diff -r -u dovecot-0.99.11.orig/configure.in dovecot-0.99.11/configure.in --- dovecot-0.99.11.orig/configure.in 2004-09-04 05:20:19.000000000 -0400 +++ dovecot-0.99.11/configure.in 2004-11-19 16:36:37.000000000 -0500 @@ -21,6 +21,20 @@ # check posix headers AC_CHECK_HEADERS(sys/time.h) +AC_ARG_WITH(logindir, +[ --with-logindir=DIR LOGIN directory (LOCALSTATEDIR/run/dovecot)], + logindir="$withval", + logindir=\${localstatedir}/run/dovecot/login +) +AC_SUBST(logindir) + +AC_ARG_WITH(docdir, +[ --with-docdir=DIR directory for documentation (DATADIR/doc/dovecot)], + docdir="$withval", + docdir=\${datadir}/doc/dovecot +) +AC_SUBST(docdir) + AC_ARG_ENABLE(ipv6, [ --enable-ipv6 Enable IPv6 support (default)], if test x$enableval = xno; then @@ -180,6 +194,8 @@ ) AC_SUBST(ssldir) +AM_CONDITIONAL(BUILD_SSL, test "$want_gnutls" = "yes" -o "$want_openssl" = "yes" ) + AC_ARG_WITH(pop3d, [ --with-pop3d Build POP3 server (default)], if test x$withval = xno; then @@ -1121,6 +1137,13 @@ AC_MSG_RESULT($i_cv_type_in6_addr) fi +if test $i_cv_type_in6_addr = yes; then + listenaddr='[[::]]' +else + listenaddr='*' +fi +AC_SUBST(listenaddr) + dnl ** dnl ** storage classes dnl ** @@ -1148,7 +1171,9 @@ AC_OUTPUT( Makefile +dovecot.conf doc/Makefile +doc/mkcert.sh src/Makefile src/lib/Makefile src/lib-charset/Makefile diff -r -u dovecot-0.99.11.orig/doc/Makefile.am dovecot-0.99.11/doc/Makefile.am --- dovecot-0.99.11.orig/doc/Makefile.am 2004-05-25 14:21:10.000000000 -0400 +++ dovecot-0.99.11/doc/Makefile.am 2004-11-19 12:21:31.000000000 -0500 @@ -1,4 +1,4 @@ -docdir = $(datadir)/doc/dovecot +exampledir=$(docdir)/examples doc_DATA = \ auth.txt \ @@ -10,10 +10,13 @@ nfs.txt \ securecoding.txt -EXTRA_DIST = \ +example_DATA = \ mkcert.sh \ dovecot-openssl.cnf \ dovecot-ldap.conf \ dovecot-mysql.conf \ - dovecot-pgsql.conf \ + dovecot-pgsql.conf + +EXTRA_DIST = \ + $(example_DATA) \ $(doc_DATA) diff -r -u dovecot-0.99.11.orig/Makefile.am dovecot-0.99.11/Makefile.am --- dovecot-0.99.11.orig/Makefile.am 2003-05-05 12:46:57.000000000 -0400 +++ dovecot-0.99.11/Makefile.am 2004-11-22 16:08:01.000000000 -0500 @@ -1,7 +1,18 @@ SUBDIRS = src doc confdir = $(sysconfdir) -conf_DATA = dovecot-example.conf +conf_DATA = dovecot.conf + +doc_DATA = \ + AUTHORS \ + COPYING \ + COPYING.LGPL \ + ChangeLog \ + INSTALL \ + NEWS \ + README \ + TODO + EXTRA_DIST = \ config.rpath \ diff -N -u dovecot-0.99.11.orig/doc/mkcert.sh.in dovecot-0.99.11/doc/mkcert.sh.in --- dovecot-0.99.11.orig/doc/mkcert.sh.in 1969-12-31 19:00:00.000000000 -0500 +++ dovecot-0.99.11/doc/mkcert.sh.in 2004-11-19 13:47:38.000000000 -0500 @@ -0,0 +1,34 @@ +#!/bin/sh + +# Generates a self-signed certificate. +# Edit dovecot-openssl.cnf before running this. + +OPENSSL=${OPENSSL-openssl} +SSLDIR=${SSLDIR-@ssldir@} +OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf} + +CERTFILE=$SSLDIR/certs/@PACKAGE@.pem +KEYFILE=$SSLDIR/private/@PACKAGE@.pem + +if [ ! -d $SSLDIR/certs ]; then + echo "$SSLDIR/certs directory doesn't exist" +fi + +if [ ! -d $SSLDIR/private ]; then + echo "$SSLDIR/private directory doesn't exist" +fi + +if [ -f $CERTFILE ]; then + echo "$CERTFILE already exists, won't overwrite" + exit 1 +fi + +if [ -f $KEYFILE ]; then + echo "$KEYFILE already exists, won't overwrite" + exit 1 +fi + +$OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days 365 || exit 2 +chmod 0600 $KEYFILE +echo +$OPENSSL x509 -subject -fingerprint -noout -in $CERTFILE || exit 2 diff -N -u dovecot-0.99.11.orig/dovecot.conf.in dovecot-0.99.11/dovecot.conf.in --- dovecot-0.99.11.orig/dovecot.conf.in 1969-12-31 19:00:00.000000000 -0500 +++ dovecot-0.99.11/dovecot.conf.in 2004-11-19 16:42:03.000000000 -0500 @@ -0,0 +1,481 @@ +## Dovecot 1.0 configuration file + +# Base directory where to store runtime data. +#base_dir = @localstatedir@/run/dovecot/ + +# Protocols we want to be serving: +# imap imaps pop3 pop3s +#protocols = imap imaps + +# IP or host address where to listen in for connections. It's not currently +# possible to specify multiple addresses. "*" listens in all IPv4 interfaces. +# "[::]" listens in all IPv6 interfaces, but may also listen in all IPv4 +# interfaces depending on the operating system. You can specify ports with +# "host:port". +imap_listen = @listenaddr@ +pop3_listen = @listenaddr@ + +# IP or host address where to listen in for SSL connections. Defaults +# to above non-SSL equilevants if not specified. +#imaps_listen = @listenaddr@ +#pop3s_listen = @listenaddr@ + +# Disable SSL/TLS support. +@BUILD_SSL_TRUE@ssl_disable = no + +# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before +# dropping root privileges, so keep the key file unreadable by anyone but +# root. Included doc/mkcert.sh can be used to easily generate self-signed +# certificate, just make sure to update the domains in dovecot-openssl.cnf +@BUILD_SSL_TRUE@ssl_cert_file = @ssldir@/certs/@PACKAGE@.pem +@BUILD_SSL_TRUE@ssl_key_file = @ssldir@/private/@PACKAGE@.pem + +# SSL parameter file. Master process generates this file for login processes. +# It contains Diffie Hellman and RSA parameters. +@BUILD_SSL_TRUE@ssl_parameters_file = @localstatedir@/run/dovecot/ssl-parameters.dat + +# How often to regenerate the SSL parameters file. Generation is quite CPU +# intensive operation. The value is in hours, 0 disables regeneration +# entirely. +@BUILD_SSL_TRUE@ssl_parameters_regenerate = 24 + +# Disable LOGIN command and all other plaintext authentications unless +# SSL/TLS is used (LOGINDISABLED capability). Note that 127.*.*.* and +# IPv6 ::1 addresses are considered secure, this setting has no effect if +# you connect from those addresses. +#disable_plaintext_auth = yes + +# Use this logfile instead of syslog(). /dev/stderr can be used if you want to +# use stderr for logging (ONLY /dev/stderr - otherwise it is closed). +#log_path = + +# For informational messages, use this logfile instead of the default +#info_log_path = + +# Prefix for each line written to log file. % codes are in strftime(3) +# format. +#log_timestamp = "%b %d %H:%M:%S " + +## +## Login processes +## + +# Directory where authentication process places authentication UNIX sockets +# which login needs to be able to connect to. The sockets are created when +# running as root, so you don't have to worry about permissions. Note that +# everything in this directory is deleted when Dovecot is started. +#login_dir = @logindir@ + +# chroot login process to the login_dir. Only reason not to do this is if you +# wish to run the whole Dovecot without roots. +#login_chroot = yes + + +## +## IMAP login process +## + +login = imap + +# Executable location. +#login_executable = @libexecdir@/dovecot/imap-login + +# User to use for the login process. Create a completely new user for this, +# and don't use it anywhere else. The user must also belong to a group where +# only it has access, it's used to control access for authentication process. +#login_user = dovecot + +# Set max. process size in megabytes. If you don't use +# login_process_per_connection you might need to grow this. +#login_process_size = 32 + +# Should each login be processed in it's own process (yes), or should one +# login process be allowed to process multiple connections (no)? Yes is more +# secure, espcially with SSL/TLS enabled. No is faster since there's no need +# to create processes all the time. +#login_process_per_connection = yes + +# Number of login processes to create. If login_process_per_user is +# yes, this is the number of extra processes waiting for users to log in. +#login_processes_count = 3 + +# Maximum number of extra login processes to create. The extra process count +# usually stays at login_processes_count, but when multiple users start logging +# in at the same time more extra processes are created. To prevent fork-bombing +# we check only once in a second if new processes should be created - if all +# of them are used at the time, we double their amount until limit set by this +# setting is reached. This setting is used only if login_process_per_use is yes. +#login_max_processes_count = 128 + +# Maximum number of connections allowed in login state. When this limit is +# reached, the oldest connections are dropped. If login_process_per_user +# is no, this is a per-process value, so the absolute maximum number of users +# logging in actually login_processes_count * max_logging_users. +#login_max_logging_users = 256 + +## +## POP3 login process +## + +# Settings default to same as above, so you don't have to set anything +# unless you want to override them. + +login = pop3 + +# Exception to above rule being the executable location. +#login_executable = @libexecdir@/dovecot/pop3-login + +## +## Mail processes +## + +# Maximum number of running mail processes. When this limit is reached, +# new users aren't allowed to log in. +#max_mail_processes = 1024 + +# Show more verbose process titles (in ps). Currently shows user name and +# IP address. Useful for seeing who are actually using the IMAP processes +# (eg. shared mailboxes or if same uid is used for multiple accounts). +#verbose_proctitle = no + +# Show protocol level SSL errors. +@BUILD_SSL_TRUE@verbose_ssl = no + +# Valid UID range for users, defaults to 500 and above. This is mostly +# to make sure that users can't log in as daemons or other system users. +# Note that denying root logins is hardcoded to dovecot binary and can't +# be done even if first_valid_uid is set to 0. +#first_valid_uid = 500 +#last_valid_uid = 0 + +# Valid GID range for users, defaults to non-root/wheel. Users having +# non-valid GID as primary group ID aren't allowed to log in. If user +# belongs to supplementary groups with non-valid GIDs, those groups are +# not set. +#first_valid_gid = 1 +#last_valid_gid = 0 + +# Grant access to these extra groups for mail processes. Typical use would be +# to give "mail" group write access to /var/mail to be able to create dotlocks. +#mail_extra_groups = + +# ':' separated list of directories under which chrooting is allowed for mail +# processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar too). +# This setting doesn't affect login_chroot or auth_chroot variables. +# WARNING: Never add directories here which local users can modify, that +# may lead to root exploit. Usually this should be done only if you don't +# allow shell access for users. See doc/configuration.txt for more information. +#valid_chroot_dirs = + +# Default chroot directory for mail processes. This can be overridden by +# giving /./ in user's home directory (eg. /home/./user chroots into /home). +#mail_chroot = + +# Default MAIL environment to use when it's not set. By leaving this empty +# dovecot tries to do some automatic detection as described in +# doc/mail-storages.txt. There's a few special variables you can use: +# +# %u - username +# %n - user part in user@domain, same as %u if there's no domain +# %d - domain part in user@domain, empty if user there's no domain +# %h - home directory +# +# You can also limit a width of string by giving the number of max. characters +# after the '%' character. For example %1u gives the first character of +# username. Some examples: +# +# default_mail_env = maildir:/var/mail/%1u/%u/Maildir +# default_mail_env = mbox:~/mail/:INBOX=/var/mail/%u +# default_mail_env = mbox:/var/mail/%d/%n/:INDEX=/var/indexes/%d/%n +# +#default_mail_env = + +# Space-separated list of fields to cache for all mails. Currently these +# fields are allowed followed by a list of commands they speed up: +# +# Envelope - FETCH ENVELOPE and SEARCH FROM, TO, CC, BCC, SUBJECT, +# SENTBEFORE, SENTON, SENTSINCE, HEADER MESSAGE-ID, +# HEADER IN-REPLY-TO +# Body - FETCH BODY +# Bodystructure - FETCH BODY, BODYSTRUCTURE +# MessagePart - FETCH BODY[1.2.3] (ie. body parts), RFC822.SIZE, +# SEARCH SMALLER, LARGER, also speeds up BODY/BODYSTRUCTURE +# generation. This is always set with mbox mailboxes, and +# also default with Maildir. +# +# Different IMAP clients work in different ways, that's why Dovecot by default +# only caches MessagePart which speeds up most operations. Whenever client +# does something where caching could be used, the field is automatically marked +# to be cached later. For example after FETCH BODY the BODY will be cached +# for all new messages. Normally you should leave this alone, unless you know +# what most of your IMAP clients are. Caching more fields than needed makes +# the index files larger and generate useless I/O. +# +# With maildir there's one extra optimization - if nothing is cached, indexing +# the maildir becomes much faster since it's not opening any of the mail files. +# This could be useful if your IMAP clients access only new mails. + +#mail_cache_fields = MessagePart + +# Space-separated list of fields that Dovecot should never set to be cached. +# Useful if you want to save disk space at the cost of more I/O when the fields +# needed. +#mail_never_cache_fields = + +# Workarounds for various client bugs: +# oe6-fetch-no-newmail: +# Never send EXISTS/RECENT when replying to FETCH command. Outlook Express +# seems to think they are FETCH replies and gives user "Message no longer +# in server" error. Note that OE6 still breaks even with this workaround +# if synchronization is set to "Headers Only". +# outlook-idle: +# Outlook and Outlook Express never abort IDLE command, so if no mail +# arrives in half a hour, Dovecot closes the connection. This is still +# fine, except Outlook doesn't connect back so you don't see if new mail +# arrives. +# outlook-pop3-no-nuls: +# Outlook and Outlook Express hang if mails contain NUL characters. +# This setting replaces them with 0x80 character. +#client_workarounds = + +# Dovecot can notify client of new mail in selected mailbox soon after it's +# received. This setting specifies the minimum interval in seconds between +# new mail notifications to client - internally they may be checked more or +# less often. Setting this to 0 disables the checking. +# NOTE: Evolution client breaks with this option when it's trying to APPEND. +#mailbox_check_interval = 0 + +# Like mailbox_check_interval, but used for IDLE command. +#mailbox_idle_check_interval = 30 + +# Allow full filesystem access to clients. There's no access checks other than +# what the operating system does for the active UID/GID. It works with both +# maildir and mboxes, allowing you to prefix mailboxes names with eg. /path/ +# or ~user/. +#mail_full_filesystem_access = no + +# Maximum allowed length for custom flag name. It's only forced when trying +# to create new flags. +#mail_max_flag_length = 50 + +# Save mails with CR+LF instead of plain LF. This makes sending those mails +# take less CPU, especially with sendfile() syscall with Linux and FreeBSD. +# But it also creates a bit more disk I/O which may just make it slower. +#mail_save_crlf = no + +# Use mmap() instead of read() to read mail files. read() seems to be a bit +# faster with my Linux/x86 and it's better with NFS, so that's the default. +#mail_read_mmaped = no + +# By default LIST command returns all entries in maildir beginning with dot. +# Enabling this option makes Dovecot return only entries which are directories. +# This is done by stat()ing each entry, so it causes more disk I/O. +# (For systems setting struct dirent->d_type, this check is free and it's +# done always regardless of this setting) +#maildir_stat_dirs = no + +# Copy mail to another folders using hard links. This is much faster than +# actually copying the file. This is problematic only if something modifies +# the mail in one folder but doesn't want it modified in the others. I don't +# know any MUA which would modify mail files directly. IMAP protocol also +# requires that the mails don't change, so it would be problematic in any case. +# If you care about performance, enable it. +#maildir_copy_with_hardlinks = no + +# Check if mails' content has been changed by external programs. This slows +# down things as extra stat() needs to be called for each file. If changes are +# noticed, the message is treated as a new message, since IMAP protocol +# specifies that existing messages are immutable. +#maildir_check_content_changes = no + +# Which locking methods to use for locking mbox. There's three available: +# dotlock: Create .lock file. This is the oldest and most NFS-safe +# solution. If you want to use /var/mail/ like directory, the users +# will need write access to that directory. +# fcntl : Use this if possible. Works with NFS too if lockd is used. +# flock : May not exist in all systems. Doesn't work with NFS. +# +# You can use both fcntl and flock too; if you do the order they're declared +# with is important to avoid deadlocks if other MTAs/MUAs are using both fcntl +# and flock. Some operating systems don't allow using both of them +# simultaneously, eg. BSDs. If dotlock is used, it's always created first. +#mbox_locks = dotlock fcntl + +# Should we create dotlock file even when we want only a read-lock? Setting +# this to yes hurts the performance when the mailbox is accessed simultaneously +# by multiple processes, but it's needed for reliable reading if no other +# locking methods are available. +#mbox_read_dotlock = no + +# Maximum time in seconds to wait for lock (all of them) before aborting. +#mbox_lock_timeout = 300 + +# If dotlock exists but the mailbox isn't modified in any way, override the +# lock file after this many seconds. +#mbox_dotlock_change_timeout = 30 + +# umask to use for mail files and directories +#umask = 0077 + +# Drop all privileges before exec()ing the mail process. This is mostly +# meant for debugging, otherwise you don't get core dumps. Note that setting +# this to yes means that log file is opened as the logged in user, which +# might not work. It could also be a small security risk if you use single UID +# for multiple users, as the users could ptrace() each others processes then. +#mail_drop_priv_before_exec = no + +## +## IMAP process +## + +# Executable location +#imap_executable = @libexecdir@/dovecot/imap + +# Set max. process size in megabytes. Most of the memory goes to mmap()ing +# files, so it shouldn't harm much even if this limit is set pretty high. +#imap_process_size = 256 + +# Support for dynamically loadable modules. +#imap_use_modules = no +#imap_modules = @moduledir@/imap + +## +## POP3 process +## + +# Executable location +#pop3_executable = @libexecdir@/dovecot/pop3 + +# Set max. process size in megabytes. Most of the memory goes to mmap()ing +# files, so it shouldn't harm much even if this limit is set pretty high. +#pop3_process_size = 256 + +# Support for dynamically loadable modules. +#pop3_use_modules = no +#pop3_modules = @moduledir@/pop3 + +## +## Authentication processes +## + +# An Authentication process is a child process used by Dovecot that +# handles the authentication steps. The steps cover an authentication +# mechanism (auth_mechanisms, how the client authenticates in the IMAP or +# POP3 protocol), which password database should be queried (auth_passdb), +# and which user database should be queried (auth_userdb, to obtain +# UID, GID, and location of the user's mailbox/home directory). +# +# You can have multiple processes, though a typical configuration will +# have only one. Each time "auth = xx" is seen, a new process +# definition is started. The point of multiple processes is to be able +# to set stricter permissions. (See auth_user below.) +# +# Just remember that only one Authentication process is asked for the +# password, so you can't have different passwords accessible through +# different process definitions (unless they have different +# auth_mechanisms, and you're ok with having different password for +# each mechanisms). + +# Authentication process name. +auth = default + +# Specifies how the client authenticates in the IMAP protocol. +# Space separated list of permitted authentication mechanisms: +# anonymous plain digest-md5 cram-md5 +# +# anonymous - No authentication required. +# plain - The password is sent as plain text. All IMAP/POP3 clients +# support this, and the password can be encrypted by Dovecot to match +# any of the encryption schemes used in password databases. +# digest-md5 and cram-md5 - both encrypt the password so it is more +# secure in transit, but are not well supported by clients, and +# require that the password database use a matching encryption +# scheme (or be in plaintext). +# +# See auth.txt for more details. +# +# If you are using SSL there is less benefit to digest-md5 and +# cram-md5 as the communication is already encrypted. +auth_mechanisms = plain + +# Space separated list of realms for SASL authentication mechanisms that need +# them. You can leave it empty if you don't want to support multiple realms. +# Many clients simply use the first one listed here, so keep the default realm +# first. +#auth_realms = + +# Default realm/domain to use if none was specified. This is used for both +# SASL realms and appending @domain to username in plaintext logins. +#auth_default_realm = + +# Where user database is kept: +# passwd: /etc/passwd or similiar, using getpwnam() +# passwd-file : passwd-like file with specified location +# static uid= gid= home=: static settings +# vpopmail: vpopmail library +# ldap : LDAP, see doc/dovecot-ldap.conf +# pgsql : a PostgreSQL database, see doc/dovecot-pgsql.conf +auth_userdb = passwd + +# Where password database is kept: +# passwd: /etc/passwd or similiar, using getpwnam() +# shadow: /etc/shadow or similiar, using getspnam() +# pam [ | *]: PAM authentication +# passwd-file : passwd-like file with specified location +# vpopmail: vpopmail authentication +# ldap : LDAP, see doc/dovecot-ldap.conf +# pgsql : a PostgreSQL database, see doc/dovecot-pgsql.conf +auth_passdb = pgsql @sysconfdir@/dovecot-pgsql.conf + +#auth_executable = @libexecdir@/dovecot/dovecot-auth + +# Set max. process size in megabytes. +#auth_process_size = 256 + +# User to use for the process. This user needs access to only user and +# password databases, nothing else. Only shadow and pam authentication +# requires roots, so use something else if possible. Note that passwd +# authentication with BSDs internally accesses shadow files, which also +# requires roots. +auth_user = root + +# Directory where to chroot the process. Most authentication backends don't +# work if this is set, and there's no point chrooting if auth_user is root. +#auth_chroot = + +# Number of authentication processes to create +#auth_count = 1 + +# List of allowed characters in username. If the user-given username contains +# a character not listed in here, the login automatically fails. This is just +# an extra check to make sure user can't exploit any potential quote escaping +# vulnerabilities with SQL/LDAP databases. If you want to allow all characters, +# set this value to empty. +#auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ + +# Username to use for users logging in with ANONYMOUS SASL mechanism +#auth_anonymous_username = anonymous + +# More verbose logging. Useful for figuring out why authentication isn't +# working. +#auth_verbose = no + +# Even more verbose logging for debugging purposes. Shows for example SQL +# queries. +#auth_debug = no + +# digest-md5 authentication process. It requires special MD5 passwords which +# /etc/shadow and PAM doesn't support, so we never need roots to handle it. +# Note that the passwd-file is opened before chrooting and dropping root +# privileges, so it may be 0600-root owned file. + +#auth = digest_md5 +#auth_mechanisms = digest-md5 +#auth_realms = +#auth_userdb = passwd-file /etc/passwd.imap +#auth_passdb = passwd-file /etc/passwd.imap +#auth_user = imapauth +#auth_chroot = + +# if you plan to use only passwd-file, you don't need the two auth processes, +# simply set "auth_methods = plain digest-md5"