Timo released a new version of Dovecot, I’ve installed it on my test servers and production server without a problem. No security issues solved, upgrade at your own leisure. The noticeable changes are:

• Session ID is now included by default in auth and login process log lines. It can be added to mail processes also by adding %{session} to mail_log_prefix.
• Added ssl_require_crl setting, which specifies if CRL check must be successful when verifying client certificates.
• Added mail_shared_explicit_inbox setting to specify if a shared INBOX should be accessible as “shared/$user” or “shared/$user/INBOX”.
• v2.1.5: Using “~/” as mail_location or elsewhere failed to actually expand it to home directory.
• dbox: Fixed potential assert-crash when reading dbox files.
• trash plugin: Fixed behavior when quota is already over limit.
• mail_log plugin: Logging “copy” event didn’t work.
• Proxying to backend server with SSL: Verifying server certificate
  name always failed, because it was compared to an IP address.

And here are the upgrade instructions for Dovecot!

First my apologies, due to the other priorities I completely missed the 2.1.4 release. Hopefully you didn’t run into any problems. I’ve tested and deployed 2.1.5 on my servers today without a problem. The list of fixes for 2.1.5 include:

• IMAP: When neither the session nor the mailbox has modseq tracking enabled, return the mailbox as having NOMODSEQ in SELECT/EXAMINE reply. Old versions in this situation always simply returned HIGHESTMODSEQ as 1, which could have broken some clients.
• dict file: Added optional fcntl/flock locking (default is dotlock)
• fts-solr: doveadm fts rescan now resets indexes, which allows reindexing mails. (This isn’t a full rescan implementation like fts-lucene has.)
• doveadm expunge: Added -d parameter to delete mailbox if it’s empty after expunging.
• IMAP: Several fixes related to mailbox listing in some configs
• director: A lot of fixes and performance improvements
• v2.1.4 didn’t work without a mail home directory set
• mbox: Deleting a mailbox didn’t delete its index files.
• pop3c: TOP command was sent incorrectly
• trash plugin didn’t work properly
• LMTP: Don’t add a duplicate Return-Path: header when proxying.
• listescape: Don’t unescape namespace prefixes.

And here are the upgrade instructions for Dovecot!

Again two very close releases but this time because of a small glitch that was introduced in 2.1.2 with the mdbox which was released a few days earlier. I’ve tested it and I’m already running this new version in production. Here is the list of fixes for 2.1.2 (as 2.1.3 only fixed the mdbox error):

• Initial implementation of dsync-based replication. For now this should be used only on non-critical systems.
• Proxying: POP3 now supports sending remote IP+port from proxy to backend server via Dovecot-specific XCLIENT extension.
• Proxying: proxy_maybe=yes with host= (instead of IP) works now properly.
• Proxying: Added auth_proxy_self setting
• Proxying: Added proxy_always extra field (see wiki docs)
• Added director_username_hash setting to specify what part of the username is hashed. This can be used to implement per-domain backends (which allows safely accessing shared mailboxes within domain).
• + Added a “session ID” string for imap/pop3 connections, available in %{session} variable. The session ID passes through Dovecot IMAP/POP3 proxying to backend server. The same session ID is can be reused after a long time (currently a bit under 9 years).
• passdb checkpassword: Support “credentials lookups” (for non-plaintext auth and for lmtp_proxy lookups)
• fts: Added fts_index_timeout setting to abort search if indexing hasn’t finished by then (default is to wait forever).
• doveadm sync: If mailbox was expunged empty, messages may have become back instead of also being expunged in the other side.
• director: If user logged into two directors while near user expiration, the directors might have redirected the user to two different backends.
• imap_id_* settings were ignored before login.
• Several fixes to mailbox_list_index=yes
• Previous v2.1.x didn’t log all messages at shutdown.
• mbox: Fixed accessing Dovecot v1.x mbox index files without errors.

And as usual here are the upgrade instructions for Dovecot!

Things went very quickly this week as I indicated in my earlier post. I was still working on version 2.1.0 when we got another update to solve some of the bugs that where found. To read al about the changes in 2.1.0 please read the release notes. The changes in 2.1.1 were minor but read the notes for that here.

I’ve got it running on my machines and I’m very happy with it.

The only change that might affect your installation in the upgrade to 2.1.x is that Dovecot lost the case sensitivity for its usernames. If you want to re-enable that please set auth_username_format= (i.e. to empty).

And as an extra here are the upgrade instructions for Dovecot!

I feel the need to ask for patience as this week we got bombarders by a lot of updates. Dovecot did a major upgrade to 2.1, Apache released a major upgrade to 2.4, postfix released 2.9.1 a small bugfix and MySQL released 5.5.21.

I need to compile, test and adjust everything where necessary and as you might understand with major upgrade there is more going on then just a compile, run and test. There are new configuration options to be evaluated and older ones deprecated that might need a new one or a workaround for lost functionality.

So I’m working on it but it take a bit longer then usual…