Mercurial > dovecot > original-hg > dovecot-1.2
annotate TODO @ 9208:5d1a52e8d320 HEAD
acl: dovecot-acl file caching fixes.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Tue, 07 Jul 2009 22:52:01 -0400 |
parents | c375c16f1944 |
children | 3f25c2a13a71 |
rev | line source |
---|---|
9121 | 1 - dict quota: syncing may cause quota recalculation, which in turn syncs |
2 all mailboxes and then we'll assert-crash to avoid infinite looping | |
3 | |
9179 | 4 - acl: users are never dropped from acl_shared_dict. |
9056 | 5 - index-sync.c: line 39 (index_mailbox_set_recent_uid): assertion failed: (seq_range_exists(&ibox->recent_flags, uid)) |
6 ^ when stress testing and around "Duplicate file entry" errors | |
8831 | 7 - convert plugin: convert_pop3_uidl_format setting? so old %f uidls could be |
8 converted to dbox.. | |
8564
3c4934783aff
Mention SSL/TLS in "plaintext auth disallowed" error.
Timo Sirainen <tss@iki.fi>
parents:
8555
diff
changeset
|
9 - proxying: support fallbacking to local (or other?) server if the first |
3c4934783aff
Mention SSL/TLS in "plaintext auth disallowed" error.
Timo Sirainen <tss@iki.fi>
parents:
8555
diff
changeset
|
10 one is down |
8555 | 11 - fts-solr: handle DELETE, RENAME |
12 - fsck -> log_file_tail_offset 2273345664 -> 996 -> | |
13 mail-transaction-log.c: line 341 (mail_transaction_log_set_mailbox_sync_pos): | |
14 assertion failed: (file_offset >= log->head->saved_tail_offset) | |
8488 | 15 - virtual: "Searched n% of the mailbox" gives broken numbers since |
8555 | 16 ctx->seq jumps around. And why is it also returned when fts is enabled |
17 along with "Indexed n% of the mailbox"? | |
8488 | 18 - how do shared mailboxes work with plugins? |
19 - expire: not too well. would require knowing the mapping between shared | |
20 namespace and the original user's namespace to avoid duplication. | |
21 - lazy-expunge, fts, etc.? | |
22 - dovecot-acl-list: | |
23 - how does it work with global acls? | |
24 - update immediately after SETACL: add/remove entries, update timestamps | |
25 - read the entire file to memory only once and keep it there, stat() later | |
26 to see if it has changed. if not, perhaps don't even bother stat()ing | |
27 dovecot-acl files? at least not that often.. | |
28 - add anonymous environment for anon logins | |
29 - fs quota: getquotaroot inbox vs. other-box should return different quotas | |
30 if two quotas are defined | |
31 - deliver: log mailbox name using utf8, not mutf7 | |
8158 | 32 - new primes code: are hash tables now being resized too often? |
33 - auth_log_prefix setting similar to mail_log_prefix | |
34 - LDAP attrs: uid=foo,uid=bar doesn't work | |
35 | |
8488 | 36 - easily limit master users to be able to only log as other users within |
37 their domain | |
8158 | 38 - thread indexes: if we expunge a duplicate message-id: and we have a sibling |
39 with identical message-id:, we can probably just move the children? | |
40 (unless there are non-sibling duplicates) | |
41 - SEARCH INTHREAD requires no thread sorting by date - don't do it | |
42 - CONDSTORE: use per-flag/per-keyword conflict checking | |
43 - QRESYNC: Drop expunges from the middle of given seq sets if possible | |
44 - use universal hash functions? | |
45 | |
8488 | 46 - expire plugin: log more with mail_debug=yes |
47 - expire-tool -v could log UID and expire timestamps and what messages got | |
48 expunged | |
8247 | 49 - fts-squat: support ORs |
8158 | 50 - UIDVALIDITY changed while saving -> sync errors |
51 - mbox: copy to Trash, manually delete copied msg, change uidvalidity, | |
52 set nextuid=1, copy again -> error | |
53 - recent_uids assert at least with mbox | |
54 - quota fs: Should values returned by quota be divided by the actual | |
55 filesystem block size instead of hardcoded DEV_BSIZE? not with AIX.. | |
56 - mailbox list fs: Listing subscriptions with children return options doesn't | |
57 work unless iter_is_mailbox() returns the children flags | |
7502 | 58 - sieve-cmu.c crash: i_assert(buf->used - 1 == part->body_size.physical_size); |
7449 | 59 - convert plugin: Create a r/w lock for a file. It's read-locked if |
60 conversion isn't wanted and released when process dies. If conversion is | |
61 wanted and write-lock succeeds, conversion is done, if write-lock doesn't | |
62 succeed it fallbacks to using the old storage. When process is exiting it | |
63 again tries to write-lock and do the conversion. Add a parameter that | |
64 specifies if conversion should be done. | |
7259 | 65 - lucene: handle replacement chars? |
66 - squat: | |
7380 | 67 - wrong indexid |
68 - fts_build_init() assertion failed: (last_uid < last_uid_locked) | |
7259 | 69 - is locking done right? it reads header without file being locked? |
70 - split after ~8 bytes? | |
7391 | 71 - expunges are delayed until more mails are added |
7259 | 72 - test replacement chars (SEARCH / SORT / Squat) |
6987 | 73 |
7575 | 74 - dbox: |
75 - "File unexpectedly lost" doesn't get fixed by itself | |
76 - Fix support for multi-message files | |
7603 | 77 - Delete dovecot-keywords and dovecot-uidlist after all maildir files |
78 have been converted to native dbox | |
7449 | 79 - DEBUG: buffer overflow checking code probably doesn't handle a successful |
80 t_try_realloc() or pool_alloconly_realloc() properly | |
6987 | 81 - cache: compress when we can drop temporary fields. |
82 - new %modifier for reverse DNS lookups with a cache | |
83 - auth_gssapi_hostname = %Xl | |
84 - proxying would also want DNS lookups, but not reverse.. | |
8738 | 85 - ldap: |
86 - domain lookups which set the base for user lookup | |
87 - same attribute can't be used for multiple values. | |
88 - multiple attributes can't be merged to a single value. | |
89 - implement something like: | |
90 user_attrs { | |
91 uid = %{ldap:uidNumber} | |
92 home = %{ldap:homeDirectory} | |
93 quota_bytes = *:bytes=%{ldap:quota} | |
94 } | |
5621 | 95 |
7575 | 96 - Per-user options: |
97 - Deny deleting non-empty mailboxes | |
98 - Disable IDLE "still here" notifications | |
99 | |
6105 | 100 - maildir+pop3/deliver fast updates: |
101 - with locking enabled, pop3 could just keep the one and same sync lock and | |
102 do the whole thing using sync transaction | |
103 - don't update dovecot-uidlist if dovecot.index.cache doesn't exist / | |
104 there's nothing to cache | |
105 - if all messages are expunged and there are no unknown extensions in index, | |
106 unlink dovecot.index and rotate log and add some initial useful info to | |
107 the log (uidvalidity, nextuid) | |
5621 | 108 |
6105 | 109 - maildir |
6987 | 110 - don't allow more than 26 keywords |
6105 | 111 - physical separator could be configurable |
112 - deliver+maildir: if new mails are in new/ or cur/ they're not added to | |
113 dovecot-uidlist but newly saved mails are, so UIDs will be in wrong order | |
114 - maildir_copy_with_hardlinks: We're currently first hardlinking to tmp/ and | |
115 then rename()ing. This wouldn't be necessary if uidlist syncing noticed | |
116 that someone else already had added them to uidlist, and the existing UIDs | |
117 could be assigned to them in the index. | |
6754 | 118 - copying should copy already-cached data |
6105 | 119 - maildir_copy_preserve_filename=yes has a race condition causing "Append with |
120 UID n, but next_uid = y" errors when quota plugin is loaded. Practically | |
121 won't happen except in stress testing. | |
5621 | 122 |
6105 | 123 - mbox |
124 - UID renumbering doesn't really work after all? | |
125 - still problems with CRLF mboxes.. | |
126 | |
6987 | 127 - proxy: If remote server disconnects on login: |
128 login: tried to change state 2 -> 2 | |
6105 | 129 - logging consistency: |
130 http://www.dovecot.org/list/dovecot/2007-April/021532.html | |
131 - EXPUNGE command in read-only mailbox should give an error message if | |
132 there are messages marked as \Deleted? | |
133 - dovecot -o setting=something overriding | |
5557 | 134 - file_cache: we're growing the mmap in page size blocks, which is horribly |
135 slow if mremap() doesn't exist. | |
136 - login_max_processes_count shouldn't count proxying processes | |
137 | |
138 - Allow %variables in mail_chroot setting | |
139 - ssl_verify_client_cert isn't working if the SSL cert doesn't have CRL | |
140 | |
3087 | 141 - keywords: |
142 - add some limits to how many there can be | |
143 - don't return \* in PERMANENTFLAGS when we're full | |
144 - remove unused keywords? | |
2774 | 145 |
146 - caching | |
3904 | 147 - force bits should be used only for nonregistered fields |
148 - change envelope parsing not to use get_headers() so imap.envelope can | |
149 actually be cached without all the headers.. | |
6105 | 150 - if there's no other pressure for compression, we should do it when |
151 enough temp fields are ready to be dropped | |
3904 | 152 - we could try compressing same field values into a single |
153 location in cache file. | |
7259 | 154 - place some maximum limit of fields to cache file? maybe some soft and |
155 hard limits, so when soft limit is reached drop fields that have | |
156 been used only once. when hard limit is reached drop any fields to get | |
157 more space. all this to avoid cache file growing infinitely. | |
2774 | 158 |
3087 | 159 - mbox |
3904 | 160 - syncing existing indexes takes 4x longer than creating new one, why? |
161 - how well does dirty sync + status work? it reads the last mail every | |
162 time? not very good.. | |
163 - always add empty line. make the parser require it too? syncing should | |
164 make sure there always exists two LFs at end of file. raw-mbox-stream | |
165 should make sure the last message ends with LF even if it doesn't exist | |
166 in the file | |
167 - Quote "From ", unquote ">From " | |
4449 | 168 - COPY doesn't work to itself (lock assert crash, for now just disallowed) |
2143 | 169 |
170 - index | |
3087 | 171 - read-only support for mailboxes where we don't have write-access |
6105 | 172 - index file format changes: |
173 - pack UIDs to beginning of file with UID ranges | |
174 - use squat-like compressed uid ranges everywhere | |
6782 | 175 - write first extension intros in dovecot.index.log always with names |
176 - or better yet, drop the intro concept completely as it is now | |
177 - add "transaction boundaries" so we know which records belong to a | |
178 single transaction. | |
179 - only after that we can remove the transaction log offset | |
180 overwriting (otherwise we can get partial transactions in views) | |
2143 | 181 |
4449 | 182 - namespaces |
183 - namespaces: add new "auto_disable" flag so if the mailbox can't be opened | |
184 (eg. file doesn't exist), just ignore the problem and disable the | |
185 namespace | |
186 | |
187 - lib-storage | |
5557 | 188 - rename: allow moving between storages, as long as they're of same type |
4449 | 189 - x search charset asdf all -> should fail |
3087 | 190 |
191 - login | |
4449 | 192 - imap-login: Master sent reply with unknown tag 1. client closed |
193 connection at the exact same time master was logging it in? | |
194 see master_request_abort() | |
3087 | 195 - Digest-MD5: support integrity protection, and maybe crypting. Do it |
196 through login process like SSL is done? | |
197 - x login foo bar | |
198 x NO Authentication failed. | |
199 x login cras pass | |
200 * BYE Disconnected for inactivity. | |
201 ^ but it's not disconnecting! (buggy dovecot-auth not replying) | |
3744 | 202 probably because userdb lookup didn't reply, and fd was already sent |
203 for master.. should imap-login be handling it anymore?.. | |
3087 | 204 - imap-login: Authenticate PLAIN failed: Authentication failed: |
205 Authentication server isn't connected, try again later.. [127.0.0.1] | |
206 ^ NO Authentication failed. (should be Temporary login failure!) | |
207 - if auth process dies, login process should retry authentication if | |
208 possible. or if not, disconnect the client so it doesn't think the auth | |
209 failed. | |
474 | 210 |
3087 | 211 - auth |
4449 | 212 - with blocking passdb we're not caching lookups if the password was wrong |
5557 | 213 - non-plaintext authentication doesn't support all features: |
214 - multiple passdbs don't work, only the first one is used | |
215 - auth cache's last_success password change check doesn't exist | |
9121 | 216 - auth_cache_negative_ttl doesn't check password mismatches |
3087 | 217 - SIGHUP restarts auth processes .. but does it wait until they've finished |
218 with all requests? no. | |
219 - does dovecot-auth really break when it runs out of fds? | |
4449 | 220 - dovecot-auth should limit how fast authentication requests are allowed |
221 from login processes. especially if there's one login/connection the speed | |
3087 | 222 should be something like once/sec. also limit how fast to accept new |
223 connections. | |
224 - support read-only logins. user could with alternative password get only | |
225 read-access to mails so mails could be read relatively safely with | |
226 untrusted computers. Maybe always send [ALERT] about the previous | |
227 read-only login time with IP? | |
4449 | 228 - dovecot-auth workers: create a separate dovecot-pam worker which shares |
229 pretty much all code with dovecot-auth worker but isn't linked against | |
230 any libraries. or..? this might be difficult to do, especially because the | |
231 workers currently can handle any kind of passdb/userb requests. perhaps | |
232 there should be a completely separate simple PAM authenticator binary. | |
526 | 233 |
3087 | 234 - master |
235 - configurable syslog prefix | |
3450 | 236 - if there are duplicate settings, complain about it |
3087 | 237 |
238 - quota | |
239 - if dovecot-uidlist can't be written, assume the new mails have UIDs | |
240 beginning from uidlist.next_uid. Whenever mails are expunged, overwrite | |
241 the next_uid field with the current highest next_uid. Whenever we have | |
242 assumed UIDs and uidlist gets updated, throw the client out with | |
243 "inconsist mailbox". | |
244 | |
245 - ssl | |
246 - add setting: ssl_options = bitmask. by default we enable all openssl | |
247 workarounds, this could be used to disable some of them | |
248 - gnutls support isn't working | |
965 | 249 |
3087 | 250 - search |
6232 | 251 - message header search: we should ignore LWSP between two MIME blocks(?) |
252 - message_search_init() could accept multiple search keywords so we | |
1250 | 253 wouldn't need to call it separately for each one (so we wouldn't need |
254 to parse the message multiple times). | |
255 - could optionally support scanning inside file attachments and use | |
256 plugins to extract text out of them (word, excel, pdf, etc. etc.) | |
257 - Create our own extension: When searching with TEXT/BODY, return | |
258 the message text surrounding the keywords just like web search engines | |
259 do. like: SEARCH X-PRINT-MATCHES TEXT "hello" -> * SEARCH 1 "He said: | |
260 Hello world!" 2 "Hello, I'm ...". This would be especially useful with | |
261 the above attachment scanning. | |
0 | 262 |
3087 | 263 - general |
4449 | 264 - stop using atol(), atoi(), strtoul() etc. in places where we actually |
265 care about what they return, and rather create our own function which | |
266 checks if the input overflows the integer, and if so call i_fatal() | |
267 - LMTP server | |
268 - ability to build plugins statically into the binaries | |
3087 | 269 - ~/.dovecotrc to override system wide settings. namespace settings should |
270 override all the previous namespace settings instead of adding new. | |
271 - things break if next_uid gets to 2^32 | |
376
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
272 |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
273 capabilities: |
3087 | 274 - THREAD=ORDEREDSUBJECT - although pretty useless I'd think. |
376
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
275 - mailbox-referrals (rfc2193) |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
276 - this is useful whenever we would otherwise need to make the |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
277 connection ourself. for example load balancing and shared mailboxes |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
278 requiring another UID to run. |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
279 - this rfc defines no exact way for server to detect if client |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
280 supports referrals or not. I don't think there's much point in |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
281 supporting only referrals, as most clients don't support them. |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
282 Instead we should return referrals when we know that client |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
283 supports them, otherwise do the connecting ourself. If client |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
284 issues RLIST or RLSUB command, it's safe to assume it supports |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
285 referrals. |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
286 - for load balancing this works just fine, but what about shared |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
287 mailboxes which require different UID? If we login with our own |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
288 username, we end up with our own UID instead of what we wanted. |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
289 IMAP URLs don't support separated authorization id which would |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
290 have made this very easy.. We could give the "userid@group" as |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
291 userid, but clients probably treat it as different userid and |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
292 ask the password again. |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
293 - problems, problems, .. maybe not worth the trouble. |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
294 - drafts: |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
295 - http://www.imc.org/ids.html |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
296 - annotate (draft-ietf-imapext-annotate) |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
297 - per-message annotations. this will be major change. especially |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
298 because currently there's no suitable storage for them, and |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
299 they'll probably change all the time.. maybe if we moved into |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
300 berkeley db to store the .data file and these annotations. |
1178 | 301 - this is separate problem from index files. indexes are treated as |
302 temporary files, annotations are permanent data. we'd have to | |
303 support non-db way to do this too, which would probably be just a | |
304 simple (slow) text file. | |
5621 | 305 - use lib-dict probably |
306 - metadata (draft-daboo-imap-annotatemore) | |
376
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
307 - server and per-mailbox annotations. much easier than |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
308 per-message annotations, but they'd be easier to place into |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
309 db as well. |
5621 | 310 - lib-dict, again |
376
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
311 - binary (draft-nerenberg-imap-binary) |