November 2011

Dovecot updated to 2.0.16

A new version of Dovecot has been released, as usual I’ve installed it on my test servers and production server without a problem. Check the improvements and decide if you want to upgrade as it are many small fixes, plus some more noticeable:

Comment from Timo on this release was:

I only now noticed that the VSZ limits weren’t being enforced with earlier v2.0.x releases (or they were set 1024 times too high). So if a Dovecot process was leaking memory, it wasn’t being killed by kernel. Now that this enforcing is done, some installations will probably start seeing errors about reaching these limits in normal operation. The default_vsz_limit is 256 MB. You may want to increase it in larger installations to 1 GB just in case.

Besides the changes listed below, a lot of smaller fixes were done.

A list of the bigger fixes:

  • VSZ limits weren’t being enforced for any processes. On server with large mailboxes you may now see errors about it if the limits aren’t high enough. To fix them, either increase individual service { vsz_limit } values or simply increase the default_vsz_limit setting.
  • Proxying: If using ssl=yes or starttls=yes with a hostname (not IP) as proxy destination, require that the certificate matches the given hostname.
  • LMTP: Changed default client_limit to 1. This should improve LMTP throughput with default settings.
  • dsync: Quota is no longer enforced (i.e. dsync can’t fail because user is over quota).
  • Added “auto” mail storage driver, which can be used to auto detect mailbox location and format. This behavior is already the default for empty mail_location setting, so this change is mainly useful for shared namespace’s location setting.
  • checkpassword: Export all auth %variables to AUTH_* environment.

Postfix updated to 2.8.7

Here is a new version of Postfix, just released and I’ve got it tested on Snow Leopard and Lion on my test and production machines. This release contains a workaround for a problem that is fixed in Postfix 2.9.

  • The postscreen daemon, which is not enabled by default, sent non-compliant SMTP responses (220- followed by 421) when it could not give a connection to a real smtpd process. These responses caused some remote SMTP clients to return mail as undeliverable.

    The workaround is to hang up after sending 220- without sending the 421 “sorry” reply; this is harmless.

    The complete fix involves too much change for a stable release: send the 220 greeting, wait for the EHLO command, then send the 421 “sorry” reply and hang up.

Howto upgrade postfix.