if they didn't change..
188 - if there are duplicate settings, complain about it
189
190 - quota
191 - if dovecot-uidlist can't be written, assume the new mails have UIDs
192 beginning from uidlist.next_uid. Whenever mails are expunged, overwrite
193 the next_uid field with the current highest next_uid. Whenever we have
194 assumed UIDs and uidlist gets updated, throw the client out with
195 "inconsist mailbox".
196 - make sure all syscalls check for ENOSPACE (and ENOACCESS while at it)
197 - quota code should probably be always doing some quota_set_critical()
198 instead of using mail_storage_set_critical(), so that quota_last_error()
199 would work properly
200 - if storage=0 is given, use unlimited quota but track it anyway
201
202 - ssl
203 - add setting: ssl_options = bitmask. by default we enable all openssl
204 workarounds, this could be used to disable some of them
205 - gnutls support isn't working
206
207 - search
208 - message header search: we should ignore LWSP between two MIME blocks
209 - message_body_search() could accept multiple search keywords so we
210 wouldn't need to call it separately for each one (so we wouldn't need
211 to parse the message multiple times).
212 - message_body_search() could support NULL MessagePart and the searching
213 could be done while parsing the message. this would need changes to
214 message_parse() as well.
215 - could optionally support scanning inside file attachments and use
216 plugins to extract text out of them (word, excel, pdf, etc. etc.)
217 - use a trie index for fast text searching, like cyrus squat?
218 - Create our own extension: When searching with TEXT/BODY, return
219 the message text surrounding the keywords just like web search engines
220 do. like: SEARCH X-PRINT-MATCHES TEXT "hello" -> * SEARCH 1 "He said:
221 Hello world!" 2 "Hello, I'm ...". This would be especially useful with
222 the above attachment scanning.
223
224 - lib-charset
225 - utf8_toupper() is a must. and a bit difficult if we want to do it right.
226 - add support for other things than iconv() as well? we could reuse
227 the code from cyrus or courier
228 - cache iconvs? they'd probably be faster if we just reset the
229 conversion instead of opening new one every time. and there will likely
230 be only one or two charsets which are used for nearly all conversions.
231
232 - deliver
233 - We should always return EX_* failures and never our own 89 etc.
234 - recipient_delimiter setting so user+mailbox@domain works directly
235
236 - general
237 - add imap_logout_format
238 - stop using atol(), atoi(), strtoul() etc. in places where we actually
239 care about what they return, and rather create our own function which
240 checks if the input overflows the integer, and if so call i_fatal()
241 - rfc2231 continuation support (useless?)
242 - rfc2557 support for BODYSTRUCTURE, as specified by RFC3501
243 - LMTP server
244 - ability to build plugins statically into the binaries
245 - ~/.dovecotrc to override system wide settings. namespace settings should
246 override all the previous namespace settings instead of adding new.
247 - option to disable SORT, SEARCH and other memory/cpu-intensive features.
248 defaults and per-user by dovecot-auth.
249 - dotlock overriding is racy, but it's pretty difficult to fix it. Also
250 overriding someone else's dotlock in shared folder isn't possible. These
251 could be fixed by having separate lock process running as root, which
252 would chown() the file for another uid and then unlink() it as that user.
253 One problem with that is that if malicious user sets setuid+execute bits
254 on for the file, he could run the file and get changed to the new uid.
255 That hopefully shouldn't matter much since the new uid should be user
256 with minimum possible privileges. Anyway, optional..
257 - things break if next_uid gets to 2^32
258
259 capabilities:
260 - preferrably all should be implemented as plugins
261 - possibility to disable them from config file
262 - THREAD=ORDEREDSUBJECT - although pretty useless I'd think.
263 - acl (rfc2086, draft-ietf-imapext-acl), namespace (rfc2342)
264 - probably do it like cyrus. "user.<username>" to access other
265 users, with "" defaulting to "user.<myself>". these should be
266 configurable however.
267 - shared namespaces? maybe configurable in config file
268 - easiest way to do ACL would be to use unix modes, but is that
269 useful at all? Well, ACL2 has a bit better support for that, so
270 maybe we could support it.
271 - otherwise gets a bit trickly, we could keep all mail in "imapmail"
272 group and 0600/0700 mode by default, but when mail is shared to others,
273 the group read/write access bits would be set. or alternatively we
274 could launch another imap process to handle it, which we should support
275 anyway. ACLs could be stored into ".acl" ascii file in each folder.
276 - support for private and shared flags, configurable by mailbox admin.
277 this isn't in any draft yet, but ACL2 author was going to create one.
278 [SHAREDFLAGS (...)] would specify which ones are shared, don't know yet
279 how they would be configured.
280 - id (rfc2971)
281 - must be configurable what gets sent, default to only name=Dovecot
282 - separate pre/post-login settings
283 - optionally log configured parts of the client information, but only
284 once, probably at the same time as logging "Logged in",
285 "Disconnected", etc.
286 - remember to force truncating values longer than 30 chars,
287 especially before logging
288 - mailbox-referrals (rfc2193)
289 - this is useful whenever we would otherwise need to make the
290 connection ourself. for example load balancing and shared mailboxes
291 requiring another UID to run.
292 - this rfc defines no exact way for server to detect if client
293 supports referrals or not. I don't think there's much point in
294 supporting only referrals, as most clients don't support them.
295 Instead we should return referrals when we know that client
296 supports them, otherwise do the connecting ourself. If client
297 issues RLIST or RLSUB command, it's safe to assume it supports
298 referrals.
299 - for load balancing this works just fine, but what about shared
300 mailboxes which require different UID? If we login with our own
301 username, we end up with our own UID instead of what we wanted.
302 IMAP URLs don't support separated authorization id which would
303 have made this very easy.. We could give the "userid@group" as
304 userid, but clients probably treat it as different userid and
305 ask the password again.
306 - problems, problems, .. maybe not worth the trouble.
307 - drafts:
308 - http://www.imc.org/ids.html
309 - annotate (draft-ietf-imapext-annotate)
310 - per-message annotations. this will be major change. especially
311 because currently there's no suitable storage for them, and
312 they'll probably change all the time.. maybe if we moved into
313 berkeley db to store the .data file and these annotations.
314 - this is separate problem from index files. indexes are treated as
315 temporary files, annotations are permanent data. we'd have to
316 support non-db way to do this too, which would probably be just a
317 simple (slow) text file.
318 - annotatemore (draft-daboo-imap-annotatemore)
319 - server and per-mailbox annotations. much easier than
320 per-message annotations, but they'd be easier to place into
321 db as well.
322 - binary (draft-nerenberg-imap-binary)
323 - perhaps not too useful. I'd like to make Dovecot fully
324 binary-safe though.
325 - view (draft-ietf-imapext-view)
326 - slow, complex, luckily draft expired almost two years ago.
327 i hope i don't have to implement this :)
328 - can be done client-side just fine (evolution's virtual folders)