http://dovecot.org/releases/2.2/dovecot-2.2.7.tar.gz http://dovecot.org/releases/2.2/dovecot-2.2.7.tar.gz.sig * Some usage of passdb checkpassword could have been exploitable by local users. You may need to modify your setup to keep it working. See http://wiki2.dovecot.org/AuthDatabase/CheckPassword#Security + auth: Added ability to truncate values logged by auth_verbose_passwords (see 10-logging.conf comment) + mdbox: Added "mdbox_deleted" storage, which can be used to access messages with refcount=0. For example: doveadm import mdbox_deleted:~/mdbox "" mailbox inbox subject oops + ssl-params: Added ssl_dh_parameters_length setting. - master process was doing a hostname.domain lookup for each created process, which may have caused a lot of unnecessary DNS lookups. - dsync: Syncing over 100 messages at once caused problems in some situations, causing messages to get new UIDs. - fts-solr: Different Solr hosts for different users didn't work.
On 3.11.2013, at 22.08, Timo Sirainen <tss at iki.fi> wrote:> * Some usage of passdb checkpassword could have been exploitable by > local users. You may need to modify your setup to keep it working. > See http://wiki2.dovecot.org/AuthDatabase/CheckPassword#SecurityOh, forgot to mention here: This problem was found by the cPanel people (cPanel uses checkpassword). They also reserved CVE-2013-6171 for this.
Thanks again for the released. Timo Sirainen <tss at iki.fi> wrote:>On 3.11.2013, at 22.08, Timo Sirainen <tss at iki.fi> wrote: > >> * Some usage of passdb checkpassword could have been exploitable by >> local users. You may need to modify your setup to keep it working. >> See http://wiki2.dovecot.org/AuthDatabase/CheckPassword#Security > >Oh, forgot to mention here: This problem was found by the cPanel people >(cPanel uses checkpassword). They also reserved CVE-2013-6171 for this. > >_______________________________________________ >Dovecot-news mailing list >Dovecot-news at dovecot.org >http://dovecot.org/cgi-bin/mailman/listinfo/dovecot-news-- Senior IT Manager Metropolitan Schools 013 750 2255 This message was sent from my Android mobile. I was out from the office at that time.
* Timo Sirainen <tss at iki.fi>:> http://dovecot.org/releases/2.2/dovecot-2.2.7.tar.gz > http://dovecot.org/releases/2.2/dovecot-2.2.7.tar.gz.sigWorks like a charm here.> - master process was doing a hostname.domain lookup for each created > process, which may have caused a lot of unnecessary DNS lookups.Cool -- Ralf Hildebrandt Gesch?ftsbereich IT | Abteilung Netzwerk Charit? - Universit?tsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt at charite.de | http://www.charite.de
On 03/11/2013 21:08, Timo Sirainen wrote:> + mdbox: Added "mdbox_deleted" storage, which can be used to access > messages with refcount=0. For example: doveadm import > mdbox_deleted:~/mdbox "" mailbox inbox subject oops >Hi Timo, We're currently running Dovecot 2.1.16. To ease the recovery process, in case of accidental mail deletion, we're using the lazy_expunge plugin to keep deleted mail in a user hidden namespace during a couple of days before they really get deleted. Could this be replaced by this new feature? I guess the mdbox_deleted storage get emptied after a purge (which is what we're doing every night)? Regards, Gilles.