Mercurial > dovecot > core-2.2
view TODO @ 3243:40b4ba3c55b8 HEAD
In-memory indexes work again. Just pass dir as NULL to mail_index_alloc().
| author | Timo Sirainen <tss@iki.fi> |
|---|---|
| date | Tue, 29 Mar 2005 15:18:49 +0300 |
| parents | 769e2e2bf1d5 |
| children | 5c92b51f2b38 |
line wrap: on
line source
happens too often: mail-transaction-log-view.c: line 138 (mail_transaction_log_view_set): assertion failed: (min_file_seq != max_file_seq || min_file_offset <= max_file_offset) line 493 (mbox_lock): assertion failed: (lock_type == F_RDLCK || ibox->mbox_lock_type != F_RDLCK) #5 0x0806faa3 in mbox_lock (ibox=0x80d89b8, lock_type=1, lock_id_r=0xbea6b434) at mbox-lock.c:493 #6 0x08075439 in mbox_sync (ibox=0x80d89b8, flags=MBOX_SYNC_REWRITE) at mbox-sync.c:1286 #7 0x0806d38b in mbox_storage_close (box=0x80d89b8) at mbox-storage.c:793 #8 0x0809666e in mailbox_close (box=0x80d89b8) at mail-storage.c:296 #9 0x080587b6 in client_destroy (client=0x80cefe0) at client.c:69 #10 0x080591c3 in client_output (context=0x80cefe0) at client.c:386 #11 0x080b0086 in stream_send_io (context=0x80cf0a8) at ostream-file.c:339 mail-index-transaction.c: line 467 (mail_index_transaction_add_last): assertion failed:(idx == size || data[idx].uid1 <= update.uid1) - keywords: - add some limits to how many there can be - don't return \* in PERMANENTFLAGS when we're full - send FLAGS/PERMANENTFLAGS untagged replies when they change - sync to mbox/maildir - remove unused keywords? - caching - size.physical isn't cached - force bits should be used only for nonregistered fields - change envelope parsing not to use get_headers() so imap.envelope can actually be cached without all the headers.. - compression should drop fields with last_used < (latest_mail_index_date - month) - when parsing mbox or saving message, parse the mail through index-mail so things gets saved into cache immediately - we can mail_cache_add() same header multiple times.. - get_field() doesn't work if it's not already cached - we could try compressing same field values into a single location in cache file. - Most messages are text/plain/7bit/us-ascii/no-other-content-type-params. Instead of saving tons of nearly identical BODY/BODYSTRUCTURE fields into cache, we could just set INDEX_MAIL_FLAG_TEXT_PLAIN_7BIT_ASCII bit on and generate the bodystructure for such messages on the fly. - support caching allmessage headers. this could be useful when indexes are in local disk but actual mails are accessed through NFS. - mbox - syncing existing indexes takes 4x longer than creating new one, why? - how well does dirty sync + status work? it reads the last mail every time? not very good.. - mbox file offsets still aren't 64bit aligned for some reason.. - when we're updating flags with lazy writing, we're still parsing the mbox, just not writing to it! - always add empty line. make the parser require it too? syncing should make sure there always exists two LFs at end of file. raw-mbox-stream should make sure the last message ends with LF even if it doesn't exist in the file - if (sync_ctx.seen_first_mail && sync_ctx.base_uid_last != sync_ctx.next_uid-1 && ret == 0 && !sync_ctx.delay_writes) { ^ doesn't work correctly with partial syncing? - COPY doesn't work to itself (lock assert crash) - Create UW-IMAP like "DON'T DELETE THIS MESSAGE" message when mbox gets empty - keep mbox lock for two extra seconds after sync - move /var/mail/user to ~/mbox if ~/mbox exists.. supposedly this could be useful if /var/mail doesn't have quota, but ~/mail does. now, what do we then do if we can move only some of the mails?.. - if we can't create dotlock file for mbox, make sure it still can be selected in read-only state - maildir - if indexes exist but dovecot-uidlist doesn't, it's not tried to be recreated - hardlink copying doesn't update indexes - rename foo foo.xyz -> infinite loop possible? - we probably shouldn't do duplicate detection/fixing?.. or at least stat() the old file before trying, because we might have just previously seen the old file and then new file and then we try to fix it.. - if .customflags is removed and Maildir files have custom flags, add "unknown1" "unknown2" etc. flags to .customflags file for each found flag - index - if uoff_t or time_t size changes, don't rebuild indexes because they don't use them. just rebuild cache file. - flag merging code is too complex in index syncing. it should be moved into mbox/maildir syncing where they're combined - mail_index_lookup_ext() doesn't handle resizes between views. probably needs size_t *size_r parameter added.. - optimize initial left_idx in mail_index_lookup_uid_range() - when referencing log files, open them immediately? - if log file is lost, generate it from old and new index - make sure when changing flags multiple times in transaction it goes ok. especially replace + dirty flag - transaction log: when replacing log with a same sequence, we remove it from log's file list, but we don't do anything to existing log views. this can crash later in mail_transaction_log_view_set() because 'first' is from log list, while we're comparing it into view->tail which it never is. also overwriting it leaks memory.. - read-only support for mailboxes where we don't have write-access - when mailbox is deleted/renamed and someone else had it open, we get stat() error messages in log file. - sort: we could create alternative indexes for different sort conditions. sort code itself already supports this optimization. - lib-storage - index_removal_timeout gets leaked in some conditions. how? - subscribe: IMAP(anonymous): open(anonymous/mail/.temp...) failed: Permission denied - subscriptions file should contain namespace prefixes. at least optionally. there's the subscriptions = yes setting now for namespaces.. do it so that if prefix = "" has subscriptions, it contains prefixes. otherwise not. - support zlib compressed mbox/maildir? mbox maybe just read-only. do it through istream-zlib wrapper - should we allow following symlinks in mbox/maildirs? they are now. - if we implement shared mailboxes with shared indexes, never do that or others could symlink your personal mailboxes and see the indexes created for it which may contain envelope etc. data - this allows circular mailbox hierarchies which should be prevented by eg. allowing max. 20 hierarchies. - limit folder hierarchy levels? user can now create eg. a/a/a/a/... and then start renaming them from end to beginning, which probably will at some point start causing syscall failures which will fill up logs. - login - Digest-MD5: support integrity protection, and maybe crypting. Do it through login process like SSL is done? - x login foo bar x NO Authentication failed. x login cras pass * BYE Disconnected for inactivity. ^ but it's not disconnecting! (buggy dovecot-auth not replying) - imap-login: Authenticate PLAIN failed: Authentication failed: Authentication server isn't connected, try again later.. [127.0.0.1] ^ NO Authentication failed. (should be Temporary login failure!) - if auth process dies, login process should retry authentication if possible. or if not, disconnect the client so it doesn't think the auth failed. - send client IP immediately after accept() to master process. make sure master shows the IP if login dies unexpectedly. master should probably also kill the login process if it doesn't kill itself soon enough.. or maybe just log the IP immediately. - auth - APOP is broken? - support specifying hex/base64 encoding in password scheme. for example {plain-md5.base64} - auth protocol: make sure values can't have tabs/lfs - auth cache: cache userdb data too. - remove system_user and allow returning multiple gids instead. - SIGHUP restarts auth processes .. but does it wait until they've finished with all requests? no. - post-login-sql-command - does dovecot-auth really break when it runs out of fds? - dovecot-auth should limit how fast authentication requests are allowed from login processes. especially if there's one login/connection the speed should be something like once/sec. also limit how fast to accept new connections. - support read-only logins. user could with alternative password get only read-access to mails so mails could be read relatively safely with untrusted computers. Maybe always send [ALERT] about the previous read-only login time with IP? - master - pipe() failed: Too many open files - fine, but don't log it 1000 times a second - inetd startup doesn't work anymore - configurable syslog prefix - SIGHUP rather shouldn't restart listening sockets if they didn't change.. - quota - support Maildir++ quota - if dovecot-uidlist can't be written, assume the new mails have UIDs beginning from uidlist.next_uid. Whenever mails are expunged, overwrite the next_uid field with the current highest next_uid. Whenever we have assumed UIDs and uidlist gets updated, throw the client out with "inconsist mailbox". - make sure all syscalls check for ENOSPACE (and ENOACCESS while at it) - ssl - add setting: ssl_options = bitmask. by default we enable all openssl workarounds, this could be used to disable some of them - open("/var/run/dovecot//ssl-parameters.dat", O_RDONLY|O_LARGEFILE) =-1 ENOENT ^ loops forever - gnutls support isn't working - OpenSSL: support generated DH parameters - SSL: Support password protected key files. Support reading the password from user at runtime (dovecot startssl or something). currently it just hangs. - search - message header search: we should ignore LWSP between two MIME blocks - message_body_search() could accept multiple search keywords so we wouldn't need to call it separately for each one (so we wouldn't need to parse the message multiple times). - message_body_search() could support NULL MessagePart and the searching could be done while parsing the message. this would need changes to message_parse() as well. - could optionally support scanning inside file attachments and use plugins to extract text out of them (word, excel, pdf, etc. etc.) - use a trie index for fast text searching, like cyrus squat? - Create our own extension: When searching with TEXT/BODY, return the message text surrounding the keywords just like web search engines do. like: SEARCH X-PRINT-MATCHES TEXT "hello" -> * SEARCH 1 "He said: Hello world!" 2 "Hello, I'm ...". This would be especially useful with the above attachment scanning. - lib - file cache: last block in file isn't cached. - ioloop-kqueue.c patch - dotlocking: stale_timeout should probably take into account how old the file is.. so uses more time with more recent locks.. - lib-charset - utf8_toupper() is a must. and a bit difficult if we want to do it right. - add support for other things than iconv() as well? we could reuse the code from cyrus or courier - cache iconvs? they'd probably be faster if we just reset the conversion instead of opening new one every time. and there will likely be only one or two charsets which are used for nearly all conversions. - general - sieve (rfc3028), we can use Cyrus Sieve - rfc2231 continuation support (useless?) - rfc2557 support for BODYSTRUCTURE, as specified by RFC3501 - lmtp server - is it needed? dovecot-deliver binary at least would be useful - create indexer binary - ~/.dovecotrc to override system wide settings. namespace settings should override all the previous namespace settings instead of adding new. - ESTALE handling for NFS safety - option to disable SORT, SEARCH and other memory/cpu-intensive features. defaults and per-user by dovecot-auth. - dotlock overriding is racy, but it's pretty difficult to fix it. Also overriding someone else's dotlock in shared folder isn't possible. These could be fixed by having separate lock process running as root, which would chown() the file for another uid and then unlink() it as that user. One problem with that is that if malicious user sets setuid+execute bits on for the file, he could run the file and get changed to the new uid. That hopefully shouldn't matter much since the new uid should be user with minimum possible privileges. Anyway, optional.. - things break if next_uid gets to 2^32 capabilities: - preferrably all should be possible to #ifdef away by a configure option (--without-capabilities=acl,namespace,...) - possibility to disable them from config file - THREAD=ORDEREDSUBJECT - although pretty useless I'd think. - acl (rfc2086, draft-ietf-imapext-acl), namespace (rfc2342) - probably do it like cyrus. "user.<username>" to access other users, with "" defaulting to "user.<myself>". these should be configurable however. - shared namespaces? maybe configurable in config file - easiest way to do ACL would be to use unix modes, but is that useful at all? Well, ACL2 has a bit better support for that, so maybe we could support it. - otherwise gets a bit trickly, we could keep all mail in "imapmail" group and 0600/0700 mode by default, but when mail is shared to others, the group read/write access bits would be set. or alternatively we could launch another imap process to handle it, which we should support anyway. ACLs could be stored into ".acl" ascii file in each folder. - support for private and shared flags, configurable by mailbox admin. this isn't in any draft yet, but ACL2 author was going to create one. [SHAREDFLAGS (...)] would specify which ones are shared, don't know yet how they would be configured. - quota (rfc2087, draft-cridland-imap-quota) - give filesystem values only to admins - support for Maildir++, probably no need to support more. quota capability supports complex quota configuration, but if no mailer supports them we probably shouldn't bother either - id (rfc2971) - must be configurable what gets sent, default to only name=Dovecot - separate pre/post-login settings - optionally log configured parts of the client information, but only once, probably at the same time as logging "Logged in", "Disconnected", etc. - remember to force truncating values longer than 30 chars, especially before logging - mailbox-referrals (rfc2193) - this is useful whenever we would otherwise need to make the connection ourself. for example load balancing and shared mailboxes requiring another UID to run. - this rfc defines no exact way for server to detect if client supports referrals or not. I don't think there's much point in supporting only referrals, as most clients don't support them. Instead we should return referrals when we know that client supports them, otherwise do the connecting ourself. If client issues RLIST or RLSUB command, it's safe to assume it supports referrals. - for load balancing this works just fine, but what about shared mailboxes which require different UID? If we login with our own username, we end up with our own UID instead of what we wanted. IMAP URLs don't support separated authorization id which would have made this very easy.. We could give the "userid@group" as userid, but clients probably treat it as different userid and ask the password again. - problems, problems, .. maybe not worth the trouble. - drafts: - http://www.imc.org/ids.html - annotate (draft-ietf-imapext-annotate) - per-message annotations. this will be major change. especially because currently there's no suitable storage for them, and they'll probably change all the time.. maybe if we moved into berkeley db to store the .data file and these annotations. - this is separate problem from index files. indexes are treated as temporary files, annotations are permanent data. we'd have to support non-db way to do this too, which would probably be just a simple (slow) text file. - annotatemore (draft-daboo-imap-annotatemore) - server and per-mailbox annotations. much easier than per-message annotations, but they'd be easier to place into db as well. - binary (draft-nerenberg-imap-binary) - perhaps not too useful. I'd like to make Dovecot fully binary-safe though. - view (draft-ietf-imapext-view) - slow, complex, luckily draft expired almost two years ago. i hope i don't have to implement this :) - can be done client-side just fine (evolution's virtual folders)