Timo released another bugfix to Dovecot, mbox users really should upgrade, because by sending a message with a huge header you could basically cause a DoS (this problem exists only with v1.2.x, not with v1.0 or v1.1). Our default setting is maildirs instead of mbox, so you should be safe.

  • mbox: Message header reading was unnecessarily slow. Fetching a huge header could have resulted in Dovecot eating a lot of CPU. Also searching messages was much slower than necessary.
  • mbox, dbox, cydir: Mail root directory was created with 0770 permissions, instead of 0700.
  • maildir: Reading uidlist could have ended up in an infinite loop.
  • IMAP IDLE: v1.2.7+ caused extra load by checking changes every 0.5 seconds after a change had occurred in mailbox