Mercurial > dovecot > original-hg > dovecot-1.2
annotate TODO @ 5621:eba408782747 HEAD
updated
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Mon, 14 May 2007 02:03:07 +0300 |
parents | 657406346288 |
children | 8f79b333fc47 |
rev | line source |
---|---|
5621 | 1 POP3(username): UID larger than next_uid in file /home/username/Maildir/dovecot-uidlist (1 >= 1) |
2 - 229 (1 >= 1) 44 (2 >= 2) 3 (3 >= 3) 1 (7 >= 7) | |
3 | |
4 POP3(xxxxx@xxxxxxx): file maildir-sync.c: line 1075 (maildir_sync_index): assertion failed: (uid > prev_uid) | |
5 | |
6 - v1.1: | |
7 - IMAP ACL / shared mailboxes support | |
8 - subscriptions | |
9 - is it useful to subscribe to a namespace prefix? | |
10 - mailbox list index for fs layout | |
11 - quota: delay counting the quota until it's really needed | |
12 | |
13 - rquotad support for FS quota | |
14 - logging | |
15 - consistency: http://www.dovecot.org/list/dovecot/2007-April/021532.html | |
16 - add imap_logout_format | |
17 - number of bytes sent | |
18 - If dovecot.index.log has EXPUNGE command but mailbox is read-only it won't | |
19 get fixed by itself. | |
20 - EXPUNGE command in read-only mailbox should give an error message if | |
21 there are messages marked as \Deleted? | |
5557 | 22 - dovecot -o setting=something overriding |
23 - don't use squat with header if index doesn't exist | |
24 - don't use squat index if searching only a couple of mails | |
25 - Send local/remote ports to dovecot-auth | |
26 - vmailmgr patch | |
27 - managesieve patch | |
28 - cache-while-saving doesn't work with mbox/dbox | |
29 - threading: (all done?) | |
30 - duplicate: mark original as rebuild | |
31 - re-parent (also reparenting to root): mark as rebuild | |
32 - unref: if refcount drops to zero, set children's parent=0 (can happen | |
33 if there are only grandchildren and dummy children) | |
34 - mail-hash: stat() and reopen if needed | |
35 - subjects: group roots togethere already while gathering subjects. then | |
36 go through them and sort them to get their sent date. then start writing | |
37 the nodes out. sorting needs to these cases: | |
38 1) root is dummy -> just sort their children. if there are dummies | |
39 they're skipped and their children ascend | |
40 2) root is non-dummy -> there are no dummies at all in the thread. | |
41 the root has the oldest date in the thread. after the root if there | |
42 are re: or fwd: messages they're children to the root. if there are | |
43 more messages after that, a new dummy parent needs to be created, | |
44 and the rest of the messages need to be sorted before sending | |
45 | |
46 - mmap_disable: updated cache header doesn't invalidate other processes' cache? | |
47 - mail_index_move_to_memory() should lock the index.. | |
48 - mbox: UID renumbering doesn't really work after all? | |
49 - maildir: we could finish writing dovecot-uidlist.lock before rename()ing | |
50 any files from tmp/, so if it fails we'll abort the mail saving | |
51 - file_cache: we're growing the mmap in page size blocks, which is horribly | |
52 slow if mremap() doesn't exist. | |
53 - login_max_processes_count shouldn't count proxying processes | |
54 - maildir_copy_with_hardlinks: We're currently first hardlinking to tmp/ and | |
55 then rename()ing. This wouldn't be necessary if uidlist syncing noticed | |
56 that someone else already had added them to uidlist, and the existing UIDs | |
57 could be assigned to them in the index. | |
58 - maildir_copy_preserve_filename=yes has a race condition causing "Append with | |
59 UID n, but next_uid = y" errors when quota plugin is loaded. Practically | |
60 won't happen except in stress testing. | |
61 - maildir_copy_with_hardlinks=yes is problematic with shared folders where | |
62 the file mode should change.. | |
63 - still problems with CRLF mboxes.. | |
64 | |
65 - Allow %variables in mail_chroot setting | |
66 - something should be done to umask setting. we should be creating files with | |
67 0666 or 0777 and rely on umask, but we shouldn't do that unless we're sure | |
68 that the umask is the wanted one (ie. imap/pop3 process wasn't started | |
69 directly) | |
70 - filesystem group quota patch | |
71 - ssl_verify_client_cert isn't working if the SSL cert doesn't have CRL | |
72 | |
3087 | 73 - keywords: |
74 - add some limits to how many there can be | |
75 - don't return \* in PERMANENTFLAGS when we're full | |
76 - remove unused keywords? | |
2774 | 77 |
78 - caching | |
3904 | 79 - force bits should be used only for nonregistered fields |
80 - change envelope parsing not to use get_headers() so imap.envelope can | |
81 actually be cached without all the headers.. | |
82 - compression should drop fields with last_used < | |
83 (latest_mail_index_date - month) | |
84 - we could try compressing same field values into a single | |
85 location in cache file. | |
86 - support caching all message headers. this could be useful when | |
87 indexes are in local disk but actual mails are accessed through NFS. | |
2774 | 88 |
3087 | 89 - mbox |
4449 | 90 - dirty state should be stored to index (with mbox_very_dirty_syncs) |
91 - after some locking timeouts: mbox-lock.c: line 518 (mbox_lock): | |
92 assertion failed: (lock_type == F_RDLCK || mbox->mbox_lock_type != F_RDLCK) | |
93 - controldir for mboxes too and place subscriptions file there? | |
3904 | 94 - size.physical isn't cached, but should it even be? .. |
95 - syncing existing indexes takes 4x longer than creating new one, why? | |
96 - how well does dirty sync + status work? it reads the last mail every | |
97 time? not very good.. | |
98 - always add empty line. make the parser require it too? syncing should | |
99 make sure there always exists two LFs at end of file. raw-mbox-stream | |
100 should make sure the last message ends with LF even if it doesn't exist | |
101 in the file | |
102 - Quote "From ", unquote ">From " | |
4449 | 103 - COPY doesn't work to itself (lock assert crash, for now just disallowed) |
3904 | 104 - keep mbox lock for two extra seconds after sync (do we really need to?) |
2143 | 105 - move /var/mail/user to ~/mbox if ~/mbox exists.. supposedly this |
106 could be useful if /var/mail doesn't have quota, but ~/mail does. | |
107 now, what do we then do if we can move only some of the mails?.. | |
108 - if we can't create dotlock file for mbox, make sure it still can be | |
109 selected in read-only state | |
110 | |
3087 | 111 - maildir |
3450 | 112 - with pop3 don't move messages from new/ to cur/ before RETR |
4449 | 113 - when sorting maildir files, sort based on Mxxxx first so the files are |
114 sorted always in ascending order. required for proper out-of-quota | |
115 uidlist handling | |
5557 | 116 - physical separator could be configurable |
4449 | 117 |
118 - dbox | |
119 - keyword list header locking isn't correct now. saving uses file's | |
5557 | 120 dotlock, sync uses sync lock. and what about reading?... (I think this |
121 is fixed?) | |
4449 | 122 - append_offset in header shouldn't be trusted |
123 - show in index if there are expunge-flagged mails in the mailbox | |
124 - pop3_lock_session doesn't work | |
3087 | 125 |
2143 | 126 - index |
4449 | 127 - dd if=/dev/zero of=dovecot.index bs=1024 count=1 -> NOOP -> crash! |
128 - delete >30min old dovecot.index.log.2 files when opening index? | |
129 - optimize initial left_idx in _view_lookup_uid_range() | |
2143 | 130 - if log file is lost, generate it from old and new index |
3087 | 131 - transaction log: when replacing log with a same sequence, we remove it |
132 from log's file list, but we don't do anything to existing log views. | |
133 this can crash later in mail_transaction_log_view_set() because 'first' | |
134 is from log list, while we're comparing it into view->tail which it never | |
135 is. also overwriting it leaks memory.. | |
136 - read-only support for mailboxes where we don't have write-access | |
2143 | 137 |
4449 | 138 - namespaces |
139 - namespaces: add new "auto_disable" flag so if the mailbox can't be opened | |
140 (eg. file doesn't exist), just ignore the problem and disable the | |
141 namespace | |
142 - subscribe <namespace prefix> doesn't work. | |
5621 | 143 - namespaces don't work in plugins: convert |
3087 | 144 - subscriptions file should contain namespace prefixes. at least optionally. |
145 there's the subscriptions = yes setting now for namespaces.. do it so that | |
146 if prefix = "" has subscriptions, it contains prefixes. otherwise not. | |
4128 | 147 - for shared/public namespaces default to "no" |
4449 | 148 |
149 - lib-storage | |
5557 | 150 - rename: allow moving between storages, as long as they're of same type |
4449 | 151 - x search charset asdf all -> should fail |
152 - subscribe: IMAP(anonymous): open(anonymous/mail/.temp...) failed: Permission denied | |
3087 | 153 - should we allow following symlinks in mbox/maildirs? they are now. |
154 - if we implement shared mailboxes with shared indexes, never do that or | |
155 others could symlink your personal mailboxes and see the indexes | |
156 created for it which may contain envelope etc. data | |
157 - this allows circular mailbox hierarchies which should be prevented by | |
158 eg. allowing max. 20 hierarchies. | |
159 | |
160 - login | |
4449 | 161 - when pipelining login command + post-login commands, login process should |
162 pass the command to imap/pop3 process (at least one pop3 client does this) | |
163 - imap-login: Master sent reply with unknown tag 1. client closed | |
164 connection at the exact same time master was logging it in? | |
165 see master_request_abort() | |
3087 | 166 - Digest-MD5: support integrity protection, and maybe crypting. Do it |
167 through login process like SSL is done? | |
168 - x login foo bar | |
169 x NO Authentication failed. | |
170 x login cras pass | |
171 * BYE Disconnected for inactivity. | |
172 ^ but it's not disconnecting! (buggy dovecot-auth not replying) | |
3744 | 173 probably because userdb lookup didn't reply, and fd was already sent |
174 for master.. should imap-login be handling it anymore?.. | |
3087 | 175 - imap-login: Authenticate PLAIN failed: Authentication failed: |
176 Authentication server isn't connected, try again later.. [127.0.0.1] | |
177 ^ NO Authentication failed. (should be Temporary login failure!) | |
178 - if auth process dies, login process should retry authentication if | |
179 possible. or if not, disconnect the client so it doesn't think the auth | |
180 failed. | |
181 - send client IP immediately after accept() to master process. make sure | |
182 master shows the IP if login dies unexpectedly. master should probably | |
183 also kill the login process if it doesn't kill itself soon enough.. or | |
184 maybe just log the IP immediately. | |
474 | 185 |
3087 | 186 - auth |
5621 | 187 - uid_file and gid_file to get the uid/gid from given file's owner/group |
4449 | 188 - ability to specify default password scheme with passwd-file |
189 - with blocking passdb we're not caching lookups if the password was wrong | |
5557 | 190 - non-plaintext authentication doesn't support all features: |
191 - multiple passdbs don't work, only the first one is used | |
192 - auth cache's last_success password change check doesn't exist | |
4449 | 193 - if PAM child process doesn't finish within a minute, kill it |
194 - PAM / checkpassword should use passdb-blocking | |
3087 | 195 - remove system_user and allow returning multiple gids instead. |
196 - SIGHUP restarts auth processes .. but does it wait until they've finished | |
197 with all requests? no. | |
198 - does dovecot-auth really break when it runs out of fds? | |
4449 | 199 - dovecot-auth should limit how fast authentication requests are allowed |
200 from login processes. especially if there's one login/connection the speed | |
3087 | 201 should be something like once/sec. also limit how fast to accept new |
202 connections. | |
203 - support read-only logins. user could with alternative password get only | |
204 read-access to mails so mails could be read relatively safely with | |
205 untrusted computers. Maybe always send [ALERT] about the previous | |
206 read-only login time with IP? | |
4449 | 207 - dovecot-auth workers: create a separate dovecot-pam worker which shares |
208 pretty much all code with dovecot-auth worker but isn't linked against | |
209 any libraries. or..? this might be difficult to do, especially because the | |
210 workers currently can handle any kind of passdb/userb requests. perhaps | |
211 there should be a completely separate simple PAM authenticator binary. | |
526 | 212 |
3087 | 213 - master |
4449 | 214 - Support listening in multiple sockets |
215 - per-user/ip limits.. | |
3087 | 216 - configurable syslog prefix |
217 - SIGHUP rather shouldn't restart listening sockets if they didn't change.. | |
3450 | 218 - if there are duplicate settings, complain about it |
3087 | 219 |
220 - quota | |
221 - if dovecot-uidlist can't be written, assume the new mails have UIDs | |
222 beginning from uidlist.next_uid. Whenever mails are expunged, overwrite | |
223 the next_uid field with the current highest next_uid. Whenever we have | |
224 assumed UIDs and uidlist gets updated, throw the client out with | |
225 "inconsist mailbox". | |
4449 | 226 - if storage=0 is given, use unlimited quota but track it anyway |
3087 | 227 |
228 - ssl | |
229 - add setting: ssl_options = bitmask. by default we enable all openssl | |
230 workarounds, this could be used to disable some of them | |
231 - gnutls support isn't working | |
965 | 232 |
3087 | 233 - search |
234 - message header search: we should ignore LWSP between two MIME blocks | |
1250 | 235 - message_body_search() could accept multiple search keywords so we |
236 wouldn't need to call it separately for each one (so we wouldn't need | |
237 to parse the message multiple times). | |
238 - message_body_search() could support NULL MessagePart and the searching | |
239 could be done while parsing the message. this would need changes to | |
240 message_parse() as well. | |
241 - could optionally support scanning inside file attachments and use | |
242 plugins to extract text out of them (word, excel, pdf, etc. etc.) | |
243 - use a trie index for fast text searching, like cyrus squat? | |
244 - Create our own extension: When searching with TEXT/BODY, return | |
245 the message text surrounding the keywords just like web search engines | |
246 do. like: SEARCH X-PRINT-MATCHES TEXT "hello" -> * SEARCH 1 "He said: | |
247 Hello world!" 2 "Hello, I'm ...". This would be especially useful with | |
248 the above attachment scanning. | |
0 | 249 |
3087 | 250 - lib-charset |
251 - utf8_toupper() is a must. and a bit difficult if we want to do it right. | |
252 - add support for other things than iconv() as well? we could reuse | |
253 the code from cyrus or courier | |
254 - cache iconvs? they'd probably be faster if we just reset the | |
255 conversion instead of opening new one every time. and there will likely | |
256 be only one or two charsets which are used for nearly all conversions. | |
257 | |
4449 | 258 - deliver |
5557 | 259 - recipient_delimiter setting so user+mailbox@domain works directly |
4449 | 260 |
3087 | 261 - general |
4449 | 262 - stop using atol(), atoi(), strtoul() etc. in places where we actually |
263 care about what they return, and rather create our own function which | |
264 checks if the input overflows the integer, and if so call i_fatal() | |
265 - solaris sendfile is broken? | |
3087 | 266 - rfc2231 continuation support (useless?) |
1553 | 267 - rfc2557 support for BODYSTRUCTURE, as specified by RFC3501 |
4449 | 268 - LMTP server |
269 - ability to build plugins statically into the binaries | |
3087 | 270 - ~/.dovecotrc to override system wide settings. namespace settings should |
271 override all the previous namespace settings instead of adding new. | |
272 - option to disable SORT, SEARCH and other memory/cpu-intensive features. | |
273 defaults and per-user by dovecot-auth. | |
274 - dotlock overriding is racy, but it's pretty difficult to fix it. Also | |
275 overriding someone else's dotlock in shared folder isn't possible. These | |
276 could be fixed by having separate lock process running as root, which | |
277 would chown() the file for another uid and then unlink() it as that user. | |
278 One problem with that is that if malicious user sets setuid+execute bits | |
279 on for the file, he could run the file and get changed to the new uid. | |
280 That hopefully shouldn't matter much since the new uid should be user | |
281 with minimum possible privileges. Anyway, optional.. | |
282 - things break if next_uid gets to 2^32 | |
376
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
283 |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
284 capabilities: |
4449 | 285 - preferrably all should be implemented as plugins |
376
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
286 - possibility to disable them from config file |
3087 | 287 - THREAD=ORDEREDSUBJECT - although pretty useless I'd think. |
5621 | 288 - acl (rfc4314) |
376
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
289 - id (rfc2971) |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
290 - must be configurable what gets sent, default to only name=Dovecot |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
291 - separate pre/post-login settings |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
292 - optionally log configured parts of the client information, but only |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
293 once, probably at the same time as logging "Logged in", |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
294 "Disconnected", etc. |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
295 - remember to force truncating values longer than 30 chars, |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
296 especially before logging |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
297 - mailbox-referrals (rfc2193) |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
298 - this is useful whenever we would otherwise need to make the |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
299 connection ourself. for example load balancing and shared mailboxes |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
300 requiring another UID to run. |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
301 - this rfc defines no exact way for server to detect if client |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
302 supports referrals or not. I don't think there's much point in |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
303 supporting only referrals, as most clients don't support them. |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
304 Instead we should return referrals when we know that client |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
305 supports them, otherwise do the connecting ourself. If client |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
306 issues RLIST or RLSUB command, it's safe to assume it supports |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
307 referrals. |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
308 - for load balancing this works just fine, but what about shared |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
309 mailboxes which require different UID? If we login with our own |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
310 username, we end up with our own UID instead of what we wanted. |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
311 IMAP URLs don't support separated authorization id which would |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
312 have made this very easy.. We could give the "userid@group" as |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
313 userid, but clients probably treat it as different userid and |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
314 ask the password again. |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
315 - problems, problems, .. maybe not worth the trouble. |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
316 - drafts: |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
317 - http://www.imc.org/ids.html |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
318 - annotate (draft-ietf-imapext-annotate) |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
319 - per-message annotations. this will be major change. especially |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
320 because currently there's no suitable storage for them, and |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
321 they'll probably change all the time.. maybe if we moved into |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
322 berkeley db to store the .data file and these annotations. |
1178 | 323 - this is separate problem from index files. indexes are treated as |
324 temporary files, annotations are permanent data. we'd have to | |
325 support non-db way to do this too, which would probably be just a | |
326 simple (slow) text file. | |
5621 | 327 - use lib-dict probably |
328 - metadata (draft-daboo-imap-annotatemore) | |
376
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
329 - server and per-mailbox annotations. much easier than |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
330 per-message annotations, but they'd be easier to place into |
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
331 db as well. |
5621 | 332 - lib-dict, again |
376
fd1fc4cf11b7
updated with lots of new capability comments
Timo Sirainen <tss@iki.fi>
parents:
340
diff
changeset
|
333 - binary (draft-nerenberg-imap-binary) |