0
|
1 test:
|
|
2 - make sure mmap()s work properly with NFS
|
|
3 - make sure locking is done properly when opening/switching modifylog
|
|
4 - make sure SELECT rebuilds index properly when next_uid is near 32bit value
|
|
5 - make sure rfc822_parse_date() works properly
|
|
6 - make sure imap_match functions work properly
|
|
7 - make sure connection limits work
|
235
|
8 - make sure it's noticed by other processes if a) data file is compressed,
|
|
9 b) hash is rebuilt
|
|
10 - make sure the index's ftruncate stuff works
|
|
11 - make sure modify log works properly, especially switching the files
|
0
|
12
|
|
13 index:
|
|
14 - optimization:
|
|
15 - could hash function be better..? like uid*uid? what about changing
|
|
16 probe strategy from linear to something else?
|
|
17 - support shrinking hash file when it becomes 99% empty or so
|
235
|
18 - if first_hole_records == MAIL_INDEX_RECORD_COUNT() -
|
|
19 header->messages_count, we know we can just skip over the hole and do
|
|
20 another direct lookup there
|
|
21 - we could use tree structure to keep track of seqnumbers.. each node
|
|
22 would store how many subnodes it has. deleting nodes (mails) would just
|
|
23 update those counts. this increases the cost of lookups/inserts/deletions
|
|
24 but is faster when more than one hole appears in file.. is it worth it?
|
|
25 maybe #ifdefed away. except we could get rid of the hash file with this
|
|
26 as well, since it could be used to look for both sequences and uids. it
|
|
27 also speeds up UID range lookups when the first UIDs don't exist. use
|
|
28 right-threaded redblack/avl trees (we need to know all child node counts,
|
|
29 does that affect redblack's performance?)
|
0
|
30 - mbox:
|
96
|
31 - if a file isn't valid mbox and it's tried to be opened, say it in one
|
|
32 line in error log, not 6..
|
299
|
33 - locking: if we set shared lock to it while we're accessing it, we could
|
|
34 get it pretty reliable. this means that the mbox fd needs to be locked
|
|
35 before sync() and kept locked after that until we're done with it.
|
|
36 problems are:
|
|
37 - we don't have a single open mbox fd, we open it multiple times
|
|
38 - switching to exclusive lock may deadlock
|
235
|
39 - maybe support Content-Length for figuring out size of text? at least
|
|
40 mutt doesn't prefix "From " in outbox.. If we verify that both
|
|
41 Content-Length and Lines match correctly, there's quite a little chance
|
|
42 that it could be broken by sending them invalid (doesn't local MTA
|
299
|
43 update them anyway?). Though, this may be a bit difficult to implement,
|
|
44 and now that we verify the From-line better, is this even needed?
|
235
|
45 - rewriting could try to preserve the locations of fields it changes
|
|
46 instead of writing them all to end..
|
304
|
47 - empty lines at beginning of file still aren't ignored
|
61
|
48 - read-only support for mailboxes where we don't have write-access? Maybe,
|
|
49 but don't try to use their indexes since that's way too problematic, and
|
|
50 probably even impossible since we can't lock it.
|
235
|
51 - we should try to avoid completely rebuilding indexes unless they're
|
|
52 corrupted. especially if we later want to support some read-only boxes
|
|
53 and keep the mail flags only in index file. fsck() could verify that
|
|
54 records are ok, and that if data file isn't ok the record is deleted.
|
|
55 - if .customflags is removed and Maildir files have custom flags, add
|
|
56 "unknown1" "unknown2" etc. flags to .customflags file for each found flag
|
|
57 - debug: index could be read-only mmaped when it's not locked.
|
313
|
58 - when index is being rebuilt, it always complains about hash/modifylog
|
|
59 having wrong indexid..
|
337
|
60 - we sometiemes leave some space in the index files (memory alignment,
|
|
61 extra_space). we should keep those bytes zeroed to make sure nothing
|
|
62 sensitive is left there.
|
0
|
63
|
|
64 lib-storage:
|
|
65 - support multiple mailbox formats and locations for one user. that would
|
|
66 require support for multiple MailStorages, and since we're chroot()ed,
|
|
67 usually the only way to communicate with others would be to create
|
|
68 RemoteMailStorage which would use TCP/UNIX sockets to connect to another
|
|
69 imap session.
|
|
70 - DELETE/RENAME: when someone else had the mailbox open, we should
|
|
71 disconnect it (when stat() fails with ENOENT while syncing)
|
|
72 - optimize SEARCH [UN]SEEN, [UN]DELETED and [UN]RECENT. They're able to
|
|
73 skip lots of messages based on the index header data.
|
|
74 - use a trie index for fast text searching, like cyrus squat?
|
337
|
75 - maildir: atomic COPY could be done by having transaction directories.
|
|
76 Make a "tra" directory at the same level as cur/new/tmp, and make it
|
|
77 have subdirectories in the same way as tmp has temp files. Directory
|
|
78 begins with a "." as long as transaction isn't finished, rename()ing
|
|
79 it away finishes it. All mails under finished dirs must be moved into
|
|
80 new/ directory and the directory removed by any process who notices them.
|
61
|
81 - we should probably do some light checking that appended mails actually
|
|
82 look like valid rfc822 mails..
|
235
|
83 - SEARCH CHARSET support, iconv()? also means we need to parse the charset
|
|
84 stuff in headers.
|
96
|
85 - SEARCH could optionally support scanning inside file attachments and use
|
|
86 plugins to extract text out of them (word, excel, pdf, etc. etc.)
|
61
|
87 - RENAME INBOX isn't atomic with Maildir. And in general, RENAME can't
|
235
|
88 move mails between different storages. Maybe support doing also using
|
|
89 COPY + delete once COPY is atomic?
|
|
90 - "UID FETCH|SEARCH|STORE *" doesn't work if latest message was deleted.
|
|
91 - maybe limit the length of custom flags? we don't really have a problem
|
|
92 with them, but with mbox a long X-IMAPbase could break something.. Maybe
|
|
93 configurable, default to 50 chars?
|
|
94 - SEARCH should use imap-msgcache, especially for size checking
|
337
|
95 - we could send flag changes after all commands by making expunge/flags sync
|
|
96 counters separate for modify log. flags would need to update the seq
|
|
97 though, too slow?
|
|
98 - things calling message_send() could verify that it wrote enough data.
|
|
99 if not, fill the rest with spaces and return failure.
|
0
|
100
|
|
101 general:
|
|
102 - capabilities:
|
|
103 - acl (rfc2086)
|
|
104 - quota (rfc2087)
|
|
105 - namespace (rfc2342), id (rfc2971), mailbox-referrals (rfc2193),
|
|
106 literal+ (rfc2088), idle (rfc2177), uidplus (rfc2359)
|
337
|
107 - drafts: listext, children, unselect, multiappend, annotate,
|
|
108 annotatemore, binary
|
0
|
109 - sort, thread: are these really useful for clients? do any actually
|
|
110 use them? i'd think most clients want to know all the messages
|
|
111 anyway and can do the sorting/threading themselves.
|
338
|
112 well, squirrelmail seems to want sorting.. guess they could be
|
|
113 useful when clients don't want all messages..
|
0
|
114 - http://www.imc.org/ids.html
|
337
|
115 - sieve? (rfc3028)
|
|
116 - rfc2231 continuation support
|
0
|
117
|
|
118 - go through .temp files and delete them
|
61
|
119 - Content-Language isn't parsed correctly
|
235
|
120 - ulimit / setrlimit() should be set somewhere for imap process
|
0
|
121 - create indexer binary
|
235
|
122 - SIGHUPing master should reload the configuration .. killing imap-auth and
|
|
123 imap-login processes? or just signal imap-login to stop accepting new
|
|
124 connections and let it kill itself
|
|
125 - settings for specifying what sort of data to cache by default
|
|
126 (index->cache_fields)
|
299
|
127 - setting for choosing mbox locking methods
|
235
|
128 - imap-login writes UTC timestamps to log file .. why is that?
|
|
129 - imap-login leaks I/O descriptors when killed (ssl_input + plain_input)
|
|
130 - logins are always sent now using syslog(), we'd need to have i_info()
|
|
131 or something so they could also be written to log files.. also make it
|
|
132 possible to log into different log than errors.
|
|
133 - should we bother checking if there's invalid 8bit headers in
|
|
134 BODY/BODYSTRUCTURE output and converting them to quoted printable?
|
|
135 - update docs/index.txt
|
337
|
136 - support Maildir++ quota
|
|
137 - maybe give more untagged NO/ALERT replies? like when mailbox is in
|
|
138 inconsistent state.
|
61
|
139
|
|
140 auth / login:
|
337
|
141 - kchuid, SRP, anonymous SASL
|
61
|
142 - PAM: support some options so /etc/passwd-lookup isn't needed. uid=x, gid=y,
|
|
143 mailroot=/var/mail. maildirs should be then created when needed
|
0
|
144 - Digest-MD5: support integrity protection, and maybe crypting. Do it
|
|
145 through imap-login like SSL is done?
|
|
146 - imap-auth should limit how fast authentication requests are allowed from
|
|
147 login processes. especially if there's one login/connection the speed
|
235
|
148 should be something like once/sec. also limit how fast to accept new
|
|
149 connections.
|
61
|
150 - HIGH: support executing each login in it's own process, so if an exploit
|
|
151 is ever found from it, the attacker can't see other users' passwords.
|
|
152 - master should limit number of login processes to max_logging_users,
|
|
153 killing old processes when limit is reached
|
|
154 - master should try to keep login_processes_count extra processes all
|
|
155 the time
|
|
156 - login should notify master after it accept()s, and it must close the
|
|
157 listening socket immediately
|
18
|
158
|
|
159 cleanups / checks:
|
|
160 - grep for FIXME
|
|
161 - check if t_push()/t_pop() should be added somewhere
|
61
|
162 - IOBuffer should probably be split into IBuffer and OBuffer, and maybe
|
|
163 making it's internals hidden .. or at least only partly visible.
|
18
|
164 - io_buffer_fd_ref() .. unref() and destroy() would close if refcount = 0?
|
|
165 annoying those close(inbuf->fd)s with open_mail()..
|
|
166 - allocating readwrite pools now just uses system_pool .. so pool_unref()
|
|
167 can't free memory used by it .. what to do about it? at least count the
|
235
|
168 malloc/free calls and complain if at the exit they don't match
|
61
|
169 - ..wonder what it would look like if I did s/FooBarBaz/struct foo_bar_baz/..
|
|
170 - HIGH: Make sure messages of size INT_MAX..UINT_MAX (and more) work
|
|
171 correctly. virtual_size can also overflow making it less than physical_size
|
|
172 - verify memory alignment is valid when reading from index files
|
96
|
173 - create env_put() and env_clean()
|
235
|
174 - nearest_power() could be problematic with things that want it for ints,
|
|
175 not size_t..
|
0
|
176
|
|
177 optional optimizations:
|
|
178 - provide some helper binary to save new mail into mailboxes with CR+LF
|
|
179 line breaks?
|
|
180 - disk I/O is the biggest problem, so split the mail into multiple computers
|
|
181 based on user and have a proxy in the front redirecting the connection.
|
|
182 cyrus had something like this except a lot more complicated - it tried
|
|
183 to fix the problem of having shared mailboxes. we have the same problem
|
293
|
184 with local shared mailboxes as we don't use same UID for everyone's mail
|
|
185 and we may be chrooted, so locally we could communicate with UNIX sockets,
|
|
186 remotely that could be done with TCP sockets.
|