0
|
1 test:
|
|
2 - make sure mmap()s work properly with NFS
|
|
3 - make sure locking is done properly when opening/switching modifylog
|
|
4 - make sure index->header->flags are updated at correct times
|
|
5 - make sure SELECT rebuilds index properly when next_uid is near 32bit value
|
|
6 - make sure rfc822_parse_date() works properly
|
|
7 - make sure imap_match functions work properly
|
|
8 - make sure connection limits work
|
235
|
9 - make sure it's noticed by other processes if a) data file is compressed,
|
|
10 b) hash is rebuilt
|
|
11 - make sure the index's ftruncate stuff works
|
|
12 - make sure modify log works properly, especially switching the files
|
0
|
13
|
|
14 index:
|
|
15 - optimization:
|
|
16 - could hash function be better..? like uid*uid? what about changing
|
|
17 probe strategy from linear to something else?
|
|
18 - support shrinking hash file when it becomes 99% empty or so
|
235
|
19 - if first_hole_records == MAIL_INDEX_RECORD_COUNT() -
|
|
20 header->messages_count, we know we can just skip over the hole and do
|
|
21 another direct lookup there
|
|
22 - we could use tree structure to keep track of seqnumbers.. each node
|
|
23 would store how many subnodes it has. deleting nodes (mails) would just
|
|
24 update those counts. this increases the cost of lookups/inserts/deletions
|
|
25 but is faster when more than one hole appears in file.. is it worth it?
|
|
26 maybe #ifdefed away. except we could get rid of the hash file with this
|
|
27 as well, since it could be used to look for both sequences and uids. it
|
|
28 also speeds up UID range lookups when the first UIDs don't exist. use
|
|
29 right-threaded redblack/avl trees (we need to know all child node counts,
|
|
30 does that affect redblack's performance?)
|
0
|
31 - mbox:
|
96
|
32 - if a file isn't valid mbox and it's tried to be opened, say it in one
|
|
33 line in error log, not 6..
|
|
34 - if we read-locked mbox file when we're accessing it, we could get it
|
|
35 pretty reliable.. do other MUAs do that? if yes, drop the dotlock
|
235
|
36 and only support flock() or fcntl() locking
|
|
37 - don't open() + close() the mbox file all the time, at least while
|
|
38 it's being locked..
|
|
39 - maybe support Content-Length for figuring out size of text? at least
|
|
40 mutt doesn't prefix "From " in outbox.. If we verify that both
|
|
41 Content-Length and Lines match correctly, there's quite a little chance
|
|
42 that it could be broken by sending them invalid (doesn't local MTA
|
|
43 update them anyway?).
|
|
44 - rewriting could try to preserve the locations of fields it changes
|
|
45 instead of writing them all to end..
|
|
46 - mbox-rewrite rename()s the file, which breaks if the original was a
|
|
47 symlink. but how do we fix this? we may not have write-access to the
|
|
48 directory where it points to, so we'd need to manually copy it..
|
|
49 - mbox-append.c changes iobuffer->size .. it's not very good behaviour, but
|
|
50 since it calls io_buffer_seek() after it works. but maybe a separate
|
|
51 function to do that? io_buffer_limit_mmap_size(IOBuffer *, uoff_t size)
|
61
|
52 - read-only support for mailboxes where we don't have write-access? Maybe,
|
|
53 but don't try to use their indexes since that's way too problematic, and
|
|
54 probably even impossible since we can't lock it.
|
235
|
55 - we should try to avoid completely rebuilding indexes unless they're
|
|
56 corrupted. especially if we later want to support some read-only boxes
|
|
57 and keep the mail flags only in index file. fsck() could verify that
|
|
58 records are ok, and that if data file isn't ok the record is deleted.
|
|
59 - some fast-open flag for index, which wouldn't trigger cache_update on
|
|
60 open (for STATUS command).
|
|
61 - if .customflags is removed and Maildir files have custom flags, add
|
|
62 "unknown1" "unknown2" etc. flags to .customflags file for each found flag
|
|
63 - debug: index could be read-only mmaped when it's not locked.
|
0
|
64
|
|
65 lib-storage:
|
|
66 - support multiple mailbox formats and locations for one user. that would
|
|
67 require support for multiple MailStorages, and since we're chroot()ed,
|
|
68 usually the only way to communicate with others would be to create
|
|
69 RemoteMailStorage which would use TCP/UNIX sockets to connect to another
|
|
70 imap session.
|
|
71 - DELETE/RENAME: when someone else had the mailbox open, we should
|
|
72 disconnect it (when stat() fails with ENOENT while syncing)
|
|
73 - optimize SEARCH [UN]SEEN, [UN]DELETED and [UN]RECENT. They're able to
|
|
74 skip lots of messages based on the index header data.
|
|
75 - use a trie index for fast text searching, like cyrus squat?
|
61
|
76 - BUG: hardlink-COPY doesn't work right:
|
|
77 - it should generate new filename for destination folder, so copying
|
|
78 same message twice won't break it
|
|
79 - custom flags aren't copied
|
0
|
80 - maildir: atomic COPY could be done by setting a "temporary" flag into the
|
|
81 file's name. once copying is done, set an ignore-temporary field into
|
|
82 index's header. at next sync the temporary flag will be removed.
|
61
|
83 - we should probably do some light checking that appended mails actually
|
|
84 look like valid rfc822 mails..
|
235
|
85 - SEARCH CHARSET support, iconv()? also means we need to parse the charset
|
|
86 stuff in headers.
|
96
|
87 - SEARCH could optionally support scanning inside file attachments and use
|
|
88 plugins to extract text out of them (word, excel, pdf, etc. etc.)
|
61
|
89 - RENAME INBOX isn't atomic with Maildir. And in general, RENAME can't
|
235
|
90 move mails between different storages. Maybe support doing also using
|
|
91 COPY + delete once COPY is atomic?
|
|
92 - "UID FETCH|SEARCH|STORE *" doesn't work if latest message was deleted.
|
|
93 - maybe limit the length of custom flags? we don't really have a problem
|
|
94 with them, but with mbox a long X-IMAPbase could break something.. Maybe
|
|
95 configurable, default to 50 chars?
|
|
96 - "APPEND invalid data {5}" - says "+ OK" and after that says it's invalid.
|
|
97 that "+ OK" shouldn't be sent by imap-parser if LITERAL_SIZE is used..
|
|
98 - SEARCH should use imap-msgcache, especially for size checking
|
0
|
99
|
|
100 general:
|
|
101 - capabilities:
|
|
102 - acl (rfc2086)
|
|
103 - quota (rfc2087)
|
|
104 - namespace (rfc2342), id (rfc2971), mailbox-referrals (rfc2193),
|
|
105 literal+ (rfc2088), idle (rfc2177), uidplus (rfc2359)
|
|
106 - drafts: listext, children, unselect, multiappend, annotatemore
|
|
107 - sort, thread: are these really useful for clients? do any actually
|
|
108 use them? i'd think most clients want to know all the messages
|
|
109 anyway and can do the sorting/threading themselves.
|
|
110 - http://www.imc.org/ids.html
|
235
|
111 - sieve? (rfc-3028)
|
0
|
112 - rfc-2231 continuation support
|
|
113
|
|
114 - go through .temp files and delete them
|
61
|
115 - Content-Language isn't parsed correctly
|
235
|
116 - ulimit / setrlimit() should be set somewhere for imap process
|
0
|
117 - create indexer binary
|
235
|
118 - SIGHUPing master should reload the configuration .. killing imap-auth and
|
|
119 imap-login processes? or just signal imap-login to stop accepting new
|
|
120 connections and let it kill itself
|
61
|
121 - users should always be able to delete mail from mailbox, even if their
|
|
122 quota is completely full. this would require us to create the indexes
|
|
123 elsewhere .. in-memory should work fine?
|
|
124 - if index was rebuilt (because corruption was noticed), the user should be
|
235
|
125 disconnected because everything might have changed (unless it's noticed
|
|
126 while just opening the indexes).
|
|
127 - settings for specifying what sort of data to cache by default
|
|
128 (index->cache_fields)
|
|
129 - setting for choosing mbox locking method
|
|
130 - maybe a bit more verbose warnings for some errors, like "invalid date:
|
|
131 <date that was tried>". easier than sniffing the traffic.
|
|
132 - imap-login writes UTC timestamps to log file .. why is that?
|
|
133 - imap-login leaks I/O descriptors when killed (ssl_input + plain_input)
|
|
134 - logins are always sent now using syslog(), we'd need to have i_info()
|
|
135 or something so they could also be written to log files.. also make it
|
|
136 possible to log into different log than errors.
|
|
137 - should we bother checking if there's invalid 8bit headers in
|
|
138 BODY/BODYSTRUCTURE output and converting them to quoted printable?
|
|
139 - virtual mail which shows up every time we're out of disk space. but how?..
|
|
140 - update docs/index.txt
|
61
|
141
|
|
142 auth / login:
|
0
|
143 - SRP authentication support?
|
61
|
144 - PAM: support some options so /etc/passwd-lookup isn't needed. uid=x, gid=y,
|
|
145 mailroot=/var/mail. maildirs should be then created when needed
|
|
146 - vpopmail support
|
0
|
147 - Digest-MD5: support integrity protection, and maybe crypting. Do it
|
|
148 through imap-login like SSL is done?
|
|
149 - imap-auth should limit how fast authentication requests are allowed from
|
|
150 login processes. especially if there's one login/connection the speed
|
235
|
151 should be something like once/sec. also limit how fast to accept new
|
|
152 connections.
|
61
|
153 - HIGH: support executing each login in it's own process, so if an exploit
|
|
154 is ever found from it, the attacker can't see other users' passwords.
|
|
155 - master should limit number of login processes to max_logging_users,
|
|
156 killing old processes when limit is reached
|
|
157 - master should try to keep login_processes_count extra processes all
|
|
158 the time
|
|
159 - login should notify master after it accept()s, and it must close the
|
|
160 listening socket immediately
|
18
|
161
|
|
162 cleanups / checks:
|
|
163 - grep for FIXME
|
|
164 - check if t_push()/t_pop() should be added somewhere
|
61
|
165 - IOBuffer should probably be split into IBuffer and OBuffer, and maybe
|
|
166 making it's internals hidden .. or at least only partly visible.
|
18
|
167 - io_buffer_fd_ref() .. unref() and destroy() would close if refcount = 0?
|
|
168 annoying those close(inbuf->fd)s with open_mail()..
|
|
169 - allocating readwrite pools now just uses system_pool .. so pool_unref()
|
|
170 can't free memory used by it .. what to do about it? at least count the
|
235
|
171 malloc/free calls and complain if at the exit they don't match
|
61
|
172 - ..wonder what it would look like if I did s/FooBarBaz/struct foo_bar_baz/..
|
|
173 - HIGH: Make sure messages of size INT_MAX..UINT_MAX (and more) work
|
|
174 correctly. virtual_size can also overflow making it less than physical_size
|
|
175 - verify memory alignment is valid when reading from index files
|
96
|
176 - create env_put() and env_clean()
|
235
|
177 - nearest_power() could be problematic with things that want it for ints,
|
|
178 not size_t..
|
0
|
179
|
|
180 optional optimizations:
|
|
181 - provide some helper binary to save new mail into mailboxes with CR+LF
|
|
182 line breaks?
|
|
183 - disk I/O is the biggest problem, so split the mail into multiple computers
|
|
184 based on user and have a proxy in the front redirecting the connection.
|
|
185 cyrus had something like this except a lot more complicated - it tried
|
|
186 to fix the problem of having shared mailboxes. we have the same problem
|
|
187 with local shared mailboxes as we chroot(), so locally we could communicate
|
|
188 with UNIX sockets, remotely that could be done with TCP sockets.
|