From 7311fd77ab4175c8bab7d6c6453db9d79b5f407f Mon Sep 17 00:00:00 2001 From: Noah Meyerhans Date: Wed, 28 May 2025 15:45:52 -0400 Subject: [PATCH] Import dovecot_2.4.1+dfsg1-5.debian.tar.xz [dgit import tarball dovecot 1:2.4.1+dfsg1-5 dovecot_2.4.1+dfsg1-5.debian.tar.xz] --- autogen.sh | 6 + changelog | 3011 +++++++++++++++++ conf/conf.d/10-auth.conf | 122 + conf/conf.d/10-logging.conf | 86 + conf/conf.d/10-mail.conf | 410 +++ conf/conf.d/10-master.conf | 133 + conf/conf.d/10-metrics.conf | 122 + conf/conf.d/10-ssl.conf | 56 + conf/conf.d/15-lda.conf | 50 + conf/conf.d/15-mailboxes.conf | 86 + conf/conf.d/20-imap.conf | 108 + conf/conf.d/20-lmtp.conf | 51 + conf/conf.d/20-managesieve.conf | 78 + conf/conf.d/20-pop3.conf | 101 + conf/conf.d/20-submission.conf | 114 + conf/conf.d/30-dict-server.conf | 34 + conf/conf.d/90-acl.conf | 30 + conf/conf.d/90-fts-flatcurve.conf | 29 + conf/conf.d/90-fts.conf | 26 + conf/conf.d/90-quota.conf | 79 + conf/conf.d/90-sieve-extprograms.conf | 41 + conf/conf.d/90-sieve.conf | 113 + conf/conf.d/99-local.conf | 0 conf/conf.d/auth-deny.conf.ext | 15 + conf/conf.d/auth-ldap.conf.ext | 48 + conf/conf.d/auth-master.conf.ext | 12 + conf/conf.d/auth-oauth2.conf.ext | 23 + conf/conf.d/auth-passwdfile.conf.ext | 20 + conf/conf.d/auth-sql.conf.ext | 180 + conf/conf.d/auth-static.conf.ext | 35 + conf/conf.d/auth-system.conf.ext | 72 + conf/dovecot.conf | 87 + conf/local.conf | 0 control | 307 ++ copyright | 266 ++ dh.pem | 13 + dovecot-core.NEWS | 193 ++ dovecot-core.README.Debian | 35 + dovecot-core.bug-control | 1 + dovecot-core.bug-script | 28 + dovecot-core.dirs | 4 + dovecot-core.docs | 2 + dovecot-core.dovecot.default | 4 + dovecot-core.dovecot.init | 185 + dovecot-core.dovecot.pam | 6 + dovecot-core.examples | 1 + dovecot-core.install | 3 + dovecot-core.lintian-overrides | 59 + dovecot-core.manpages | 1 + dovecot-core.postinst | 95 + dovecot-core.postrm | 48 + dovecot-core.triggers | 2 + dovecot-dev.README.Debian | 10 + dovecot-dev.lintian-overrides | 2 + dovecot-flatcurve.links | 1 + dovecot-flatcurve.postinst | 21 + dovecot-flatcurve.postrm | 25 + dovecot-flatcurve.prerm | 12 + dovecot-flatcurve.triggers | 2 + dovecot-gssapi.links | 1 + dovecot-imapd.links | 1 + dovecot-imapd.lintian-overrides | 2 + dovecot-imapd.postinst | 23 + dovecot-imapd.postrm | 29 + dovecot-imapd.prerm | 12 + dovecot-imapd.triggers | 1 + dovecot-imapd.ufw.profile | 11 + dovecot-ldap.links | 1 + dovecot-ldap.postinst | 21 + dovecot-ldap.postrm | 27 + dovecot-ldap.triggers | 2 + dovecot-lmtpd.links | 1 + dovecot-lmtpd.postinst | 23 + dovecot-lmtpd.postrm | 29 + dovecot-lmtpd.prerm | 12 + dovecot-lmtpd.triggers | 2 + dovecot-managesieved.README.Debian | 17 + dovecot-managesieved.install | 1 + dovecot-managesieved.links | 1 + dovecot-managesieved.lintian-overrides | 2 + dovecot-managesieved.postinst | 23 + dovecot-managesieved.postrm | 29 + dovecot-managesieved.prerm | 12 + dovecot-managesieved.triggers | 2 + dovecot-mysql.links | 1 + dovecot-mysql.triggers | 2 + dovecot-openssl.cnf | 23 + dovecot-pgsql.links | 1 + dovecot-pgsql.triggers | 2 + dovecot-pop3d.links | 1 + dovecot-pop3d.postinst | 23 + dovecot-pop3d.postrm | 29 + dovecot-pop3d.prerm | 12 + dovecot-pop3d.triggers | 2 + dovecot-pop3d.ufw.profile | 11 + dovecot-sieve.links | 1 + dovecot-sieve.lintian-overrides | 4 + dovecot-sieve.postinst | 18 + dovecot-sieve.postrm | 24 + dovecot-sieve.triggers | 2 + dovecot-solr.README.Debian | 2 + dovecot-solr.install | 1 + dovecot-solr.links | 1 + dovecot-solr.triggers | 2 + dovecot-sqlite.links | 1 + dovecot-sqlite.triggers | 2 + dovecot-submissiond.postinst | 27 + dovecot-submissiond.postrm | 29 + dovecot-submissiond.prerm | 12 + dovecot-submissiond.triggers | 1 + gbp.conf | 14 + maildirmake.dovecot | 28 + maildirmake.dovecot.1 | 46 + ...ER-environment-if-d-hasn-t-been-spec.patch | 38 + ..._home-HOME-environment-if-not-using-.patch | 34 + patches/Use-_FORTIFY_SOURCE-level-3.patch | 58 + patches/bug1104549-gssapi-regression.patch | 21 + patches/fit-32-bit-test-integers.patch | 61 + patches/fix-man-errors.patch | 72 + patches/series | 27 + patches/skip-rfc-subdir.patch | 34 + po/nl.po | 102 + rules | 249 ++ salsa-ci.yml | 13 + source/format | 1 + source/lintian-overrides | 1 + source_dovecot.py | 38 + tests/control | 14 + tests/doveadm | 7 + tests/systemd | 22 + tests/testmails | 254 ++ tests/usage/00_setup | 57 + tests/usage/imap | 38 + tests/usage/pop3 | 31 + upstream/metadata | 5 + upstream/signing-key.asc | 25 + watch | 8 + 137 files changed, 8521 insertions(+) create mode 100755 autogen.sh create mode 100644 changelog create mode 100644 conf/conf.d/10-auth.conf create mode 100644 conf/conf.d/10-logging.conf create mode 100644 conf/conf.d/10-mail.conf create mode 100644 conf/conf.d/10-master.conf create mode 100644 conf/conf.d/10-metrics.conf create mode 100644 conf/conf.d/10-ssl.conf create mode 100644 conf/conf.d/15-lda.conf create mode 100644 conf/conf.d/15-mailboxes.conf create mode 100644 conf/conf.d/20-imap.conf create mode 100644 conf/conf.d/20-lmtp.conf create mode 100644 conf/conf.d/20-managesieve.conf create mode 100644 conf/conf.d/20-pop3.conf create mode 100644 conf/conf.d/20-submission.conf create mode 100644 conf/conf.d/30-dict-server.conf create mode 100644 conf/conf.d/90-acl.conf create mode 100644 conf/conf.d/90-fts-flatcurve.conf create mode 100644 conf/conf.d/90-fts.conf create mode 100644 conf/conf.d/90-quota.conf create mode 100644 conf/conf.d/90-sieve-extprograms.conf create mode 100644 conf/conf.d/90-sieve.conf create mode 100644 conf/conf.d/99-local.conf create mode 100644 conf/conf.d/auth-deny.conf.ext create mode 100644 conf/conf.d/auth-ldap.conf.ext create mode 100644 conf/conf.d/auth-master.conf.ext create mode 100644 conf/conf.d/auth-oauth2.conf.ext create mode 100644 conf/conf.d/auth-passwdfile.conf.ext create mode 100644 conf/conf.d/auth-sql.conf.ext create mode 100644 conf/conf.d/auth-static.conf.ext create mode 100644 conf/conf.d/auth-system.conf.ext create mode 100644 conf/dovecot.conf create mode 100644 conf/local.conf create mode 100644 control create mode 100644 copyright create mode 100644 dh.pem create mode 100644 dovecot-core.NEWS create mode 100644 dovecot-core.README.Debian create mode 100644 dovecot-core.bug-control create mode 100644 dovecot-core.bug-script create mode 100644 dovecot-core.dirs create mode 100644 dovecot-core.docs create mode 100644 dovecot-core.dovecot.default create mode 100644 dovecot-core.dovecot.init create mode 100644 dovecot-core.dovecot.pam create mode 100644 dovecot-core.examples create mode 100644 dovecot-core.install create mode 100644 dovecot-core.lintian-overrides create mode 100644 dovecot-core.manpages create mode 100644 dovecot-core.postinst create mode 100644 dovecot-core.postrm create mode 100644 dovecot-core.triggers create mode 100644 dovecot-dev.README.Debian create mode 100644 dovecot-dev.lintian-overrides create mode 100644 dovecot-flatcurve.links create mode 100644 dovecot-flatcurve.postinst create mode 100644 dovecot-flatcurve.postrm create mode 100644 dovecot-flatcurve.prerm create mode 100644 dovecot-flatcurve.triggers create mode 100644 dovecot-gssapi.links create mode 100644 dovecot-imapd.links create mode 100644 dovecot-imapd.lintian-overrides create mode 100644 dovecot-imapd.postinst create mode 100644 dovecot-imapd.postrm create mode 100644 dovecot-imapd.prerm create mode 100644 dovecot-imapd.triggers create mode 100644 dovecot-imapd.ufw.profile create mode 100644 dovecot-ldap.links create mode 100644 dovecot-ldap.postinst create mode 100644 dovecot-ldap.postrm create mode 100644 dovecot-ldap.triggers create mode 100644 dovecot-lmtpd.links create mode 100644 dovecot-lmtpd.postinst create mode 100644 dovecot-lmtpd.postrm create mode 100644 dovecot-lmtpd.prerm create mode 100644 dovecot-lmtpd.triggers create mode 100644 dovecot-managesieved.README.Debian create mode 100644 dovecot-managesieved.install create mode 100644 dovecot-managesieved.links create mode 100644 dovecot-managesieved.lintian-overrides create mode 100644 dovecot-managesieved.postinst create mode 100644 dovecot-managesieved.postrm create mode 100644 dovecot-managesieved.prerm create mode 100644 dovecot-managesieved.triggers create mode 100644 dovecot-mysql.links create mode 100644 dovecot-mysql.triggers create mode 100644 dovecot-openssl.cnf create mode 100644 dovecot-pgsql.links create mode 100644 dovecot-pgsql.triggers create mode 100644 dovecot-pop3d.links create mode 100644 dovecot-pop3d.postinst create mode 100644 dovecot-pop3d.postrm create mode 100644 dovecot-pop3d.prerm create mode 100644 dovecot-pop3d.triggers create mode 100644 dovecot-pop3d.ufw.profile create mode 100644 dovecot-sieve.links create mode 100644 dovecot-sieve.lintian-overrides create mode 100644 dovecot-sieve.postinst create mode 100644 dovecot-sieve.postrm create mode 100644 dovecot-sieve.triggers create mode 100644 dovecot-solr.README.Debian create mode 100644 dovecot-solr.install create mode 100644 dovecot-solr.links create mode 100644 dovecot-solr.triggers create mode 100644 dovecot-sqlite.links create mode 100644 dovecot-sqlite.triggers create mode 100644 dovecot-submissiond.postinst create mode 100644 dovecot-submissiond.postrm create mode 100644 dovecot-submissiond.prerm create mode 100644 dovecot-submissiond.triggers create mode 100644 gbp.conf create mode 100644 maildirmake.dovecot create mode 100644 maildirmake.dovecot.1 create mode 100644 patches/0001-lda-Fix-using-USER-environment-if-d-hasn-t-been-spec.patch create mode 100644 patches/0002-lda-Default-mail_home-HOME-environment-if-not-using-.patch create mode 100644 patches/Use-_FORTIFY_SOURCE-level-3.patch create mode 100644 patches/bug1104549-gssapi-regression.patch create mode 100644 patches/fit-32-bit-test-integers.patch create mode 100644 patches/fix-man-errors.patch create mode 100644 patches/series create mode 100644 patches/skip-rfc-subdir.patch create mode 100644 po/nl.po create mode 100755 rules create mode 100644 salsa-ci.yml create mode 100644 source/format create mode 100644 source/lintian-overrides create mode 100644 source_dovecot.py create mode 100644 tests/control create mode 100755 tests/doveadm create mode 100755 tests/systemd create mode 100755 tests/testmails create mode 100755 tests/usage/00_setup create mode 100755 tests/usage/imap create mode 100755 tests/usage/pop3 create mode 100644 upstream/metadata create mode 100644 upstream/signing-key.asc create mode 100644 watch diff --git a/autogen.sh b/autogen.sh new file mode 100755 index 0000000..ba3a3cb --- /dev/null +++ b/autogen.sh @@ -0,0 +1,6 @@ +#!/bin/sh + +set -eu + +autoreconf -f -i -v -Wall +(cd pigeonhole && autoreconf -f -i -v -Wall) diff --git a/changelog b/changelog new file mode 100644 index 0000000..0a45e90 --- /dev/null +++ b/changelog @@ -0,0 +1,3011 @@ +dovecot (1:2.4.1+dfsg1-5) unstable; urgency=medium + + * [e6e5ef7] Fix typo in conf.d/auth-passwdfile.conf.ext (Closes: #1106072) + * [2a34ed0] Import upstream fix for dovecot-lda data loss (Closes: #1106485) + * [6c287ea] Fix typo in doveadm-fetch(1) (Closes: #1106533) + * [11f8b62] Fix invalid metadata in debian/patches/skip-rfc-subdir.patch + + -- Noah Meyerhans Wed, 28 May 2025 15:45:52 -0400 + +dovecot (1:2.4.1+dfsg1-4) unstable; urgency=medium + + * [235de56] managesieved: lintian: suppress library-not-linked-against-libc + * [74e7dcd] Ensure we use a 32-bit time_t on i386 + * [461bc68] dovecot-core: postinst: fix purge of obsolete ucf conf files + (Closes: #1105003) + + -- Noah Meyerhans Mon, 12 May 2025 20:36:26 -0400 + +dovecot (1:2.4.1+dfsg1-3) unstable; urgency=medium + + * [bdf895a] upstream fix for GSSAPI authentication regression + (Closes: #1104549) + * [8f15017] d/copyright: Correct canonical reference to GNU licenses + * [ad8f661] dovecot-flatcurve: correct missing dependency on ucf + * [131567a] Fix miscellaneous groff errors in upstream manpages + * [a4a1404] Correct lintian warning debian-news-entry-has-unknown-version + + -- Noah Meyerhans Fri, 02 May 2025 11:20:05 -0400 + +dovecot (1:2.4.1+dfsg1-2) unstable; urgency=medium + + * [7c1b5b9] dovecot-ldap: postinst: correct conffile list (Closes: #1104047) + * [73a254a] config: set mail_home and add mbox deprecation note + + -- Noah Meyerhans Mon, 28 Apr 2025 15:53:54 -0400 + +dovecot (1:2.4.1+dfsg1-1) unstable; urgency=medium + + * Release 1:2.4.1+dfsg1-1 to unstable + + -- Noah Meyerhans Thu, 24 Apr 2025 13:06:17 -0400 + +dovecot (1:2.4.1+dfsg1-1~exp2) experimental; urgency=medium + + * [e30a611] flatcurve: Set breaks+replaces relationship on dovecot-fts-flatcurve + (Closes: #1102937) + + -- Noah Meyerhans Fri, 18 Apr 2025 15:34:42 -0400 + +dovecot (1:2.4.1+dfsg1-1~exp1) experimental; urgency=medium + + * [18c4170] d/watch: handle suffixes in upstream release filenames + * [340250d] New upstream version 2.4.1+dfsg1 + * [2fcd382] Ensure we don't try to download files from the internet during build + * [4497016] refresh patches + * [af108c1] Remove obsolete patches + * [0ed2624] Fix 32-bit integer rollover in tests + * [528f075] d/rules: remove autogenerated sources on clean + + -- Noah Meyerhans Sun, 30 Mar 2025 11:48:57 -0400 + +dovecot (1:2.4.0+dfsg1-1~exp6) experimental; urgency=medium + + * [827f8b7] fix and re-enable 32-bit builds + + -- Noah Meyerhans Mon, 24 Mar 2025 15:16:57 -0400 + +dovecot (1:2.4.0+dfsg1-1~exp5) experimental; urgency=medium + + * [cea2f60] d/rules: remove additional files on clean + * [24e625b] ci: extend the timeout for the test-build-twice job + * [1df7d66] Fix ABI identification and add safety checking for it + + -- Noah Meyerhans Mon, 17 Mar 2025 09:56:33 -0400 + +dovecot (1:2.4.0+dfsg1-1~exp4) experimental; urgency=medium + + * [0806d3b] Move 90-sieve-extprograms back to dovecot-sieve where it belongs + (Closes: #1100146) + + -- Noah Meyerhans Thu, 13 Mar 2025 17:41:17 -0400 + +dovecot (1:2.4.0+dfsg1-1~exp3) experimental; urgency=medium + + * [4989934] Install a config file for flatcurve + * [baeb072] Add default lmtpd configuration + * [1d1d874] d/rules: drop some obsolete configure options + * [6bc7f0b] pigeonhole: enable ldap pluggin support + * [1998623] Enable experimental support for SMTPUTF8 and UTF8=ACCEPT + * [22abd27] enable cdb support + * [369d4a4] ci: disable i386 builds + * [e6ff65b] update autopkgtests + * [56dd0d6] debian/dovecot-core.NEWS: Document configuration changes + * [3d12c1e] d/rules: Update ABI detection + + -- Noah Meyerhans Tue, 11 Mar 2025 11:31:12 -0400 + +dovecot (1:2.4.0+dfsg1-1~exp2) experimental; urgency=medium + + * [ab636e4] Correct ucf handling of /etc/dovecot/dovecot.conf + * [ea5102c] Stop building for 32-bit architectures + * [88fecb4] fix shell error in dovecot-managesieved.postinst + * [68875fa] Fix some groff issues in manpages + * [b406a2f] drop stale lintian overrides + * [34e4a3b] lintian: ignore circular dependency between -core and -sieve + * [ee13475] d/copyright: Update or remove some attributions + + -- Noah Meyerhans Wed, 12 Feb 2025 16:39:17 -0500 + +dovecot (1:2.4.0+dfsg1-1~exp1) experimental; urgency=medium + + [ Michael Tokarev ] + * Update to 2.4.0 + + [ Noah Meyerhans ] + * Update default configuration from upstream example config bundle at + https://github.com/dovecot/tools/blob/main/dovecot-2.4.0-example-config.tar.gz + * Remove obsolete config files on upgrade if unmodified + * Update /usr/share/dovecot/protocols.d/* for 2.4 + + -- Noah Meyerhans Tue, 11 Feb 2025 12:03:31 -0500 + +dovecot (1:2.3.21.1+dfsg1-1) unstable; urgency=medium + + [ Noah Meyerhans ] + * [452a10b] Move systemd unit files to /usr (Closes: #1071915) + + [ Niels Thykier ] + * [a9caf51] Avoid unnecessary implicit requirement for `(fake)root` + + [ Christian Göttsche ] + * [8c253d1] salsa-ci: enable build_twice job + * [47122cd] Bump to standards version 4.7.0 (no further changes) + * [4062094] Replace obsolete build-dependency pkg-config with pkgconf + * [f1221b8] Split overlong line in changelog + * [dd876aa] Annotate Debian patches + * [590287e] Fix typos in changelog + + [ Noah Meyerhans ] + * [a212eb8] New upstream version 2.3.21.1+dfsg1 + - Fix CVE-2024-23184 (Closes: #1078876) + - Fix CVE-2024-23185 (Closes: #1078877) + + -- Noah Meyerhans Sat, 17 Aug 2024 13:26:24 -0400 + +dovecot (1:2.3.21+dfsg1-3) unstable; urgency=medium + + * [883dc1a] Add libtirpc-dev to build-depends (Closes: #1065213) + + -- Noah Meyerhans Sat, 09 Mar 2024 22:31:22 -0800 + +dovecot (1:2.3.21+dfsg1-2) unstable; urgency=medium + + [ Christian Göttsche ] + * [a2fbc2f] split-protocols.patch: patch all-settings.c to successfully build + twice (Closes: #1044797) + + [ Noah Meyerhans ] + * [70e4426] Drop arm64 from libunwind builddep arch list + + -- Noah Meyerhans Mon, 30 Oct 2023 13:40:35 -0700 + +dovecot (1:2.3.21+dfsg1-1) unstable; urgency=medium + + [ Noah Meyerhans ] + * [753b4fe] Don't build the unmaintained lucene fts plugin (Closes: #1040884) + * [5597486] New upstream version 2.3.21+dfsg1 + + [ Christian Göttsche ] + * [b8017f1] Cleanup temporary build files + * [35e1afe] Silence prototype conflicts + * [8dda8b9] Update Lintian overrides + * [6bae82f] Bump to standards version 4.6.2 (no further changes) + * [1f973d2] Mark hurd patch forwarded + + -- Noah Meyerhans Sat, 14 Oct 2023 08:52:10 -0700 + +dovecot (1:2.3.20+dfsg1-1) unstable; urgency=medium + + [ Christian Göttsche ] + * [fb2a5b7] d/rules: enable stack clash protection + * [2666970] d/patches: bump _FORTIFY_SOURCE to level 3 + + [ Noah Meyerhans ] + * [eab5171] New upstream version 2.3.20+dfsg1 + * [d6135a4] Drop dependency on obsolete lsb-base package + + -- Noah Meyerhans Sun, 25 Jun 2023 16:17:56 -0700 + +dovecot (1:2.3.19.1+dfsg1-2.1) unstable; urgency=medium + + * Non-maintainer upload. + * [b02ebc9] Don't use deprecated crypt module. + (closes: #1028513) + + -- Bas Couwenberg Fri, 20 Jan 2023 07:01:26 +0100 + +dovecot (1:2.3.19.1+dfsg1-2) unstable; urgency=medium + + [ Christian Göttsche ] + * [281fb2c] d/patches: cherry-pick fix for CVE-2022-30550 (Closes: #1016351) + * [9c58e71] d/patches: fix uninitialized read in doveadm-oldstats + * [a76a24d] d/control: bump to standards version 4.6.1 (no further changes) + * [4aaaa8b] Update Lintian overrides + + -- Noah Meyerhans Fri, 29 Jul 2022 19:58:28 -0700 + +dovecot (1:2.3.19.1+dfsg1-1) unstable; urgency=medium + + [ Christian Göttsche ] + * [e40f93f] d/patches: avoid usage of PATH_MAX not available on hurd + * [19e00cd] d/rules: enable backtrace generation + * [5bf1c43] d/patches: debug flaky unit test + + [ Noah Meyerhans ] + * [b73422f] New upstream version 2.3.19.1+dfsg1 + * [c88bfc0] Update changelog for 1:2.3.19.1+dfsg1-1 release + * [ca59548] Update lintian overrides + * [d6406c2] d/copyright: update declarations for current maintainers + + -- Noah Meyerhans Wed, 22 Jun 2022 09:27:01 -0700 + +dovecot (1:2.3.19+dfsg1-1) unstable; urgency=medium + + [ Christian Göttsche ] + * [0d29e45] d/rules: enable LTO via DEB_BUILD_MAINT_OPTIONS instead of custom flags + * [560cceb] d/source/lintian-overrides: update very-long-line-length-in-source-file overrides + * [b99d09e] d/copyright: update years + * [9ee8271] d/dovecot-core.prerm: drop as superseded by debhelper + * [907f85c] d/maintscripts: update + * [2b38240] d/dovecot-core.postinst: drop support for version skips + * [dcb76d1] d/dovecot-core.postinst: only link certs if existent (Closes: #1009872) + * [d223bbd] d/patches: add patch to support openssl 3.0 (Closes: #996273) + + [ Noah Meyerhans ] + * [9f3175e] New upstream version 2.3.19+dfsg1 + + -- Noah Meyerhans Sun, 05 Jun 2022 18:29:18 +0000 + +dovecot (1:2.3.18+dfsg1-1) unstable; urgency=medium + + [ Noah Meyerhans ] + * [36966c8] New upstream version 2.3.18+dfsg1 + * [042bda4] Refresh patches for 1:2.3.18+dfsg1-1 + + -- "Noah Meyerhans" Thu, 10 Feb 2022 20:05:50 +0000 + +dovecot (1:2.3.17.1+dfsg1-1) unstable; urgency=medium + + [ Christian Göttsche ] + * [40b0010] New upstream version 2.3.17+dfsg1 + * [3c377e0] New upstream version 2.3.17.1+dfsg1 + * [e2f1ce2] d/patches: rebase and drop upstream applied ones + * [533b7ad] d/control: bump to standards version 4.6.0 (no further changes) + * [02ed6cf] debian: reduce Lintian issues + * [bb3ae48] d/salsa-ci.yml: skip cross build and do not fail on Lintian + warnings + * [bcda7e4] d/control: build against Lua 5.4 + * [9eed0dd] d/control: enable libunwind support on available archs + * [1990699] d/patches: cherry-pick memory leak commit + * [426df46] d/patches: cherry-pick imapsieve fix + * [e3d0747] d/patches: add patch for LTO by avoiding unaligned access + (Closes: #997513) + + -- Noah Meyerhans Tue, 14 Dec 2021 09:24:23 -0800 + +dovecot (1:2.3.16+dfsg1-3) unstable; urgency=medium + + * [7b858b6] Fix FTBFS on mips(64)el. Stacktrace generation on these + architectures requires -funwind-tables, as with 32-bit arm. + + -- Noah Meyerhans Thu, 16 Sep 2021 08:41:27 -0700 + +dovecot (1:2.3.16+dfsg1-2) unstable; urgency=medium + + [ Christian Göttsche ] + * [e1e9ece] d/patches: rework backtrace test patch + * [be404bf] d/patches: add big-endian patch + + -- Noah Meyerhans Fri, 10 Sep 2021 16:10:50 -0700 + +dovecot (1:2.3.16+dfsg1-1) unstable; urgency=medium + + [ Christian Göttsche ] + * [ff4a227] New upstream version 2.3.14+dfsg1 + * [963fa3b] New upstream version 2.3.15+dfsg1 (Closes: #991323, #983510) + * [5e0c898] d/watch: adjust dversionmangle for dfsg suffix + * [9ffb0f5] d/patches: update + * [850e1d6] New upstream version 2.3.16+dfsg1 + * [7140b87] d/patches: rebase patches + * [fb1b77e] d/rules: enable LTO + * [ce7055d] d/control: add libsystemd-dev dependency + * [db93263] d/copyright: drop unused section + * [aeec1e8] d/rules: update how to set systemdsystemunitdir + * [ebe9709] d/patches: resolve compiler warnings + * [19b2bb0] d/changelog: bump to 1:2.3.16+dfsg1-1 + * [58a4078] d/patches: update 32bit warnings patch + + [ Noah Meyerhans ] + * [f217c2e] Fix indexer crash + * [b075317] Import upstream patch for indexer crash on client disconnect + * [36e8740] drop debian/dovecot-core.maintscript + + -- Noah Meyerhans Thu, 02 Sep 2021 13:22:16 -0700 + +dovecot (1:2.3.13+dfsg1-2) unstable; urgency=high + + * Import upstream fixes for security issues (Closes: #990566): + - CVE-2021-29157: Path traversal issue allowing an attacker with + access to the local filesystem can trick OAuth2 authentication into + using an HS256 validation key from an attacker-controlled location + - CVE-2021-33515: Sensitive information could be redirected to an + attacker-controlled address because of a STARTTLS command injection + bug in the submission service + + -- Noah Meyerhans Tue, 20 Jul 2021 08:05:19 -0700 + +dovecot (1:2.3.13+dfsg1-1) unstable; urgency=medium + + [ Christian Göttsche ] + * [6829237] New upstream version 2.3.13 (Closes: #979363) + - CVE-2020-24386: IMAP hibernation allows accessing other peoples mail + - CVE-2020-25275: MIME parsing crashes with particular messages + + * [6d25736] Add libzstd-dev to build-dependencies (Closes: #969165) + * [5956798] Rebase patches + * [2cb63c3] Bump to standards version 4.5.1 (no further changes) + * [548bac5] Drop unmatched copyright src/lib-ntlm/* wildcard + * [6f33f3f] Ignore package-contains-documentation-outside-usr-share-doc + false-positives + * [dde9c94] Handle removed configuration file in postinst + + [ Pino Toscano ] + * [04a60e3] d/{control,rules}: disable apparmor support on !linux archs + (Closes: #951869) + + [ Helmut Grohne ] + * [e5f9fcb] d/patches: improve cross-compile support (Closes: #979370) + + -- Noah Meyerhans Mon, 25 Jan 2021 15:38:17 -0800 + +dovecot (1:2.3.11.3+dfsg1-2) unstable; urgency=medium + + [ Christian Göttsche ] + * [44770f6] Add patch for 32bit compiler warnings + * [053865a] Lintian: remove unused override + * [4ece2e1] Lintian: add forwarded header to Debian specific patches + * [67872b7] Lintian: ignore Debian only man page + * [d30bd7e] Lintian: tag manpage-without-executable got renamed to + spare-manual-page + * [3bdf952] Limit libcap-dev build-dependency to linux-any + * [28f6425] Drop acute accent in man page + * [8c15850] Add patch allowing GSSAPI containing NULL + + -- Noah Meyerhans Wed, 19 Aug 2020 12:06:07 -0700 + +dovecot (1:2.3.11.3+dfsg1-1) unstable; urgency=high + + * New upstream release fixes security issues (Closes: #968302) + - CVE-2020-12100 - Receiving mail with deeply nested MIME parts leads to + resource exhaustion as Dovecot attempts to parse it. + - CVE-2020-12673 - Dovecot's NTLM implementation does not correctly check + message buffer size, which leads to reading past allocation which can + lead to crash. + - CVE-2020-12674 - Dovecot's RPA mechanism implementation accepts + zero-length message, which leads to assert-crash later on. + * Add libcap-dev to build-dependencies to support dropping linux + capabilities. + + -- Noah Meyerhans Thu, 13 Aug 2020 16:21:24 -0700 + +dovecot (1:2.3.10.1+dfsg1-2) unstable; urgency=medium + + * Support sd_notify with systemd (Closes: #951722) + * Add necessary CFLAGS and LDFLAGS settings to ensure functional backtrace + generation. (Closes: #962630) + * Suppress additional library-not-linked-against-libc lintian warnings some + plugins as false-positives, observed on armel systems + + [ Andreas Hasenack ] + * d/t/control, d/t/testmails: cherry-pick updated autopkgtests from + Ubuntu's 1:2.2.35-2ubuntu1: + - d/t/testmails: dropped the hardcoded "Ubuntu" name from the banner + text and made it distribution agnostic + - d/t/control: added lsb-release to test dependencies, used to get the + distribution name + + -- Noah Meyerhans Tue, 16 Jun 2020 08:29:02 -0700 + +dovecot (1:2.3.10.1+dfsg1-1) unstable; urgency=medium + + * New upstream release addresses multiple security issues + - CVE-2020-10957 + - CVE-2020-10958 + - CVE-2020-10967 + (Closes: #960963, #930919, #928492) + * Refresh patches + * Strip non-DFSG-compliant docs from .orig archives + * Incorporate a number of improvements to debian/ metadata contributed by + Christian Göttsche + * Move pid file to /run (Closes: #925443) + * Add noahm@debian.org to Uploaders + * Work around flakiness in autopkgtest suite + * Suppress library-not-linked-against-libc lintian warnings some plugins as + false-positives + + -- Noah Meyerhans Wed, 10 Jun 2020 10:41:37 -0700 + +dovecot (1:2.3.7.2-1) unstable; urgency=medium + + * [dcaf24e] New upstream version 2.3.7.2 + - Fixes CVE-2019-11500 for dovecot-core + * [111beef] Update pigeonhole to 0.5.7.2 + - Fixes CVE-2019-11500 for pigeonhole/managesieve + * [a422c4c] Bump Standards-Version to 4.4.0; no changes needed + * [56e37ed] Bump dh compat to 12; no changes needed. + - Drop d/compat in favor debhelper-compat B-D. + * [476edbd] Refresh dovecot_name.patch and ssl-cert-location.patch + * [9dc7904] Drop patches included in 2.3.7.2. + - CVE-2019-10691 + - CVE-2019-11494 + - CVE-2019-11499 + - CVE-2019-7524 + - avoid-double-closing-mysql.patch + - lib-master-test-event-stats-Use-PRIu64-format.patch + + -- Apollon Oikonomopoulos Thu, 29 Aug 2019 11:55:51 +0300 + +dovecot (1:2.3.4.1-5) unstable; urgency=medium + + * [bd00402] Fix CVE-2019-11494 and CVE-2019-11499 (Closes: #928235) + - submission-login: fix null pointer dereference when client + disconnects during authentication (CVE-2019-11494) + - submission-login: fix assert-crash when receiving an invalid + authentication message over TLS (CVE-2019-11499) + + -- Apollon Oikonomopoulos Mon, 29 Apr 2019 23:35:05 +0300 + +dovecot (1:2.3.4.1-4) unstable; urgency=high + + * [d04d4ba] Fix assert-crash in JSON encoder (CVE-2019-10691) + + -- Apollon Oikonomopoulos Thu, 18 Apr 2019 10:21:19 +0300 + +dovecot (1:2.3.4.1-3) unstable; urgency=high + + * [07c9212] Fix two buffer overflows when reading oversized FTS headers + and/or oversized POP3-UIDL headers (CVE-2019-7524). + + -- Apollon Oikonomopoulos Mon, 25 Mar 2019 23:06:01 +0200 + +dovecot (1:2.3.4.1-2) unstable; urgency=medium + + [ Laurent Bigonville ] + * [ac99918] Fix double-free crash in mysql driver + Fix double closing of the connection in the mysql driver, this should + fix the crash in the dovecot auth process, taken from upstream. + (Closes: #918339) + + [ Apollon Oikonomopoulos ] + * [8a30446] Bump Standards-Version to 4.3.0; no changes needed + + -- Apollon Oikonomopoulos Thu, 14 Mar 2019 11:02:39 +0200 + +dovecot (1:2.3.4.1-1) unstable; urgency=high + + * [bebf0b4] New upstream version 2.3.4.1 + + Fixes CVE-2019-3814: TLS client auth username handling + + -- Apollon Oikonomopoulos Tue, 05 Feb 2019 16:19:12 +0200 + +dovecot (1:2.3.4-2) unstable; urgency=medium + + * [51d1317] Fix FTBFS on 32-bit platforms. + Cherry-pick upstream commit de42b54, fixing the event-stats test on + 32-bit platforms. + + -- Apollon Oikonomopoulos Sat, 24 Nov 2018 02:02:17 +0200 + +dovecot (1:2.3.4-1) unstable; urgency=medium + + * [14c247f] New upstream version 2.3.4 + * [7fed004] Update pigeonhole to 0.5.4 + + -- Apollon Oikonomopoulos Fri, 23 Nov 2018 22:00:06 +0200 + +dovecot (1:2.3.3-1) unstable; urgency=medium + + [ Jelmer Vernooij ] + * Trim trailing whitespace. + + [ Apollon Oikonomopoulos ] + * [6591a99] New upstream version 2.3.3 + * [3d718ec] Bump Standards-Version to 4.2.1; no changes needed + * [123bd32] Update pigeonhole to 0.5.3 + + -- Apollon Oikonomopoulos Thu, 04 Oct 2018 17:29:40 +0300 + +dovecot (1:2.3.2.1-1) unstable; urgency=medium + + * [40ba9f0] New upstream bugfix release 2.3.2.1 + * [87045ac] Drop fix-ftbfs-on-32bit.patch; merged upstream + * [5bb22a4] Bump Standards-Version to 4.1.5; no changes needed + + -- Apollon Oikonomopoulos Tue, 10 Jul 2018 17:51:43 +0300 + +dovecot (1:2.3.2-2) unstable; urgency=medium + + * [48067de] Fix FTBFS on 32-bit platforms by cherry-picking upstream commit + 1e23986f. + + -- Apollon Oikonomopoulos Wed, 04 Jul 2018 12:43:14 +0300 + +dovecot (1:2.3.2-1) unstable; urgency=medium + + * [bb03669] New upstream version 2.3.2 + + Upload to unstable + * [d29da3a] Merge 2.3 package changes from experimental. Important changes: + + [b3d1e17] Enable AppArmor support, see + https://wiki2.dovecot.org/Plugins/Apparmor + • B-D on libapparmor-dev + + [c0c55bd] Enable Lua scripting support for authdb/passdb. + • B-D on liblua5.3-dev + • New binary package, dovecot-auth-lua + + [4f6792e] Build with sodium support, enabling the ARGON2I and ARGON2ID + password schemes. + • B-D on libsodium-dev + + [54347e7] Build with ICU support enabling FTS unicode normalization + • B-D on libicu-dev + + New dovecot-submissiond binary package for the dovecot submission agent; + see https://wiki2.dovecot.org/Submission. + * [4db4813] Change maintainer address to dovecot@packages.d.o + * [5118354] Update pigeonhole to 0.5.2 + * [52a7af4] Drop murmur3-big-endian.patch; merged upstream + * [22a6eee] Refresh dovecot_name.patch + * [3af7568] dovecot_name.patch: apply to submissiond as well + + -- Apollon Oikonomopoulos Wed, 04 Jul 2018 08:57:45 +0300 + +dovecot (1:2.2.36-1) unstable; urgency=medium + + * [19f2274] d/gbp.conf: set merge-mode to "merge" to preserve pigeonhole/ + when importing new dovecot sources + * [6b9bf0d] New upstream version 2.2.36 + * [be12f22] Bump pigeonhole version to 0.4.24 + + Remove new file under doc/rfc + + Ship the new imap_filter_sieve module in dovecot-sieve + * [b77be59] Bump Standards-Version to 4.1.4; no changes needed + + -- Apollon Oikonomopoulos Wed, 06 Jun 2018 09:31:49 +0300 + +dovecot (1:2.2.35-2) unstable; urgency=medium + + * [7665652] Use git-subtree to generate pigeonhole patch from git; add + single-debian-patch to d/source/local-options + * [bfa0f10] d/rules: specify libdir manually; previous upload moved modules + under /usr/lib/, which was bound to break existing setups + * [982e826] d/copyright: adjust pigeonhole path and bump years + + -- Apollon Oikonomopoulos Thu, 22 Mar 2018 16:56:40 +0200 + +dovecot (1:2.2.35-1) unstable; urgency=medium + + * [8108cba] New upstream version 2.2.35 + * [6cbbaa1] Update pigeonhole to 0.4.23 (Closes: #892137) + * [9ace5f2] Switch Vcs-* URLs to salsa.d.o + * [ef40625] d/rules: call configure via dh_auto_configure. + Thanks to Helmut Grohne (Closes: #885854) + * [a459455] Drop B-D on libcurl4-gnutls-dev; removed upstream since 2.2 + * [235af9d] Update upstream signing key + + -- Apollon Oikonomopoulos Tue, 20 Mar 2018 11:15:42 +0200 + +dovecot (1:2.2.34-2) unstable; urgency=high + + * [868dc65] Update pigeonhole to 0.4.22 + * Set urgency to high due to the security fixes in 2.2.34-1 + + -- Apollon Oikonomopoulos Fri, 02 Mar 2018 18:36:23 +0200 + +dovecot (1:2.2.34-1) unstable; urgency=medium + + * [f53dc9a] New upstream version 2.2.34 (Closes: #921529) + Fixes the following security issues: + + CVE-2017-15130: TLS SNI config lookups may lead to excessive memory + usage (Closes: #891820) + + CVE-2017-14461: rfc822_parse_domain information leak vulnerability + (Closes: #891819) + + CVE-2017-15132: auth client leaks memory if SASL authentication is + aborted (Closes: #888432) + * [0dc98c6] Do not patch all-settings.c; regenerate it at build time + instead. Thanks to Aki Tuomi! + * [e678e3b] Bump dh compat to 11 + + B-D on debhelper (>= 11~) + + Use dh_installsystemd instead of dh_systemd_enable + * [271b290] Bump Standards-Version to 4.1.3; no changes needed + * [3cd6715] d/copyright: bump upstream and debian years + * [380d1ac] Drop the ENABLED flag from /etc/default/dovecot (but let the + initscript handle it if it exists) + * [97d6fae] d/watch: switch upstream URL to https:// + + -- Apollon Oikonomopoulos Thu, 01 Mar 2018 10:55:49 +0200 + +dovecot (1:2.2.33.2-1) unstable; urgency=medium + + * [8216f38] New upstream version 2.2.33.2 + + -- Apollon Oikonomopoulos Sat, 11 Nov 2017 20:59:43 +0200 + +dovecot (1:2.2.33.1-1) unstable; urgency=medium + + * [dbd1132] New upstream version 2.2.33.1 + + [b3d1f2d] Refresh split-protocols.patch + + [e0de123] Update pigeonhole to 0.4.21 + * [ef6a1eb] Set mail_privileged_group to 'mail' by default (Closes: #711856) + * [aeb6cf3] d/copyright: convert to Format 1.0 + * [5961f9d] Use dh-autoreconf for both, dovecot and pigeonhole. + * [85f1f0f] Bump Standards to 4.1.1; no changes needed + + -- Apollon Oikonomopoulos Fri, 13 Oct 2017 16:28:14 +0300 + +dovecot (1:2.2.32-2) unstable; urgency=medium + + * [fa71c69] dovecot-core.postinst: remove dovecot-common's postrm + (Closes: #696382) + * [e835c67] Ship decode2text.sh as an example (Closes: #767313) + * [63fb486] Deprecate dovecot-dbg in favor of auto dbgsyms + * [36b44b9] Handle unsupported SSLv2/SSLv3 in the ssl_protocols setting + gracefully (Closes: #866752) + + -- Apollon Oikonomopoulos Tue, 19 Sep 2017 16:59:38 +0300 + +dovecot (1:2.2.32-1) unstable; urgency=medium + + * [6652d9c] New upstream version 2.2.32. + * [c9cb096] Update pigeonhole to 0.4.20. + * [b499950] dovecot-core: remove SSL key/cert symlinks on purge + (Closes: #867157) + * [dbdcc66] dovecot-core.postinst: ignore adduser errors (Closes: #867849) + * [476c950] Bump Standards to 4.1.0; no changes needed. + * [2914efa] Drop B-D on autotools-dev, it is depended on by debhelper 10. + * [305d022] Remove Fabio, Joel and Marco from Uploaders. Thanks for your work! + + -- Apollon Oikonomopoulos Tue, 12 Sep 2017 16:15:52 +0300 + +dovecot (1:2.2.31-1) unstable; urgency=medium + + * [9b058f3] New upstream version 2.2.31 + + [2b577c1] Bump pigeonhole version to 0.4.19 + * Enable TLS by default: + + [7ca4b1c] Update SSL cert location patch; cert/key should reside under + /etc/dovecot/private by default. + + [05d3d0f] Use ssl-cert-snakeoil certificates to setup SSL by default + (Closes: #376146, #786570) + + [862901f] dovecot-core.postinst: manage 10-ssl.conf using ucf + (Closes: #850538) + + [418df05] README.Debian: document the new TLS setup + + [47bade9] dovecot-core.NEWS: document TLS support + * [8356bc0] Handle /etc/dovecot/private mode using dpkg-statoverride + * dovecot-core.postinst: cleanup + + [afbd33f] dovecot-core.postinst: always call adduser + + [ee22dc5] dovecot-core.postinst: remove obsolete conffile handling + + [7bb298b] dovecot-core.postinst: do not remove the imapd user/group + * [815a2d1] README.Debian: cleanup + * [91115a3] Use noawait dpkg triggers (lintian warning) + * [e845cec] Add basic usage DEP-8 test, doing end-to-end tests involving + LDA, IMAP and POP3. + * [71c73ef] systemd: convert service to Type=simple and start after + network-online.target (Closes: #865546, #825562) + * [1534fac] dovecot.service: enable ProtectSystem=full + * [d276c69] B-D only on default-libmysqlclient-dev + + -- Apollon Oikonomopoulos Tue, 27 Jun 2017 18:18:12 +0300 + +dovecot (1:2.2.30.2-1) unstable; urgency=medium + + * [401e83d] New upstream version 2.2.30.2 + * [1ea8321] Bump pigeonhole version to 0.4.18 + * [97bf8ec] Drop CVE-2017-2669 patch + * [9c1bbe2] Drop fix-sha3-on-big-endian.patch + * [d3c607b] Refresh dovecot_name.patch + * [5c64268] Bump Standards to 4.0.0; no changes needed + * [0b884fc] Bump compat to 10 + + B-D on debhelper (>= 10) + + Drop B-D on dh-systemd, now provided by debhelper + + Run dh --without=autoreconf, since we use autotools-dev + + -- Apollon Oikonomopoulos Thu, 22 Jun 2017 22:22:59 +0300 + +dovecot (1:2.2.27-3) unstable; urgency=high + + * [117285a] Remove /etc/dovecot/README (Closes: #849290) + * [04e8ce3] auth: Do not double-expand key in passdb dict when + authenticating (CVE-2017-2669) (Closes: #860049) + + -- Apollon Oikonomopoulos Tue, 11 Apr 2017 00:46:54 +0300 + +dovecot (1:2.2.27-2) unstable; urgency=medium + + * [30586e3] Fix SHA3 on big-endian architectures. + + -- Apollon Oikonomopoulos Thu, 15 Dec 2016 22:24:56 +0200 + +dovecot (1:2.2.27-1) unstable; urgency=medium + + [ Jaldhar H. Vyas ] + * [b1e4693] Imported Upstream version 2.2.27 + + Includes fix for CVE-2016-8652 (Closes: #846605) + + [ Apollon Oikonomopoulos ] + * [b25993a] Drop patches merged upstream: + + call_openssl_cleanup_at_deinit.patch + + disable_sslv23.patch + + -- Apollon Oikonomopoulos Wed, 14 Dec 2016 21:48:46 +0200 + +dovecot (1:2.2.26.0-4) unstable; urgency=medium + + * [3015f35] Drop references to SSLv2 in the default SSL protocols (Closes: #844271) + + -- Apollon Oikonomopoulos Mon, 14 Nov 2016 17:55:26 +0200 + +dovecot (1:2.2.26.0-3) unstable; urgency=medium + + * [b03027b] Call OPENSSL_cleanup() on dcrypt_openssl unload. Fixes FTBFS + with OpenSSL 1.1.0c. + + -- Apollon Oikonomopoulos Sun, 13 Nov 2016 10:56:30 +0200 + +dovecot (1:2.2.26.0-2) unstable; urgency=medium + + * [9db7d1b] Fix upgrades from 2.2.25 (Closes: #843028) + + -- Apollon Oikonomopoulos Tue, 08 Nov 2016 15:06:16 +0200 + +dovecot (1:2.2.26.0-1) unstable; urgency=medium + + [ Apollon Oikonomopoulos ] + * [18fc181] New upstream version 2.2.26.0 (Closes: #828286, #834837) + * [3ecfd3c] Update pigeonhole to 0.4.16 + * [61ff825] Move libdovecot-ldap and libdict_ldap to dovecot-ldap (Closes: + #830135). + * [b3a1650] Ubuntu: disable -Bsymbolic-functions ld flag. + Thanks to Christian Ehrhardt + (Closes: #842151) (LP: #1636781) + * [5828ab1] B-D on default-libmysqlclient-dev (but keep plain + libmysqlclient-dev as an alternative to ease backports). + * [0086110] Drop DRAC plugin. + Thanks to Christian Ehrhardt + (Closes: #842153) + + [ Jaldhar H. Vyas ] + * [60808eb] Move aclocal *.m4 files into -dev package. + * [52fd869] Move lib95_imap_sieve_plugin.so into dovecot-sieve (Closes: + #832046). + + -- Apollon Oikonomopoulos Thu, 07 Jul 2016 10:17:58 +0200 + +dovecot (1:2.2.25-1) unstable; urgency=medium + + * [cc29a81] Imported Upstream version 2.2.25 + * [d19bcca] Updated pigeonhole patch to 0.4.14 + * [16db179] Merged in some features of the Ubuntu dovecot package. + + dovecot-core: added lsb-base dependency. + + dovecot-core: Added apport hook. + + dovecot-imapd,dovecot-pop3d: Added ufw profiles. + Thanks to Christian Erhardt + (Closes: #828864) + + -- Jaldhar H. Vyas Fri, 01 Jul 2016 17:07:03 -0400 + +dovecot (1:2.2.24-1) unstable; urgency=medium + + * [26020b6] Imported Upstream version 2.2.24 (Closes: #818652) + + -- Apollon Oikonomopoulos Mon, 09 May 2016 10:42:08 +0300 + +dovecot (1:2.2.23-1) unstable; urgency=medium + + [ Jaldhar H. Vyas ] + * Drop missing-expunges.patch, merged upstream + + [ Apollon Oikonomopoulos ] + * [8a01915] Imported Upstream version 2.2.23 + + -- Apollon Oikonomopoulos Tue, 12 Apr 2016 17:30:03 +0300 + +dovecot (1:2.2.22-1) unstable; urgency=medium + + [ Jaldhar H. Vyas ] + * [2321581] Imported Upstream version 2.2.22 + * [3fa8a62] Updated pigeonhole patch to 0.4.13 + + -- Jaldhar H. Vyas Fri, 18 Mar 2016 19:18:34 -0400 + +dovecot (1:2.2.21-1) unstable; urgency=medium + + [ Jaldhar H. Vyas ] + * [d9c0630] Imported Upstream version 2.2.21 (Closes: #809666, #708539, + #801346, 803223) + * [5360548] Updated pigeonhole patch to 0.4.12 + * [5e6783f] Fixed typo in dovecot-core.README.Debian. + Thanks to Ingo Wichmann (Closes: #809717) + * [d00d0c7] Create /var/lib/dovecot in the package. (Closes: #801752) + * [6510373] Upstream patch for sync problem which could cause expunged + messages to keep reappearing. (Closes: #684499) + * [040f7fa] dovecot-core: dovecot.socket not enabled on installation + (Closes: #814999) + * [fc29003] /etc/dovecot/10-ssl.conf no longer managed by ucf or modified by + postinst. Thanks to Santiago Vila (Closes: #773237) + * [0d16e16] Fixed some lintian warnings. + * [801ba7e] Added Apollon to uploaders + + [ Apollon Oikonomopoulos ] + * [99ef3d8] Build with lz4 support (Closes: #784321) + * [92f68aa] Fix nss userdb (Closes: #712764) + * [41b9bde] Disable dovecot.socket in existing installations. + * [49c5b97] d/rules: specify systemd unit dir manually (Closes: #720854) + * [a377ccb] Convert to dh sequencer + * [48af954] B-D on debhelper >= 9 + * [591c315] Bump standards to 3.9.7; no changes needed + * [ceb629e] Use dh_installinit --name + * [ef8d8ac] d/rules: refactor file installation + * [a899bcc] dovecot-core: use dh_installman + * [6159e00] d/rules: build in parallel if requested + * [51014e6] d/control: use HTTPS Vcs-* URLs + * [b385cf5] dovecot-sieve: replace Conflicts with Breaks + * [b4a9e68] Add basic DEP-8 tests + * [7452649] Add DEP-8 tests for systemd support + * [e5101aa] Re-enable PIE and bindnow + * [5717808] Fix invoke-rc.d calls and never call init.d directly + * [3504241] Drop debconf remains + + -- Jaldhar H. Vyas Tue, 01 Mar 2016 19:31:42 -0500 + +dovecot (1:2.2.20-1) UNRELEASED; urgency=medium + + * [68d5038] Imported Upstream version 2.2.20 + + -- Jaldhar H. Vyas Sun, 13 Dec 2015 10:21:21 -0500 + +dovecot (1:2.2.19-1) UNRELEASED; urgency=medium + + * [146ef57] Imported Upstream version 2.2.19 + * [3af7cad] Updated pigeonhole patch to 0.4.9 + + -- Jaldhar H. Vyas Sun, 13 Dec 2015 09:41:56 -0500 + +dovecot (1:2.2.18-2) unstable; urgency=high + + * [3f3bf71] Updated pigeonhole patch to 0.4.8 (Closes: #792669) + + -- Jaldhar H. Vyas Sun, 23 Aug 2015 23:16:28 -0400 + +dovecot (1:2.2.18-1) unstable; urgency=medium + + * [cce20a5] Imported Upstream version 2.2.18. Closes: #786760 + * [36d2ec1] Refresh patch dovecot_name.patch. + * [109e6f8] Drop patch cve-2015-3420.patch: applied upstream. + * [6c59f09] Depend on krb5-multidev rather than libkrb5-dev. + + -- Jelmer Vernooij Sun, 24 May 2015 15:01:19 +0000 + +dovecot (1:2.2.16-1) unstable; urgency=medium + + * [e9d9193] Imported Upstream version 2.2.16 + * [976c256] Remove gbp- prefix from section names in debian/gbp.conf. + * [762b9a6] Add Dutch translation. Thanks, Frans Spiesschaert. Closes: #766203 + * [dea3dd6] Drop bye_logout_not_sent.patch: already included upstream. + + -- Jelmer Vernooij Mon, 04 May 2015 12:23:05 +0000 + +dovecot (1:2.2.13-12) unstable; urgency=high + + * [48f6fe4] Add patch cve-2015-3420.patch: Fix SSL/TLS handshake failures + leading to a crash of the login process with newer versions of OpenSSL. + Closes: #783649 (CVE-2015-3420) + + -- Jelmer Vernooij Mon, 04 May 2015 11:38:30 +0000 + +dovecot (1:2.2.13-11) unstable; urgency=high + + * [ebc0377] Don't allow install of dovecot-sieve without a new enough + dovecot-core. (Closes: #772885) + + -- Jaldhar H. Vyas Sun, 14 Dec 2014 12:27:50 -0500 + +dovecot (1:2.2.13-10) unstable; urgency=high + + [ Jelmer Vernooij ] + * [93db7f0] Fix path to 90-sieve-extprograms.conf in dovecot-sieve.postinst. + Closes: #772703, #772711 + + [ Jaldhar H. Vyas ] + * [8c627a4] Add another db_stop this time for triggers. Die #770695 die! + + -- Jaldhar H. Vyas Wed, 10 Dec 2014 19:56:20 -0500 + +dovecot (1:2.2.13-9) unstable; urgency=high + + * [5b689f6] Made some overlooked configuration files into conffiles; + deleted excess files from /usr/share/doc/dovecot-core. + * [83f2fc4] Explicitly stop debconf in dovecot-core postinst which hopefully + fixes the last of the install hangs. + Thanks to Chris Gilbert (Closes: #770695) + + -- Jaldhar H. Vyas Tue, 09 Dec 2014 06:17:23 -0500 + +dovecot (1:2.2.13-8) unstable; urgency=medium + + * [b2f652f] Turn off SSL by default and leave SSL cert locations commented + out. Hopefully this will be a satisfactory lowest common denominator for + new installs without messing with upgrades. + (Closes: #771334, #771407) + + -- Jaldhar H. Vyas Tue, 02 Dec 2014 00:21:30 -0500 + +dovecot (1:2.2.13-7) unstable; urgency=high + + * [daea09a] Commented out cert locations so install doesn't bomb if the + certs haven't been created yet. + (Closes: #706216, #732263, #767154, #768253, #769461, #770697) + + -- Jaldhar H. Vyas Fri, 28 Nov 2014 00:27:03 -0500 + +dovecot (1:2.2.13-6) unstable; urgency=medium + + * [f7205c0] dovecot-dev: removed dependency on dovecot-core + * [e393868] Removed SSL certificate generation from postinst. From now on + you have to do this yourself. See dovecot-core's README.debian for + instructions. (Closes: #730828) + + -- Jaldhar H. Vyas Sat, 25 Oct 2014 23:31:42 -0400 + +dovecot (1:2.2.13-5) unstable; urgency=medium + + * Fix name of organizationName field in SSL configuration for self- + signed certs. Closes: #760653 + + -- Jelmer Vernooij Sat, 06 Sep 2014 23:19:51 +0200 + +dovecot (1:2.2.13-4) unstable; urgency=medium + + * Add Provides with dovecot ABI version, for plugins to depend on. + Closes: #456021 + + -- Jelmer Vernooij Sun, 20 Jul 2014 19:31:09 +0200 + +dovecot (1:2.2.13-3) unstable; urgency=medium + + * Build-depend on clucene 2.3 or later, which upstream lists as the + minimum version. Closes: #754141 + * Use configuration file for openssl certificate configuration. + * Use canonical address for Vcs-Browser header. + * Remove unnecessary asterisk from NEWS entry; fixes lintian warning. + * Remove unused lintian override for usr/lib/dovecot/imap. + * dovecot-core: Ignore lintian warnings for empty directories. + + -- Jelmer Vernooij Tue, 08 Jul 2014 01:48:08 +0200 + +dovecot (1:2.2.13-2) unstable; urgency=medium + + * [bd5e34b] Patches from upstreams' hg repo to fix BYE and LOGOUT not being + sent. (Closes: #751682) + * [452e336] Czech translation for debconf. + Thanks to Michal Šimůnek (Closes: #751389) + + -- Jaldhar H. Vyas Wed, 25 Jun 2014 01:38:59 -0400 + +dovecot (1:2.2.13-1) unstable; urgency=medium + + * [0680040] Imported Upstream version 2.2.13 + + -- Jelmer Vernooij Sun, 25 May 2014 18:45:38 +0200 + +dovecot (1:2.2.13~rc1-1) unstable; urgency=medium + + * [7751508] Imported Upstream version 2.2.13~rc1 + + Fixes denial of service vulnerability (CVE-2014-3430). Closes: #747549 + + -- Jelmer Vernooij Sat, 10 May 2014 14:34:14 +0200 + +dovecot (1:2.2.12-3) unstable; urgency=medium + + * [0383db0] Break long line. + * [c961b6a] Fix installation of sieve plugins. Closes: #742770, #684271 + * [388d2bf] Strip body.rfc5173.txt from the pigeonhole patch, as it is + non-free. Closes: #745398 + + -- Jelmer Vernooij Wed, 23 Apr 2014 02:56:56 +0200 + +dovecot (1:2.2.12-2) unstable; urgency=medium + + * [c882a38] Add build dependencies libstemmer-dev and libexttextcat-dev, + used by dovecot-lucene. + * [67762d4] Use autotools-dev to update config.guess and config.sub. + * [33e79b7] Update Japenese po file. Thanks, victory. Closes: #730171 + * [cbf213b] Add non-standard-dir-perm override for /etc/dovecot/private. + + -- Jelmer Vernooij Sun, 23 Mar 2014 17:57:04 +0000 + +dovecot (1:2.2.12-1) experimental; urgency=medium + + * [52b67de] Update watch file for 2.2 series. + * [c4eac1f] Verify upstream tarball signature in watch file. + * [3a81ff9] Imported Upstream version 2.2.12 + * [8950a86] Bump standards version to 3.9.5 (no changes). + * [cd82417] Add myself to uploaders. + + -- Jelmer Vernooij Thu, 06 Mar 2014 22:45:19 +0000 + +dovecot (1:2.2.10-1) unstable; urgency=low + + * [0496c52] Imported Upstream version 2.2.10 + * [515dd61] Added new package for Lucene full text search support. + Thanks to Jelmer Vernooij for the patch. + (Closes: #685979) + * [718a68e] Fix old private key location in README.Debian. + Thanks to Jelmer Vernooij for the patch. + (Closes: #702385) + * [42da568] dovecot-solr: Make sure solr-schema.xml gets installed. + (In /usr/share/dovecot) + (Closes: #695185) + * [77acbf7] Added /usr/share/dovecot/dovecot-abi file in dovecot-dev to + document -- you guessed it! -- the dovecot ABI version. + * [feb597a] Added support for xz compression. + + -- Jaldhar H. Vyas Thu, 06 Mar 2014 02:51:34 -0500 + +dovecot (1:2.2.9-1) unstable; urgency=low + + [ Jaldhar H. Vyas ] + * [77468cf] Imported Upstream version 2.2.9 + * [43e08f3] Place dovenull user in its own group. (Closes: #725164) + * [e1a3e9c] Handled the fact that dovecot-db.conf.ext is no longer used. + (Closes: #728107, #730403) + + [Debconf translation updates] + * Russian (Yuri Kozlov). (Closes: #729106) + * German (Chris Leick). (Closes: #729358) + * Danish (Joe Hansen). (Closes: #729425) + * French (Julien Patriarca). (Closes: #729966) + * Portuguese (Américo Monteiro). (Closes: #730006) + * Polish (Michał Kułach). (Closes: #730061) + * Italian (Beatrice Torracca). (Closes: #730136) + * Japanese (victory). (Closes: #73017) + * Swedish (Martin Bagge / brother). (Closes: #730188) + * Spanish; (Camaleón). (Closes: #730354) + + -- Jaldhar H. Vyas Thu, 16 Jan 2014 15:42:13 -0500 + +dovecot (1:2.2.8-1) UNRELEASED; urgency=low + + * [6157a2b] New upstream version 2.2.8 + + -- Jaldhar H. Vyas Thu, 21 Nov 2013 16:54:46 -0500 + +dovecot (1:2.2.5-1) experimental; urgency=low + [ Micah Anderson ] + * [a0035bf] New upstream version 2.2.5 + * [a053c49] Update pigeonhole patch to 0.4.1 + * [689cd67] refreshed patches + + [ Jaldhar H. Vyas ] + * Caused bugs and then fixed them again. + + -- Jaldhar H. Vyas Mon, 09 Sep 2013 00:57:32 -0400 + +dovecot (1:2.1.17-2) unstable; urgency=low + + * [e8286e0] New version of drac patch taken from Ubuntu which works better + with 2.x (Closes: #716764) + * [23acb40] Add a patch from Ubuntu to report the distro name in the login + banner why not. + * [f8d566e] Don't need dovecot-common package anymore; get rid of it. + + -- Jaldhar H. Vyas Sat, 07 Sep 2013 14:58:05 -0400 + +dovecot (1:2.1.17-1) experimental; urgency=low + + [ Jaldhar H. Vyas ] + * [fa0d6aa] Re-enable mbox write locking patch to comply with policy 11.6 + (Closes: #720502) + * [38691fb] New upstream version (Closes: #719021) + * [1361144] prompts in dovecot-core postinst debconfiscated. + * IN MEMORIAM: Goldy the Goldfish (2000-2013) You were a prince (or + perhaps princess?) among fish and we shall all miss you dearly. + May your karmas merit much punya in future lives. + + -- Jaldhar H. Vyas Fri, 23 Aug 2013 01:46:20 -0400 + +dovecot (1:2.1.16-1) experimental; urgency=low + + * [9741bd8] New Upstream version + * [3476489] Updated pigeonhole patch to 0.3.5 + * [d4f236f] Removed some patches which are no longer required. + + -- Jaldhar H. Vyas Fri, 14 Jun 2013 16:25:19 -0400 + +dovecot (1:2.1.7-8) experimental; urgency=low + + * This version is not actually intended for upload. It merely undoes + some changes made for the the wheezy release. Namely, the following + features are back: + - TCP Wrappers support + - Hurd compatibility support + - Triggers. + + -- Jaldhar H. Vyas Thu, 13 Jun 2013 16:14:21 -0400 + +dovecot (1:2.1.7-7) unstable; urgency=high + + * If you are upgrading from stable or earlier versions of this package + from testing/unstable please carefully read + /usr/share/doc/dovecot-core/README.Debian.gz for important information + about changes. + * [0d74b31] Move Breaks/Replaces mailavenger from dovecot-common to + dovecot-core (Closes: #694376) + * [a8030a1] Revamped dovecot-cores README.Debian by adding any info I could + think of in order to ease upgrade problems. (Closes: #696820) + * [04798d3] Don't touch 10-ssl.conf at all. Eventually I will DTRT with + regards to the default generated ssl certificates but in the mean time + this will do the least mischief. (Closes: #696817) + * [fde17d1] Patch to make /etc/dovecot/readme point to the right place for + the example configuration. (Closes: #698941) + + -- Jaldhar H. Vyas Mon, 04 Feb 2013 16:27:17 -0500 + +dovecot (1:2.1.7-6) unstable; urgency=high + + * WARNING: in order to get this package into wheezy some functionality + from the previous release had to be removed. Namely: + - TCP Wrappers support + - Hurd compatibility support + - Triggers + All this will be coming back in the next version but for now, if you need + any of it, stick with -5. + * [1f869e0] NEWS.Debian was not getting added to the package (Closes: #693621) + * [564c5e2] Add breaks and replaces mailavenger for debian-common + (Closes: #694376) + + -- Jaldhar H. Vyas Fri, 14 Dec 2012 17:01:33 -0500 + +dovecot (1:2.1.7-5) unstable; urgency=high + + * [132bc3b] Remove call to ntp-wait in init script. Dovecot handles a + skewed clock much better now. (Closes: #693225) + + -- Jaldhar H. Vyas Wed, 14 Nov 2012 14:45:29 -0500 + +dovecot (1:2.1.7-4) unstable; urgency=high + + * [68ef7ad] piuparts complained /etc/dovecot/private was left unowned on + purge which is against policy (Closes: #692944) + + -- Jaldhar H. Vyas Sun, 11 Nov 2012 23:45:07 -0500 + +dovecot (1:2.1.7-3) unstable; urgency=high + + [ Jaldhar H. Vyas ] + * [03d5499] Do not generate new dovecot cert if key or cert is already + present (Closes: #685896,#631257) Thanks to Alexander Ufimtsev + and Jörg-Volker Peetz for patches. + * [5be6c2a] You should be able to upgrade and remove dovecot-managesieved + without errors (Closes: #665487) + * [1a9ad5c] Fixes instances where UTF-8 was misused instead of mUTF-7 + (Closes: #680035) + * [c0ac3ba] Backport of fix for failure to autocreate mailboxes + (Closes: #623440) This also requires setting the default mail_location. + * [ba1d3f5] Fix FTBFS on Hurd (Closes: #686931) via upstream patch backported + from mercurial. + * [cfa92b5] Upgrade pigeonhole page to 0.3.1 (Closes: #688407) + * [58f01c2] Generated certificates will now be created in /etc/dovecot + (Closes: #608719) + * [8e40ea5] Patch to build with PIE and bindnow + by intrigeri@debian.org (Closes: #679017) + * [87d982b] Use libwrap (Closes: #685850) + * [ebb5421] Start after nslcd (Closes: #692632) + * [2db5c1a] Add support for dpkg triggers. This means dovecot will not be + repeatedly restarted when installing or removing lots of plugins + (Closes: #601744) + * [bc66629] Patch to document -k in dsync.1 + by Luca Capello (Closes: #680992) + * [ba67766] Add lintian overrides. + + [ Marco Nenciarini ] + * [ffba408] Updated watch file + * [9777434] Install missing default configuration files from upstream + * [9496828] Backport fix for segfault in managesieve triggered by + CHECKSCRIPT command. (Closes: #688197) + + -- Jaldhar H. Vyas Sat, 10 Nov 2012 03:50:30 -0500 + +dovecot (1:2.1.7-2) unstable; urgency=low + + * [e23a136] Just a quick upload to make dovecot buildable on non-linux + platforms again. (Closes: #676817) I did it by removing the systemd + build-dep altogether. sd-daemon.[ch] is included in the source so if + systemd is installed on a system, it should be detected and socket + activation should happen. That is, assuming I've got everything right + (and documented) which is something I'll be looking into for the next + version. + + -- Jaldhar H. Vyas Thu, 21 Jun 2012 23:54:47 -0400 + +dovecot (1:2.1.7-1) unstable; urgency=low + + * [7668742] Imported upstream 2.1.7 (Closes: #663243) + + doveadm.1 documents the move command. (Closes: #641750) + * [4db927a] Patch to enable systemd support. (Closes: #672266) + Thanks Riku Voipio. + * [e17ac86] Previous attempt at setting hardening flags did not include the + drac plugin. Simon Ruderich provided an extra patch. + (Closes: #653530) + + -- Jaldhar H. Vyas Wed, 30 May 2012 16:27:21 -0400 + +dovecot (1:2.1.4-1) experimental; urgency=low + + * [6cc1e7d] Imported upstream 2.1.4 + + -- Micah Anderson Tue, 10 Apr 2012 11:33:05 -0400 + +dovecot (1:2.1.3-1) experimental; urgency=low + + * [49ecc33] Imported upstream 2.1.3 + + -- Micah Anderson Fri, 16 Mar 2012 22:04:46 -0400 + +dovecot (1:2.1.2-1) experimental; urgency=low + + * [70c3f6e] Imported upstream 2.1.2 + * Add missing dependency on dpkg-dev 1.16.1 + + -- Micah Anderson Thu, 15 Mar 2012 20:26:35 -0400 + +dovecot (1:2.1.1-1) experimental; urgency=low + + * [e113636] Imported upstream 2.1.1 + * Updated pigeonhole patch to 0.3.0, supporting 2.1 + + -- Micah Anderson Tue, 13 Mar 2012 23:08:06 -0400 + +dovecot (1:2.0.18-1) unstable; urgency=low + + * [85ae320] Imported Upstream version 2.0.18 + * [9cfd1da] Upped standards version to 3.9.3 + * [afb4164] Patch to dovecot-core/postinst so that permissions of symlinked + certificates aren't modified. (Closes: #646508) + Thanks Michael Kuhn. + * [bf642ee] Patch to enable hardened build flags. (Closes: #653530) + Thanks Moritz Muehlenhoff. + * [00b0d0c] Updated pigeonhole to 0.2.6 + + -- Jaldhar H. Vyas Fri, 09 Mar 2012 00:55:13 -0500 + +dovecot (1:2.0.15-1) unstable; urgency=low + + * [a22575a] New upstream version 2.0.15: (Closes: #642045) + + doveadm altmove: Added -r parameter to move mails back to primary + storage. + - v2.0.14: Index reading could have eaten a lot of memory in some + situations + - doveadm index no longer affects future caching decisions + - mbox: Fixed crash during mail delivery when mailbox didn't yet have + GUID assigned to it. + - zlib+mbox: Fetching last message from compressed mailboxes crashed. + - lib-sql: Fixed load balancing and error + * [8ce5abc] Update pigeonhole to release 0.2.4 + * [87658d2] Add dovecot-solr to dovecot-core's Suggests line. + + -- Marco Nenciarini Mon, 19 Sep 2011 19:26:48 +0200 + +dovecot (1:2.0.14-3) unstable; urgency=low + + * [f37a9ec] Enable solr full text search plugin. (LP: #620959) + * [cdd8b84] Build dovecot-common as architecture-all package. + * [af90444] Fix mail_plugin_dir default value in conf.d/10-mail.conf + (Closes: #624294) + * [61347cb] Bump debhelper build-depends to (>= 7.2.3~) because we use + dh_bugfiles. + * [4b757b6] Fix wrong configuration files path in sieve manpages. + + -- Marco Nenciarini Fri, 16 Sep 2011 02:26:21 +0200 + +dovecot (1:2.0.14-2) unstable; urgency=low + + [ Marco Nenciarini ] + * [a6896d6] Rename dovecot-common to dovecot-core. (Closes: #624835) + * [c36ca96] Manage protocols during package configuration and + deconfiguration phases. + * [599b55b] Update pigeonhole to release 0.2.3. + * [c654db0] Add a bug-script which will append doveconf -n output to bug + reports. + * [5270323] Add notes about upgrading from 1.2 to README.Debian. + (Closes: #635351) + * [5cd77a3] Add build-arch and build-indep target to debian/rules as + required by lintian. + * [be05d2a] Avoid ucf question when upgrading from squeeze and the only + difference in dovecot.conf is at the "protocols" line. + * [3c73782] Remove ucf backups during purge. + * [3ccf508] Make /etc/dovecot/*.ext readable by dovecot group members. + (Closes: #639005) + * [665bcc5] Use -c ${CONF} when calling doveconf to determine PIDBASE. + Thanks to Jonathan Hall (Closes: #627794) + * [325042c] Purge obsolete unmodified config files from /etc. + (Closes: #629397) + * [a9b9afb] Modified init script to report failures. (Closes: #629654) + * [d4622fd] Make dovecot-core suggesting all other packages containing + additional features. + + -- Marco Nenciarini Thu, 15 Sep 2011 19:43:55 +0200 + +dovecot (1:2.0.14-1) unstable; urgency=low + + * [50a947e] New upstream version 2.0.14: (Closes: #640143) + + doveadm: Added support for running mail commands by proxying to + another doveadm server. + + Added "doveadm proxy list" and "doveadm proxy kick" commands to + list/kick proxy connections (via a new "ipc" service). + + Added "doveadm director move" to assign user from one server to + another, killing any existing connections. + + Added "doveadm director ring status" command. + + userdb extra fields can now return name+=value to append to an + existing name, e.g. "mail_plugins+= quota". + - script-login attempted an unnecessary config lookup, which usually + failed with "Permission denied". + - lmtp: Fixed parsing quoted strings with spaces as local-part for + MAIL FROM and RCPT TO. + - imap: FETCH BODY[HEADER.FIELDS (..)] may have crashed or not + returned all data sometimes. + - ldap: Fixed random assert-crashing with with sasl_bind=yes. + - Fixes to handling mail chroots + - Fixed renaming mailboxes under different parent with FS layout when + using separate ALT, INDEX or CONTROL paths. + - zlib: Fixed reading concatenated .gz files. + * [0297425] Use xz compression for dbg packages. + * [4464ccf] Support parallel builds in debian/rules + * [19667f0] Acknowledge NMU 1:2.0.13-1.1. + Thanks to Luk Claes + + -- Marco Nenciarini Tue, 06 Sep 2011 23:18:46 +0200 + +dovecot (1:2.0.13-1.1) unstable; urgency=low + + * Non-maintainer upload. + * Don't ship .la files (Closes: #621297). + + -- Luk Claes Sat, 18 Jun 2011 12:31:28 +0200 + +dovecot (1:2.0.13-1) unstable; urgency=high + + [ Marco Nenciarini ] + * [8af9e4d] New upstream version 2.0.13: + + Added "doveadm index" command to add unindexed messages into + index/cache. If full text search is enabled, it also adds unindexed + messages to the fts database. + + added "doveadm director dump" command. + + pop3: Added support for showing messages in "POP3 order", which can + be different from IMAP message order. This can be useful for + migrations from other servers. Implemented it for Maildir as 'O' + field in dovecot-uidlist. + - doveconf: Fixed a wrong "subsection has ssl=yes" warning. + - mdbox purge: Fixed wrong warning about corrupted extrefs. + - sdbox: INBOX GUID changed when INBOX was autocreated, leading to + trouble with dsync. + - script-login binary wasn't actually dropping privileges to the + user/group/chroot specified by its service settings. + - Fixed potential crashes and other problems when parsing header names + that contained NUL characters. (CVE-2011-1929) + (Closes: #627443) + + -- Marco Nenciarini Sat, 21 May 2011 23:58:06 +0200 + +dovecot (1:2.0.12-1) unstable; urgency=low + + [ Jaldhar H. Vyas ] + * [66cbb94] New upstream major release. Imported Upstream version 2.0.12 + * [a48c7fd] Updated standards version + + [ Marco Nenciarini ] + * [5c6b334] Updated watch file + * [0ba683e] Updated init script to new configuration scheme. (Closes: #593527) + * [8370be4] Fix upgrading from rename-it.nl packages + * [ae804e3] Update changelog + + -- Jaldhar H. Vyas Mon, 25 Apr 2011 17:03:26 -0400 + +dovecot (1:2.0.11-1) experimental; urgency=low + + * [a4764a4] New upstream major release (Closes: #573889, #580929, + #597476, #603951, #606089, #606646, #606649, #608075, #612369, #610919) + * [461f667] Updated copyright and package descriptions. Thanks Stephan + Bosch. + * [7fbd92a] Drop all patches but drac support. Update pigeonhole to + release 0.2.1 + * [05a5a1e] Update debian/rules to work with dovecot 2.0. Thanks + Stephan Bosch. + * [a36193e] Update debian/dovecot-common.{postinst,postrm} to handle + the new config file layout. Thanks Stephan Bosch. + * [3589afd] Remove debian/dovecot.1 manpage because is provided by + upstream. + * [f1703e1] Remove debian/dovecotpw.1 manpage as there is no dovecotpw + executable in dovecot 2.0. Same feature is provided through 'doveadm + pw' command. + * [e30283d] Remove expire-tool.sh wrapper as there is no expire-tool + in dovecot 2.0. Same feature is provided through 'doveadm expunge' + command. + * [3385061] Remove daily cron script and the related configuration + from the default file. + * [bec19a0] Update debian/dovecot-common.NEWS.Debian with upgrading + instructions + * [1e56f1c] Call dh_makeshlibs with --no-script option to avoid + {postinst,postrm}-has-useless-call-to-ldconfig lintian errors. + * [325f055] Disable numbers in patches (requires git-buildpackage >=0.5.13) + * [74d6ebe] Added debian/source/local-options with "unapply-patches". + * [0edef17] Set default protocols value as empty and enable each + protocol in its own configuration file in + /usr/share/dovecot/protocols.d (LP: #661453) + * [e88860c] Removed code about upgrading from pre-etch packages. + * [95c5d47] Removed obsolete Build-Conflict (Closes: #614053) + * [41dddf4] Move configurations for imapd and pop3d to the appropriate + packages. (Closes: #606648) + * [b8b66dc] Removed obsolete README.Debian and NEWS.Debian from + dovecot-pop3d and dovecot-imapd packages + * [0bda8ac] Added packages dovecot-lmtpd and dovecot-managesieved. + * [9a954f1] Build databases, ldap and gssapi support as plugins + * [1a3f323] Deregister obsolete configuration files from ucf in + dovecot-common postinst on upgrades. + * [fae4b76] Added packages dovecot-pgsql, dovecot-mysql, dovecot-sqlite, + dovecot-ldap, dovecot-gssapi and dovecot-sieve (Closes: #251433) + * [aa8983d] Imported Upstream version 2.0.11 + + -- Marco Nenciarini Mon, 07 Mar 2011 18:23:59 +0100 + +dovecot (1:1.2.15-3) unstable; urgency=low + + * [096c373] Fix file overwrite error when upgrading from lenny + (Closes: #601980) + * [37b3220] Add --no-create-home to adduser invocation in dovecot- + common.postinst script (Closes: #601767) + * [b00b527] Fall back to `hostname` if `hostname -f` invocation fails + (Closes: #562780) + * [9102fec] Make self-generated certificates key length 2048 bits. + + -- Marco Nenciarini Tue, 02 Nov 2010 11:12:53 +0100 + +dovecot (1:1.2.15-2) unstable; urgency=low + + * [a0744a5] Switch vcs fields to git + * [d8a1bd4] Add debian/gbp.conf to make easy the usage of git- + buildpackage + * [c0dc21f] Warn that the generated SSL certificate will expire in 10 + years instead of 365 days, as it's the lifetime of of self-generated + certificates since 1:1.2.13-1 + * [6472d63] Switch to gbp-pq patch management. + * [bf2fc17] Upgraded sieve plugin to version 0.1.18 + * [6b9809d] Upgraded managesieve plugin to version 0.11.12 + * [d67cd17] Upgraded dovecot-managesieve.patch to version 0.11.12 + + -- Marco Nenciarini Thu, 28 Oct 2010 22:50:19 +0200 + +dovecot (1:1.2.15-1) unstable; urgency=high + + [ Marco Nenciarini ] + * New upstream release (Closes: #587036,#597529) + * Updated policy version to 3.9.1.0 (no changes needed) + + [ Jaldhar H. Vyas ] + * [SECURITY] Fixes two bugs with acls which could have allowed a user to + gain improper access or admin rights to shared mailboxes. + (Closes: #599521) + * Warn that the generated SSL certificate will expire in 365 days. Thanks + Phillip Weis. (Closes: #576455) + * Wherever the path to sendmail is given as /usr/lib/sendmail, change to + /usr/sbin/sendmail. (Closes: #570814,#595671) + + -- Jaldhar H. Vyas Fri, 08 Oct 2010 17:34:19 -0400 + +dovecot (1:1.2.13-1) unstable; urgency=low + + [ Jaldhar H. Vyas ] + * dovecot-common: Upped expiration date of self-generated certificates to + 10 years from 1 year. (Closes: #587371) + + [ Marco Nenciarini ] + * New upstream release: + - Fixed iconv() crash when it was processing several kilobytes of + broken continuous input. This mainly could have caused a problem + with IMAP SEARCH. Possibly also with some Sieve checks. + - If MIME encoded-words contained line feeds, Dovecot logged + cache corruption errors. + - mbox: Renaming mailbox under newly created dir didn't move index + directory. + - mbox: When generating envelope to From_-line, don't append a second + @owndomain if username already has one. + * Updated policy version to 3.9.0.0 (no changes needed) + + -- Marco Nenciarini Mon, 26 Jul 2010 17:03:38 +0200 + +dovecot (1:1.2.12-1) unstable; urgency=low + + * New upstream release + * Upgraded sieve plugin to version 0.1.17 + * Refreshed dovecot-managesieve.patch + * debian/patches/sieve-fix-imapflags.patch: Removed. Fixed upstream. + + -- Marco Nenciarini Sat, 26 Jun 2010 18:14:15 +0200 + +dovecot (1:1.2.11-1) unstable; urgency=high + + * New upstream release + * urgency set to high, because under particular circumstances you could + cause a DoS by sending a message with a huge header. + * sieve: Fix addflags command in deprecated imapflags extension + (Closes: #570058) + * Include a daily expire script with a setting in /etc/default/dovecot + to enable it. The new script is disabled by default as it requires + some configurations by the system administrator. Thanks to Hans Spaans + * Mark expire-tool.sh as a bash script + * Bump Standards-Version to 3.8.4, no changes needed + + -- Marco Nenciarini Mon, 08 Mar 2010 22:25:46 +0100 + +dovecot (1:1.2.10-1) unstable; urgency=low + + * New upstream release (Closes: #566796) + * Upgraded sieve plugin to version 0.1.15 + * Upgraded managesieve plugin to version 0.11.11 + * Upgraded dovecot-managesieve.patch to version 0.11.11 + + -- Marco Nenciarini Mon, 25 Jan 2010 17:21:09 +0100 + +dovecot (1:1.2.9-2) unstable; urgency=low + + * Upgraded sieve plugin to version 0.1.14 + * Upgraded managesieve plugin to version 0.11.10 + * Upgraded dovecot-managesieve.patch to version 0.11.10 + * debian/patches/dovecot-example.patch: Refreshed. + * Added expire-tool wrapper script (Closes: #565538) + * Added ${misc:Depends} to the dependencies of each binary package, + to make lintian happy (debhelper-but-no-misc-depends) + + -- Marco Nenciarini Sun, 17 Jan 2010 09:39:42 +0100 + +dovecot (1:1.2.9-1) unstable; urgency=low + + * New upstream release. + * debian/patches/gold-fix.patch: Removed. Fixed upstream. + + -- Marco Nenciarini Thu, 17 Dec 2009 10:52:53 +0100 + +dovecot (1:1.2.8-2) unstable; urgency=low + + * Moved libexec to lib corrections in dovecot-managesieve.patch and + dovecot-managesieve-dist.patch to dovecot-example.patch + * debian/patches/dovecot-mboxlocking.patch: Regenerated to avoid FTBFS + when quilt isn't installed. + * debian/patches/quota-mountpoint.patch: Removed. Not needed anymore. + * debian/patches/dovecot-quota.patch: Removed. Quotas aren't properly + enabled unless mail_plugins = quota imap_quota. + * debian/patches/gold-fix.patch: Fixed configure script to build even + with binutils-gold or --no-add-needed linker flag (Closes: #554306) + * debian/dovecot-common.init: fixed LSB headers. Thanks to Pascal Volk. + (Closes: #558040) + * debian/changelog: added CVE references to previous changelog entry. + * debian/rules: checked up the build system. It's not fragile anymore. + (Closes: 493803) + * debian/dovecot-common.postinst: Now invoking dpkg-reconfigure + on dovecot-common is enough to generate new certificates + if the previous ones were removed. (Closes: #545582) + * debian/rules: No longer install convert-tool in /usr/bin. + It isn't an user utility and it should stay in /usr/lib/dovecot + like all other similar tool. + + -- Marco Nenciarini Tue, 08 Dec 2009 12:24:04 +0100 + +dovecot (1:1.2.8-1) unstable; urgency=high + + [ Marco Nenciarini ] + * New upstream release. (Closes: #557601) + * [SECURITY] Fixes local information disclosure and denial of service. + (see: http://www.dovecot.org/list/dovecot-news/2009-November/000143.html + and CVE-2009-3897) + * Added myself to uploaders. + * Switched to the new source format "3.0 (quilt)": + - removed dpatch from build-depends + - removed debian/README.source because now we use only standard + dpkg features + - regenerated all patches + * Prepared to switch to multi-origin source: + - recreated dovecot-libsieve.patch and dovecot-managesieve-dist.patch + starting from the upstream tarball + - removed all autotools related build-depends and build-conflict + - renamed dovecot-libsieve and dovecot-managesieve directories + to libsieve and managesieve. + * debian/rules: Moved the configuration of libsieve and managesieve from + the build phase to the configuration phase + + [ Jaldhar H. Vyas ] + * Added dovecot-dbg package with debugging symbols. Thanks Stephan Bosch. + (Closes: #554710) + * Fixed some stray libexec'isms in the default configuration. + + -- Jaldhar H. Vyas Mon, 23 Nov 2009 17:04:14 -0500 + +dovecot (1:1.2.7-1) unstable; urgency=low + + * New upstream release. + * debian/dovecot-common.init: + - use $CONF when starting the daemon. (Closes: #549944) + - always output start/stop messages. (Closes: #523810) + + -- Fabio Tranchitella Sat, 14 Nov 2009 11:28:33 +0100 + +dovecot (1:1.2.6-1) unstable; urgency=low + + * New upstream release. + * debian/patches/v1.2.5-exec-mail_fix.dpatch: removed, merged upstream. + + -- Fabio Tranchitella Mon, 12 Oct 2009 06:56:55 +0000 + +dovecot (1:1.2.5-2) unstable; urgency=low + + * debian/dpatches/v1.2.5-exec-mail_fix.dpatch: added. + (Closes: #546694, #546695) + * debian/dovecot-common.dirs: removed /etc, /etc/ssl/{private,certs}, they + are handled by openssl; this should fix the piuparts test. + + -- Fabio Tranchitella Sun, 27 Sep 2009 20:53:52 +0200 + +dovecot (1:1.2.5-1) unstable; urgency=low + + * New upstream release. + + -- Fabio Tranchitella Mon, 14 Sep 2009 14:34:06 +0200 + +dovecot (1:1.2.4-2) unstable; urgency=low + + * debian/patches/dovecot-libsieve.dpatch: updated to 0.1.12. + (Closes: #539527) + + -- Fabio Tranchitella Wed, 02 Sep 2009 07:28:23 +0200 + +dovecot (1:1.2.4-1) unstable; urgency=low + + * New upstream release. (Closes: #537186, #540058) + * Bumped Standards-Version to 3.8.3, no changes needed. + * debian/control: only suggests ntp. (Closes: #542152) + * debian/patches/dovecot-managesieve-dist.dpatch: updated to the 0.11.9 + release. (Closes: #539527) + * debian/rules: dovecot should be started with sequence number 20. + (Closes: #543473) + + -- Fabio Tranchitella Sat, 29 Aug 2009 17:27:59 +0200 + +dovecot (1:1.2.2-2) unstable; urgency=high + + * Er that should be fcntl not fnctl. (Closes: #539474, #539486) + * For the sake of completeness, fixed some errors in the example config file. + (They are in the !include statements which are commented out by default + so it is unlikely that most users will actually be affected.) + (Closes: #539391) + + -- Jaldhar H. Vyas Sat, 01 Aug 2009 11:38:03 -0400 + +dovecot (1:1.2.2-1) unstable; urgency=low + + [Joel Johnson] + * New upstream version, updated ManageSieve patch + - fixes index corruption condition (Closes: #537388) + * Set default for mbox_write_locks to "fnctl dotlock" according to + Debian Policy (Closes: #537326) + * Set MySQL build dependency to use version-agnostic -dev package + * Drop postgres-configure patch, functionality included upstream + * Updated dovecot-libsieve to version 0.1.9 + - fixes subaddress matching (Closes: #537386) + - check additional address-list headers (Closes: #537379) + + [Jaldhar H. Vyas] + * Remove unneeded build-dependencies on byacc and flex now that we no longer + use cmusieve. + + -- Joel Johnson Tue, 28 Jul 2009 20:35:57 -0600 + +dovecot (1:1.2.1-2) unstable; urgency=low + + * Update to use default automake (Closes: #536880) now that current upstream + successfully builds with 1.10 (was previously a problem in bug 473754. + * Updated Standards-Version to 3.8.2 (no action required) + * Remove ./var/run directories to fix lintian warnings. + * Updated dovecot-libsieve patch to version 0.1.8, removed autogen.sh, + tests, and doc/rfc + * Updated dovecot-managesieve patch to version 0.11.7 + * Updated dovecot-managesieve-dist patch to Mercurial revision 12b9733ee8b0 + (0.11.7+), removed lib-cmusieve, doc/rfs, autogen.sh + * Add additional upgrading note to README.Debian to clarify the ManageSieve + configuration changes needed - existing configurations break if not + updated! (Closes: #537158) + * Include the ChangeLog and README for sieve and ManageSieve + + -- Joel Johnson Wed, 15 Jul 2009 20:29:33 -0600 + +dovecot (1:1.2.1-1) unstable; urgency=low + + [ Joel Johnson ] + * New upstream release + * Update packaging for 1.2 release + - update SIEVE patch to use Dovecot rewrite (version 0.1.7, + removed RFCs and tests for a DFSG patch) + - update ManageSieve patch and software to hg revision 2c9b4b4ab6a8 + (0.11.6+) for 1.2.1 support + + removed lib-cmusieve since building against newer sieve + + removed doc/rfc for DFSG compliance + + removed autogen.sh since we run autotools during the build + - updated other misc patches + + -- Joel Johnson Sun, 12 Jul 2009 11:15:01 -0600 + +dovecot (1:1.1.16-1) unstable; urgency=low + + * New upstream release. (Closes: #531599) + + -- Fabio Tranchitella Thu, 04 Jun 2009 12:38:59 +0200 + +dovecot (1:1.1.15-1) unstable; urgency=low + + * New upstream release; sorry, no time to include extra upstream patches + which are not released, feel free to submit them as dpatch files and I will + add them to the package. (Closes: #529923) + * debian/control: updated Standards-Version, no changes needed. + * debian/dovecot-common.init: patched to support ENABLED=0 in + /etc/default/dovecot, useful if dovecot is used as local-only IMAP server + through PREAUTH interface. (Closes: #524302) + * debian/dovecot-common.README.Debian: simplified, we only point the user to + wiki.dovecot.org; added a note about how to regenerate the SSL certificate. + (Closes: #528934) + * debian/dovecot-common.postrm: do not break if /etc/ssl/certs does not + exist. (Closes: #524865) + * debian/patches/dovecot-managesieve-dist: updated to 0.10.6. + + -- Fabio Tranchitella Sun, 31 May 2009 20:13:26 +0200 + +dovecot (1:1.1.13-2) unstable; urgency=high + + * New upload, urgency set to high: the package in testing is broken. + * debian/dovecot-common.init: fixed a typo. + * debian/patches/dovecot-example.dpatch: fixed a few paths. + (Closes: #521544) + + -- Fabio Tranchitella Sun, 29 Mar 2009 21:16:02 +0200 + +dovecot (1:1.1.13-1) unstable; urgency=low + + * New upstream release. + * This version fixes problems accessing mailboxes in some setups. + (Closes: #520310) + + -- Fabio Tranchitella Thu, 19 Mar 2009 17:31:56 +0100 + +dovecot (1:1.1.12-1) unstable; urgency=low + + * New upstream release, it fixes some wrong defaults in the configuration + file. (Closes: #518631) + * debian/rules: add support for libdb. (Closes: #518630) + * debian/dovecot-common.postinst: create the dovecot certificate only at + install time. (Closes: #518738, #518598) + + -- Fabio Tranchitella Mon, 16 Mar 2009 14:26:32 +0100 + +dovecot (1:1.1.11-4) unstable; urgency=low + + * debian/dovecot-common.init: fixed a typo from the last upload. + (Closes: #518504) + + -- Fabio Tranchitella Fri, 06 Mar 2009 18:39:09 +0100 + +dovecot (1:1.1.11-3) unstable; urgency=low + + * debian/dovecot-common.init: applied patch from Håkon Stordahl to call + ntp-wait if available. (Closes: #517808) + + -- Fabio Tranchitella Wed, 04 Mar 2009 17:38:59 +0100 + +dovecot (1:1.1.11-2) unstable; urgency=low + + * debian/dovecot-common.init: fixed a bug in the init script, adding a + missing slash in the PIDFILE path. (Closes: #516845) + * debian/dovecot-common.init: fixed a bug in the init script, sending the HUP + signal for reloading the configuration. (Closes: #512197) + * debian/dovecot-common.init: check if /etc/inetd.conf exists. + (Closes: #509259, #497148) + * debian/control: dovecot-common suggests ntp and ntpdate. (Closes: #511060) + * debian/dovecot-common.postinst: migration hook for default_mail_env => + mail_location. (Closes: #517073) + * debian/dovecot.1: fixed the path of the configuration file. + (Closes: #501493) + + -- Fabio Tranchitella Fri, 27 Feb 2009 17:24:09 +0100 + +dovecot (1:1.1.11-1) unstable; urgency=low + + * New upstream release, upload to unstable. (Closes: #507122) + * debian/patches/dovecot-quota.dpatch: fixed a bug in the imap quota plugin. + (Closes: #484677) + * debian/dovecot-common.init: added the status action, thanks Fladischer + Michael for the patch. (Closes: #509694) + * debian/dovecotpw.1: added manpage for dovecotpw, thanks Xavier Luthi for + the patch. (Closes: #504712) + + -- Fabio Tranchitella Fri, 20 Feb 2009 20:39:38 +0100 + +dovecot (1:1.1.9-1) experimental; urgency=low + + [ Fabio Tranchitella ] + * debian/control: dovecot-common suggests ntp. + + [ Joel Johnson ] + * New upstream release + * updated managesieve patch to apply against new version + + -- Joel Johnson Sat, 24 Jan 2009 04:12:42 +0000 + +dovecot (1:1.1.8-1) experimental; urgency=low + + * New upstream release. + * debian/control: added LDA to the description of dovecot-common. + + -- Fabio Tranchitella Wed, 07 Jan 2009 23:14:29 +0100 + +dovecot (1:1.1.7-1) experimental; urgency=low + + * New upstream release + * Updated dovecot-ssh.patch for new release + * Updated MANAGESIEVE to 0.10.4 + * Fix package to support double compilation + - Properly clean dovecot-managesieve as pointed out by Stephan Bosch + - Add --copy directive to automake invocation + + -- Joel Johnson Thu, 04 Dec 2008 20:52:11 -0700 + +dovecot (1:1.1.2-3) experimental; urgency=low + + * debian/control: added libbz2-dev to the Build-Depends to enable the bzip2 + support. (Closes: #495129) + + -- Fabio Tranchitella Thu, 14 Aug 2008 20:45:41 +0200 + +dovecot (1:1.1.2-2) experimental; urgency=low + + * Merged changes in the unstable package. + * debian/control: added replaces for the imap and pop modules from the + -common to the the -imap and -pop packages. (Closes: #493798) + * debian/rules: applied some of the suggestions from Matthias Kloses, + thanks! (Refs: #493803) + + -- Fabio Tranchitella Tue, 05 Aug 2008 21:20:33 +0200 + +dovecot (1:1.1.2-1) experimental; urgency=low + + * New upstream release + * Trivial update to autocreate patch + + -- Joel Johnson Sat, 26 Jul 2008 08:18:39 -0600 + +dovecot (1:1.1.1-1) experimental; urgency=low + + [ Joel Johnson ] + * New upstream release (Closes: #487989) + * Updated policy version to 3.8.0.1 (no changes needed) + * Updated watch file to watch new release directory + * Actually install dovecot.8 since we have it + * Removed quota_v2 patch (was unreachable code): upstream now defaults + to quota v1 if _LINUX_QUOTA_VERSION is not defined + * Removed pam-error-information patch: included upstream + * Removed mbox_snarf patch: included upstream + * Removed full MANAGESIEVE patch (replaced with new 1.1 approach) + * Merged protocols_none_by_default patch into dovecot-example patch + * Updated drac patch to build against 1.1 + * Updated autocreate patch with 1.1 version + * Updated dovecot-sieve to 1.1.5 + * Added dovecot-managesieve patch against dovecot tree + * Added dovecot-managesieve source for building module + + [ Fabio Tranchitella ] + * Added Joel Johnson to the uploaders; thanks for your work! + + -- Fabio Tranchitella Sun, 20 Jul 2008 19:09:23 +0200 + +dovecot (1:1.0.15-2) unstable; urgency=low + + * debian/dovecot.1: added "This includes doing a syntax check" to the -a + option. + * debian/rules: now the package builds two times in a row without problems. + (Closes: #490201) + + -- Fabio Tranchitella Sun, 27 Jul 2008 19:56:18 +0200 + +dovecot (1:1.0.15-1) unstable; urgency=low + + * New upstream release. + * debian/rules: clean the package before unpatching. (Closes: #490201) + + -- Fabio Tranchitella Sun, 22 Jun 2008 09:06:01 +0200 + +dovecot (1:1.0.14-1) unstable; urgency=low + + * New upstream release. + * debian/patches/inbox_creation.dpatch: removed, merged upstream. + * debian/patches/allow_nets.dpatch: removed, merged upstream. + + -- Fabio Tranchitella Tue, 03 Jun 2008 10:07:13 +0200 + +dovecot (1:1.0.13-6) unstable; urgency=low + + * debian/patches/inbox_creation.dpatch: added, use mail_privileged_group's + group when creating inboxes if the unprivileged user fails; upstream: + http://hg.dovecot.org/dovecot-1.0/rev/932768a879c6 (Closes: #471716) + + -- Fabio Tranchitella Wed, 28 May 2008 12:58:17 +0200 + +dovecot (1:1.0.13-5) unstable; urgency=low + + * debian/patches/allow_nets.dpatch: added, allow_nets didn't work correctly + with big endian machines; patch from upstream, thanks Timo: + http://hg.dovecot.org/dovecot-1.0/rev/71c02fdf1b59 + + -- Fabio Tranchitella Thu, 15 May 2008 14:48:14 +0200 + +dovecot (1:1.0.13-4) unstable; urgency=low + + * debian/patches/dovecot-MANAGESIEVE-9.3.dpatch: updated managesieve to + version 9.3. + * debian/dovecot-common.README.Debian: added a note about how to configure + dovecot to log to file instead of using syslog. + * debian/dovecot.1: added a SIGNALS section. (Closes: #479059) + * dovecot-sieve: updated to the last hg release (5c3ba11994cb). + (Closes: #479104) + + -- Fabio Tranchitella Mon, 05 May 2008 17:28:21 +0200 + +dovecot (1:1.0.13-3) unstable; urgency=low + + * debian/rules: do not install anymore the ldap and sql example + configuration files under /etc. (Closes: #472674) + * debian/dovecot-common.postinst: really chmod + /etc/dovecot/dovecot-{ldap,sql}.conf files to 0600. + * debian/devecot-common.init: do not start the service if dovecot.conf + doesn't exist. (Closes: #475888) + + -- Fabio Tranchitella Sun, 27 Apr 2008 22:42:37 +0200 + +dovecot (1:1.0.13-2) unstable; urgency=low + + * debian/rules: use aclocal-1.9 instead of aclocal. (Closes: #473754) + + -- Fabio Tranchitella Tue, 01 Apr 2008 15:30:32 +0200 + +dovecot (1:1.0.13-1) unstable; urgency=high + + * New upstream release, fixes a security issue: + http://www.dovecot.org/list/dovecot-news/2008-March/000064.html + + -- Fabio Tranchitella Sun, 09 Mar 2008 19:22:20 +0100 + +dovecot (1:1.0.12-1) unstable; urgency=high + + * New upstream release. (Closes: #469457) + * debian/patches/dovecot-MANAGESIEVE-9.2.dpatch: updated, thanks to Marco + Nenciarini for the patch. + + -- Fabio Tranchitella Thu, 06 Mar 2008 15:53:07 +0100 + +dovecot (1:1.0.10-4) unstable; urgency=low + + * debian/patches/autocreate.dpatch: added, thanks to Walter Reiner. + * debian/rules: use --with-ioloop=best instead of --with-ioloop=epoll, as + suggested by Timo. (Closes: #466296) + + -- Fabio Tranchitella Mon, 18 Feb 2008 09:29:39 +0100 + +dovecot (1:1.0.10-3) unstable; urgency=low + + * debian/patches/dovecot-MANAGESIEVE-9.1.dpatch: added, thanks to Aleksey + Midenkov for providing a patch. (Closes: #416166) + * debian/dovecot-common.init: added $time to Should-Start. (Closes: #461543) + * debian/dovecot-common.postinst: do not add the dovecot user to the mail + group, it is not required by upstream. (Closes: #457123) + * debian/control: updated Standards-Version to 3.7.3, no changes required. + + -- Fabio Tranchitella Sun, 10 Feb 2008 18:37:55 +0100 + +dovecot (1:1.0.10-2) unstable; urgency=low + + * debian/patches/mbox_snarf.dpatch: added, thanks to Bernd Kuhls. + (Closes: #462319) + + -- Fabio Tranchitella Thu, 24 Jan 2008 10:12:02 +0100 + +dovecot (1:1.0.10-1) unstable; urgency=high + + * New upstream release, fixes a security bug. + * debian/patches/exec_check_for_none.dpatch: updated. + + -- Fabio Tranchitella Sun, 30 Dec 2007 10:29:26 +0100 + +dovecot (1:1.0.9-1) unstable; urgency=low + + * New upstream release. + * debian/control: added the Vcs-Svn and Vcs-Browser fields. + + -- Fabio Tranchitella Wed, 12 Dec 2007 08:10:11 +0100 + +dovecot (1:1.0.8-2) unstable; urgency=low + + * Provides a dovecot-dev package, thanks to Josh Triplett for providing a + patch. (Closes: #444812) + + -- Fabio Tranchitella Tue, 04 Dec 2007 09:22:59 +0100 + +dovecot (1:1.0.8-1) unstable; urgency=low + + * New upstream release. + * debian/patches/unsupported-sasl-mech.dpatch: merged with upstream. + + -- Fabio Tranchitella Thu, 29 Nov 2007 13:36:39 +0100 + +dovecot (1:1.0.7-3) unstable; urgency=low + + * debian/patches/dovecot-ssl.dpatch: provide mechanism to discover if ssl + client certificate is verified, patch from Stephen Gran. (Closes: #446555) + * debian/patches/pam-error-information.dpatch: fill auth information in pam + error, patch backported from upstream RCS. (Closes: #439246) + * debian/patches/unsupported-sasl-mech.dpatch: should use NO (not BAD) for + unsupported SASL mech, patch backported from upstream RCS. (Closes: #449324) + + -- Fabio Tranchitella Wed, 14 Nov 2007 21:33:55 +0100 + +dovecot (1:1.0.7-2) unstable; urgency=low + + * debian/dovecot-common.postinst: + + don't fail if dovecot-ldap.conf or dovecot-sql.conf are removed; thanks + to Mathias Gug. (Closes: #448401) + + fix permissions of /var/run/dovecot and /var/run/dovecot/login. + (Closes: #446051) + + -- Fabio Tranchitella Sun, 04 Nov 2007 10:06:06 +0100 + +dovecot (1:1.0.7-1) unstable; urgency=low + + * New upstream release. + * debian/rules: remove drac.so in the clean target. (Closes: #442548) + * debian/dovecot-common.init: implemented the reload action. + (Closes: #441032) + * Update protocols option in configuration when installing/removing + -imapd/-pop3d packages. Thanks to Soren Hansen and Mathias Gug from + Ubuntu for providing a patch. (Closes: #447201) + + -- Fabio Tranchitella Fri, 02 Nov 2007 23:06:17 +0100 + +dovecot (1:1.0.5-1) unstable; urgency=low + + * New upstream release. + + -- Fabio Tranchitella Mon, 10 Sep 2007 09:25:59 +0200 + +dovecot (1:1.0.3-3) unstable; urgency=low + + * debian/dovecot-common.init: don't use the init script name to locate the + configuration file because it is not reliable. If you really want to start + multiple servers, just copy the init script and use the optional default + file to override the variables. (Closes: #437228) + + -- Fabio Tranchitella Thu, 16 Aug 2007 09:17:01 +0200 + +dovecot (1:1.0.3-2) unstable; urgency=low + + * debian/rules: removed the --with-notify=inotify switch, it should be + detected automatically. + + -- Fabio Tranchitella Thu, 09 Aug 2007 09:39:50 +0200 + +dovecot (1:1.0.3-1) unstable; urgency=low + + * New upstream release. (Closes: #434038, #432601) + * This release doesn't build dbox support out-of-the-box. (Closes: #431615) + * dovecot-sieve: updated to the last hg's tip. (Closes: #434079) + * debian/dovecot-*.README.Debian: don't call /etc/init.d scripts directly. + (Closes: #431991) + * debian/dovecot-common.init: updated with patches from Tom Metro, thanks! + (Closes: #426480, #422674) + * debian/dovecot-common.postinst: fixed a missing variable DOMAINNAME. + (Closes: #425917) + * debian/rules: moved the init script to the level 24, after the ntpdate + one. (Closes: #432723) + * debian/patches/00list: added dovecot-drac, again. (Closes: #353039) + * debian/rules: build with inotify and epoll support. (Closes: #419281) + * debian/dovecot.1: added a simple manpage for dovecot. (Closes: #426702) + * debian/copyright: added copyright exceptions as suggested by Timo. + + -- Fabio Tranchitella Sat, 04 Aug 2007 20:11:36 +0200 + +dovecot (1:1.0.0-1) unstable; urgency=low + + * New upstream release, the final 1.0.0. Bumped epoch, because we used the + wrong version scheming in the past and I think it is worth to do so now + that 1.0.0 has been released. + * debian/watch: updated. + * Rebuilt with a new glibc in unstable, now we have inotify support. + (Closes: #395306) + + -- Fabio Tranchitella Mon, 16 Apr 2007 08:42:32 +0200 + +dovecot (1.0.rc31-1) unstable; urgency=low + + * New upstream release. + + -- Fabio Tranchitella Mon, 09 Apr 2007 11:55:45 +0200 + +dovecot (1.0.rc30-2) unstable; urgency=low + + * debian/dovecot-common.init: check if /etc/inetd.conf exists before + calling sed on it. (Closes: #417299) + + -- Fabio Tranchitella Sun, 08 Apr 2007 16:58:30 +0200 + +dovecot (1.0.rc30-1) unstable; urgency=low + + * New upstream release. + * + + -- Fabio Tranchitella Sat, 07 Apr 2007 11:17:45 +0200 + +dovecot (1.0.rc29-1) unstable; urgency=low + + * New upstream release. + * debian/rules: ship convert-tool in dovecot-common. (Closes: #416909) + + -- Fabio Tranchitella Sat, 31 Mar 2007 14:15:39 +0200 + +dovecot (1.0.rc28-1) unstable; urgency=low + + * New upstream release. + + -- Fabio Tranchitella Sun, 25 Mar 2007 14:02:28 +0200 + +dovecot (1.0.rc27-1) unstable; urgency=low + + * New upstream release. + + -- Fabio Tranchitella Wed, 14 Mar 2007 14:39:04 +0100 + +dovecot (1.0.rc26-4) unstable; urgency=low + + * debian/dovecot-common.postinst: fixed a typo. (Closes: #414672) + + -- Fabio Tranchitella Tue, 13 Mar 2007 08:45:47 +0100 + +dovecot (1.0.rc26-3) unstable; urgency=low + + * debian/control: depends on ucf (>= 2.0020). (Closes: #414032) + * debian/dovecot-common.postinst: handles better chmod/chown on package + upgrade. (Closes: #414257) + + -- Fabio Tranchitella Mon, 12 Mar 2007 10:03:34 +0100 + +dovecot (1.0.rc26-2) unstable; urgency=low + + * debian/control: + + dovecot-{imapd,pop3d}: depends on the same-source dovecot-common. + (Closes: #414032) + * debian/rules: fixed permission for dovecot.conf. (Closes: #413995) + + -- Fabio Tranchitella Fri, 9 Mar 2007 12:57:50 +0100 + +dovecot (1.0.rc26-1) unstable; urgency=low + + * New upstream release. + * Add support for ucf, thanks to Vincent Danjean for providing a full patch. + (Closes: #413081) + * debian/dovecot-common.init: create /var/run directories at start-up time. + (Closes: #376143) + + -- Fabio Tranchitella Wed, 7 Mar 2007 11:26:56 +0100 + +dovecot (1.0.rc25-1) unstable; urgency=low + + * New upstream release. + + -- Fabio Tranchitella Fri, 2 Mar 2007 13:44:44 +0100 + +dovecot (1.0.rc24-1) unstable; urgency=low + + * New upstream release. + + -- Fabio Tranchitella Fri, 23 Feb 2007 15:47:30 +0100 + +dovecot (1.0.rc23-1) unstable; urgency=low + + * New upstream release. + * debian/patches/documentation.dpatch, debian/patches/xfs_quotas.dpatch: + removed, applied upstream. + + -- Fabio Tranchitella Wed, 21 Feb 2007 09:34:44 +0100 + +dovecot (1.0.rc22-2) UNRELEASED; urgency=low + + * debian/watch: added. + + -- Fabio Tranchitella Fri, 9 Feb 2007 12:15:34 +0100 + +dovecot (1.0.rc22-1) unstable; urgency=low + + * New upstream release. + + -- Fabio Tranchitella Wed, 7 Feb 2007 09:38:34 +0100 + +dovecot (1.0.rc21-1) unstable; urgency=low + + * New upstream release. + + -- Fabio Tranchitella Mon, 5 Feb 2007 16:23:33 +0100 + +dovecot (1.0.rc19-1) unstable; urgency=low + + * New upstream release. + + -- Fabio Tranchitella Wed, 24 Jan 2007 00:03:38 +0100 + +dovecot (1.0.rc18-2) unstable; urgency=low + + * dovecot-sieve: updated to cvs version 1.0.1. + * debian/README.Debian: updated for the new setting mail_location, which + substitutes the old default_mail_env. (Closes: #408025) + + -- Fabio Tranchitella Tue, 23 Jan 2007 10:15:36 +0100 + +dovecot (1.0.rc18-1) unstable; urgency=low + + * New upstream release. + + -- Fabio Tranchitella Mon, 22 Jan 2007 18:15:02 +0100 + +dovecot (1.0.rc17-1) unstable; urgency=low + + * New upstream release. + * Updated dovecot-sieve from CVS. + + -- Fabio Tranchitella Fri, 12 Jan 2007 09:42:47 +0100 + +dovecot (1.0.rc15-2) unstable; urgency=medium + + * debian/dovecot-common.README.Debian: updated details about raw logging; + thanks Chris Moore for providing a patch. (Closes: #400689) + * debian/patches/dovecot-example.dpatch: added a missing slash for an + absolute path. (Closes: #400830) + * debian/patches/dovecotpw.dpatch: applied patched to fix argument parsing + on some architectures. (Closes: #402075) + + -- Fabio Tranchitella Mon, 18 Dec 2006 18:34:31 +0100 + +dovecot (1.0.rc15-1) unstable; urgency=medium + + * New upstream release. + * Fixes a security bug: Off-by-one buffer overflow with mmap_disable=yes. + (See: http://www.dovecot.org/list/dovecot-news/2006-November/000023.html) + + -- Fabio Tranchitella Mon, 20 Nov 2006 12:47:39 +0100 + +dovecot (1.0.rc14-1) unstable; urgency=medium + + * New upstream release. + + -- Fabio Tranchitella Thu, 16 Nov 2006 09:37:38 +0100 + +dovecot (1.0.rc13-1) unstable; urgency=medium + + * New upstream release. + * debian/rules: + + preserve upstream config.guess and config.sub. (Closes: #397404) + + really clean dovecot-sieve/src on clean target. (Closes: #397407) + * debian/control: added build-conflict with automake1.4. (Closes: #397409) + * dovecot-sieve/src/Makefile.am: move sieve plug-ins under + usr/lib/dovecot/lda/modules; thanks to Chris Vanden Berghe for pointing + this out. + + -- Fabio Tranchitella Tue, 7 Nov 2006 09:26:56 +0100 + +dovecot (1.0.rc12-1) unstable; urgency=low + + * New upstream release. + + -- Fabio Tranchitella Sun, 5 Nov 2006 16:52:52 +0100 + +dovecot (1.0.rc10-3) unstable; urgency=medium + + * debian/rules: fixed two typos in the configure call. (Closes: #395016) + * Included dovecot-sieve plug-in from CVS. (Closes: #394885) + * Urgency medium: we are near the freeze, and this release must be part + of etch. + + -- Fabio Tranchitella Tue, 31 Oct 2006 06:30:45 +0000 + +dovecot (1.0.rc10-2) unstable; urgency=low + + * debian/patches/dovecot-example.dpatch: commented out a close brace. + (Closes: #394785) + + -- Fabio Tranchitella Mon, 23 Oct 2006 08:17:13 +0000 + +dovecot (1.0.rc10-1) unstable; urgency=low + + * New upstream release. (Closes: #393004) + * debian/patches/dovecot-example.dpatch: + + added specific comments to the mail_extra_groups option. + (Closes: #383453) + + removed duplicated LDA section. (Closes: #391632) + * debian/dovecot.8: fixed a layout error. (Closes: #393080) + * debian/dovecot-common.init: added LSB headers. + * Switched to the upstream dovecot deliver (LDA). + * debian/patches/quota_v2.dpatch: added, thanks to Jonas Smedegaard. + (Closes: #377563) + + -- Fabio Tranchitella Sun, 22 Oct 2006 08:55:16 +0000 + +dovecot (1.0.rc7-1) unstable; urgency=low + + * New upstream release. (Closes: #377840, #385101) + * debian/patches/dovecot-example.dpatch: set a default value for + pop3_uidl_format. (Closes: #383883) + + -- Fabio Tranchitella Tue, 29 Aug 2006 10:38:17 +0200 + +dovecot (1.0.rc6-1) unstable; urgency=low + + * New upstream release: + + Fixed imap segfaults on small mbox files (2 bytes). (Closes: #377840) + + Fixed a known bug in dovecot's IDLE handler. (Closes: #351828) + + Added support for quota2. (Closes: #377563) + * debian/control: converted build-depends on linux-kernel-headers to + build-conflicts to help the GNU/kFreeBSD port. (Closes: #377479) + * debian/control: changed maintainer to "Dovecot Maintainers"; no changes + to the email addresses. + + -- Fabio Tranchitella Tue, 15 Aug 2006 10:58:57 +0200 + +dovecot (1.0.rc2-2) unstable; urgency=low + + * patched the quota plugin to fix a missing symbol (Closes: #377018) + + -- Jaldhar H. Vyas Fri, 7 Jul 2006 10:50:04 -0400 + +dovecot (1.0.rc2-1) unstable; urgency=high + + * New upstream release + * Update dovecot-lda to the latest version (05132006) + * IPv6 with SSL/TLS should work now. (Closes: #374783) + * go back to using poll instead of epoll. (Closes: #376222) + + -- Jaldhar H. Vyas Thu, 6 Jul 2006 00:47:56 -0400 + +dovecot (1.0.rc1-1) unstable; urgency=low + + * New upstream release. + * Add a build-dependency on linux-kernel-headers for the xfs quotas + stuff. Make it higher than the version in sarge because sarges xfs + includes are too old. If any knowledgeable person would like to + give me a patch for this, please do. (Closes: #374793) + + -- Jaldhar H. Vyas Wed, 28 Jun 2006 11:42:07 -0400 + +dovecot (1.0.beta9-1) unstable; urgency=low + + * New upstream release + * Added XFS quota support. Thanks Pawel Jarosz + (Closes: #373936) + + -- Jaldhar H. Vyas Mon, 19 Jun 2006 16:55:20 -0400 + +dovecot (1.0.beta8-4) unstable; urgency=high + + * Unfortunately, the patch in the last version broke the mysql module. + Fixed thanks to Martin Pitt. (Closes: #369359, #373227) + + -- Jaldhar H. Vyas Sun, 11 Jun 2006 16:27:43 -0400 + +dovecot (1.0.beta8-3) unstable; urgency=high + + * [SECURITY] SQL injection could occur in the postgresql module with + certain client character encodings. (See CVE-2006-2314) + Used the patch from upstream and Martin Pitt . + Thanks Martin. (Closes: #369359) + + -- Jaldhar H. Vyas Sun, 11 Jun 2006 15:33:55 -0400 + +dovecot (1.0.beta8-2) unstable; urgency=high + + * Don't chown/chmod ssl certificate unless we created it. + (Closes: #364766) + * Upstream fixed the crash if passwd-file had entries without passwords. + (Closes: #361536) + * fixed up the last versions changelog to better describe the security + problem which was fixed there. + + -- Jaldhar H. Vyas Sun, 21 May 2006 13:16:17 -0400 + +dovecot (1.0.beta8-1) unstable; urgency=high + + * New upstream release. + * [SECURITY] Fixes a directory traversal vulnerability. + (see: http://www.dovecot.org/list/dovecot-news/2006-May/000006.html + and CVE-2006-2414) + * Set urgency to high: this version fixes a security bug + * Standards-Version: 3.7.2, no changes needed. + + -- Fabio Tranchitella Sat, 13 May 2006 22:46:16 +0200 + +dovecot (1.0.beta7-1) unstable; urgency=low + + * New upstream version. + * Added sqlite support. + + -- Jaldhar H. Vyas Wed, 12 Apr 2006 23:25:41 -0400 + +dovecot (1.0.beta5-1) unstable; urgency=low + + * New upstream version. Also updated dovecot-lda from CVS. + * debian/control. Added build-depends on flex to prevent FTBFS. + + -- Jaldhar H. Vyas Thu, 6 Apr 2006 16:22:46 -0400 + +dovecot (1.0.beta3-3) unstable; urgency=low + + * Compile against the newer mysql library. (Closes: #356729) + + -- Fabio Tranchitella Wed, 22 Mar 2006 13:43:04 +0000 + +dovecot (1.0.beta3-2) unstable; urgency=low + + [Fabio Tranchitella] + * debian/control: added build-depends on byacc. + * debian/rules: removed --with-vpopmail option, because libvpopmail-dev + is in contrib and we don't wanto to have dovecot build-depends on it. + * debian/patches/dovecot-example.dpatch: added two small commented + block of configuration for dovecot-lda. + + -- Fabio Tranchitella Sun, 26 Feb 2006 20:59:06 +0000 + +dovecot (1.0.beta3-1) unstable; urgency=high + + [Fabio Tranchitella] + * New upstream release, which fixes two security related bugs. + CVE-2006-0730 (Closes: #353341) + * Included dovecot-lda (ver. 20060209). (Closes: #353307, #347348, #333962) + + [ Jaldhar H. Vyas ] + * Removed the code for upgrading impad.pem. This might bite if you if + you try and upgrade a woody version of dovecot to this one. So + don't do that. (Closes: #337715) + * dovecot-imapd,dovecot-pop3d: depend on dovecot-common >= 1.0beta3-1 + as the way SSL parameters are generated has changed. (Closes: #353404) + + -- Jaldhar H. Vyas Fri, 17 Feb 2006 22:06:21 -0500 + +dovecot (1.0.beta2-1) unstable; urgency=low + + [Fabio Tranchitella] + * New upstream release. + * debian/rules: compile with vpopmail support. (Closes: #347838) + * debian/patches: removed zlib patch (merged with upstream). + + -- Fabio Tranchitella Thu, 2 Feb 2006 21:38:32 +0000 + +dovecot (1.0.alpha5-1) unstable; urgency=low + + [Fabio Tranchitella] + * New upstream release. + * Compile dovecot with Kerberos support. (Closes: #338384) + * Fixed a small typo in mbox specification. (Closes: #339789) + * Added man page for maildirmake.dovecot, thanks to Henry Precheur. + (Closes: #340498) + * Use /usr/lib/dovecot/modules as basedir for dynamic modules. + Upstream suggests /usr/lib/dovecot, but we already use it as + libexec directory. + + -- Fabio Tranchitella Wed, 21 Dec 2005 13:44:38 +0000 + +dovecot (1.0.alpha4-1) unstable; urgency=low + + [Jaldhar H. Vyas] + * New upstream version. + * Made sure the default dovecot.conf includes mail_extra_groups=mail + (Closes: #336476) somehow this edit got lost at some point. + * use ISO8601 date format as default value for log_timestamp in + /etc/dovecot/dovecot.conf (Closes: #333059) + * stop shipping {arch} directories in source (Closes: #334646) + * Include plugin for compressed mboxen (Closes: #332384) + * updated NEWS.Debian to warn users that the dovecot.conf syntax has + changed (Closes: #334209) + * Remember, remember, the 5th of November. + + -- Jaldhar H. Vyas Sat, 5 Nov 2005 23:19:19 -0500 + +dovecot (1.0.alpha3-2) unstable; urgency=low + + [Jaldhar H. Vyas] + * dovecot-common: When creating the dovecot user in the postinst, + the --ingroup option to adduser to add dovecot to group + mail isn't used anymore. + (Closes: #330960, #331106) + * commented out userdb passdb from default configuration. Most + people won't need that. (Closes: #330978) + + -- Jaldhar H. Vyas Thu, 6 Oct 2005 14:25:33 -0400 + +dovecot (1.0.alpha3-1) unstable; urgency=low + + [ Fabio Tranchitella ] + * New upstream release (dovecot-1.0.alpha.3) + * debian/patches/ipv6_v6only.dpatch: removed, upstream accepted it. + * debian/dovecot-common.postinst: removed bashisms. + * debian/dovecot-common.postinst: add dovecot user to group mail. + (Closes: #323921) + * debian/control: removed conflicts with imap-server and pop3-server, + added replaces instead. (Closes: #324480) + [ Jaldhar H. Vyas ] + * No longer crashes when using LDAP as userdb/passdb (Closes: #320388) + + -- Jaldhar H. Vyas Mon, 26 Sep 2005 01:42:09 -0400 + +dovecot (0.99.20050712-2) unstable; urgency=low + + * Fabio Tranchitella + + debian/control: dovecot-common has to depend on adduser. + + debian/patches/documentation.dpatch: some cosmetic fixes about mysql + backend. + * Jaldhar H. Vyas + + debian/control: tighten dovecot-imapd and dovecot-pop3d's dependency on + dovecot-common (Closes: #319465) + + debian/patches/dovecot-example.dpatch: some more fixes to default + configuration. (Closes: #319413, #319941) + + -- Jaldhar H. Vyas Fri, 29 Jul 2005 15:37:52 -0400 + +dovecot (0.99.20050712-1) unstable; urgency=low + + * Fabio Tranchitella + + New upstream version (dovecot-stable, last update 20050712). + (Closes: #312893) + + debian/control: Standards-Version: 3.6.2 (no changes needed). + + debian/patches/dovecot-sql.dpatch: use the right path for mysql socket. + (Closes: #298874) + * Jaldhar H. Vyas + + Removed dovecot package as it was just a woody->sarge transitional + pseudo-package. + + Apply patch to debian/dovecot-common.init to help when manually + starting dovecot. Thanks Roland Stigge. (Closes: #309679) + + Apply patch to src/lib/network.c to support IPV6_V6ONLY. Thanks + Marco D'Itri. (Closes: #308652) + + depend on the latest postgresql library. + + -- Jaldhar H. Vyas Wed, 20 Jul 2005 06:30:37 -0400 + +dovecot (0.99.14-1) unstable; urgency=low + + * New upstream version. + * dovecot-common: another postinst regexp fix for SSL cert/key files. + (Closes: #294989) + + -- Jaldhar H. Vyas Sat, 12 Feb 2005 21:34:33 -0500 + +dovecot (0.99.13-6) unstable; urgency=high + + * dovecot-common: *sigh* another init script fix. Hopefully we now + fully deal with dovecot being run from inetd. Thanks again to Magnus + Holmgren. (Closes: #293348) + * High again so -5 doesn't get into sarge. + + -- Jaldhar H. Vyas Mon, 7 Feb 2005 02:58:30 -0500 + +dovecot (0.99.13-5) unstable; urgency=high + + * dovecot-common: typo in postinst resulted in incorrect generation of + keys for first-time installers. Hence urgency high. + * dovecot-common: In init script, make extra check to make sure an + IMAP or POP3 server called from inetd is dovecot and not some other + random inferior product. (Closes: #293348) + + -- Jaldhar H. Vyas Sat, 5 Feb 2005 13:56:31 -0500 + +dovecot (0.99.13-4) unstable; urgency=low + + * build depend on libmysqlclient12 + * dovecot-common: Allow STARTTLS to work when dovecot is run from inetd + Thanks Magnus Holmgren (Closes: #290985) + * dovecot-common: let init script exit if dovecot is being run from inetd + Thanks Magnus Holmgren (Closes: #292195) + * dovecot-common: fix a number of problems in postinst + + fails if /etc/ssl/certs or /etc/ssl/private doesn't exist + + certs cannot be generated and upgrade fails if openssl is not + configured. Fail more gracefully if this is the case. + + read the name and path for the cert from dovecot.conf instead of + hardcoding it. + Thanks Frederic Pauget (Closes: #292344) + + -- Jaldhar H. Vyas Sun, 30 Jan 2005 15:20:03 -0500 + +dovecot (0.99.13-3) unstable; urgency=high + + * Oops -2 had to be urgency=high so -1 doesn't get into sarge. + + -- Jaldhar H. Vyas Sat, 8 Jan 2005 12:11:38 -0500 + +dovecot (0.99.13-2) unstable; urgency=low + + * dovecot-imapd, dovecot-pop3d: It occurred to me that the effects of + fixing #288391 will cause confusion in the minds of new installers so I + should add a warning in README.Debian and NEWS.Debian in a vain + effort to stave off swarms of bug reports. (Vain, because no one + actually reads documentation anyway.) + + -- Jaldhar H. Vyas Sat, 8 Jan 2005 11:29:59 -0500 + +dovecot (0.99.13-1) unstable; urgency=high + + * New upstream version. + * dovecot-imapd, dovecot-pop3d: No longer mess with dovecot.conf in postinst + (Closes: #288391) + * urgency high due to #288391 being a release-critical bug. + + -- Jaldhar H. Vyas Fri, 7 Jan 2005 17:37:08 -0500 + +dovecot (0.99.12-1) unstable; urgency=low + + * New upstream version. (Yes I know 0.99.13 is just around the corner.) + * SASL is re-enabled so this bug ("Dovecot seems not to require SASL") + is no longer valid (Closes: #272093) + * Configuration files moved to /etc/dovecot (Closes: #276183) + * Permissions on /var/run/dovecot and /var/run/dovecot/login no longer + give warnings. (Closes: #283996) + * SSL certificate is world readable (Closes: #277114). + * Thanks to Jan Buren, much extra documentation has been added to + /usr/share/doc/dovecot-common/README.Debian + * Lintian overrides added. + * Happy new year to all you Gregorians + + -- Jaldhar H. Vyas Fri, 31 Dec 2004 15:55:07 -0500 + +dovecot (0.99.11-3) unstable; urgency=medium + + * applied dovecot-large-header-fix patch to prevent 100% CPU + utilization when dealing with really large headers. + (Closes: #271458) + + -- Jaldhar H. Vyas Mon, 13 Sep 2004 20:20:23 -0400 + +dovecot (0.99.11-2) unstable; urgency=low + + * Eliminated duplicate stanza in dovecot.conf (Closes: #270181) + * Reapplied CRAM-MD5 patch. + + -- Jaldhar H. Vyas Mon, 6 Sep 2004 01:24:53 -0400 + +dovecot (0.99.11-1) unstable; urgency=low + + * New upstream release. + * patch to give bug reporting address in configure.ac. + Thanks Matthias Andree. + + -- Jaldhar H. Vyas Sat, 4 Sep 2004 14:24:57 -0400 + +dovecot (0.99.10.9-2) unstable; urgency=low + + * screw mipsel. + * Added PAM_RHOST patch. Thanks Dean Gaudet. (Closes: #264712) + * Added CRAM-MD5 patch. Thanks Joshua Goodall. + * Added unexpected EOF patch from Timo. + + -- Jaldhar H. Vyas Tue, 17 Aug 2004 01:13:20 -0400 + +dovecot (0.99.10.9-1) unstable; urgency=low + + * New upstream release. + + -- Jaldhar H. Vyas Mon, 2 Aug 2004 18:56:02 -0400 + +dovecot (0.99.10.8-1) unstable; urgency=low + + * New upstream release. + + -- Jaldhar H. Vyas Fri, 30 Jul 2004 08:17:51 -0400 + +dovecot (0.99.10.7-1) unstable; urgency=low + + * New upstream release. + + -- Jaldhar H. Vyas Wed, 14 Jul 2004 07:29:49 -0400 + +dovecot (0.99.10.6-3) unstable; urgency=low + + * Patched so dovecot follows symlinks to directories again. + (Closes: #256061) + * Changed the priority of init script so it is run after postgresql + (Closes: #256068) + + -- Jaldhar H. Vyas Thu, 24 Jun 2004 23:57:50 -0400 + +dovecot (0.99.10.6-2) unstable; urgency=high + + * I needed to enable one more parameter in the configuration in order + to get dot-locking working. Hence this should still be high urgency. + (Really Closes: #185335) + + -- Jaldhar H. Vyas Mon, 21 Jun 2004 20:02:29 -0400 + +dovecot (0.99.10.6-1) unstable; urgency=high + + * New upstream version. + + finally fixes dot-locking so I think it deserves high priority for + sarge. (Closes: #185335) + * dovecot: fixed a typo in description (Closes: #254415) + * dovecot-common: man page for dovecot added. Thanks Kai Hendry. + (Closes: #253482) + + -- Jaldhar H. Vyas Sat, 19 Jun 2004 23:18:39 -0400 + +dovecot (0.99.10.5-4) unstable; urgency=high + + * Crap, typo in dovecot-common.postinst sorry. This should only + affect new installs though. + + -- Jaldhar H. Vyas Fri, 11 Jun 2004 22:30:41 -0400 + +dovecot (0.99.10.5-3) unstable; urgency=high + + * SECURITY: set permissions on config files to 0600 to prevent + disclosure of sensitive information to local users. (Closes: #253760) + * SECURITY: Tightened permissions on generated SSL certificate. + (Closes: #253833) + * Made a note that dovecot-openssl.conf is not needed on Debian + because we generate a certificate in dovecot-commons' postinst. + (Closes: #253774) + * Added maildir-autocreate patch. + + -- Jaldhar H. Vyas Fri, 11 Jun 2004 09:12:07 -0400 + +dovecot (0.99.10.5-2) unstable; urgency=low + + * Added maildir-stat patch. + + -- Jaldhar H. Vyas Thu, 10 Jun 2004 14:39:28 -0400 + +dovecot (0.99.10.5-1) unstable; urgency=low + + * New upstream version. + * Enabled mysql support. + + -- Jaldhar H. Vyas Thu, 27 May 2004 13:21:42 -0400 + +dovecot (0.99.10.4-5) unstable; urgency=high + + * Switched to using openssl as dovecot segfaults with gnutls7 and is + not compatible with gnutls10 (Closes: #244570) + + -- Jaldhar H. Vyas Mon, 19 Apr 2004 22:45:21 -0400 + +dovecot (0.99.10.4-4) unstable; urgency=low + + * Added a patch to src/auth/db-pgsql.c from Zsolt VARGA. + + -- Jaldhar H. Vyas Tue, 30 Mar 2004 12:49:31 -0500 + +dovecot (0.99.10.4-3) unstable; urgency=high + + * dovecot-common: Fix postinst to no longer delete /etc/pam.d/imap + (Closes: #232832) + + -- Jaldhar H. Vyas Mon, 15 Mar 2004 10:27:52 -0500 + +dovecot (0.99.10.4-2) unstable; urgency=low + + * dovecot-common: now replaces: dovecot for smoother upgrades. + (Closes: #223666) + + -- Jaldhar H. Vyas Thu, 11 Dec 2003 09:18:12 -0500 + +dovecot (0.99.10.4-1) unstable; urgency=low + + * New upstream version + + This fixes the corruption of .subscriptions files with folders in + maildir format. (Closes: #222272) + * Some extra information included in dovecot-common.README.Debian. + (Closes: #221106) There should probably be more so if you have ideas + let me know. + + -- Jaldhar H. Vyas Mon, 1 Dec 2003 23:41:00 -0500 + +dovecot (0.99.10.2-1) unstable; urgency=low + + * New upstream version. + + -- Jaldhar H. Vyas Tue, 11 Nov 2003 17:21:45 -0500 + +dovecot (0.99.10-11) unstable; urgency=low + + * Build depend on gnutls 7 instead of 5 (Closes: #219523) + + -- Jaldhar H. Vyas Thu, 6 Nov 2003 22:25:00 -0500 + +dovecot (0.99.10-10) unstable; urgency=low + + * maildirmake.dovecot will now let you create maildirs whose names + have spaces in them and chown them to a specified user. Thanks Paul + Slootman (Closes: #219168) + + -- Jaldhar H. Vyas Tue, 4 Nov 2003 20:00:25 +0000 + +dovecot (0.99.10-9) unstable; urgency=low + + * Don't use SASL2 as upstream says the support is broken. + + -- Jaldhar H. Vyas Tue, 23 Sep 2003 16:27:11 +0000 + +dovecot (0.99.10-8) unstable; urgency=low + + * Patched so suid works on 2.6 kernels. Thanks Peter Gervai. + (Closes: #211420) + + -- Jaldhar H. Vyas Wed, 17 Sep 2003 17:59:10 +0000 + +dovecot (0.99.10-7) unstable; urgency=low + + * Yet another init script fix. It should be ok now. Thanks once again + to Alexis Iglauer. + + -- Jaldhar H. Vyas Wed, 27 Aug 2003 10:56:04 -0400 + +dovecot (0.99.10-6) unstable; urgency=low + + * fix some errors in init script (closes: #207464) + Thanks to Adam Lackorzynski and Alexis Iglauer. + + -- Jaldhar H. Vyas Wed, 27 Aug 2003 09:02:23 -0400 + +dovecot (0.99.10-5) unstable; urgency=high + + * dovecot-pop3d, dovecot-imapd: make sure init script doesn't + attempt to start the daemons if unconfigured thus preventing + segfault on startup. (Closes: #206992, #207140) + + -- Jaldhar H. Vyas Mon, 25 Aug 2003 16:40:53 -0400 + +dovecot (0.99.10-4) unstable; urgency=low + + * Updated PAM configuration to the new scheme and added appropriate + dependency. + + -- Jaldhar H. Vyas Fri, 22 Aug 2003 12:54:54 -0400 + +dovecot (0.99.10-3) unstable; urgency=low + + * dovecot-pop3d: Patch for proper PAM service name. + * dovecot-imapd, dovecot-pop3d: Make sure there is an appropriate + entry in the protocol = line in /etc/dovecot.conf so the service + will start up without errors. (Closes: #204213) + + -- Jaldhar H. Vyas Thu, 21 Aug 2003 13:47:00 -0400 + +dovecot (0.99.10-2.1) unstable; urgency=low + + * Non-maintainer upload at request of maintainer. + * Fix segfault on alpha caused by time_t size. Closes: #203892. + * Fix segfault when user's home directory is left empty. + + -- Scott James Remnant Wed, 6 Aug 2003 01:47:16 +0100 + +dovecot (0.99.10-2) unstable; urgency=low + + * corrected paths to example and configuration files in sample config + (Closes: #199740) + * Added postgresql support. + + -- Jaldhar H. Vyas Thu, 3 Jul 2003 16:45:49 -0400 + +dovecot (0.99.10-1) unstable; urgency=low + + * New upstream release. + * PAM service name has changed to dovecot (for IMAP and POP3.) I've included + code to move /etc/pam.d/imap to /etc/pam.d/dovecot but if things suddenly + stop working, this is the first thing to check. + + -- Jaldhar H. Vyas Thu, 26 Jun 2003 22:31:07 -0400 + +dovecot (0.99.10-0.rc2) unstable; urgency=low + + * New upstream release. Fixes broken imaps support. + * Typo in configure options that broke LDAP support on woody corrected. + * Only start /usr/sbin/dovecot if either the IMAP or POP3 servers are + installed. (Closes: #192066) + + -- Jaldhar H. Vyas Mon, 23 Jun 2003 23:26:04 -0400 + +dovecot (0.99.9.1-1) unstable; urgency=low + + * New upstream release. + + -- Jaldhar H. Vyas Sun, 4 May 2003 21:49:55 -0400 + +dovecot (0.99.9-1) unstable; urgency=low + + * New upstream release. + * The IMAP and POP3 servers have been split into separate package so you + don't have to install both. There is also a dovecot-common package + for the parts they share. The dovecot package is now a dummy just for + transitioning to this new scheme. (Closes: #187826) + * Allow chmod in maildirmake.dovecot to fail gracefully (Closes: #191244) + + -- Jaldhar H. Vyas Wed, 30 Apr 2003 08:53:46 -0400 + +dovecot (0.99.8.1-4) unstable; urgency=low + + * Added a build-depends on libsasl-dev (Closes: #187516) + * Enabled pop3 service. However it is still turned off in the config file by + default so as to not surprise anyone who thought they only had an IMAP + server. + * Consequently, changed "IMAP server" in descriptions etc. to "mail server". + * only skip key generation if both /etc/ssl/certs/dovecot.pem and + /etc/ssl/private/dovecot.pem exist. (Closes: #187638) + * post-0.99.8.1 patch: Fix renaming subfolders with maildir. + * post-0.99.8.1 patch: Fix other maildir subfolder problems. + * post-0.99.8.1 patch: Fix partial body fetches. + * post-0.99.8.1 patch: Fix using LITERAL+APPEND. + + -- Jaldhar H. Vyas Sat, 5 Apr 2003 14:13:52 -0500 + +dovecot (0.99.8.1-3) unstable; urgency=low + + * Fixed bashism and perlism(!) in maildirmake.dovecot. Thanks Clint + Adams. (Closes: #185768) + * Enabled LDAP support. The configuration is in /etc/dovecot-ldap.conf + but is commented out. + * Happy new year to all Debian users still on the Julian calendar. + + -- Jaldhar H. Vyas Tue, 25 Mar 2003 09:25:37 -0500 + +dovecot (0.99.8.1-2) unstable; urgency=low + + * Make a separate check for /etc/ssl/private/imapd.pem in case we don't + have it. (Closes: #185334) + * Move check for dovecot user and creation code to postinsts' configure + phase. (Closes: #185333) + + -- Jaldhar H. Vyas Wed, 19 Mar 2003 01:50:10 -0500 + +dovecot (0.99.8.1-1) unstable; urgency=low + + * new upstream release. (Closes: #184131) Does not include the POP3 + server or LDAP and SASL support for now so we can get into the archive + quickly. Fixes segfaults in imap-master (Closes: #184231) Fixes + faulty mail autodetection presets (Closes: #179625) + + -- Jaldhar H. Vyas Sun, 16 Mar 2003 15:47:54 -0500 + +dovecot (0.99.7-4) unstable; urgency=low + + * Fixed location of handlers. (Closes: #179273) + + -- Jaldhar H. Vyas Fri, 31 Jan 2003 18:37:23 -0500 + +dovecot (0.99.7-3) unstable; urgency=low + + * doh pam file should be called imap not dovecot (Closes: #179180) + + -- Jaldhar H. Vyas Fri, 31 Jan 2003 14:12:29 -0500 + +dovecot (0.99.7-2) unstable; urgency=low + + * Added two upstream patches to fix broken plain authentication and + building with vpopmail support (which is not enabled in the Debian + package yet.) + + -- Jaldhar H. Vyas Fri, 17 Jan 2003 14:24:22 -0500 + +dovecot (0.99.7-1) unstable; urgency=low + + * New upstream release. + * Syslog no longer fills up with entries when dovecot is misconfigured. + (Closes: #175507) + * startup is logged now. shutdowns were already logged. (Closes: #175509) + * dovecot will not remove your SSL certificates now. (Closes: #175282) + + -- Jaldhar H. Vyas Wed, 15 Jan 2003 00:58:23 -0500 + +dovecot (0.99.6rc2-1) unstable; urgency=low + + * New upstream release. + * Includes patch which stops dovecot from dying on alpha (Closes: #175577) + + -- Jaldhar H. Vyas Wed, 8 Jan 2003 14:22:09 -0500 + +dovecot (0.99.5-1) unstable; urgency=low + + * New upstream release with many fixes and improvements. + + -- Jaldhar H. Vyas Fri, 3 Jan 2003 00:53:26 -0500 + +dovecot (0.99.4-1) unstable; urgency=low + + * Initial Release. + + -- Jaldhar H. Vyas Wed, 18 Dec 2002 09:44:39 -0500 diff --git a/conf/conf.d/10-auth.conf b/conf/conf.d/10-auth.conf new file mode 100644 index 0000000..dde697f --- /dev/null +++ b/conf/conf.d/10-auth.conf @@ -0,0 +1,122 @@ +#log_debug=category=auth +#auth_debug_passwords = yes +## +## Authentication processes +## + +# Enable LOGIN command and all other plaintext authentications even if +# SSL/TLS is not used (LOGINDISABLED capability). Note that if the remote IP +# matches the local IP (ie. you're connecting from the same computer), the +# connection is considered secure and plaintext authentication is allowed, +# unless ssl = required. +#auth_allow_cleartext = yes + +# Authentication cache size (e.g. 10M). 0 means it's disabled. Note that +# bsdauth, PAM and vpopmail require cache_key to be set for caching to be used. +#auth_cache_size = 0 +# Time to live for cached data. After TTL expires the cached record is no +# longer used, *except* if the main database lookup returns internal failure. +# We also try to handle password changes automatically: If user's previous +# authentication was successful, but this one wasn't, the cache isn't used. +# For now this works only with plaintext authentication. +#auth_cache_ttl = 1 hour +# TTL for negative hits (user not found, password mismatch). +# 0 disables caching them completely. +#auth_cache_negative_ttl = 1 hour + +# Space separated list of realms for SASL authentication mechanisms that need +# them. You can leave it empty if you don't want to support multiple realms. +# Many clients simply use the first one listed here, so keep the default realm +# first. +#auth_realms = +# +# Default realm/domain to use if none was specified. This is used for both +# SASL realms and appending @domain to username in plaintext logins. +#auth_default_domain = + +# List of allowed characters in username. If the user-given username contains +# a character not listed in here, the login automatically fails. This is just +# an extra check to make sure user can't exploit any potential quote escaping +# vulnerabilities with SQL/LDAP databases. If you want to allow all characters, +# set this value to empty. +#auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ + +# Username character translations before it's looked up from databases. The +# value contains series of from -> to characters. For example "#@/@" means +# that '#' and '/' characters are translated to '@'. +#auth_username_translation = + +# Username formatting before it's looked up from databases. +#auth_username_format = %{user|lower} +#auth_username_format = %{user|username|lower} + +# If you want to allow master users to log in by specifying the master +# username within the normal username string (ie. not using SASL mechanism's +# support for it), you can specify the separator character here. The format +# is then . UW-IMAP uses "*" as the +# separator, so that could be a good choice. +#auth_master_user_separator = + +# Username to use for users logging in with ANONYMOUS SASL mechanism +#auth_anonymous_username = anonymous + +# Host name to use in GSSAPI principal names. The default is to use the +# name returned by gethostname(). Use "$ALL" (with quotes) to allow all keytab +# entries. +#auth_gssapi_hostname = + +# Kerberos keytab to use for the GSSAPI mechanism. Will use the system +# default (usually /etc/krb5.keytab) if not specified. You may need to change +# the auth service to run as root to be able to read this file. +#auth_krb5_keytab = + +# Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and +# ntlm_auth helper. +#auth_use_winbind = no + +# Path for Samba's ntlm_auth helper binary. +#auth_winbind_helper_path = /usr/bin/ntlm_auth + +# Time to delay before replying to failed authentications. +#auth_failure_delay = 2 secs + +# Require a valid SSL client certificate or the authentication fails. +#auth_ssl_require_client_cert = no + +# Take the username from client's SSL certificate, using +# X509_NAME_get_text_by_NID() which returns the subject's DN's +# CommonName. +#auth_ssl_username_from_cert = no + +# Space separated list of wanted authentication mechanisms: +# plain login digest-md5 cram-md5 ntlm anonymous gssapi +# gss-spnego xoauth2 oauthbearer +# NOTE: See also auth_allow_cleartext setting. +#auth_mechanisms = plain login + +## +## Password and user databases +## + +# +# Password database is used to verify user's password (and nothing more). +# You can have multiple passdbs and userdbs. This is useful if you want to +# allow both system users (/etc/passwd) and virtual users to login without +# duplicating the system users into virtual database. +# +# +# +# User database specifies where mails are located and what user/group IDs +# own them. For single-UID configuration use "static" userdb. +# +# + +#!include auth-deny.conf.ext +#!include auth-master.conf.ext +#!include auth-oauth2.conf.ext + +!include auth-system.conf.ext +#!include auth-sql.conf.ext +#!include auth-ldap.conf.ext +#!include auth-passwdfile.conf.ext +#!include auth-static.conf.ext diff --git a/conf/conf.d/10-logging.conf b/conf/conf.d/10-logging.conf new file mode 100644 index 0000000..359642f --- /dev/null +++ b/conf/conf.d/10-logging.conf @@ -0,0 +1,86 @@ +## +## Log destination. +## + +# Log file to use for error messages. "syslog" logs to syslog, +# /dev/stderr logs to stderr. +#log_path = syslog + +# Log file to use for informational messages. Defaults to log_path. +#info_log_path = +# Log file to use for debug messages. Defaults to info_log_path. +#debug_log_path = + +# Syslog facility to use if you're logging to syslog. Usually if you don't +# want to use "mail", you'll use local0..local7. Also other standard +# facilities are supported. +#syslog_facility = mail + +## +## Logging verbosity and debugging. +## + +# Log unsuccessful authentication attempts and the reasons why they failed. +#auth_verbose = yes + +# In case of password mismatches, log the attempted password. Valid values are +# no, plain and sha1. sha1 can be useful for detecting brute force password +# attempts vs. user simply trying the same password over and over again. +#auth_verbose_passwords = no + +# To chain multiple logging conditions you can use, +# log_debug=$SET:log_debug or category=xxx + +# Even more verbose logging for debugging purposes. Shows for example SQL +# queries. +#log_debug=category=auth +# +# In case of password mismatches, log the passwords and used scheme so the +# problem can be debugged. Enabling this also enables auth_debug. +#auth_debug_passwords = yes + +# Enable mail process debugging. This can help you figure out why Dovecot +# isn't finding your mails. +#log_debug=category=mail + +# Show protocol level SSL errors. +#log_debug=category=ssl + +# mail_log plugin provides more event logging for mail processes. +#mail_plugins { +# notify = yes +# mail_log = yes +#} +# Events to log. Also available: flag_change append +#mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename flag_change append +# Available fields: uid, box, msgid, from, subject, size, vsize, flags +# size and vsize are available only for expunge and copy events. +#mail_log_fields = uid box msgid size from subject vsize flags +# only log cached fields +#mail_log_cached_only = yes + +## +## Log formatting. +## + +# Prefix for each line written to log file. % codes are in strftime(3) +# format. +#log_timestamp = "%b %d %H:%M:%S " + +# Space-separated list of elements we want to log. The elements which have +# a non-empty variable value are joined together to form a comma-separated +# string. +#login_log_format_elements = user=<%{user}> method=%{mechanism} rip=%{remote_ip} lip=%{local_ip} mpid=%{mail_pid} %{secured} session=<%{session}> + +# Login log format. %{elements} contains login_log_format_elements string, %{message} contains +# the data we want to log. +#login_log_format = %{message}: %{elements} + +# Log prefix for mail processes. See +# https://doc.dovecot.org/latest/core/settings/variables.html#mail-service-user-variables +# for list of possible variables. +#mail_log_prefix = "%{service}(%{user})<%{process:pid}><%{session}>: " + +# Format to use for logging mail deliveries. See https://doc.dovecot.org/latest/core/summaries/settings.html#deliver_log_format +# for list of possible variables. +#deliver_log_format = msgid=%{msgid}: %{message} (subject=%{subject} from=%{from} size=%{size}) diff --git a/conf/conf.d/10-mail.conf b/conf/conf.d/10-mail.conf new file mode 100644 index 0000000..efd089b --- /dev/null +++ b/conf/conf.d/10-mail.conf @@ -0,0 +1,410 @@ +## +## Mailbox locations and namespaces +## + +# Location for users' mailboxes. The default is empty, which means that Dovecot +# tries to find the mailboxes automatically. This won't work if the user +# doesn't yet have any mail, so you should explicitly tell Dovecot the full +# location. +# +# If you're using mbox, giving a path to the INBOX file (eg. /var/mail/%u) +# isn't enough. You'll also need to tell Dovecot where the other mailboxes are +# kept. This is called the "root mail directory", and it must be the first +# path given in the mail_location setting. +# +# There are a few special variables you can use, eg.: +# +# %{user} - username +# %{user|username} - user part in user@domain, same as %u if there's no domain +# %{user|domain} - domain part in user@domain, empty if there's no domain +# %{home} - home directory +# +# See https://doc.dovecot.org/latest/core/settings/variables.html for full list +# of variables. +# +# Example: +# mail_driver = maildir +# mail_path = ~/Maildir +# mail_inbox_path = ~/Maildir/.INBOX +# + +# Debian defaults +# Note that upstream considers mbox deprecated and strongly recommends +# against its use in production environments. See further information +# at +# https://doc.dovecot.org/2.4.0/core/config/mailbox/formats/mbox.html +mail_driver = mbox +mail_home = /home/%{user|username} +mail_path = %{home}/mail +mail_inbox_path = /var/mail/%{user} + +# If you need to set multiple mailbox locations or want to change default +# namespace settings, you can do it by defining namespace sections. +# +# You can have private, shared and public namespaces. Private namespaces +# are for user's personal mails. Shared namespaces are for accessing other +# users' mailboxes that have been shared. Public namespaces are for shared +# mailboxes that are managed by sysadmin. If you create any shared or public +# namespaces you'll typically want to enable ACL plugin also, otherwise all +# users can access all the shared mailboxes, assuming they have permissions +# on filesystem level to do so. +namespace inbox { + # Namespace type: private, shared or public + #type = private + + # Hierarchy separator to use. You should use the same separator for all + # namespaces or some clients get confused. '/' is usually a good one. + # The default however depends on the underlying mail storage format. + #separator = + + # Prefix required to access this namespace. This needs to be different for + # all namespaces. For example "Public/". + #prefix = + + # Physical location of the mailbox. This is in same format as + # mail location, which is also the default for it. + # mail_driver = + # mail_path = + # + # There can be only one INBOX, and this setting defines which namespace + # has it. + inbox = yes + + # If namespace is hidden, it's not advertised to clients via NAMESPACE + # extension. You'll most likely also want to set list=no. This is mostly + # useful when converting from another server with different namespaces which + # you want to deprecate but still keep working. For example you can create + # hidden namespaces with prefixes "~/mail/", "~%u/mail/" and "mail/". + #hidden = no + + # Show the mailboxes under this namespace with LIST command. This makes the + # namespace visible for clients that don't support NAMESPACE extension. + # "children" value lists child mailboxes, but hides the namespace prefix. + #list = yes + + # Namespace handles its own subscriptions. If set to "no", the parent + # namespace handles them (empty prefix should always have this as "yes") + #subscriptions = yes + + # See 15-mailboxes.conf for definitions of special mailboxes. +} + +# Example shared namespace configuration +#namespace shared { + #type = shared + #separator = / + + # Mailboxes are visible under "shared/user@domain/" + # $user, $domain and $username are expanded to the destination user. + #prefix = shared/$user/ + + # Mail location for other users' mailboxes. Note that %{variables} and ~/ + # expands to the logged in user's data. %{owner_user} and %{owner_home} + # destination user's data. + #mail_driver = maildir + #mail_path = %{owner_home}/Maildir + #mail_index_path = ~/Maildir/shared/%{owner_user} + + # Use the default namespace for saving subscriptions. + #subscriptions = no + + # List the shared/ namespace only if there are visible shared mailboxes. + #list = children +#} +# Should shared INBOX be visible as "shared/user" or "shared/user/INBOX"? +#mail_shared_explicit_inbox = no + +# System user and group used to access mails. If you use multiple, userdb +# can override these by returning uid or gid fields. You can use either numbers +# or names. +#mail_uid = +#mail_gid = + +# Group to enable temporarily for privileged operations. Currently this is +# used only with INBOX when either its initial creation or dotlocking fails. +# Typically this is set to "mail" to give access to /var/mail. +mail_privileged_group = mail + +# Grant access to these supplementary groups for mail processes. Typically +# these are used to set up access to shared mailboxes. Note that it may be +# dangerous to set these if users can create symlinks (e.g. if "mail" group is +# set here, ln -s /var/mail ~/mail/var could allow a user to delete others' +# mailboxes, or ln -s /secret/shared/box ~/mail/mybox would allow reading it). +#mail_access_groups = + +# Allow full filesystem access to clients. There's no access checks other than +# what the operating system does for the active UID/GID. It works with both +# maildir and mboxes, allowing you to prefix mailboxes names with eg. /path/ +# or ~user/. +#mail_full_filesystem_access = no + +# Dictionary for key=value mailbox attributes. This is used for example by +# URLAUTH and METADATA extensions. +#mail_attribute { +# dict file { +# path = %{home}/Maildir/dovecot-attributes +# } +#} + +# A comment or note that is associated with the server. This value is +# accessible for authenticated users through the IMAP METADATA server +# entry "/shared/comment". +#mail_server_comment = "" + +# Indicates a method for contacting the server administrator. According to +# RFC 5464, this value MUST be a URI (e.g., a mailto: or tel: URL), but that +# is currently not enforced. Use for example mailto:admin@example.com. This +# value is accessible for authenticated users through the IMAP METADATA server +# entry "/shared/admin". +#mail_server_admin = + +## +## Mail processes +## + +# Don't use mmap() at all. This is required if you store indexes to shared +# filesystems (NFS or clustered filesystem). +#mmap_disable = no + +# Rely on O_EXCL to work when creating dotlock files. NFS supports O_EXCL +# since version 3, so this should be safe to use nowadays by default. +#dotlock_use_excl = yes + +# When to use fsync() or fdatasync() calls: +# optimized (default): Whenever necessary to avoid losing important data +# always: Useful with e.g. NFS when write()s are delayed +# never: Never use it (best performance, but crashes can lose data) +#mail_fsync = optimized + +# Locking method for index files. Alternatives are fcntl, flock and dotlock. +# Dotlocking uses some tricks which may create more disk I/O than other locking +# methods. NFS users: flock doesn't work, remember to change mmap_disable. +#lock_method = fcntl + +# Directory where mails can be temporarily stored. Usually it's used only for +# mails larger than >= 128 kB. It's used by various parts of Dovecot, for +# example LDA/LMTP while delivering large mails or zlib plugin for keeping +# uncompressed mails. +#mail_temp_dir = /tmp + +# Valid UID range for users, defaults to 500 and above. This is mostly +# to make sure that users can't log in as daemons or other system users. +# Note that denying root logins is hardcoded to dovecot binary and can't +# be done even if first_valid_uid is set to 0. +#first_valid_uid = 500 +#last_valid_uid = 0 + +# Valid GID range for users, defaults to non-root/wheel. Users having +# non-valid GID as primary group ID aren't allowed to log in. If user +# belongs to supplementary groups with non-valid GIDs, those groups are +# not set. +#first_valid_gid = 1 +#last_valid_gid = 0 + +# Maximum allowed length for mail keyword name. It's only forced when trying +# to create new keywords. +#mail_max_keyword_length = 50 + +# ':' separated list of directories under which chrooting is allowed for mail +# processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar too). +# This setting doesn't affect login_chroot, mail_chroot or auth chroot +# settings. If this setting is empty, "/./" in home dirs are ignored. +# WARNING: Never add directories here which local users can modify, that +# may lead to root exploit. Usually this should be done only if you don't +# allow shell access for users. +#valid_chroot_dirs = + +# Default chroot directory for mail processes. This can be overridden for +# specific users in user database by giving /./ in user's home directory +# (eg. /home/./user chroots into /home). Note that usually there is no real +# need to do chrooting, Dovecot doesn't allow users to access files outside +# their mail directory anyway. If your home directories are prefixed with +# the chroot directory, append "/." to mail_chroot. +#mail_chroot = + +# UNIX socket path to master authentication server to find users. +# This is used by imap (for shared users) and lda. +#auth_socket_path = /var/run/dovecot/auth-userdb + +# Directory where to look up mail plugins. +#mail_plugin_dir = /usr/lib/dovecot + +# Space separated list of plugins to load for all services. Plugins specific to +# IMAP, LDA, etc. are added to this list in their own .conf files. +#mail_plugins = +# +# To add plugins, use +#mail_plugins { +# plugin = yes +#} + +## +## Mailbox handling optimizations +## + +# Mailbox list indexes can be used to optimize IMAP STATUS commands. They are +# also required for IMAP NOTIFY extension to be enabled. +#mailbox_list_index = yes + +# Trust mailbox list index to be up-to-date. This reduces disk I/O at the cost +# of potentially returning out-of-date results after e.g. server crashes. +# The results will be automatically fixed once the folders are opened. +#mailbox_list_index_very_dirty_syncs = yes + +# Should INBOX be kept up-to-date in the mailbox list index? By default it's +# not, because most of the mailbox accesses will open INBOX anyway. +#mailbox_list_index_include_inbox = no + +# The minimum number of mails in a mailbox before updates are done to cache +# file. This allows optimizing Dovecot's behavior to do less disk writes at +# the cost of more disk reads. +#mail_cache_min_mail_count = 0 + +# When IDLE command is running, mailbox is checked once in a while to see if +# there are any new mails or other changes. This setting defines the minimum +# time to wait between those checks. Dovecot can also use inotify and +# kqueue to find out immediately when changes occur. +#mailbox_idle_check_interval = 30 secs + +# Save mails with CR+LF instead of plain LF. This makes sending those mails +# take less CPU, especially with sendfile() syscall with Linux and FreeBSD. +# But it also creates a bit more disk I/O which may just make it slower. +# Also note that if other software reads the mboxes/maildirs, they may handle +# the extra CRs wrong and cause problems. +#mail_save_crlf = no + +# Max number of mails to keep open and prefetch to memory. This only works with +# some mailbox formats and/or operating systems. +#mail_prefetch_count = 0 + +# How often to scan for stale temporary files and delete them (0 = never). +# These should exist only after Dovecot dies in the middle of saving mails. +#mail_temp_scan_interval = 1w + +# How many slow mail accesses sorting can perform before it returns failure. +# With IMAP the reply is: NO [LIMIT] Requested sort would have taken too long. +# The untagged SORT reply is still returned, but it's likely not correct. +#mail_sort_max_read_count = 0 + +protocol !indexer-worker { + # If folder vsize calculation requires opening more than this many mails from + # disk (i.e. mail sizes aren't in cache already), return failure and finish + # the calculation via indexer process. Disabled by default. This setting must + # be 0 for indexer-worker processes. + #mail_vsize_bg_after_count = 0 +} + +## +## Maildir-specific settings +## + +# By default LIST command returns all entries in maildir beginning with a dot. +# Enabling this option makes Dovecot return only entries which are directories. +# This is done by stat()ing each entry, so it causes more disk I/O. +# (For systems setting struct dirent->d_type, this check is free and it's +# done always regardless of this setting) +#maildir_stat_dirs = no + +# When copying a message, do it with hard links whenever possible. This makes +# the performance much better, and it's unlikely to have any side effects. +#maildir_copy_with_hardlinks = yes + +# Assume Dovecot is the only MUA accessing Maildir: Scan cur/ directory only +# when its mtime changes unexpectedly or when we can't find the mail otherwise. +#maildir_very_dirty_syncs = no + +# If enabled, Dovecot doesn't use the S= in the Maildir filenames for +# getting the mail's physical size, except when recalculating Maildir++ quota. +# This can be useful in systems where a lot of the Maildir filenames have a +# broken size. The performance hit for enabling this is very small. +#maildir_broken_filename_sizes = no + +# Always move mails from new/ directory to cur/, even when the \Recent flags +# aren't being reset. +#maildir_empty_new = no + +## +## mbox-specific settings +## + +# Which locking methods to use for locking mbox. There are four available: +# dotlock: Create .lock file. This is the oldest and most NFS-safe +# solution. If you want to use /var/mail/ like directory, the users +# will need write access to that directory. +# dotlock_try: Same as dotlock, but if it fails because of permissions or +# because there isn't enough disk space, just skip it. +# fcntl : Use this if possible. Works with NFS too if lockd is used. +# flock : May not exist in all systems. Doesn't work with NFS. +# lockf : May not exist in all systems. Doesn't work with NFS. +# +# You can use multiple locking methods; if you do the order they're declared +# in is important to avoid deadlocks if other MTAs/MUAs are using multiple +# locking methods as well. Some operating systems don't allow using some of +# them simultaneously. +#mbox_read_locks = fcntl +#mbox_write_locks = dotlock fcntl + +# Maximum time to wait for lock (all of them) before aborting. +#mbox_lock_timeout = 5 mins + +# If dotlock exists but the mailbox isn't modified in any way, override the +# lock file after this much time. +#mbox_dotlock_change_timeout = 2 mins + +# When mbox changes unexpectedly we have to fully read it to find out what +# changed. If the mbox is large this can take a long time. Since the change +# is usually just a newly appended mail, it'd be faster to simply read the +# new mails. If this setting is enabled, Dovecot does this but still safely +# fallbacks to re-reading the whole mbox file whenever something in mbox isn't +# how it's expected to be. The only real downside to this setting is that if +# some other MUA changes message flags, Dovecot doesn't notice it immediately. +# Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK +# commands. +#mbox_dirty_syncs = yes + +# Like mbox_dirty_syncs, but don't do full syncs even with SELECT, EXAMINE, +# EXPUNGE or CHECK commands. If this is set, mbox_dirty_syncs is ignored. +#mbox_very_dirty_syncs = no + +# Delay writing mbox headers until doing a full write sync (EXPUNGE and CHECK +# commands and when closing the mailbox). This is especially useful for POP3 +# where clients often delete all mails. The downside is that our changes +# aren't immediately visible to other MUAs. +#mbox_lazy_writes = yes + +# If mbox size is smaller than this (e.g. 100k), don't write index files. +# If an index file already exists it's still read, just not updated. +#mbox_min_index_size = 0 + +# Mail header selection algorithm to use for MD5 POP3 UIDLs when +# pop3_uidl_format=%m. For backwards compatibility we use apop3d inspired +# algorithm, but it fails if the first Received: header isn't unique in all +# mails. An alternative algorithm is "all" that selects all headers. +#mbox_md5 = apop3d + +## +## mdbox-specific settings +## + +# Maximum dbox file size until it's rotated. +#mdbox_rotate_size = 10M + +# Maximum dbox file age until it's rotated. Typically in days. Day begins +# from midnight, so 1d = today, 2d = yesterday, etc. 0 = check disabled. +#mdbox_rotate_interval = 0 + +# When creating new mdbox files, immediately preallocate their size to +# mdbox_rotate_size. This setting currently works only in Linux with some +# filesystems (ext4, xfs). +#mdbox_preallocate_space = no + +# Settings to control adding $HasAttachment or $HasNoAttachment keywords. +# By default, all MIME parts with Content-Disposition=attachment, or inlines +# with filename parameter are consired attachments. +# add-flags - Add the keywords when saving new mails or when fetching can +# do it efficiently. +# content-type=type or !type - Include/exclude content type. Excluding will +# never consider the matched MIME part as attachment. Including will only +# negate an exclusion (e.g. content-type=!foo/* content-type=foo/bar). +# exclude-inlined - Exclude any Content-Disposition=inline MIME part. +#mail_attachment_detection_options = diff --git a/conf/conf.d/10-master.conf b/conf/conf.d/10-master.conf new file mode 100644 index 0000000..f793e4a --- /dev/null +++ b/conf/conf.d/10-master.conf @@ -0,0 +1,133 @@ +#default_process_limit = 100 +#default_client_limit = 1000 + +# Default VSZ (virtual memory size) limit for service processes. This is mainly +# intended to catch and kill processes that leak memory before they eat up +# everything. +#default_vsz_limit = 256M + +# Login user is internally used by login processes. This is the most untrusted +# user in Dovecot system. It shouldn't have access to anything at all. +#default_login_user = dovenull + +# Internal user is used by unprivileged processes. It should be separate from +# login user, so that login processes can't disturb other processes. +#default_internal_user = dovecot + +service imap-login { + inet_listener imap { + #port = 143 + } + inet_listener imaps { + #port = 993 + #ssl = yes + } + + # Number of connections to handle before starting a new process. Typically + # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0 + # is faster. + #service_restart_request_count = 1 + + # Number of processes to always keep waiting for more connections. + #process_min_avail = 0 + + # If you set service_restart_request_count=0, you probably need to grow this. + #vsz_limit = 256M # default +} + +service pop3-login { + inet_listener pop3 { + #port = 110 + } + inet_listener pop3s { + #port = 995 + #ssl = yes + } +} + +service submission-login { + inet_listener submission { + #port = 587 + } + inet_listener submissions { + #port = 465 + } +} + +service lmtp { + unix_listener lmtp { + #mode = 0666 + } + + # Create inet listener only if you can't use the above UNIX socket + #inet_listener lmtp { + # Avoid making LMTP visible for the entire internet + #listen = 127.0.0.1 + #port = 24 + #} +} + +service imap { + # Most of the memory goes to mmap()ing files. You may need to increase this + # limit if you have huge mailboxes. + #vsz_limit = 256M # default + + # Max. number of IMAP processes (connections) + #process_limit = 1024 +} + +service pop3 { + # Max. number of POP3 processes (connections) + #process_limit = 1024 +} + +service submission { + # Max. number of SMTP Submission processes (connections) + #process_limit = 1024 +} + +service auth { + # auth_socket_path points to this userdb socket by default. It's typically + # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have + # full permissions to this socket are able to get a list of all usernames and + # get the results of everyone's userdb lookups. + # + # The default 0666 mode allows anyone to connect to the socket, but the + # userdb lookups will succeed only if the userdb returns an "uid" field that + # matches the caller process's UID. Also if caller's uid or gid matches the + # socket's uid or gid the lookup succeeds. Anything else causes a failure. + # + # To give the caller full permissions to lookup all users, set the mode to + # something else than 0666 and Dovecot lets the kernel enforce the + # permissions (e.g. 0777 allows everyone full permissions). + unix_listener auth-userdb { + #mode = 0666 + #user = + #group = + } + + # Postfix smtp-auth + #unix_listener /var/spool/postfix/private/auth { + # mode = 0666 + #} + + # Auth process is run as this user. + #user = $SET:default_internal_user +} + +service auth-worker { + # Auth worker process is run as root by default, so that it can access + # /etc/shadow. If this isn't necessary, the user should be changed to + # $SET:default_internal_user. + #user = root +} + +service dict { + # If dict proxy is used, mail processes should have access to its socket. + # For example: mode=0660, group=vmail and global mail_access_groups=vmail + unix_listener dict { + #mode = 0600 + #user = + #group = + } +} diff --git a/conf/conf.d/10-metrics.conf b/conf/conf.d/10-metrics.conf new file mode 100644 index 0000000..36d1729 --- /dev/null +++ b/conf/conf.d/10-metrics.conf @@ -0,0 +1,122 @@ +## +## Statistics and metrics +## + +# Dovecot supports gathering statistics from events. +# Currently there are no statistics logged by default, and therefore they must +# be explicitly added using the metric configuration blocks. +# +# Unlike old stats, the new statistics do not require any plugins loaded. +# +# See https://doc.dovecot.org/latest/core/config/statistics.html for details + +## +## Example metrics +## + +#metric auth_success { +# filter = (event=auth_request_finished AND success=yes) +#} +# +#metric auth_failure { +# filter = (event=auth_request_finished AND NOT success=yes) +## See exporter config later in this file +## can be used to replace auth_verbose=yes +# exporter = log +#} +# +#metric imap_command { +# filter = event=imap_command_finished +# group_by cmd_name { +# method discrete { +# } +# } +# group_by tagged_reply_state { +# method discrete { +# } +# } +#} +# +#metric smtp_command { +# filter = event=smtp_server_command_finished and protocol=submission +# group_by cmd_name { +# method discrete { +# } +# } +# group_by status_code { +# method discrete { +# } +# } +# group_by duration { +# method exponential { +# base = 10 +# min_magnitude = 1 +# max_magnitude = 5 +# } +# } +#} +# +#metric lmtp_command { +# filter = event=smtp_server_command_finished and protocol=lmtp +# group_by cmd_name { +# method discrete { +# } +# } +# group_by status_code { +# method discrete { +# } +# } +# group_by duration { +# method exponential { +# base = 10 +# min_magnitude = 1 +# max_magnitude = 5 +# } +# } +#} +# +#metric mail_delivery { +# filter = event=mail_delivery_finished +# group_by duration { +# method exponential { +# base = 10 +# min_magnitude = 1 +# max_magnitude = 5 +# } +# } +#} + +## +## Prometheus +## + +# To allow access to statistics with Prometheus, enable http listener +# on stats process. Stats will be available on /metrics path. +# +# See https://doc.dovecot.org/latest/core/config/statistics.html#openmetrics for more +# details. + +#service stats { +# inet_listener http { +# port = 9900 +# } +#} + +## +## Event exporting +## + +# You can also export individual events. +# +# See https://doc.dovecot.org/configuration_manual/event_export/ for more +# details. + +#event_exporter log { +# format = json +# time_format = rfc3339 +#} +# +#metric imap_commands { +# exporter = log +# filter = event=imap_command_finished +#} diff --git a/conf/conf.d/10-ssl.conf b/conf/conf.d/10-ssl.conf new file mode 100644 index 0000000..d48b15c --- /dev/null +++ b/conf/conf.d/10-ssl.conf @@ -0,0 +1,56 @@ +## +## SSL settings +## + +# SSL/TLS support: yes, no, required. +ssl = yes + +# PEM encoded X.509 SSL/TLS certificate and private key. By default, Debian +# installs a self-signed certificate. This is useful for testing, but you +# should obtain a real certificate from a recognized certificate authority. +# +# These files are opened before dropping root privileges, so keep the key file +# unreadable by anyone but root. Included /usr/share/dovecot/mkcert.sh can be +# used to easily generate self-signed certificate, just make sure to update the +# domains in dovecot-openssl.cnf +# +# Preferred permissions: root:root 0444 +ssl_server_cert_file = /etc/dovecot/private/dovecot.pem +# Preferred permissions: root:root 0400 +ssl_server_key_file = /etc/dovecot/private/dovecot.key + +# If key file is password protected, give the password here. Alternatively +# give it when starting dovecot with -p parameter. Since this file is often +# world-readable, you may want to place this setting instead to a different +# root owned 0600 file by using ssl_key_password = was automatically rejected:%n%r + +# Delimiter character between local-part and detail in email address. +#recipient_delimiter = + + +# Header where the original recipient address (SMTP's RCPT TO: address) is taken +# from if not available elsewhere. With dovecot-lda -a parameter overrides this. +# A commonly used header for this is X-Original-To. +#lda_original_recipient_header = + +# Should saving a mail to a nonexistent mailbox automatically create it? +#lda_mailbox_autocreate = no + +# Should automatically created mailboxes be also automatically subscribed? +#lda_mailbox_autosubscribe = no + +protocol lda { + # Boolean list of plugins to load + #mail_plugins { + # sieve = yes + #} +} diff --git a/conf/conf.d/15-mailboxes.conf b/conf/conf.d/15-mailboxes.conf new file mode 100644 index 0000000..71076d4 --- /dev/null +++ b/conf/conf.d/15-mailboxes.conf @@ -0,0 +1,86 @@ +## +## Mailbox definitions +## + +# Each mailbox is specified in a separate mailbox section. The section name +# specifies the mailbox name. If it has spaces, you can put the name +# "in quotes". These sections can contain the following mailbox settings: +# +# auto: +# Indicates whether the mailbox with this name is automatically created +# implicitly when it is first accessed. The user can also be automatically +# subscribed to the mailbox after creation. The following values are +# defined for this setting: +# +# no - Never created automatically. +# create - Automatically created, but no automatic subscription. +# subscribe - Automatically created and subscribed. +# +# special_use: +# A space-separated list of SPECIAL-USE flags (RFC 6154) to use for the +# mailbox. There are no validity checks, so you could specify anything +# you want in here, but it's not a good idea to use flags other than the +# standard ones specified in the RFC: +# +# \All - This (virtual) mailbox presents all messages in the +# user's message store. +# \Archive - This mailbox is used to archive messages. +# \Drafts - This mailbox is used to hold draft messages. +# \Flagged - This (virtual) mailbox presents all messages in the +# user's message store marked with the IMAP \Flagged flag. +# \Important - This (virtual) mailbox presents all messages in the +# user's message store deemed important to user. +# \Junk - This mailbox is where messages deemed to be junk mail +# are held. +# \Sent - This mailbox is used to hold copies of messages that +# have been sent. +# \Trash - This mailbox is used to hold messages that have been +# deleted. +# +# comment: +# Defines a default comment or note associated with the mailbox. This +# value is accessible through the IMAP METADATA mailbox entries +# "/shared/comment" and "/private/comment". Users with sufficient +# privileges can override the default value for entries with a custom +# value. + +# NOTE: Assumes "namespace inbox" has been defined in 10-mail.conf. +namespace inbox { + # These mailboxes are widely used and could perhaps be created automatically: + mailbox Drafts { + special_use = \Drafts + } + mailbox Junk { + special_use = \Junk + } + mailbox Trash { + special_use = \Trash + } + + # For \Sent mailboxes there are two widely used names. We'll mark both of + # them as \Sent. User typically deletes one of them if duplicates are created. + mailbox Sent { + special_use = \Sent + } + mailbox "Sent Messages" { + special_use = \Sent + } + + # If you have a virtual "All messages" mailbox: + #mailbox virtual/All { + # special_use = \All + # comment = All my messages + #} + + # If you have a virtual "Flagged" mailbox: + #mailbox virtual/Flagged { + # special_use = \Flagged + # comment = All my flagged messages + #} + + # If you have a virtual "Important" mailbox: + #mailbox virtual/Important { + # special_use = \Important + # comment = All my important messages + #} +} diff --git a/conf/conf.d/20-imap.conf b/conf/conf.d/20-imap.conf new file mode 100644 index 0000000..34610e9 --- /dev/null +++ b/conf/conf.d/20-imap.conf @@ -0,0 +1,108 @@ +## +## IMAP specific settings +## + +# If nothing happens for this long while client is IDLEing, move the connection +# to imap-hibernate process and close the old imap process. This saves memory, +# because connections use very little memory in imap-hibernate process. The +# downside is that recreating the imap process back uses some resources. +#imap_hibernate_timeout = 0 + +# Maximum IMAP command line length. Some clients generate very long command +# lines with huge mailboxes, so you may need to raise this if you get +# "Too long argument" or "IMAP command line too large" errors often. +#imap_max_line_length = 64k + +# IMAP logout format string: +# %{input} - total number of bytes read from client +# %{output} - total number of bytes sent to client +# %{fetch_hdr_count} - Number of mails with mail header data sent to client +# %{fetch_hdr_bytes} - Number of bytes with mail header data sent to client +# %{fetch_body_count} - Number of mails with mail body data sent to client +# %{fetch_body_bytes} - Number of bytes with mail body data sent to client +# %{deleted} - Number of mails where client added \Deleted flag +# %{expunged} - Number of mails that client expunged, which does not +# include automatically expunged mails +# %{autoexpunged} - Number of mails that were automatically expunged after +# client disconnected +# %{trashed} - Number of mails that client copied/moved to the +# special_use=\Trash mailbox. +# %{appended} - Number of mails saved during the session +#imap_logout_format = in=%i out=%o deleted=%{deleted} expunged=%{expunged} \ +# trashed=%{trashed} hdr_count=%{fetch_hdr_count} \ +# hdr_bytes=%{fetch_hdr_bytes} body_count=%{fetch_body_count} \ +# body_bytes=%{fetch_body_bytes} + +# Amend or override the IMAP capability response. To override, set the value +# with imap_capability = +# +# To amend, you can use a boolean list to specify which capabilities to turn +# on and off +#imap_capability { +# SPECIAL-USE = yes +# "LITERAL+" = no +#} + +# How long to wait between "OK Still here" notifications when client is +# IDLEing. +#imap_idle_notify_interval = 2 mins + +# ID field names and values to send to clients. Using * as the value makes +# Dovecot use the default value. The following fields have default values +# currently: name, version, os, os-version, support-url, support-email, +# revision. +#imap_id_send = + +# Use imap_id_received event to log IMAP id + +# Workarounds for various client bugs: +# delay-newmail: +# Send EXISTS/RECENT new mail notifications only when replying to NOOP +# and CHECK commands. Some clients ignore them otherwise, for example OSX +# Mail () instead of full path +# syntax. +# +#lmtp_client_workarounds { +# whitespace-before-path = yes +#} + +protocol lmtp { + #mail_plugins { + # sieve = yes + #} + + # This strips the domain name before delivery, since the default + # userdb in Debian is /etc/passwd, which doesn't include domain + # names in the user. If you're using a different userdb backend + # that does include domain names, you may wish to remove this. See + # https://doc.dovecot.org/2.4.0/howto/lmtp/exim.html and + # https://doc.dovecot.org/2.4.0/core/summaries/settings.html#auth_username_format + auth_username_format = %{user | username} +} diff --git a/conf/conf.d/20-managesieve.conf b/conf/conf.d/20-managesieve.conf new file mode 100644 index 0000000..bcee3b8 --- /dev/null +++ b/conf/conf.d/20-managesieve.conf @@ -0,0 +1,78 @@ +## +## ManageSieve specific settings +## + +# Uncomment to enable managesieve protocol: +protocols { + sieve = yes +} + +# Service definitions + +service managesieve-login { + inet_listener sieve { + port = 4190 + } + + inet_listener sieve_deprecated { + port = 2000 + } + + # Number of connections to handle before starting a new process. Typically + # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0 + # is faster. + #service_restart_request_count = 1 + + # Number of processes to always keep waiting for more connections. + #process_min_avail = 0 + + # If you set service_restart_request_count=0, you probably need to grow this. + #vsz_limit = 64M +} + +service managesieve { + # Max. number of ManageSieve processes (connections) + #process_limit = 1024 +} + +# Service configuration + +protocol sieve { + # Maximum ManageSieve command line length in bytes. ManageSieve usually does + # not involve overly long command lines, so this setting will not normally + # need adjustment + #managesieve_max_line_length = 65536 + + # Maximum number of ManageSieve connections allowed for a user from each IP + # address. + # NOTE: The username is compared case-sensitively. + #mail_max_userip_connections = 10 + + # Space separated list of plugins to load (none known to be useful so far). + # Do NOT try to load IMAP plugins here. + #mail_plugins = + + # MANAGESIEVE logout format string: + #managesieve_logout_format = bytes=%{input}/%{output} + + # To fool ManageSieve clients that are focused on CMU's timesieved you can + # specify the IMPLEMENTATION capability that Dovecot reports to clients. + # For example: 'Cyrus timsieved v2.2.13' + #managesieve_implementation_string = 'Cyrus timsieved v2.2.13' + + # Explicitly specify the SIEVE and NOTIFY capability reported by the server + # before login. If left unassigned these will be reported dynamically + # according to what the Sieve interpreter supports by default (after login + # this may differ depending on the user). + #managesieve_sieve_capability { + #} + #managesieve_notify_capability { + #} + + # The maximum number of compile errors that are returned to the client upon + # script upload or script verification. + #managesieve_max_compile_errors = 5 + + # Refer to 90-sieve.conf for script quota configuration and configuration of + # Sieve execution limits. +} diff --git a/conf/conf.d/20-pop3.conf b/conf/conf.d/20-pop3.conf new file mode 100644 index 0000000..f034dbc --- /dev/null +++ b/conf/conf.d/20-pop3.conf @@ -0,0 +1,101 @@ +## +## POP3 specific settings +## + +# Don't try to set mails non-recent or seen with POP3 sessions. This is +# mostly intended to reduce disk I/O. With maildir it doesn't move files +# from new/ to cur/, with mbox it doesn't write Status-header. +#pop3_no_flag_updates = no + +# Support LAST command which exists in old POP3 specs, but has been removed +# from new ones. Some clients still wish to use this though. Enabling this +# makes RSET command clear all \Seen flags from messages. +#pop3_enable_last = no + +# If mail has X-UIDL header, use it as the mail's UIDL. +#pop3_reuse_xuidl = no + +# Allow only one POP3 session to run simultaneously for the same user. +#pop3_lock_session = no + +# POP3 requires message sizes to be listed as if they had CR+LF linefeeds. +# Many POP3 servers violate this by returning the sizes with LF linefeeds, +# because it's faster to get. When this setting is enabled, Dovecot still +# tries to do the right thing first, but if that requires opening the +# message, it fallbacks to the easier (but incorrect) size. +#pop3_fast_size_lookups = no + +# POP3 UIDL (unique mail identifier) format to use. You can use following +# variables with variable extension as described in +# https://doc.dovecot.org/latest/core/settings/variables.html +# +# %{uidvalidity} - Mailbox's IMAP UIDVALIDITY +# %{uid} - Mail's IMAP UID +# %{md5} - MD5 sum of the mailbox headers in hex (mbox only) +# %{filename} - filename (maildir only) +# %{guid} - Mail's GUID +# +# If you want UIDL compatibility with other POP3 servers, use: +# UW's ipop3d : %{uid | hex(8)}%{uidvalidity | hex(8)} +# Courier : %{filename} or %{uidvalidity}-%{uid} (both might be used simultaneously) +# Cyrus (<= 2.1.3) : %{uid} +# Cyrus (>= 2.1.4) : %{uidvalidity}.%{uid} +# Dovecot v0.99.x : %{uidvalidity}.%{uid} +# tpop3d : %{filename|md5} +# +# Note that Outlook 2003 seems to have problems with %{uidvalidity}.%{uid} format which was +# Dovecot's default, so if you're building a new server it would be a good +# idea to change this. %{uid | hex(8)}%{uidvalidity | hex(8)} should be pretty fail-safe. +# +#pop3_uidl_format = %{uid | hex(8)}%{uidvalidity | hex(8)} + +# Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes +# won't change those UIDLs. Currently this works only with Maildir. +#pop3_save_uidl = no + +# What to do about duplicate UIDLs if they exist? +# allow: Show duplicates to clients. +# rename: Append a temporary -2, -3, etc. counter after the UIDL. +#pop3_uidl_duplicates = allow + +# This option changes POP3 behavior so that it's not possible to actually +# delete mails via POP3, only hide them from future POP3 sessions. The mails +# will still be counted towards user's quota until actually deleted via IMAP. +# Use e.g. "$POP3Deleted" as the value (it will be visible as IMAP keyword). +# Make sure you can legally archive mails before enabling this setting. +#pop3_deleted_flag = + +# POP3 logout format string: +# %{input} - Bytes read from the client +# %{output} - Bytes sent to the client +# %{top_count} - Number of TOP commands run +# %{top_bytes} - Bytes sent to the client because of TOP commands +# %{retr_count} - Number of RETR commands run +# %{retr_bytes} - Bytes sent to the client because of RETR commands +# %{deleted_count} - Number of deleted messages +# %{deleted_bytes} - Number of bytes in deleted messages +# %{message_count} - Number of messages before deletion +# %{message_bytes} - Mailbox size, in bytes, before deletion +# %{uidl_change} - The old and the new UIDL hash (which can be useful for identifying unexpected changes in UIDLs) +#pop3_logout_format = top=%{top_count}/%{top_bytes}, retr=%{retr_count}/%{retr_bytes}, del=%{deleted_count}/%{deleted_bytes}, size=%{message_bytes} + +# Workarounds for various client bugs: +# outlook-no-nuls: +# Outlook and Outlook Express hang if mails contain NUL characters. +# This setting replaces them with 0x80 character. +# oe-ns-eoh: +# Outlook Express and Netscape Mail breaks if end of headers-line is +# missing. This option simply sends it if it's missing. +#pop3_client_workarounds { +# outlook-no-nuls = yes +#} + +protocol pop3 { + # Space separated list of plugins to load (default is global mail_plugins). + #mail_plugins { + #} + + # Maximum number of POP3 connections allowed for a user from each IP address. + # NOTE: The username is compared case-sensitively. + #mail_max_userip_connections = 10 +} diff --git a/conf/conf.d/20-submission.conf b/conf/conf.d/20-submission.conf new file mode 100644 index 0000000..1064bca --- /dev/null +++ b/conf/conf.d/20-submission.conf @@ -0,0 +1,114 @@ +## +## Settings specific to SMTP Submission +## + +# SMTP Submission logout format string: +# %{input} - total number of bytes read from client +# %{output}- total number of bytes sent to client +# %{command_count} - Number of commands received from client +# %{reply_count} - Number of replies sent to client +# %{session} - Session ID of the login session +# %{transaction_id} - ID of the current transaction, if any +#submission_logout_format = in=%{input} out=%{output} + +# Host name reported by the SMTP service, for example to the client in the +# initial greeting and to the relay server in the HELO/EHLO command. +# Default is the system's real hostname@domain. +#hostname = + +# Maximum size of messages accepted for relay. This announced in the SIZE +# capability. If not configured, this is either determined from the relay +# server or left unlimited if no limit is known (relay will reply with error +# if some unknown limit exists there, which is duly passed to our client). +#submission_max_mail_size = + +# Maximum number of recipients accepted per connection (default: unlimited) +#submission_max_recipients = + +# Workarounds for various client bugs: +# whitespace-before-path: +# Allow one or more spaces or tabs between `MAIL FROM:' and path and between +# `RCPT TO:' and path. +# mailbox-for-path: +# Allow using bare Mailbox syntax (i.e., without <...>) instead of full path +# syntax. +# +#submission_client_workarounds { +# whitespace-before-path = yes +#} + +# Relay server configuration: +# +# The Dovecot SMTP submission service directly proxies the mail transaction +# to the SMTP relay configured here. + +# Host name for the relay server (required) +#submission_relay_host = + +# Port for the relay server +#submission_relay_port = 25 + +# Is the relay server trusted? This determines whether we try to send +# (Postfix-specific) XCLIENT data to the relay server +#submission_relay_trusted = no + +# Authentication data for the relay server if authentication is required +#submission_relay_user = +#submission_relay_master_user = +#submission_relay_password = + +# SSL configuration for connection to relay server +# +# submission_relay_ssl: +# Indicates whether SSL is used for the connection to the relay server. The +# following values are defined for this setting: +# +# no - No SSL is used +# smtps - An SMTPS connection (immediate SSL) is used +# starttls - The STARTTLS command is used to establish SSL layer +#submission_relay_ssl = no + +# submission_relay_ssl_verify: +# Configures whether the SSL certificate of the relay server is to be +# verified. +#submission_relay_ssl_verify = yes + +# Write protocol logs for relay connection to this directory for debugging +#submission_relay_rawlog_dir = + +# BURL is configured implicitly by IMAP URLAUTH + +# Part of the SMTP capabilities that the submission service can offer to the +# client (as listed in the EHLO reply) depend on those capabilities also being +# provided by the relay server. These capabilities currently are: +# +# - 8BITMIME +# - BINARYMIME +# - DSN +# - VRFY (always returns 252 without support) +# +# By default, the submission service first connects to the relay server to +# determine the support for such capabilities before sending the initial EHLO +# reply to the client. If the list of capabilities returned by the relay server +# is somehow unreliable or it is undesirable to start the connection to the +# relay server before the first mail transaction is started, the backend +# capabilities can be configured explicitly using the +# submission_backend_capabilities setting. This is a space-separated list of +# SMTP capability names. This setting is only relevant for capabilities that +# depend on support from the relay server: including (or omitting) capabilities +# that are not listed above has no effect. When this setting is explicitly set +# to the empty string, none of the capabilities is enabled. To achieve the +# default behavior, this setting must be left unconfigured. +#submission_backend_capabilities = + +protocol submission { + # Space-separated list of plugins to load (default is global mail_plugins). + #mail_plugins { + #} + + # Maximum number of SMTP submission connections allowed for a user from + # each IP address. + # NOTE: The username is compared case-sensitively. + #mail_max_userip_connections = 10 +} + diff --git a/conf/conf.d/30-dict-server.conf b/conf/conf.d/30-dict-server.conf new file mode 100644 index 0000000..5ff34b0 --- /dev/null +++ b/conf/conf.d/30-dict-server.conf @@ -0,0 +1,34 @@ +## +## Dictionary server settings +## + +# Dictionary can be used to store key=value lists. This is used by several +# plugins. The dictionary can be accessed either directly or though a +# dictionary server. The following dict block maps dictionary names to URIs +# when the server is used. These can then be referenced using URIs in format +# "proxy::". + +dict_server { +# dict quota { +# driver = sql +# sql_driver = mysql +# hostname = localhost +# +# dict_map priv/quota/storage { +# sql_table = quota +# username_field = username +# value_field bytes { +# type = uint +# } +# } +# +# dict_map priv/quota/messages { +# sql_table = quota +# username_field = username +# value_field messages { +# type = uint +# } +# } +# } +} + diff --git a/conf/conf.d/90-acl.conf b/conf/conf.d/90-acl.conf new file mode 100644 index 0000000..b3fcfb4 --- /dev/null +++ b/conf/conf.d/90-acl.conf @@ -0,0 +1,30 @@ +## +## Mailbox access control lists. +## + +# vfile backend reads ACLs from "dovecot-acl" file from mail directory. +# You can also optionally give a global ACL directory path where ACLs are +# applied to all users' mailboxes. The global ACL directory contains +# one file for each mailbox, eg. INBOX or sub.mailbox. cache_secs parameter +# specifies how many seconds to wait between stat()ing dovecot-acl file +# to see if it changed. + +#acl_driver = vfile +## Deprecated ACL global path +#acl_global_path = /etc/dovecot/global-acls +#acl_cache_ttl = 5m + +## New inline ACLs +#mailbox INBOX { +# acl user=testuser { +# rights = lri +# } +#} + +# To let users LIST mailboxes shared by other users, Dovecot needs a +# shared mailbox dictionary. For example: +#acl_sharing_map { +# dict file { +# path = /var/lib/dovecot/shared-mailboxes +# } +#} diff --git a/conf/conf.d/90-fts-flatcurve.conf b/conf/conf.d/90-fts-flatcurve.conf new file mode 100644 index 0000000..da7b1de --- /dev/null +++ b/conf/conf.d/90-fts-flatcurve.conf @@ -0,0 +1,29 @@ +mail_plugins { + fts = yes + fts_flatcurve = yes +} + +fts_autoindex = yes + +language_filters = normalizer-icu snowball stopwords + +language_tokenizers = generic email-address +language_tokenizer_generic_algorithm = simple + +language en { + default = yes + filters = lowercase snowball english-possessive stopwords +} + +fts flatcurve { + # All of these are optional, and indicate the default values. + # They are listed here for documentation purposes; most people should not + # need to define/override in their config. + # commit_limit = 500 + # max_term_size = 30 + # min_term_size = 2 + # optimize_limit = 10 + # rotate_count = 5000 + # rotate_time = 5000 + substring_search = yes +} diff --git a/conf/conf.d/90-fts.conf b/conf/conf.d/90-fts.conf new file mode 100644 index 0000000..e095c9b --- /dev/null +++ b/conf/conf.d/90-fts.conf @@ -0,0 +1,26 @@ +## +## Plugin settings +## + +# All wanted plugins must be listed in mail_plugins setting before any of the +# settings take effect. See for list of plugins and +# their configuration. Note that %{variable} expansion is done for all values. + +## See https://doc.dovecot.org/latest/core/plugins/fts.html for FTS information + +fts_autoindex = yes +fts_autoindex_max_recent_msgs = 999 +fts_search_add_missing = yes + +## for attachment decoding + +#fts_decoder_driver = tika +#fts_decoder_tika_url = http://localhost:9998/tika/ + +## for solr +#fts solr { +# url = http://localhost:8983/solr/dovecot/ +#} + +# See 90-fts-flatcurve.conf in the dovecot-flatcurve package for +# settings specific to that driver diff --git a/conf/conf.d/90-quota.conf b/conf/conf.d/90-quota.conf new file mode 100644 index 0000000..ba0386a --- /dev/null +++ b/conf/conf.d/90-quota.conf @@ -0,0 +1,79 @@ +## +## Quota configuration. +## + +# Note that you also have to enable quota plugin in mail_plugins setting. +## + +## +## Quota limits +## + +# Quota limits are set using "quota_rule" parameters. To get per-user quota +# limits, you can set/override them by returning "quota_rule" extra field +# from userdb. It's also possible to give mailbox-specific limits, for example +# to give additional 100 MB when saving to Trash: + +#mail_plugins { +# quota = yes +#} + +#quota "User quota" { +# storage_size = 1G +#} +# +#namespace inbox { +# mailbox Trash { +# quota_storage_extra = 100M +# } +#} + +## +## Quota warnings +## + +# You can execute a given command when user exceeds a specified quota limit. +# Each quota root has separate limits. Only the command for the first +# exceeded limit is excecuted, so put the highest limit first. +# The commands are executed via script service by connecting to the named +# UNIX socket (quota-warning below). +# Note that % needs to be escaped as %%, otherwise "% " expands to empty. + +#quota "User quota" { +# warning warn-95 { +# quota_storage_percentage = 95 +# execute quota-warning { +# args = 95 %{user} +# } +# } +# warning warn-80 { +# quota_storage_percentage = 80 +# execute quota-warning { +# args = 80 %{user} +# } +# } +#} + +# Example quota-warning service. The unix listener's permissions should be +# set in a way that mail processes can connect to it. Below example assumes +# that mail processes run as vmail user. If you use mode=0666, all system users +# can generate quota warnings to anyone. +#service quota-warning { +# executable = script /usr/local/bin/quota-warning.sh +# user = dovecot +# unix_listener quota-warning { +# user = vmail +# } +#} + +## +## Quota backends +## + +# Multiple backends are supported: +# count: Default and recommended, quota driver tracks the quota internally within Dovecot's index files. +# maildir: Maildir++ quota +# fs: Read-only support for filesystem quota +#quota "User quota" { +# driver = count +#} diff --git a/conf/conf.d/90-sieve-extprograms.conf b/conf/conf.d/90-sieve-extprograms.conf new file mode 100644 index 0000000..4998fc9 --- /dev/null +++ b/conf/conf.d/90-sieve-extprograms.conf @@ -0,0 +1,41 @@ +# Sieve Extprograms plugin configuration + +# Don't forget to add the sieve_extprograms plugin to the sieve_plugins setting. +# Also enable the extensions you need (one or more of vnd.dovecot.pipe, +# vnd.dovecot.filter and vnd.dovecot.execute) by adding these to the +# sieve_extensions or sieve_global_extensions settings. Restricting these +# extensions to a global context using sieve_global_extensions is recommended. + +# The directory where the program sockets are located for the +# vnd.dovecot.pipe, vnd.dovecot.filter and vnd.dovecot.execute extension +# respectively. The name of each unix socket contained in that directory +# directly maps to a program-name referenced from the Sieve script. +#sieve_pipe_socket_dir = sieve-pipe +#sieve_filter_socket_dir = sieve-filter +#sieve_execute_socket_dir = sieve-execute + +# The directory where the scripts are located for direct execution by the +# vnd.dovecot.pipe, vnd.dovecot.filter and vnd.dovecot.execute extension +# respectively. The name of each script contained in that directory +# directly maps to a program-name referenced from the Sieve script. +#sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe +#sieve_filter_bin_dir = /usr/lib/dovecot/sieve-filter +#sieve_execute_bin_dir = /usr/lib/dovecot/sieve-execute + +# An example program service called 'do-something' to pipe messages to +#service do-something { + # Define the executed script as parameter to the sieve service + #executable = script /usr/lib/dovecot/sieve-pipe/do-something.sh + + # Use some unprivileged user for executing the program + #user = dovenull + + # The unix socket located in the sieve_pipe_socket_dir (as defined in the + # plugin {} section above) + #unix_listener sieve-pipe/do-something { + # LDA/LMTP must have access + # user = vmail + # mode = 0600 + #} +#} + diff --git a/conf/conf.d/90-sieve.conf b/conf/conf.d/90-sieve.conf new file mode 100644 index 0000000..3ab66d3 --- /dev/null +++ b/conf/conf.d/90-sieve.conf @@ -0,0 +1,113 @@ +## +## Settings for the Sieve interpreter +## + +# Do not forget to enable the Sieve plugin in 15-lda.conf and 20-lmtp.conf +# by adding it to the respective mail_plugins { sieve = yes } settings. + +# See https://doc.dovecot.org/latest/core/plugins/sieve.html + +# Personal sieve script location +#sieve_script personal { +# driver = file +# path = ~/sieve +# active_path = ~/.dovecot.sieve +#} + +# Default sieve script location +#sieve_script default { +# type = default +# name = default +# driver = file +# path = /etc/dovecot/sieve/default/ +#} + + +# Which Sieve language extensions are available to users. By default, all +# supported extensions are available, except for deprecated extensions or +# those that are still under development. Some system administrators may want +# to disable certain Sieve extensions or enable those that are not available +# by default. This setting can use 'yes' and 'no' to specify differences relative +# to the default. For example `imapflags = yes' will enable the +# deprecated imapflags extension in addition to all extensions were already +# enabled by default. +#sieve_extensions { +# mboxmetadata = yes +# vnd.dovecot.debug = yes +#} + +# Which Sieve language extensions are ONLY available in global scripts. This +# can be used to restrict the use of certain Sieve extensions to administrator +# control, for instance when these extensions can cause security concerns. +# This setting has higher precedence than the `sieve_extensions' setting +# (above), meaning that the extensions enabled with this setting are never +# available to the user's personal script no matter what is specified for the +# `sieve_extensions' setting. The syntax of this setting is similar to the +# `sieve_extensions' setting, with the difference that extensions are +# enabled or disabled for exclusive use in global scripts. Currently, no +# extensions are marked as such by default. +#sieve_global_extensions = + +# The Pigeonhole Sieve interpreter can have plugins of its own. Using this +# setting, the used plugins can be specified. Check the Dovecot documentation +# https://doc.dovecot.org/latest/core/plugins/sieve.html + +#sieve_plugins = sieve_imapsieve sieve_extprograms +#sieve_pipe_bin_dir = /usr/share/dovecot-pigeonhole/sieve +#sieve_execute_bin_dir = /usr/share/dovecot-pigeonhole/sieve +#sieve_global_extensions { +# vnd.dovecot.pipe = yes +# vnd.dovecot.execute = yes +#} +#imapsieve_url = + +# The separator that is expected between the :user and :detail +# address parts introduced by the subaddress extension. This may +# also be a sequence of characters (e.g. '--'). The current +# implementation looks for the separator from the left of the +# localpart and uses the first one encountered. The :user part is +# left of the separator and the :detail part is right. This setting +# is also used by Dovecot's LMTP service. +#recipient_delimiter = +-_ + +# The maximum size of a Sieve script. The compiler will refuse to compile any +# script larger than this limit. If set to 0, no limit on the script size is +# enforced. +#sieve_max_script_size = 1M + +# The maximum number of actions that can be performed during a single script +# execution. If set to 0, no limit on the total number of actions is enforced. +#sieve_max_actions = 32 + +# The maximum number of redirect actions that can be performed during a single +# script execution. If set to 0, no redirect actions are allowed. +#sieve_max_redirects = 4 + +# The maximum number of personal Sieve scripts a single user can have. If set +# to 0, no limit on the number of scripts is enforced. +# (Currently only relevant for ManageSieve) +#sieve_quota_script_count = 0 + +# The maximum amount of disk storage a single user's scripts may occupy. If +# set to 0, no limit on the used amount of disk storage is enforced. +# (Currently only relevant for ManageSieve) +#sieve_quota_storage_size = 0 + + +#mailbox Spam { +## From elsewhere to Spam folder +# sieve_script report-spam { +# type = before +# cause = copy +# path = /etc/dovecot/report-spam.sieve +# } +#} + +## From Spam folder to elsewhere +#imapsieve_from Spam { +# sieve_script report-ham { +# type = before +# cause = copy +# path = /etc/dovecot/report-ham.sieve +# } +#} diff --git a/conf/conf.d/99-local.conf b/conf/conf.d/99-local.conf new file mode 100644 index 0000000..e69de29 diff --git a/conf/conf.d/auth-deny.conf.ext b/conf/conf.d/auth-deny.conf.ext new file mode 100644 index 0000000..35b5c19 --- /dev/null +++ b/conf/conf.d/auth-deny.conf.ext @@ -0,0 +1,15 @@ +# Deny access for users. Included from auth.conf. + +# Users can be (temporarily) disabled by adding a passdb with deny=yes. +# If the user is found from that database, authentication will fail. +# The deny passdb should always be specified before others, so it gets +# checked first. + +# Example deny passdb using passwd-file. You can use any passdb though. +#passdb deny { +# driver = passwd-file +# deny = yes +# +## File contains a list of usernames, one per line +# passwd_file_path = /etc/dovecot/deny-users +#} diff --git a/conf/conf.d/auth-ldap.conf.ext b/conf/conf.d/auth-ldap.conf.ext new file mode 100644 index 0000000..4e5982b --- /dev/null +++ b/conf/conf.d/auth-ldap.conf.ext @@ -0,0 +1,48 @@ +# Authentication for LDAP users. Included from auth.conf. +# +# + +## See + +#ldap_uris = ldap://localhost +#ldap_auth_dn = cn=admin +#ldap_auth_dn_password = supersecret + +#passdb ldap { +# ldap_filter = (&(objectClass=posixAccount)(uid=%{user})) +# ldap_bind = no + +# fields { + # user=%{ldap:uid} + # password=%{ldap:userPassword} + # userdb_home=%{ldap:homeDirectory} + # userdb_uid=%{ldap:uidNumber} + # userdb_gid=%{ldap:gidNumber} +# } +#} + +# "prefetch" user database means that the passdb already provided the +# needed information and there's no need to do a separate userdb lookup. +# +#userdb prefetch { +#} + +#userdb ldap { +# ldap_filter = (&(objectClass=posixAccount)(uid=%{user})) + +# Default fields can be used to specify defaults that LDAP may override +# fields { +# home=/home/virtual/%{user} +# } +#} + +# If you don't have any user-specific settings, you can avoid the userdb LDAP +# lookup by using userdb static instead of userdb ldap, for example: +# +#userdb static { + #fields { + # uid = vmail + # gid = vmail + # home = /var/vmail/%{user} + #} +#} diff --git a/conf/conf.d/auth-master.conf.ext b/conf/conf.d/auth-master.conf.ext new file mode 100644 index 0000000..17839b2 --- /dev/null +++ b/conf/conf.d/auth-master.conf.ext @@ -0,0 +1,12 @@ +# Authentication for master users. Included from auth.conf. + +# By adding master=yes setting inside a passdb you make the passdb a list +# of "master users", who can log in as anyone else. +# + +# Example master user passdb using passwd-file. You can use any passdb though. +#passdb master-passwd-file { +# driver = passwd-file +# master = yes +# passwd_file_path = /etc/dovecot/master-users +#} diff --git a/conf/conf.d/auth-oauth2.conf.ext b/conf/conf.d/auth-oauth2.conf.ext new file mode 100644 index 0000000..ce90f91 --- /dev/null +++ b/conf/conf.d/auth-oauth2.conf.ext @@ -0,0 +1,23 @@ +#auth_mechanisms { +# xoauth2 = yes +# oauthbearer = yes +#} +#oauth2 { +# tokeninfo_url = https://www.googleapis.com/oauth2/v3/tokeninfo?access_token= +# introspection_url = https://www.googleapis.com/oauth2/v2/userinfo +# #force_introspection = yes +# username_attribute = email +#} + +# with local validation +#oauth2 { +# introspection_mode = local +# username_attribute = email +# oauth2_local_validation { +# dict fs { +# fs posix { +# prefix = /etc/dovecot/oauth2-keys/ +# } +# } +# } +#} diff --git a/conf/conf.d/auth-passwdfile.conf.ext b/conf/conf.d/auth-passwdfile.conf.ext new file mode 100644 index 0000000..b83708f --- /dev/null +++ b/conf/conf.d/auth-passwdfile.conf.ext @@ -0,0 +1,20 @@ +# Authentication for passwd-file users. Included from auth.conf. +# +# passwd-like file with specified location. +# + +#passdb passwd-file { +# default_password_scheme = crypt +# auth_username_format = %{user} +# passwd_file_path = /etc/dovecot/users +#} + +#userdb passwd-file { +# auth_username_format=%{user} +# passwd_file_path = /etc/dovecot/users + +# fields { +# quota_rule:default=*:storage=1G +# home=/home/virtual/%{user} +# } +#} diff --git a/conf/conf.d/auth-sql.conf.ext b/conf/conf.d/auth-sql.conf.ext new file mode 100644 index 0000000..4b8f504 --- /dev/null +++ b/conf/conf.d/auth-sql.conf.ext @@ -0,0 +1,180 @@ +# Authentication for SQL users. Included from auth.conf. +# +# + +# For the sql passdb module, you'll need a database with a table that +# contains fields for at least the username and password. If you want to +# use the user@domain syntax, you might want to have a separate domain +# field as well. +# +# If your users all have the same uig/gid, and have predictable home +# directories, you can use the static userdb module to generate the home +# dir based on the username and domain. In this case, you won't need fields +# for home, uid, or gid in the database. +# +# If you prefer to use the sql userdb module, you'll want to add fields +# for home, uid, and gid. Here is an example table: +# +# CREATE TABLE users ( +# username VARCHAR(128) NOT NULL, +# domain VARCHAR(128) NOT NULL, +# password VARCHAR(64) NOT NULL, +# home VARCHAR(255) NOT NULL, +# uid INTEGER NOT NULL, +# gid INTEGER NOT NULL, +# active CHAR(1) DEFAULT 'Y' NOT NULL +# ); + +# Database driver: mysql, pgsql, sqlite +#sql_driver = mysql + +# Database connection string. This is driver-specific setting. +# +# HA / round-robin load-balancing is supported by giving multiple host +# settings, like: host=sql1.host.org host=sql2.host.org +# +# pgsql: +# For available options, see the PostgreSQL documention for the +# PQconnectdb function of libpq. +# Use maxconns=n (default 5) to change how many connections Dovecot can +# create to pgsql. +# +# mysql: +# Basic options emulate PostgreSQL option names: +# host, port, user, password, dbname +# +# But also adds some new settings: +# client_flags - See MySQL manual +# ssl_ca, ssl_ca_path - Set either one or both to enable SSL +# ssl_cert, ssl_key - For sending client-side certificates to server +# ssl_cipher - Set minimum allowed cipher security (default: HIGH) +# option_file - Read options from the given file instead of +# the default my.cnf location +# option_group - Read options from the given group (default: client) +# +# You can connect to UNIX sockets by using host: host=/var/run/mysql.sock +# Note that currently you can't use spaces in parameters. +# +# sqlite: +# The path to the database file. +# +# Examples: +# mysql 192.168.1.1 { +# dbname = users +# } +# mysql sql.example.com { +# ssl = yes +# user = virtual +# password = blarg +# dbname = virtual +# } +# sqlite /etc/dovecot/authdb.sqlite { +# } +# +#mysql /var/run/mysqld/mysqld.sock { +# user = dovecot +# password = dvmail +# dbname = dovecot +#} +#mysql localhost { +# ... +#} + +#passdb sql { +# default_password_scheme = SHA256 + +# passdb query to retrieve the password. It can return fields: +# password - The user's password. This field must be returned. +# user - user@domain from the database. Needed with case-insensitive lookups. +# username and domain - An alternative way to represent the "user" field. +# +# The "user" field is often necessary with case-insensitive lookups to avoid +# e.g. "name" and "nAme" logins creating two different mail directories. If +# your user and domain names are in separate fields, you can return "username" +# and "domain" fields instead of "user". +# +# The query can also return other fields which have a special meaning, see +# https://doc.dovecot.org/latest/core/config/auth/passdb.html#extra-fields +# +# Commonly used available substitutions (see https://doc.dovecot.org/latest/core/settings/variables.html +# for full list): +# %{user} = entire user@domain +# %{user|username} = user part of user@domain +# %{user|domain} = domain part of user@domain +# +# Note that these can be used only as input to SQL query. If the query outputs +# any of these substitutions, they're not touched. Otherwise it would be +# difficult to have eg. usernames containing '%' characters. +# +# Example: +# query = SELECT userid AS user, pw AS password \ +# FROM users WHERE userid = '%u' AND active = 'Y' +# +# query = \ +# SELECT userid as username, domain, password \ +# FROM users WHERE userid = '%{user|username}' AND domain = '%{user|domain}' +#} + +#userdb sql { +# userdb query to retrieve the user information. It can return fields: +# uid - System UID (overrides mail_uid setting) +# gid - System GID (overrides mail_gid setting) +# home - Home directory +# mail_driver - Mail driver +# mail_path - Mail storage path +# +# None of these are strictly required. If you use a single UID and GID, and +# home or mail directory fits to a template string, you could use userdb static +# instead. For a list of all fields that can be returned, see +# Examples: +# query = SELECT home, uid, gid FROM users WHERE userid = '%{user}' +# query = SELECT dir AS home, user AS uid, group AS gid FROM users where userid = '%{user}' +# query = SELECT home, 501 AS uid, 501 AS gid FROM users WHERE userid = '%{user}' +# +# query = \ +# SELECT home, uid, gid \ +# FROM users WHERE userid = '%{user|username}' AND domain = '%{user|domain}' + +# Query to get a list of all usernames. +# iterate_query = SELECT username AS user,domain FROM users + +# userdb_ldap { +# iterate_fields { +# home = /var/vmail/%{home} +# } +# } +#} + +#passdb static { +# fields { +# user=%{user|username|lower} +# noauthenticate=yes +# } +## you can remove next line if you want to always normalize your usernames +# skip = authenticated +#} + +# "prefetch" user database means that the passdb already provided the +# needed information and there's no need to do a separate userdb lookup. +# +#userdb prefetch { +#} + +#userdb static { +# fields { +# user=%{user|lower} +# } +# you can remove next line if you want to always normalize your usernames +# skip = found +#} + +# If you don't have any user-specific settings, you can avoid the user_query +# by using userdb static instead of userdb sql, for example: +# +#userdb static { + #fields { + # uid = vmail + # gid = vmail + # home = /var/vmail/%{user} + #} +#} diff --git a/conf/conf.d/auth-static.conf.ext b/conf/conf.d/auth-static.conf.ext new file mode 100644 index 0000000..d8ddb54 --- /dev/null +++ b/conf/conf.d/auth-static.conf.ext @@ -0,0 +1,35 @@ +# Static passdb. Included from auth.conf. + +# This can be used for situations where Dovecot doesn't need to verify the +# username or the password, or if there is a single password for all users: +# +# - proxy frontend, where the backend verifies the password +# - proxy backend, where the frontend already verified the password +# - authentication with SSL certificates +# - simple testing +# +# Each passdb must have unique name, but if you onlu use it once per driver +# you can use driver name as passdb/userdb section name. + +#passdb static { +# fields { +# proxy = y +# host = %{user|md5|substr(1)}.example.com +# nopassword = y +# } +#} + +#passdb static2 { +# driver = static +# fields { +# password = test +# } +#} + +#userdb static { +# fields { +# uid = vmail +# gid = vmail +# home = /home/%{user} +# } +#} diff --git a/conf/conf.d/auth-system.conf.ext b/conf/conf.d/auth-system.conf.ext new file mode 100644 index 0000000..ef94302 --- /dev/null +++ b/conf/conf.d/auth-system.conf.ext @@ -0,0 +1,72 @@ +# Authentication for system users. Included from auth.conf. +# +# +# + +# Driver is only needed if the section name is not same as driver's name. + +# PAM authentication. Preferred nowadays by most systems. +# PAM is typically used with either userdb passwd or userdb static. +# REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM +# authentication to actually work. +passdb pam { +# driver = pam +# session = yes +# setcred = yes +# failure_show_msg = yes +# max_requests = 20 +# service_name = dovecot +# skip = authenticated +# fields { +# } +} + +userdb passwd { +} + +# System users (NSS, /etc/passwd, or similiar). +# In many systems nowadays this uses Name Service Switch, which is +# configured in /etc/nsswitch.conf. +#passdb passwb { +#} + +# PAM-like authentication for OpenBSD. +# +#passdb bsdauth { +#} + +## +## User databases +## + +# System users (NSS, /etc/passwd, or similiar). In many systems nowadays this +# uses Name Service Switch, which is configured in /etc/nsswitch.conf. +#userdb passwd-file { + #driver = passwd-file + #auth_username_format=%{user|lower} + #passwd_file_path = /etc/passwd + #fields { + # user= %{user|lower} + # name = %{user|lower} + # home = /var/vmail/%{user} + #} + #skip = found +#} + +# Static settings generated from template +#userdb static { + #driver = static + # Can return anything a userdb could normally return. For example: + # fields { + # uid = 500 + # gid = 500 + # home = /var/mail/%{user} + # } + # LDA and LMTP needs to look up users only from the userdb. This of course + # doesn't work with static userdb because there is no list of users. + # Normally static userdb handles this by doing a passdb lookup. This works + # with most passdbs, with PAM being the most notable exception. If you do + # the user verification another way, you can add allow_all_users=yes + # in which case the passdb lookup is skipped. + #allow_all_users = yes +#} diff --git a/conf/dovecot.conf b/conf/dovecot.conf new file mode 100644 index 0000000..ee7eb33 --- /dev/null +++ b/conf/dovecot.conf @@ -0,0 +1,87 @@ +## Dovecot configuration file + +# If you're in a hurry, see https://doc.dovecot.org/latest/core/config/guides/quick.html + +# "doveconf -n" command gives a clean output of the changed settings. Use it +# instead of copy&pasting files when posting to the Dovecot mailing list. + +# '#' character and everything after it is treated as comments. Extra spaces +# and tabs are ignored. If you want to use either of these explicitly, put the +# value inside quotes, eg.: key = "# char and trailing whitespace " + +# Default values are shown for each setting, it's not required to uncomment +# those. These are exceptions to this though: No sections (e.g. namespace {}) +# or plugin settings are added by default, they're listed only as examples. +# Paths are also just examples with the real defaults being based on configure +# options. The paths listed here are for configure --prefix=/usr/local +# --sysconfdir=/usr/local/etc --localstatedir=/var + +dovecot_config_version = 2.4.0 +dovecot_storage_version = 2.4.0 + +# Protocols we want to be serving. +#protocols = imap pop3 lmtp +!include_try /usr/share/dovecot/protocols.d/*.protocol + +# A comma separated list of IPs or hosts where to listen in for connections. +# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces. +# If you want to specify non-default ports or anything more complex, +# edit conf.d/master.conf. +#listen = *, :: + +# Base directory where to store runtime data. +#base_dir = /var/run/dovecot/ + +# Name of this instance. In multi-instance setup doveadm and other commands +# can use -i to select which instance is used (an alternative +# to -c ). The instance name is also added to Dovecot processes +# in ps output. +#instance_name = dovecot + +# Greeting message for clients. +#login_greeting = Dovecot ready. + +# Space separated list of trusted network ranges. Connections from these +# IPs are allowed to override their IP addresses and ports (for logging and +# for authentication checks). disable_plaintext_auth is also ignored for +# these networks, unless ssl=required. +# Typically you'd specify your IMAP proxy servers here. +#login_trusted_networks = + +# With proxy_maybe=yes if proxy destination matches any of these IPs, don't do +# proxying. This isn't necessary normally, but may be useful if the destination +# IP is e.g. a load balancer's IP. +#auth_proxy_self = + +# Show more verbose process titles (in ps). Currently shows user name and +# IP address. Useful for seeing who are actually using the IMAP processes +# (eg. shared mailboxes or if same uid is used for multiple accounts). +#verbose_proctitle = yes + +# Should all processes be killed when Dovecot master process shuts down. +# Setting this to "no" means that Dovecot can be upgraded without +# forcing existing client connections to close (although that could also be +# a problem if the upgrade is e.g. because of a security fix). +#shutdown_clients = yes + +# If non-zero, run mail commands via this many connections to doveadm server, +# instead of running them directly in the same process. +#doveadm_worker_count = 0 +# UNIX socket or host:port used for connecting to doveadm server +#doveadm_socket_path = doveadm-server + +# Space separated list of environment variables that are preserved on Dovecot +# startup and passed down to all of its child processes. You can also give +# key=value pairs to always set specific settings. +#import_environment { +# TZ=%{env:TZ} +#} + +# Most of the actual configuration gets included below. The filenames are +# first sorted by their ASCII value and parsed in that order. The 00-prefixes +# in filenames are intended to make it easier to understand the ordering. +!include conf.d/*.conf + +# A config file can also tried to be included without giving an error if +# it's not found: +!include_try local.conf diff --git a/conf/local.conf b/conf/local.conf new file mode 100644 index 0000000..e69de29 diff --git a/control b/control new file mode 100644 index 0000000..dc392ad --- /dev/null +++ b/control @@ -0,0 +1,307 @@ +Source: dovecot +Section: mail +Priority: optional +Maintainer: Dovecot Maintainers +Uploaders: Jaldhar H. Vyas , + Jelmer Vernooij , + Apollon Oikonomopoulos , + Noah Meyerhans +Build-Depends: debhelper-compat (= 13), + default-libmysqlclient-dev, + krb5-multidev, + libapparmor-dev [linux-any], + libbz2-dev, + libcap-dev [linux-any], + libcdb-dev, + libdb-dev, + libexpat-dev, + libexttextcat-dev, + libicu-dev, + libldap2-dev, + liblua5.4-dev, + liblz4-dev, + liblzma-dev, + libpam0g-dev, + libpq-dev, + libsasl2-dev, + libsodium-dev, + libsqlite3-dev, + libssl-dev, + libstemmer-dev, + libsystemd-dev [linux-any], + libtirpc-dev, + libunwind-dev, + libwrap0-dev, + libxapian-dev, + libzstd-dev, + lsb-release, + lua-json , + pkgconf, + zlib1g-dev +Standards-Version: 4.7.0 +Rules-Requires-Root: no +Homepage: https://dovecot.org/ +Vcs-Git: https://salsa.debian.org/debian/dovecot.git +Vcs-Browser: https://salsa.debian.org/debian/dovecot + +Package: dovecot-core +Architecture: any +Pre-Depends: ${misc:Pre-Depends} +Depends: adduser, + libpam-runtime, + openssl, + ssl-cert, + ucf, + ${misc:Depends}, + ${shlibs:Depends} +Suggests: dovecot-flatcurve, + dovecot-gssapi, + dovecot-imapd, + dovecot-ldap, + dovecot-lmtpd, + dovecot-managesieved, + dovecot-mysql, + dovecot-pgsql, + dovecot-pop3d, + dovecot-sieve, + dovecot-solr, + dovecot-sqlite, + dovecot-submissiond, + ntp +Provides: dovecot-abi-${dovecot:ABI-Version}, dovecot-common +Replaces: dovecot-common (<< 1:2.0.14-2~), mailavenger (<< 0.8.1-4) +Breaks: dovecot-common (<< 1:2.0.14-2~), mailavenger (<< 0.8.1-4) +Description: secure POP3/IMAP server - core files + Dovecot is a mail server whose major goals are security and extreme + reliability. It tries very hard to handle all error conditions and verify + that all data is valid, making it nearly impossible to crash. It supports + mbox/Maildir and its own dbox/mdbox formats, and should also be pretty + fast, extensible, and portable. + . + This package contains the Dovecot main server and its command line utility. + +Package: dovecot-dev +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Replaces: dovecot-common (<< 1:2.0.14-2~), dovecot-core (<< 1:2.2.26.0-1~) +Breaks: dovecot-common (<< 1:2.0.14-2~), dovecot-core (<< 1:2.2.26.0-1~) +Description: secure POP3/IMAP server - header files + Dovecot is a mail server whose major goals are security and extreme + reliability. It tries very hard to handle all error conditions and verify + that all data is valid, making it nearly impossible to crash. It supports + mbox/Maildir and its own dbox/mdbox formats, and should also be pretty + fast, extensible, and portable. + . + This package contains header files needed to compile plugins for the Dovecot + mail server. + +Package: dovecot-imapd +Architecture: any +Depends: dovecot-core (= ${binary:Version}), + ucf, + ${misc:Depends}, + ${shlibs:Depends} +Suggests: ufw +Provides: imap-server +Description: secure POP3/IMAP server - IMAP daemon + Dovecot is a mail server whose major goals are security and extreme + reliability. It tries very hard to handle all error conditions and verify + that all data is valid, making it nearly impossible to crash. It supports + mbox/Maildir and its own dbox/mdbox formats, and should also be pretty + fast, extensible, and portable. + . + This package contains the Dovecot IMAP server. + +Package: dovecot-pop3d +Architecture: any +Depends: dovecot-core (= ${binary:Version}), + ucf, + ${misc:Depends}, + ${shlibs:Depends} +Suggests: ufw +Provides: pop3-server +Description: secure POP3/IMAP server - POP3 daemon + Dovecot is a mail server whose major goals are security and extreme + reliability. It tries very hard to handle all error conditions and verify + that all data is valid, making it nearly impossible to crash. It supports + mbox/Maildir and its own dbox/mdbox formats, and should also be pretty + fast, extensible, and portable. + . + This package contains the Dovecot POP3 server. + +Package: dovecot-lmtpd +Architecture: any +Depends: dovecot-core (= ${binary:Version}), + ucf, + ${misc:Depends}, + ${shlibs:Depends} +Replaces: dovecot-common (<< 1:2.0.14-2~) +Breaks: dovecot-common (<< 1:2.0.14-2~) +Description: secure POP3/IMAP server - LMTP server + Dovecot is a mail server whose major goals are security and extreme + reliability. It tries very hard to handle all error conditions and verify + that all data is valid, making it nearly impossible to crash. It supports + mbox/Maildir and its own dbox/mdbox formats, and should also be pretty + fast, extensible, and portable. + . + This package contains the Dovecot LMTP server. + +Package: dovecot-managesieved +Architecture: any +Depends: dovecot-core (= ${binary:Version}), + dovecot-sieve (= ${binary:Version}), + ucf, + ${misc:Depends}, + ${shlibs:Depends} +Replaces: dovecot-common (<< 1:2.0.14-2~) +Breaks: dovecot-common (<< 1:2.0.14-2~) +Description: secure POP3/IMAP server - ManageSieve server + Dovecot is a mail server whose major goals are security and extreme + reliability. It tries very hard to handle all error conditions and verify + that all data is valid, making it nearly impossible to crash. It supports + mbox/Maildir and its own dbox/mdbox formats, and should also be pretty + fast, extensible, and portable. + . + This package contains the Dovecot ManageSieve server. + +Package: dovecot-pgsql +Architecture: any +Depends: dovecot-core (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends} +Description: secure POP3/IMAP server - PostgreSQL support + Dovecot is a mail server whose major goals are security and extreme + reliability. It tries very hard to handle all error conditions and verify + that all data is valid, making it nearly impossible to crash. It supports + mbox/Maildir and its own dbox/mdbox formats, and should also be pretty + fast, extensible, and portable. + . + This package provides PostgreSQL support for Dovecot. + +Package: dovecot-mysql +Architecture: any +Depends: dovecot-core (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends} +Description: secure POP3/IMAP server - MySQL support + Dovecot is a mail server whose major goals are security and extreme + reliability. It tries very hard to handle all error conditions and verify + that all data is valid, making it nearly impossible to crash. It supports + mbox/Maildir and its own dbox/mdbox formats, and should also be pretty + fast, extensible, and portable. + . + This package provides MySQL support for Dovecot. + +Package: dovecot-sqlite +Architecture: any +Depends: dovecot-core (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends} +Description: secure POP3/IMAP server - SQLite support + Dovecot is a mail server whose major goals are security and extreme + reliability. It tries very hard to handle all error conditions and verify + that all data is valid, making it nearly impossible to crash. It supports + mbox/Maildir and its own dbox/mdbox formats, and should also be pretty + fast, extensible, and portable. + . + This package provides SQLite support for Dovecot. + +Package: dovecot-ldap +Architecture: any +Depends: dovecot-core (= ${binary:Version}), + ucf, + ${misc:Depends}, + ${shlibs:Depends} +Replaces: dovecot-core (<< 1:2.2.26.0-1~) +Breaks: dovecot-core (<< 1:2.2.26.0-1~) +Description: secure POP3/IMAP server - LDAP support + Dovecot is a mail server whose major goals are security and extreme + reliability. It tries very hard to handle all error conditions and verify + that all data is valid, making it nearly impossible to crash. It supports + mbox/Maildir and its own dbox/mdbox formats, and should also be pretty + fast, extensible, and portable. + . + This package provides LDAP support for Dovecot. + +Package: dovecot-gssapi +Architecture: any +Depends: dovecot-core (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends} +Description: secure POP3/IMAP server - GSSAPI support + Dovecot is a mail server whose major goals are security and extreme + reliability. It tries very hard to handle all error conditions and verify + that all data is valid, making it nearly impossible to crash. It supports + mbox/Maildir and its own dbox/mdbox formats, and should also be pretty + fast, extensible, and portable. + . + This package provides GSSAPI authentication support for Dovecot. + +Package: dovecot-sieve +Architecture: any +Depends: dovecot-core (= ${binary:Version}), + ucf, + ${misc:Depends}, + ${shlibs:Depends} +Breaks: dovecot-core (<= 1:2.2.13-6), dovecot-imapd (<< 1:2.2.26.0-1~) +Replaces: dovecot-core (<= 1:2.2.13-6), dovecot-imapd (<< 1:2.2.26.0-1~) +Description: secure POP3/IMAP server - Sieve filters support + Dovecot is a mail server whose major goals are security and extreme + reliability. It tries very hard to handle all error conditions and verify + that all data is valid, making it nearly impossible to crash. It supports + mbox/Maildir and its own dbox/mdbox formats, and should also be pretty + fast, extensible, and portable. + . + This package provides Sieve filters support for Dovecot. + +Package: dovecot-flatcurve +Architecture: any +Conflicts: dovecot-fts-flatcurve +Replaces: dovecot-fts-flatcurve +Depends: dovecot-core (= ${binary:Version}), + ucf, + ${misc:Depends}, + ${shlibs:Depends} +Description: secure POP3/IMAP server - Flatcurve support + Dovecot is a mail server whose major goals are security and extreme + reliability. It tries very hard to handle all error conditions and verify + that all data is valid, making it nearly impossible to crash. It supports + mbox/Maildir and its own dbox/mdbox formats, and should also be pretty + fast, extensible, and portable. + . + This package provides Flatcurve full text search support for Dovecot. + +Package: dovecot-solr +Architecture: any +Depends: dovecot-core (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends} +Description: secure POP3/IMAP server - Solr support + Dovecot is a mail server whose major goals are security and extreme + reliability. It tries very hard to handle all error conditions and verify + that all data is valid, making it nearly impossible to crash. It supports + mbox/Maildir and its own dbox/mdbox formats, and should also be pretty + fast, extensible, and portable. + . + This package provides Solr full text search support for Dovecot. + +Package: dovecot-submissiond +Architecture: any +Depends: dovecot-core (= ${binary:Version}), + ucf, + ${misc:Depends}, + ${shlibs:Depends} +Breaks: dovecot-submission (<< 1:2.3.1-2~) +Replaces: dovecot-submission (<< 1:2.3.1-2~) +Description: secure POP3/IMAP server - mail submission agent + Dovecot is a mail server whose major goals are security and extreme + reliability. It tries very hard to handle all error conditions and verify + that all data is valid, making it nearly impossible to crash. It supports + mbox/Maildir and its own dbox/mdbox formats, and should also be pretty + fast, extensible, and portable. + . + This package contains the Dovecot Mail Submission Agent which implements a + basic SMTP submission service with BURL support. + +Package: dovecot-auth-lua +Architecture: any +Depends: dovecot-core (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends} +Description: secure POP3/IMAP server - Lua authentication plugin + Dovecot is a mail server whose major goals are security and extreme + reliability. It tries very hard to handle all error conditions and verify + that all data is valid, making it nearly impossible to crash. It supports + mbox/Maildir and its own dbox/mdbox formats, and should also be pretty + fast, extensible, and portable. + . + This package contains an authentication plugin allowing password and user + databases to be implemented in Lua. diff --git a/copyright b/copyright new file mode 100644 index 0000000..8ede253 --- /dev/null +++ b/copyright @@ -0,0 +1,266 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: dovecot +Upstream-Contact: Timo Sirainen + Dovecot Mailing List +Comment: This package was debianized by Jaldhar H. Vyas on + Tue, 3 Dec 2002 01:10:07 -0500. +Source: https://github.com/dovecot/core +Files-Excluded-pigeonhole: doc/rfc + +Files: * +Copyright: (c) 2001-2022 Dovecot authors +Comment: see AUTHORS +License: LGPL-2.1 + +Files: src/lib/* + src/lib-sql/* +Copyright: (c) 2001-2022 Dovecot authors +Comment: see AUTHORS +License: MIT + +Files: src/auth/* +Copyright: (c) 2004-2006 Andrey Panin + (c) 2005 Jelmer Vernooij + (c) 2011-2016 Florian Zeitz + (c) 2007 Dmitry Butskoy + (C) 2006 Simon L Jackson + (c) 2015-2017 Dovecot Oy +License: MIT + +Files: src/lib-auth/password-scheme-md5crypt.c +Copyright: Poul-Henning Kamp +License: Beerware + "THE BEER-WARE LICENSE" (Revision 42): + wrote this file. As long as you retain this notice you + can do whatever you want with this stuff. If we meet some day, and you think + this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp + +Files: src/lib-otp/* +Copyright: (c) 2004-2006 Andrey Panin + (c) Copyright 1997-2005 Simon Tatham +License: MIT + +Files: src/lib/md5.c +Copyright: N/A +License: public-domain-solardiz + Written by Solar Designer in 2001, and placed in the + public domain. There's absolutely no warrant. + +Files: src/lib/sha1.* +Copyright: Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. +License: BSD-3-Clause + +Files: src/lib/sha2.* src/lib/sha3.* +Copyright: Copyright (C) 2005, 2007 Olivier Gay +License: BSD-3-Clause + +Files: src/lib/byteorder.h src/lib/test-byteorder.c +Copyright: (c) 2016-2017 Josef 'Jeff' Sipek +License: MIT + +Files: src/lib/hmac.* +Copyright: (c) 2004 Andrey Panin + (c) 2011-2016 Florian Zeitz +License: MIT + +Files: src/lib/hmac-cram-md5.c +Copyright: (c) 2003 Joshua Goodall +License: MIT + +Files: src/lib/ioloop-iolist.c +Copyright: (c) 2004 Andrey Panin +License: MIT + +Files: src/lib/ioloop-kqueue.c src/lib/ioloop-notify-kqueue.c +Copyright: (c) 2005 Vaclav Haisman +License: MIT + +Files: src/lib/UnicodeData.txt +Copyright: Copyright (C) 1991-2007 Unicode, Inc. +License: Unicode-DFS-2015 + +Files: src/lib-language/stopwords/* +Copyright: Copyright (c) 2001, Dr Martin Porter + Copyright (c) 2002, Richard Boulton. +Comment: License obtained from http://snowball.tartarus.org/license.html +License: BSD-3-Clause + +Files: src/lib-language/stopwords/stopwords_en.txt +Copyright: Apache Software Foundation +License: Apache-2.0 + +Files: src/lib-language/stopwords/stopwords_ro.txt +Copyright: (c) 2005, Jacques Savoy. +License: BSD-2-Clause + +Files: debian/* +Copyright: (c) 2006-2016 Jaldhar H. Vyas + (c) 2006-2009 Fabio Tranchitella + (c) 2008-2009 Joel Johnson + (c) 2009-2012 Marco Nenciarini + (c) 2011-2013 Micah Anderson + (c) 2014-2015 Jelmer Vernooij + (c) 2016-2018 Apollon Oikonomopoulos + (c) 2020-2022 Noah Meyerhans + (c) 2020-2022 Christian Göttsche +License: GPL-2+ + +Files: pigeonhole/* +Copyright: (c) 2002-2021 Stephan Bosch + (c) 2002-2021 Dovecot authors +Comment: Source obtained from https://pigeonhole.dovecot.org/ +License: LGPL-2.1 + +License: MIT + Permission is hereby granted, free of charge, to any person obtaining a + copy of this software and associated documentation files (the "Software"), + to deal in the Software without restriction, including without limitation + the rights to use, copy, modify, merge, publish, distribute, sublicense, + and/or sell copies of the Software, and to permit persons to whom the + Software is furnished to do so, subject to the following conditions: + . + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + DEALINGS IN THE SOFTWARE. + +License: LGPL-2.1 + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + . + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + . + You should have received a copy of the GNU Lesser General Public + License along with this program. If not, see + . + . + On Debian systems, the full text of the GNU Lesser General Public License can + be found at /usr/share/common-licenses/LGPL-2.1. + +License: Apache-2.0 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + http://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian systems, the full text of the Apache License, Version 2.0 can be + found at /usr/share/common-licenses/Apache-2.0. + +License: BSD-3-Clause + All rights reserved. + . + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. Neither the name of the University nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. + +License: BSD-2-Clause + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + . + 1. Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + . + 2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +License: GPL-2+ + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see . + . + On Debian systems, the full text of the GNU General Public License version 2 + can be found at /usr/share/common-licenses/GPL-2. + +License: Unicode-DFS-2015 + Copyright © 1991-2015 Unicode, Inc. All rights reserved. Distributed under the + Terms of Use in http://www.unicode.org/copyright.html. + . + Permission is hereby granted, free of charge, to any person obtaining a copy + of the Unicode data files and any associated documentation (the "Data Files") + or Unicode software and any associated documentation (the "Software") to deal + in the Data Files or Software without restriction, including without limitation + the rights to use, copy, modify, merge, publish, distribute, and/or sell copies + of the Data Files or Software, and to permit persons to whom the Data Files or + Software are furnished to do so, provided that + . + (a) this copyright and permission notice appear with all copies of the Data + Files or Software, + (b) this copyright and permission notice appear in associated documentation, + and + (c) there is clear notice in each modified Data File or in the Software as + well as in the documentation associated with the Data File(s) or Software + that the data or software has been modified. + . + THE DATA FILES AND SOFTWARE ARE PROVIDED "AS IS", WITHOUT WARRANTY OF ANY + KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD + PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR HOLDERS INCLUDED IN + THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL + DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, + WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THE DATA FILES OR + SOFTWARE. + . + Except as contained in this notice, the name of a copyright holder shall not + be used in advertising or otherwise to promote the sale, use or other dealings + in these Data Files or Software without prior written authorization of the + copyright holder. diff --git a/dh.pem b/dh.pem new file mode 100644 index 0000000..a734b90 --- /dev/null +++ b/dh.pem @@ -0,0 +1,13 @@ +-----BEGIN DH PARAMETERS----- +MIICCAKCAgEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb +IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft +awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT +mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh +fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq +5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM +fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq +ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI +ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O ++S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI +HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0BjGZ//////////8CAQI= +-----END DH PARAMETERS----- diff --git a/dovecot-core.NEWS b/dovecot-core.NEWS new file mode 100644 index 0000000..c4e6a5f --- /dev/null +++ b/dovecot-core.NEWS @@ -0,0 +1,193 @@ +dovecot (1:2.4.1+dfsg1-1) unstable; urgency=medium + + Dovecot 2.4 is a major upgrade from the previous 2.3 branch and introduces + an incompatible configuration language. Please see + https://doc.dovecot.org/2.4.0/installation/upgrade/2.3-to-2.4.html for + details on transitioning to the new language. The default configuration + shipped by Debian has been updated for compatibility with the new + configuration, but any locally maintained configuration will need to be + updated. + + -- Noah Meyerhans Mon, 10 Mar 2025 13:28:20 -0400 + +dovecot (1:2.3.2-1) unstable; urgency=medium + + Upgrading to the 2.3 series may require manual configuration changes. + Some settings have been removed, while others have had their defaults + changed. Please see + + /usr/share/doc/dovecot-core/wiki/Upgrading.2.3.txt.gz + + or the online version at + + https://wiki2.dovecot.org/Upgrading/2.3 + + for more information and review your configuration accordingly. + + -- Apollon Oikonomopoulos Sat, 24 Mar 2018 00:34:07 +0200 + +dovecot (1:2.2.31-1) unstable; urgency=medium + + TLS is now enabled by default, using the ssl-cert-snakeoil certificate + provided by the ssl-cert package. Upgrades from older versions will be + prompted to accept the new configuration and enable TLS. If you have already + configured TLS yourself, you'll most probably want to keep your settings + intact. + + See /usr/share/doc/dovecot-core/README.Debian for more information on the + certificate's default location and how to install your own certificates. + + -- Apollon Oikonomopoulos Sun, 25 Jun 2017 01:09:28 +0300 + +dovecot (1:2.2.21-1) unstable; urgency=medium + + This release disables the dovecot.socket systemd unit by default. The unit is + disabled only if the dovecot.service unit is already enabled, making sure + that dovecot will start on system boot. If you are upgrading dovecot and + previously relied on dovecot.socket and dovecot.service being both enabled, + please re-enable dovecot.socket manually using + + systemctl enable dovecot.socket + + Future package updates will not disable the socket unit again. For details + regarding this decision, please see Debian bugs #803915 and #814999. + + -- Apollon Oikonomopoulos Fri, 19 Feb 2016 16:54:27 +0200 + +dovecot (1:2.1.7-7) unstable; urgency=high + + If you are upgrading from stable or the earlier 2.1.7 packages in testing, + you are advised to backup your configuration files before continuing. + Carefully read /usr/share/doc/dovecot-core/README.Debian.gz for important + information about problems that might affect your upgrade. + + -- Jaldhar H. Vyas Mon, 04 Feb 2013 16:27:17 -0500 + +dovecot (1:2.0.5-1) experimental; urgency=low + + * A lot of settings have changed. Dovecot v2.0 can still use most of + the v1.x configuration files, but it logs a lot of warnings at + startup. A quick and easy way to convert your old config file to + v2.0 format is: + + doveconf -n -c dovecot-1.conf > dovecot-2.conf + + This command logs a warning about each obsolete setting it + converts to the new format. You can either go through the warnings + to figure out what changes exactly were done, or you can simply + trust doveconf and replace your old config with the newly + generated one. + + * Dovecot uses two system users for internal purposes now by + default: "dovenull" and "dovecot". "dovenull" user is used by + completely untrustworthy processes, while "dovecot" user is used + for slightly more trusted processes. + + * In conf.d/10-mail.conf, the default mail_location is set to + mbox:~/mail:INBOX=/var/mail/%u + This has to be set because Dovecots auto-detection of mailboxes fails + when a user has no mail. I tried to provide a reasonable default + but advanced users will certainly want to change this. + + Related to this, you might see an error in the logs about dovecot not + being able to chgrp certain files. This is because the default user + mailboxes in Debian belong to group mail which dovecot is not part of + (nor should be.) The Debian package has been patched so that the error + will not be fatal but for a more permanent solution, see here: + http://wiki2.dovecot.org/Errors/ChgrpNoPerm for some discussion. Or + you can set mail_location (and the equivalent settings in your MDA) so + that mailboxes are in the users home directory. + + * No more convert plugin, use dsync instead + + * No more expire-tool, use doveadm expunge instead. Also expire + configuration is different. + + * Post-login scripts are configured differently and need to be modified + + * Quota warnings are configured differently and the script may need + to be modified (most environment settings like $USER are gone) + + * Global ACL filenames now require namespace prefix (e.g. if you use + "INBOX." prefix, /etc/acls/foo needs to be renamed to + /etc/acls/INBOX.foo + + * Maildir: Permissions for newly created mail files are no longer + copied from dovecot-shared file, but instead from the mail + directory (e.g. for "foo" mailbox, they're taken from + ~/Maildir/.foo directory) + + * dbox: v2.0 format is slightly different, but backwards + compatible. The main problem is that v2.0 no longer supports + maildir-dbox hybrid resulting from "fast Maildir migration". If + you have any Maildir files in your dbox, you need to convert them + somehow (some examples). You might also consider using dsync to + get rid of the old unused metadata in your dbox files. + + + * Pre-login and post-login CAPABILITY reply is now + different. Dovecot expects clients to recognize new automatically + sent capabilities. This should work with all commonly used + clients, but some rarely used clients might have problems. Either + get the client fixed, or set imap_capability manually. + + * ManageSieve protocol was assigned an official port by IANA: + 4190. This is used by Pigeonhole by default now. If you want to + listen also on the old 2000 port, see the example in + /usr/share/doc/dovecot-common/wiki/ManageSieve.Configuration.txt.gz + + * deliver binary was renamed to dovecot-lda (but a symlink still + exists for now) + + * deliver -n parameter was replaced by lda_mailbox_autocreate + setting. The default also changed to "no". + + * deliver -s parameter was replaced by lda_mailbox_autosubscribe + setting. The default is "no", as before. + + -- Marco Nenciarini Mon, 18 Oct 2010 12:59:14 +0200 + +dovecot (1:1.0.12-1) unstable; urgency=low + + * mail_extra_groups=mail setting is often used insecurely to give Dovecot + access to create dotlocks to /var/mail directory. The setting has been + replaced by mail_privileged_group and mail_access_groups. + Read also: http://dovecot.org/list/dovecot/2008-March/029196.html + + -- Fabio Tranchitella Thu, 06 Mar 2008 15:46:03 +0100 + +dovecot (1.0.beta3-1) unstable; urgency=low + + * Starting from this release, dovecot-lda is included in dovecot-common. + The previous executable deliver has been removed from the upstream + source package. + * Other new features recently added include + + vpopmail support + + quota support + + GSSAPI support + * All these new features mean there are some configuration file changes + please review the default /etc/dovecot/dovecot.conf and merge in any + new bits. (If you don't use any new features, your configuration should + remain compatible.) + + -- Fabio Tranchitella Fri, 17 Feb 2006 17:05:37 +0000 + +dovecot (1.0.alpha4-1) unstable; urgency=low + + * This is the 1.0alpha branch. Once again there have been incompatible + changes to the syntax of /etc/dovecot/dovecot.conf. + * The dovecot-common package now includes the zlib plugin for compressed + mboxen. Make sure you have mail_use_modules=yes in imap and/or pop3 + section in /etc/dovecot/dovecot.conf if you want to use this. + + -- Jaldhar H. Vyas Wed, 20 Jul 2005 06:30:37 -0400 + +dovecot (0.99.20050712-1) unstable; urgency=low + + * This is the 1.0stable development branch. There have been major + changes and new features have been added so check your configuration + carefully. In particular, /etc/dovecot/dovecot-mysql.conf and + /etc/dovecot/dovecot-pgsql.conf have been replaced by + /etc/dovecot/dovecot-sql.conf . + + -- Jaldhar H. Vyas Wed, 20 Jul 2005 06:30:37 -0400 diff --git a/dovecot-core.README.Debian b/dovecot-core.README.Debian new file mode 100644 index 0000000..e4fc73c --- /dev/null +++ b/dovecot-core.README.Debian @@ -0,0 +1,35 @@ +Dovecot Debian package +====================== + +Please refer to http://wiki2.dovecot.org for the full documentation of this +package and its configuration. + +Note that the default value for mbox_write_locks differs between Debian and +upstream Dovecot: + Debian: mbox_write_locks = "fnctl dotlock" + Dovecot: mbox_write_locks = "dotlock fnctl" + +TLS setup +--------- + +TLS is enabled by default on new installations. Dovecot will use the +self-signed certificate provided by ssl-cert-snakeoil by default. The +certificate and key are accessed via symbolic links in /etc/dovecot/private. + +If you wish to use your own certificates, feel free to replace the symbolic +links in /etc/dovecot/private with the actual certificate/key of your +preference, or place the certificate and key at the location of your preference +and update /etc/dovecot/conf.d/10-ssl.conf accordingly. + +dovenull group +-------------- + +Upstream recommends that for security's sake, the dovenull user should belong +to its own private group to which no one else belongs. Prior to 2.2.9-1, the +dovenull user was in the nogroup group which contains other users. This has +been rectified for new installs but upgraders should make the change +themselves like this: + +# addgroup --system --group dovenull +# usermod -g dovenull dovenull + diff --git a/dovecot-core.bug-control b/dovecot-core.bug-control new file mode 100644 index 0000000..0002beb --- /dev/null +++ b/dovecot-core.bug-control @@ -0,0 +1 @@ +package-status: dovecot-common dovecot-core dovecot-dev dovecot-gssapi dovecot-imapd dovecot-ldap dovecot-lmtpd dovecot-managesieved dovecot-mysql dovecot-pgsql dovecot-pop3d dovecot-sieve dovecot-sqlite diff --git a/dovecot-core.bug-script b/dovecot-core.bug-script new file mode 100644 index 0000000..1bf1d19 --- /dev/null +++ b/dovecot-core.bug-script @@ -0,0 +1,28 @@ +#!/bin/bash + +set -e + +pecho() { + echo "$@" + echo "$@"|sed 's/./-/g' +} + + +if [ -x /usr/bin/doveconf ] +then + echo + cat <<-EOF + You can append "doveconf -n" output to the bug report. It will help the + maintainers to better understand your configuration. + It normally doesn't contain any sensitive information, but you should + review it before sending. + EOF + echo + yesno "Do you want to append \"doveconf -n\" output to your bug report? " yep + if [ "$REPLY" == yep ] + then + echo >&3 + pecho "dovecot configuration" >&3 + /usr/bin/doveconf -n >&3 + fi +fi diff --git a/dovecot-core.dirs b/dovecot-core.dirs new file mode 100644 index 0000000..b91716f --- /dev/null +++ b/dovecot-core.dirs @@ -0,0 +1,4 @@ +etc/dovecot/conf.d +etc/dovecot/private +usr/share/dovecot/protocols.d +var/lib/dovecot diff --git a/dovecot-core.docs b/dovecot-core.docs new file mode 100644 index 0000000..166765a --- /dev/null +++ b/dovecot-core.docs @@ -0,0 +1,2 @@ +NEWS +TODO diff --git a/dovecot-core.dovecot.default b/dovecot-core.dovecot.default new file mode 100644 index 0000000..dee9239 --- /dev/null +++ b/dovecot-core.dovecot.default @@ -0,0 +1,4 @@ +# /etc/default/dovecot + +# Set to '1' to allow Dovecot daemons to produce core dumps +#ALLOW_COREDUMPS=1 diff --git a/dovecot-core.dovecot.init b/dovecot-core.dovecot.init new file mode 100644 index 0000000..730c323 --- /dev/null +++ b/dovecot-core.dovecot.init @@ -0,0 +1,185 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: dovecot +# Required-Start: $local_fs $remote_fs $network $syslog $time +# Required-Stop: $local_fs $remote_fs $network $syslog +# Should-Start: postgresql mysql slapd winbind nslcd +# Should-Stop: postgresql mysql slapd winbind nslcd +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Dovecot init script +# Description: Init script for dovecot services +### END INIT INFO + +# Author: Miquel van Smoorenburg . +# Modified for Debian GNU/Linux +# by Ian Murdock . +# + +# Do NOT "set -e" + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DESC="IMAP/POP3 mail server" +NAME=dovecot +DAEMON=/usr/sbin/dovecot +DAEMON_ARGS="" +SCRIPTNAME=/etc/init.d/$NAME +CONF=/etc/dovecot/${NAME}.conf + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Exit if the configuration file doesn't exist +[ -f "$CONF" ] || exit 0 + +# Exit if explicitly told to +[ "$ENABLED" != "0" ] || exit 0 + +# Allow core dumps if requested +[ "$ALLOW_COREDUMPS" != "1" ] || ulimit -c unlimited + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. +. /lib/lsb/init-functions + +# conf file readable? +if [ ! -r ${CONF} ]; then + log_daemon_msg "${CONF}: not readable" "$NAME" && log_end_msg 1; + exit 1; +fi + +# dont check for inetd.conf if its not installed +if [ -f /etc/inetd.conf ]; then + # The init script should do nothing if dovecot or another imap/pop3 server + # is being run from inetd, and dovecot is configured to run as an imap or + # pop3 service + for p in `sed -r "s/^ *(([^:]+|\[[^]]+]|\*):)?(pop3s?|imaps?)[ \t].*/\3/;t;d" \ + /etc/inetd.conf` + do + for q in `doveconf -n -h protocols` + do + if [ $p = $q ]; then + log_daemon_msg "protocol ${p} configured both in inetd and in dovecot" "$NAME" && log_end_msg 1 + exit 0 + fi + done + done +fi + +# determine the location of the PID file +# override by setting base_dir in conf file or PIDBASE in /etc/defaults/$NAME +PIDBASE=${PIDBASE:-`doveconf -n -c ${CONF} -h base_dir`} +PIDFILE=${PIDBASE:-/var/run/dovecot}/master.pid + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test -- -c ${CONF} > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- -c ${CONF} \ + $DAEMON_ARGS \ + || return 2 +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name ${DAEMON##*/} + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --pidfile $PIDFILE --name ${DAEMON##*/} + [ "$?" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return "$RETVAL" +} + +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + # + # If the daemon can reload its configuration without + # restarting (for example, when it is sent a SIGHUP), + # then implement that here. + # + start-stop-daemon --stop --signal HUP --quiet --pidfile $PIDFILE --name $NAME + return 0 +} + + +case "$1" in + start) + log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) log_end_msg 0 ;; + 2) log_end_msg 1 ;; + esac + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) log_end_msg 0 ;; + 2) log_end_msg 1 ;; + esac + ;; + reload|force-reload) + log_daemon_msg "Reloading $DESC" "$NAME" + do_reload + log_end_msg $? + ;; + restart) + # + # If the "reload" option is implemented then remove the + # 'force-reload' alias + # + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + status) + status_of_proc -p $PIDFILE $DAEMON $NAME && exit 0 || exit $? + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload|status}" >&2 + exit 3 + ;; +esac diff --git a/dovecot-core.dovecot.pam b/dovecot-core.dovecot.pam new file mode 100644 index 0000000..3443434 --- /dev/null +++ b/dovecot-core.dovecot.pam @@ -0,0 +1,6 @@ +#%PAM-1.0 + +@include common-auth +@include common-account +@include common-session + diff --git a/dovecot-core.examples b/dovecot-core.examples new file mode 100644 index 0000000..80af4bc --- /dev/null +++ b/dovecot-core.examples @@ -0,0 +1 @@ +src/plugins/fts/decode2text.sh diff --git a/dovecot-core.install b/dovecot-core.install new file mode 100644 index 0000000..bbbaf19 --- /dev/null +++ b/dovecot-core.install @@ -0,0 +1,3 @@ +debian/dh.pem usr/share/dovecot +debian/dovecot-openssl.cnf usr/share/dovecot +debian/maildirmake.dovecot usr/bin diff --git a/dovecot-core.lintian-overrides b/dovecot-core.lintian-overrides new file mode 100644 index 0000000..f0c74da --- /dev/null +++ b/dovecot-core.lintian-overrides @@ -0,0 +1,59 @@ +# hardening flags are set and blhc succeeds; might need some investigation +dovecot-core: hardening-no-fortify-functions [usr/lib/dovecot/config] +dovecot-core: hardening-no-fortify-functions [usr/lib/dovecot/gdbhelper] +dovecot-core: hardening-no-fortify-functions [usr/lib/dovecot/libdovecot-storage.so.0.0.0] +dovecot-core: hardening-no-fortify-functions [usr/lib/dovecot/modules/lib20_fts_plugin.so] +dovecot-core: hardening-no-fortify-functions [usr/lib/dovecot/script-login] +dovecot-core: hardening-no-fortify-functions [usr/lib/dovecot/script] +dovecot-core: hardening-no-fortify-functions [usr/lib/dovecot/xml2text] +dovecot-core: package-contains-empty-directory [usr/share/dovecot/protocols.d/] +dovecot-core: package-contains-empty-directory [usr/lib/dovecot/modules/dict/] +dovecot-core: spelling-error-in-readme-debian dovenull dovenull (duplicate word) dovenull [usr/share/doc/dovecot-core/README.Debian] +dovecot-core: library-not-linked-against-libc [usr/lib/dovecot/modules/old-stats/libold_stats_mail.so] +dovecot-core: library-not-linked-against-libc [usr/lib/dovecot/modules/old-stats/libstats_auth.so] +dovecot-core [armel]: library-not-linked-against-libc usr/lib/dovecot/modules/lib20_listescape_plugin.so +# ignore internal libraries without dependency information +dovecot-core: shared-library-lacks-prerequisites [usr/lib/dovecot/modules/lib20_listescape_plugin.so] +dovecot-core: shared-library-lacks-prerequisites [usr/lib/dovecot/modules/settings/libpigeonhole_settings.so] +# ignore extra man pages +dovecot-core: spare-manual-page [usr/share/man/man1/deliver.1.gz] +# keep all man pages in section 1 for now +dovecot-core: manual-page-for-system-command [usr/sbin/dovecot] +# ignore executable-in-usr-lib, maybe move to libexec at some point +dovecot-core: executable-in-usr-lib [usr/lib/dovecot/anvil] +dovecot-core: executable-in-usr-lib [usr/lib/dovecot/auth] +dovecot-core: executable-in-usr-lib [usr/lib/dovecot/config] +dovecot-core: executable-in-usr-lib [usr/lib/dovecot/dict] +dovecot-core: executable-in-usr-lib [usr/lib/dovecot/dns-client] +dovecot-core: executable-in-usr-lib [usr/lib/dovecot/doveadm-server] +dovecot-core: executable-in-usr-lib [usr/lib/dovecot/dovecot-lda] +dovecot-core: executable-in-usr-lib [usr/lib/dovecot/gdbhelper] +dovecot-core: executable-in-usr-lib [usr/lib/dovecot/health-check.sh] +dovecot-core: executable-in-usr-lib [usr/lib/dovecot/indexer] +dovecot-core: executable-in-usr-lib [usr/lib/dovecot/indexer-worker] +dovecot-core: executable-in-usr-lib [usr/lib/dovecot/log] +dovecot-core: executable-in-usr-lib [usr/lib/dovecot/quota-status] +dovecot-core: executable-in-usr-lib [usr/lib/dovecot/rawlog] +dovecot-core: executable-in-usr-lib [usr/lib/dovecot/script] +dovecot-core: executable-in-usr-lib [usr/lib/dovecot/script-login] +dovecot-core: executable-in-usr-lib [usr/lib/dovecot/stats] +dovecot-core: executable-in-usr-lib [usr/lib/dovecot/xml2text] +# ignore equal stub files +dovecot-core: duplicate-files usr/share/doc/dovecot-core/wiki/Pigeonhole.ManageSieve.Install.txt usr/share/doc/dovecot-core/wiki/Plugins.Stats.txt +# ignore stopwords txt files not in /usr/share/doc +dovecot-core: package-contains-documentation-outside-usr-share-doc [usr/share/dovecot/stopwords/stopwords_da.txt] +dovecot-core: package-contains-documentation-outside-usr-share-doc [usr/share/dovecot/stopwords/stopwords_de.txt] +dovecot-core: package-contains-documentation-outside-usr-share-doc [usr/share/dovecot/stopwords/stopwords_en.txt] +dovecot-core: package-contains-documentation-outside-usr-share-doc [usr/share/dovecot/stopwords/stopwords_es.txt] +dovecot-core: package-contains-documentation-outside-usr-share-doc [usr/share/dovecot/stopwords/stopwords_fi.txt] +dovecot-core: package-contains-documentation-outside-usr-share-doc [usr/share/dovecot/stopwords/stopwords_fr.txt] +dovecot-core: package-contains-documentation-outside-usr-share-doc [usr/share/dovecot/stopwords/stopwords_it.txt] +dovecot-core: package-contains-documentation-outside-usr-share-doc [usr/share/dovecot/stopwords/stopwords_nl.txt] +dovecot-core: package-contains-documentation-outside-usr-share-doc [usr/share/dovecot/stopwords/stopwords_no.txt] +dovecot-core: package-contains-documentation-outside-usr-share-doc [usr/share/dovecot/stopwords/stopwords_pt.txt] +dovecot-core: package-contains-documentation-outside-usr-share-doc [usr/share/dovecot/stopwords/stopwords_ro.txt] +dovecot-core: package-contains-documentation-outside-usr-share-doc [usr/share/dovecot/stopwords/stopwords_ru.txt] +dovecot-core: package-contains-documentation-outside-usr-share-doc [usr/share/dovecot/stopwords/stopwords_sv.txt] +dovecot-core: package-contains-documentation-outside-usr-share-doc [usr/share/dovecot/stopwords/stopwords_tr.txt] +# ulimit -c might be specified but is supported by bash and dash +dovecot-core: bash-term-in-posix-shell '| ulimit' [etc/init.d/dovecot:43] diff --git a/dovecot-core.manpages b/dovecot-core.manpages new file mode 100644 index 0000000..926f5cc --- /dev/null +++ b/dovecot-core.manpages @@ -0,0 +1 @@ +debian/maildirmake.dovecot.1 diff --git a/dovecot-core.postinst b/dovecot-core.postinst new file mode 100644 index 0000000..1ce4d49 --- /dev/null +++ b/dovecot-core.postinst @@ -0,0 +1,95 @@ +#!/bin/sh +set -e + +if [ "$1" = "configure" ]; then + CONFFILES="dovecot.conf \ + conf.d/10-auth.conf \ + conf.d/10-logging.conf \ + conf.d/10-mail.conf \ + conf.d/10-master.conf \ + conf.d/10-metrics.conf \ + conf.d/10-ssl.conf \ + conf.d/15-lda.conf \ + conf.d/15-mailboxes.conf \ + conf.d/30-dict-server.conf \ + conf.d/90-acl.conf \ + conf.d/90-fts.conf \ + conf.d/90-quota.conf \ + conf.d/auth-deny.conf.ext \ + conf.d/auth-master.conf.ext \ + conf.d/auth-oauth2.conf.ext \ + conf.d/auth-passwdfile.conf.ext \ + conf.d/auth-sql.conf.ext \ + conf.d/auth-static.conf.ext \ + conf.d/auth-system.conf.ext" + + OLD_CONFFILES="conf.d/auth-vpopmail.conf.ext \ + dovecot-dict-auth.conf.ext \ + dovecot-dict-sql.conf.ext \ + dovecot-sql.conf.ext \ + conf.d/10-director.conf \ + conf.d/10-tcpwrapper.conf \ + conf.d/90-plugin.conf" + + ## Users + # + + adduser --system --group --home /usr/lib/dovecot --gecos "Dovecot mail server" \ + --no-create-home --disabled-password --quiet dovecot || true + + adduser --system --group --home /nonexistent --no-create-home --gecos "Dovecot login user" \ + --disabled-password --quiet dovenull || true + + for conffile in $CONFFILES ; do + # Tell ucf that the file in /usr/share/dovecot is the latest + # maintainer version, and let it handle how to manage the real + # configuration file in /etc/dovecot. + ucf --three-way "/usr/share/dovecot/$conffile" "/etc/dovecot/$conffile" + ucfr dovecot-core "/etc/dovecot/$conffile" + if [ "$conffile" != "dovecot.conf" ] && [ -f "/etc/dovecot/$conffile" ] && + [ "$(echo "$conffile" | cut -b -7)" != "conf.d/" ]; then + chmod 0640 "/etc/dovecot/$conffile" + chgrp dovecot "/etc/dovecot/$conffile" + fi + done + + for oldconffile in $OLD_CONFFILES ; do + if [ -e "/etc/dovecot/$oldconffile" ]; then + modified=$(ucfq -w /etc/dovecot/$oldconffile | cut -d: -f4) + if [ "$modified" = "No" ]; then + echo "Removing unmodified obsolete configuration file '/etc/dovecot/$oldconffile'" + rm -f "/etc/dovecot/$oldconffile" + else + echo "Locally modified configuration file '/etc/dovecot/$oldconffile' is obsolete. Please remove." + fi + ucf --purge "/etc/dovecot/$oldconffile" + ucfr --purge dovecot-core "/etc/dovecot/$oldconffile" + fi + done + + + if ! dpkg-statoverride --list /etc/dovecot/private >/dev/null; then + dpkg-statoverride --quiet --update --add root root 0700 /etc/dovecot/private + fi + + # SSL configuration + # Use the ssl-cert-snakeoil certificate in the following cases: + # - On new installations + if [ -z "$2" ]; then + if [ ! -e /etc/dovecot/private/dovecot.key ] && \ + [ ! -e /etc/dovecot/private/dovecot.pem ] && \ + [ -e /etc/ssl/certs/ssl-cert-snakeoil.pem ] && \ + [ -e /etc/ssl/private/ssl-cert-snakeoil.key ]; then + ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/dovecot/private/dovecot.pem + ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/dovecot/private/dovecot.key + fi + fi +fi + +if [ "$1" = "triggered" ]; then + if [ -x "/etc/init.d/dovecot" ]; then + invoke-rc.d dovecot restart + fi +fi + +#DEBHELPER# diff --git a/dovecot-core.postrm b/dovecot-core.postrm new file mode 100644 index 0000000..87f6d12 --- /dev/null +++ b/dovecot-core.postrm @@ -0,0 +1,48 @@ +#!/bin/sh +set -e + +if [ "$1" = "purge" ] ; then + for conffile in $(ucfq --with-colons dovecot-core | cut -d: -f1); do + # we mimic dpkg as closely as possible, so we remove configuration + # files with dpkg backup extensions too: + ### Some of the following is from Tore Anderson: + for ext in '~' '%' .bak .dpkg-tmp .dpkg-new .dpkg-old .dpkg-dist .ucf-new .ucf-old .ucf-dist; do + rm -f "$conffile$ext" + done + # remove the configuration file itself + rm -f "$conffile" + # and finally clear it out from the ucf database + if which ucf >/dev/null; then + ucf --purge "$conffile" + fi + if which ucfr >/dev/null; then + ucfr --purge dovecot-core "$conffile" + fi + done + + userdel dovecot || true; + userdel dovenull || true; + + if [ -d /run/dovecot ]; then + rm -rf /run/dovecot + fi + + # Remove dovecot.pem and dovecot.key only if they are symlinks; otherwise + # we might remove CA-issued certificates that are difficult and/or + # expensive to replace. + for file in /etc/dovecot/private/dovecot.pem /etc/dovecot/private/dovecot.key; do + if [ -h "$file" ]; then + rm -f "$file" + else + echo "${file} is not a symbolic link, skipping removal." >&2 + fi + done +fi + +if [ "$1" = "triggered" ]; then + if [ -x "/etc/init.d/dovecot" ]; then + invoke-rc.d dovecot start + fi +fi + +#DEBHELPER# diff --git a/dovecot-core.triggers b/dovecot-core.triggers new file mode 100644 index 0000000..9f8f2ff --- /dev/null +++ b/dovecot-core.triggers @@ -0,0 +1,2 @@ +interest-noawait register-dovecot-plugin +interest-noawait /usr/lib/dovecot/modules diff --git a/dovecot-dev.README.Debian b/dovecot-dev.README.Debian new file mode 100644 index 0000000..cdcf38f --- /dev/null +++ b/dovecot-dev.README.Debian @@ -0,0 +1,10 @@ +/usr/share/dovecot/dovecot-abi contains that portion of DOVECOT_ABI_VERSION +from configure.ac outside parentheses (i.e not including the package version.) +It might look something like this: + +2.2.ABIv10 + +...packages providing plugins for dovecot can use this information in their +dependencies to avoid having to update every time there is a minor update to +the dovecot package. + diff --git a/dovecot-dev.lintian-overrides b/dovecot-dev.lintian-overrides new file mode 100644 index 0000000..1d459c2 --- /dev/null +++ b/dovecot-dev.lintian-overrides @@ -0,0 +1,2 @@ +# plugins probably need the package name +dovecot-dev: package-name-defined-in-config-h usr/include/dovecot/config.h diff --git a/dovecot-flatcurve.links b/dovecot-flatcurve.links new file mode 100644 index 0000000..6d5bbee --- /dev/null +++ b/dovecot-flatcurve.links @@ -0,0 +1 @@ +/usr/share/bug/dovecot-core /usr/share/bug/dovecot-flatcurve diff --git a/dovecot-flatcurve.postinst b/dovecot-flatcurve.postinst new file mode 100644 index 0000000..1a1a324 --- /dev/null +++ b/dovecot-flatcurve.postinst @@ -0,0 +1,21 @@ +#!/bin/sh + +set -e + +if [ "$1" = "configure" ]; then + CONFFILES="conf.d/90-fts-flatcurve.conf" + + for conffile in $CONFFILES ; do + # Tell ucf that the file in /usr/share/dovecot is the latest + # maintainer version, and let it handle how to manage the real + # configuration file in /etc/dovecot. + ucf --three-way "/usr/share/dovecot/$conffile" "/etc/dovecot/$conffile" + ucfr dovecot-ldap "/etc/dovecot/$conffile" + if [ "$conffile" != "dovecot.conf" ] && [ -f "/etc/dovecot/$conffile" ] && + [ "$(echo "$conffile" | cut -b -7)" != "conf.d/" ]; then + chmod 0600 "/etc/dovecot/$conffile" + fi + done +fi + +#DEBHELPER# diff --git a/dovecot-flatcurve.postrm b/dovecot-flatcurve.postrm new file mode 100644 index 0000000..c0cddcd --- /dev/null +++ b/dovecot-flatcurve.postrm @@ -0,0 +1,25 @@ +#!/bin/sh +set -e + +if [ "$1" = "purge" ] ; then + for conffile in $(ucfq --with-colons dovecot-flatcurve | cut -d: -f1); do + # we mimic dpkg as closely as possible, so we remove configuration + # files with dpkg backup extensions too: + ### Some of the following is from Tore Anderson: + for ext in '~' '%' .bak .dpkg-tmp .dpkg-new .dpkg-old .dpkg-dist .ucf-new .ucf-old .ucf-dist; do + rm -f "$conffile$ext" + done + # remove the configuration file itself + rm -f "$conffile" + # and finally clear it out from the ucf database + if which ucf >/dev/null; then + ucf --purge "$conffile" + fi + if which ucfr >/dev/null; then + ucfr --purge dovecot-flatcurve "$conffile" + fi + done + +fi + +#DEBHELPER# diff --git a/dovecot-flatcurve.prerm b/dovecot-flatcurve.prerm new file mode 100644 index 0000000..2ad0a1f --- /dev/null +++ b/dovecot-flatcurve.prerm @@ -0,0 +1,12 @@ +#!/bin/sh +set -e + +if [ -d /run/systemd/system ]; then + deb-systemd-invoke stop dovecot.socket || true +fi + +if [ -x "/etc/init.d/dovecot" ]; then + invoke-rc.d dovecot stop +fi + +#DEBHELPER# diff --git a/dovecot-flatcurve.triggers b/dovecot-flatcurve.triggers new file mode 100644 index 0000000..903b9e7 --- /dev/null +++ b/dovecot-flatcurve.triggers @@ -0,0 +1,2 @@ +activate-noawait register-dovecot-plugin + diff --git a/dovecot-gssapi.links b/dovecot-gssapi.links new file mode 100644 index 0000000..dde94f9 --- /dev/null +++ b/dovecot-gssapi.links @@ -0,0 +1 @@ +/usr/share/bug/dovecot-core /usr/share/bug/dovecot-gssapi diff --git a/dovecot-imapd.links b/dovecot-imapd.links new file mode 100644 index 0000000..d0fb029 --- /dev/null +++ b/dovecot-imapd.links @@ -0,0 +1 @@ +/usr/share/bug/dovecot-core /usr/share/bug/dovecot-imapd diff --git a/dovecot-imapd.lintian-overrides b/dovecot-imapd.lintian-overrides new file mode 100644 index 0000000..dc26e0d --- /dev/null +++ b/dovecot-imapd.lintian-overrides @@ -0,0 +1,2 @@ +# hardening flags are set and blhc succeeds; might need some investigation +dovecot-imapd: hardening-no-fortify-functions [usr/lib/dovecot/imap] diff --git a/dovecot-imapd.postinst b/dovecot-imapd.postinst new file mode 100644 index 0000000..1b134b6 --- /dev/null +++ b/dovecot-imapd.postinst @@ -0,0 +1,23 @@ +#!/bin/sh + +set -e + +if [ "$1" = "configure" ]; then + CONFFILES="conf.d/20-imap.conf" + + for conffile in $CONFFILES ; do + # Tell ucf that the file in /usr/share/dovecot is the latest + # maintainer version, and let it handle how to manage the real + # configuration file in /etc/dovecot. + ucf --three-way "/usr/share/dovecot/$conffile" "/etc/dovecot/$conffile" + ucfr dovecot-imapd "/etc/dovecot/$conffile" + done + + cat < /usr/share/dovecot/protocols.d/imapd.protocol +protocols { + imap = yes +} +EOF +fi + +#DEBHELPER# diff --git a/dovecot-imapd.postrm b/dovecot-imapd.postrm new file mode 100644 index 0000000..dcaaeaf --- /dev/null +++ b/dovecot-imapd.postrm @@ -0,0 +1,29 @@ +#!/bin/sh +set -e + +if [ "$1" = "purge" ] ; then + for conffile in $(ucfq --with-colons dovecot-imapd | cut -d: -f1); do + # we mimic dpkg as closely as possible, so we remove configuration + # files with dpkg backup extensions too: + ### Some of the following is from Tore Anderson: + for ext in '~' '%' .bak .dpkg-tmp .dpkg-new .dpkg-old .dpkg-dist .ucf-new .ucf-old .ucf-dist; do + rm -f "$conffile$ext" + done + # remove the configuration file itself + rm -f "$conffile" + # and finally clear it out from the ucf database + if which ucf >/dev/null; then + ucf --purge "$conffile" + fi + if which ucfr >/dev/null; then + ucfr --purge dovecot-imapd "$conffile" + fi + done + +fi + +if [ "$1" = "purge" ] || [ "$1" = "remove" ]; then + rm -f /usr/share/dovecot/protocols.d/imapd.protocol +fi + +#DEBHELPER# diff --git a/dovecot-imapd.prerm b/dovecot-imapd.prerm new file mode 100644 index 0000000..2ad0a1f --- /dev/null +++ b/dovecot-imapd.prerm @@ -0,0 +1,12 @@ +#!/bin/sh +set -e + +if [ -d /run/systemd/system ]; then + deb-systemd-invoke stop dovecot.socket || true +fi + +if [ -x "/etc/init.d/dovecot" ]; then + invoke-rc.d dovecot stop +fi + +#DEBHELPER# diff --git a/dovecot-imapd.triggers b/dovecot-imapd.triggers new file mode 100644 index 0000000..a71d0af --- /dev/null +++ b/dovecot-imapd.triggers @@ -0,0 +1 @@ +activate-noawait register-dovecot-plugin diff --git a/dovecot-imapd.ufw.profile b/dovecot-imapd.ufw.profile new file mode 100644 index 0000000..17db05c --- /dev/null +++ b/dovecot-imapd.ufw.profile @@ -0,0 +1,11 @@ +[Dovecot IMAP] +title=Secure mail server (IMAP) +description=Dovecot is a mail server whose major goals are security and extreme + reliability. +ports=143/tcp + +[Dovecot Secure IMAP] +title=Secure mail server (IMAPS) +description=Dovecot is a mail server whose major goals are security and extreme + reliability. +ports=993/tcp diff --git a/dovecot-ldap.links b/dovecot-ldap.links new file mode 100644 index 0000000..0f3fcdb --- /dev/null +++ b/dovecot-ldap.links @@ -0,0 +1 @@ +/usr/share/bug/dovecot-core /usr/share/bug/dovecot-ldap diff --git a/dovecot-ldap.postinst b/dovecot-ldap.postinst new file mode 100644 index 0000000..2a12fb9 --- /dev/null +++ b/dovecot-ldap.postinst @@ -0,0 +1,21 @@ +#!/bin/sh + +set -e + +if [ "$1" = "configure" ]; then + CONFFILES="conf.d/auth-ldap.conf.ext" + + for conffile in $CONFFILES ; do + # Tell ucf that the file in /usr/share/dovecot is the latest + # maintainer version, and let it handle how to manage the real + # configuration file in /etc/dovecot. + ucf --three-way "/usr/share/dovecot/$conffile" "/etc/dovecot/$conffile" + ucfr dovecot-ldap "/etc/dovecot/$conffile" + if [ "$conffile" != "dovecot.conf" ] && [ -f "/etc/dovecot/$conffile" ] && + [ "$(echo "$conffile" | cut -b -7)" != "conf.d/" ]; then + chmod 0600 "/etc/dovecot/$conffile" + fi + done +fi + +#DEBHELPER# diff --git a/dovecot-ldap.postrm b/dovecot-ldap.postrm new file mode 100644 index 0000000..d0405ad --- /dev/null +++ b/dovecot-ldap.postrm @@ -0,0 +1,27 @@ +#!/bin/sh +set -e + +if [ "$1" = "purge" ] ; then + CONFFILES="/etc/dovecot/dovecot-ldap.conf.ext \ + /etc/dovecot/conf.d/auth-ldap.conf.ext" + + for conffile in $CONFFILES; do + # we mimic dpkg as closely as possible, so we remove configuration + # files with dpkg backup extensions too: + ### Some of the following is from Tore Anderson: + for ext in '~' '%' .bak .dpkg-tmp .dpkg-new .dpkg-old .dpkg-dist .ucf-new .ucf-old .ucf-dist; do + rm -f "$conffile$ext" + done + # remove the configuration file itself + rm -f "$conffile" + # and finally clear it out from the ucf database + if which ucf >/dev/null; then + ucf --purge "$conffile" + fi + if which ucfr >/dev/null; then + ucfr --purge dovecot-ldap "$conffile" + fi + done +fi + +#DEBHELPER# diff --git a/dovecot-ldap.triggers b/dovecot-ldap.triggers new file mode 100644 index 0000000..903b9e7 --- /dev/null +++ b/dovecot-ldap.triggers @@ -0,0 +1,2 @@ +activate-noawait register-dovecot-plugin + diff --git a/dovecot-lmtpd.links b/dovecot-lmtpd.links new file mode 100644 index 0000000..bc95bf0 --- /dev/null +++ b/dovecot-lmtpd.links @@ -0,0 +1 @@ +/usr/share/bug/dovecot-core /usr/share/bug/dovecot-lmtpd diff --git a/dovecot-lmtpd.postinst b/dovecot-lmtpd.postinst new file mode 100644 index 0000000..de561e1 --- /dev/null +++ b/dovecot-lmtpd.postinst @@ -0,0 +1,23 @@ +#!/bin/sh + +set -e + +if [ "$1" = "configure" ]; then + CONFFILES="conf.d/20-lmtp.conf" + + for conffile in $CONFFILES ; do + # Tell ucf that the file in /usr/share/dovecot is the latest + # maintainer version, and let it handle how to manage the real + # configuration file in /etc/dovecot. + ucf --three-way "/usr/share/dovecot/$conffile" "/etc/dovecot/$conffile" + ucfr dovecot-lmtpd "/etc/dovecot/$conffile" + done + + cat < /usr/share/dovecot/protocols.d/lmtpd.protocol +protocols { + lmtp = yes +} +EOF +fi + +#DEBHELPER# diff --git a/dovecot-lmtpd.postrm b/dovecot-lmtpd.postrm new file mode 100644 index 0000000..f0b9920 --- /dev/null +++ b/dovecot-lmtpd.postrm @@ -0,0 +1,29 @@ +#!/bin/sh +set -e + +if [ "$1" = "purge" ] ; then + for conffile in $(ucfq --with-colons dovecot-lmtpd | cut -d: -f1); do + # we mimic dpkg as closely as possible, so we remove configuration + # files with dpkg backup extensions too: + ### Some of the following is from Tore Anderson: + for ext in '~' '%' .bak .dpkg-tmp .dpkg-new .dpkg-old .dpkg-dist .ucf-new .ucf-old .ucf-dist; do + rm -f "$conffile$ext" + done + # remove the configuration file itself + rm -f "$conffile" + # and finally clear it out from the ucf database + if which ucf >/dev/null; then + ucf --purge "$conffile" + fi + if which ucfr >/dev/null; then + ucfr --purge dovecot-lmtpd "$conffile" + fi + done + +fi + +if [ "$1" = "purge" ] || [ "$1" = "remove" ]; then + rm -f /usr/share/dovecot/protocols.d/lmtpd.protocol +fi + +#DEBHELPER# diff --git a/dovecot-lmtpd.prerm b/dovecot-lmtpd.prerm new file mode 100644 index 0000000..2ad0a1f --- /dev/null +++ b/dovecot-lmtpd.prerm @@ -0,0 +1,12 @@ +#!/bin/sh +set -e + +if [ -d /run/systemd/system ]; then + deb-systemd-invoke stop dovecot.socket || true +fi + +if [ -x "/etc/init.d/dovecot" ]; then + invoke-rc.d dovecot stop +fi + +#DEBHELPER# diff --git a/dovecot-lmtpd.triggers b/dovecot-lmtpd.triggers new file mode 100644 index 0000000..903b9e7 --- /dev/null +++ b/dovecot-lmtpd.triggers @@ -0,0 +1,2 @@ +activate-noawait register-dovecot-plugin + diff --git a/dovecot-managesieved.README.Debian b/dovecot-managesieved.README.Debian new file mode 100644 index 0000000..6c6aa4a --- /dev/null +++ b/dovecot-managesieved.README.Debian @@ -0,0 +1,17 @@ +Removing dovecot-managesieved +----------------------------- + +If you remove (i.e. with dpkg -r or aptitude remove) this package you will +get an error something like this: + +doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf: +service(managesieve-login): executable is empty + +To avoid it, make sure +/etc/dovecot/conf.d/etc/dovecot/conf.d/20-managesieve.conf has been deleted, +moved or completely commented out first. Alternatively, purge the package +instead of removing it. + +If you do not do this, dovecot-core will be left in an unconfigured state +because the error will cause a trigger to fail. To fix this simply reinstall +dovecot-core. diff --git a/dovecot-managesieved.install b/dovecot-managesieved.install new file mode 100644 index 0000000..14e7229 --- /dev/null +++ b/dovecot-managesieved.install @@ -0,0 +1 @@ +pigeonhole/doc/example-config/conf.d/??-managesieve* usr/share/dovecot/conf.d diff --git a/dovecot-managesieved.links b/dovecot-managesieved.links new file mode 100644 index 0000000..9f3ea79 --- /dev/null +++ b/dovecot-managesieved.links @@ -0,0 +1 @@ +/usr/share/bug/dovecot-core /usr/share/bug/dovecot-managesieved diff --git a/dovecot-managesieved.lintian-overrides b/dovecot-managesieved.lintian-overrides new file mode 100644 index 0000000..4d9c9a1 --- /dev/null +++ b/dovecot-managesieved.lintian-overrides @@ -0,0 +1,2 @@ +dovecot-managesieved: shared-library-lacks-prerequisites [usr/lib/dovecot/modules/settings/libmanagesieve_settings.so] +dovecot-managesieved: library-not-linked-against-libc [usr/lib/dovecot/modules/settings/libmanagesieve_settings.so] diff --git a/dovecot-managesieved.postinst b/dovecot-managesieved.postinst new file mode 100644 index 0000000..4544e1e --- /dev/null +++ b/dovecot-managesieved.postinst @@ -0,0 +1,23 @@ +#!/bin/sh + +set -e + +if [ "$1" = "configure" ]; then + CONFFILES="conf.d/20-managesieve.conf" + + for conffile in $CONFFILES ; do + # Tell ucf that the file in /usr/share/dovecot is the latest + # maintainer version, and let it handle how to manage the real + # configuration file in /etc/dovecot. + ucf --three-way "/usr/share/dovecot/$conffile" "/etc/dovecot/$conffile" + ucfr dovecot-managesieved "/etc/dovecot/$conffile" + done + + cat < /usr/share/dovecot/protocols.d/managesieved.protocol +protocols { + sieve = yes +} +EOF +fi + +#DEBHELPER# diff --git a/dovecot-managesieved.postrm b/dovecot-managesieved.postrm new file mode 100644 index 0000000..f464ccf --- /dev/null +++ b/dovecot-managesieved.postrm @@ -0,0 +1,29 @@ +#!/bin/sh +set -e + +if [ "$1" = "purge" ] ; then + for conffile in $(ucfq --with-colons dovecot-managesieved | cut -d: -f1); do + # we mimic dpkg as closely as possible, so we remove configuration + # files with dpkg backup extensions too: + ### Some of the following is from Tore Anderson: + for ext in '~' '%' .bak .dpkg-tmp .dpkg-new .dpkg-old .dpkg-dist .ucf-new .ucf-old .ucf-dist; do + rm -f "$conffile$ext" + done + # remove the configuration file itself + rm -f "$conffile" + # and finally clear it out from the ucf database + if which ucf >/dev/null; then + ucf --purge "$conffile" + fi + if which ucfr >/dev/null; then + ucfr --purge dovecot-managesieved "$conffile" + fi + done + +fi + +if [ "$1" = "purge" ] || [ "$1" = "remove" ]; then + rm -f /usr/share/dovecot/protocols.d/managesieved.protocol +fi + +#DEBHELPER# diff --git a/dovecot-managesieved.prerm b/dovecot-managesieved.prerm new file mode 100644 index 0000000..2ad0a1f --- /dev/null +++ b/dovecot-managesieved.prerm @@ -0,0 +1,12 @@ +#!/bin/sh +set -e + +if [ -d /run/systemd/system ]; then + deb-systemd-invoke stop dovecot.socket || true +fi + +if [ -x "/etc/init.d/dovecot" ]; then + invoke-rc.d dovecot stop +fi + +#DEBHELPER# diff --git a/dovecot-managesieved.triggers b/dovecot-managesieved.triggers new file mode 100644 index 0000000..903b9e7 --- /dev/null +++ b/dovecot-managesieved.triggers @@ -0,0 +1,2 @@ +activate-noawait register-dovecot-plugin + diff --git a/dovecot-mysql.links b/dovecot-mysql.links new file mode 100644 index 0000000..321547d --- /dev/null +++ b/dovecot-mysql.links @@ -0,0 +1 @@ +/usr/share/bug/dovecot-core /usr/share/bug/dovecot-mysql diff --git a/dovecot-mysql.triggers b/dovecot-mysql.triggers new file mode 100644 index 0000000..903b9e7 --- /dev/null +++ b/dovecot-mysql.triggers @@ -0,0 +1,2 @@ +activate-noawait register-dovecot-plugin + diff --git a/dovecot-openssl.cnf b/dovecot-openssl.cnf new file mode 100644 index 0000000..90bf50c --- /dev/null +++ b/dovecot-openssl.cnf @@ -0,0 +1,23 @@ +# +# SSLeay configuration file for Dovecot. +# + +RANDFILE = /dev/urandom + +[ req ] +default_bits = 2048 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +prompt = no +policy = policy_anything +req_extensions = v3_req +x509_extensions = v3_req + +[ req_distinguished_name ] +organizationName = Dovecot mail server +organizationalUnitName = @commonName@ +commonName = @commonName@ +emailAddress = @emailAddress@ + +[ v3_req ] +basicConstraints = CA:FALSE diff --git a/dovecot-pgsql.links b/dovecot-pgsql.links new file mode 100644 index 0000000..9b4831f --- /dev/null +++ b/dovecot-pgsql.links @@ -0,0 +1 @@ +/usr/share/bug/dovecot-core /usr/share/bug/dovecot-pgsql diff --git a/dovecot-pgsql.triggers b/dovecot-pgsql.triggers new file mode 100644 index 0000000..903b9e7 --- /dev/null +++ b/dovecot-pgsql.triggers @@ -0,0 +1,2 @@ +activate-noawait register-dovecot-plugin + diff --git a/dovecot-pop3d.links b/dovecot-pop3d.links new file mode 100644 index 0000000..24ce7f6 --- /dev/null +++ b/dovecot-pop3d.links @@ -0,0 +1 @@ +/usr/share/bug/dovecot-core /usr/share/bug/dovecot-pop3d diff --git a/dovecot-pop3d.postinst b/dovecot-pop3d.postinst new file mode 100644 index 0000000..8560956 --- /dev/null +++ b/dovecot-pop3d.postinst @@ -0,0 +1,23 @@ +#!/bin/sh + +set -e + +if [ "$1" = "configure" ]; then + CONFFILES="conf.d/20-pop3.conf" + + for conffile in $CONFFILES ; do + # Tell ucf that the file in /usr/share/dovecot is the latest + # maintainer version, and let it handle how to manage the real + # configuration file in /etc/dovecot. + ucf --three-way "/usr/share/dovecot/$conffile" "/etc/dovecot/$conffile" + ucfr dovecot-pop3d "/etc/dovecot/$conffile" + done + + cat < /usr/share/dovecot/protocols.d/pop3d.protocol +protocols { + pop3 = yes +} +EOF +fi + +#DEBHELPER# diff --git a/dovecot-pop3d.postrm b/dovecot-pop3d.postrm new file mode 100644 index 0000000..0c858f1 --- /dev/null +++ b/dovecot-pop3d.postrm @@ -0,0 +1,29 @@ +#!/bin/sh +set -e + +if [ "$1" = "purge" ] ; then + for conffile in $(ucfq --with-colons dovecot-pop3d | cut -d: -f1); do + # we mimic dpkg as closely as possible, so we remove configuration + # files with dpkg backup extensions too: + ### Some of the following is from Tore Anderson: + for ext in '~' '%' .bak .dpkg-tmp .dpkg-new .dpkg-old .dpkg-dist .ucf-new .ucf-old .ucf-dist; do + rm -f "$conffile$ext" + done + # remove the configuration file itself + rm -f "$conffile" + # and finally clear it out from the ucf database + if which ucf >/dev/null; then + ucf --purge "$conffile" + fi + if which ucfr >/dev/null; then + ucfr --purge dovecot-pop3d "$conffile" + fi + done + +fi + +if [ "$1" = "purge" ] || [ "$1" = "remove" ]; then + rm -f /usr/share/dovecot/protocols.d/pop3d.protocol +fi + +#DEBHELPER# diff --git a/dovecot-pop3d.prerm b/dovecot-pop3d.prerm new file mode 100644 index 0000000..2ad0a1f --- /dev/null +++ b/dovecot-pop3d.prerm @@ -0,0 +1,12 @@ +#!/bin/sh +set -e + +if [ -d /run/systemd/system ]; then + deb-systemd-invoke stop dovecot.socket || true +fi + +if [ -x "/etc/init.d/dovecot" ]; then + invoke-rc.d dovecot stop +fi + +#DEBHELPER# diff --git a/dovecot-pop3d.triggers b/dovecot-pop3d.triggers new file mode 100644 index 0000000..903b9e7 --- /dev/null +++ b/dovecot-pop3d.triggers @@ -0,0 +1,2 @@ +activate-noawait register-dovecot-plugin + diff --git a/dovecot-pop3d.ufw.profile b/dovecot-pop3d.ufw.profile new file mode 100644 index 0000000..a46df40 --- /dev/null +++ b/dovecot-pop3d.ufw.profile @@ -0,0 +1,11 @@ +[Dovecot POP3] +title=Secure mail server (POP3) +description=Dovecot is a mail server whose major goals are security and extreme + reliability. +ports=110/tcp + +[Dovecot Secure POP3] +title=Secure mail server (POP3S) +description=Dovecot is a mail server whose major goals are security and extreme + reliability. +ports=995/tcp diff --git a/dovecot-sieve.links b/dovecot-sieve.links new file mode 100644 index 0000000..971b50a --- /dev/null +++ b/dovecot-sieve.links @@ -0,0 +1 @@ +/usr/share/bug/dovecot-core /usr/share/bug/dovecot-sieve diff --git a/dovecot-sieve.lintian-overrides b/dovecot-sieve.lintian-overrides new file mode 100644 index 0000000..840cfef --- /dev/null +++ b/dovecot-sieve.lintian-overrides @@ -0,0 +1,4 @@ +# ignore internal library without dependency information +dovecot-sieve: shared-library-lacks-prerequisites [usr/lib/dovecot/modules/sieve/lib90_sieve_imapsieve_plugin.so] +# alias for sieve-dump +dovecot-sieve: spare-manual-page [usr/share/man/man1/sieved.1.gz] diff --git a/dovecot-sieve.postinst b/dovecot-sieve.postinst new file mode 100644 index 0000000..6fb5244 --- /dev/null +++ b/dovecot-sieve.postinst @@ -0,0 +1,18 @@ +#!/bin/sh + +set -e + +if [ "$1" = "configure" ]; then + CONFFILES="conf.d/90-sieve.conf \ + conf.d/90-sieve-extprograms.conf" + + for conffile in $CONFFILES ; do + # Tell ucf that the file in /usr/share/dovecot is the latest + # maintainer version, and let it handle how to manage the real + # configuration file in /etc/dovecot. + ucf --three-way "/usr/share/dovecot/$conffile" "/etc/dovecot/$conffile" + ucfr dovecot-sieve "/etc/dovecot/$conffile" + done +fi + +#DEBHELPER# diff --git a/dovecot-sieve.postrm b/dovecot-sieve.postrm new file mode 100644 index 0000000..db48cfc --- /dev/null +++ b/dovecot-sieve.postrm @@ -0,0 +1,24 @@ +#!/bin/sh +set -e + +if [ "$1" = "purge" ] ; then + for conffile in $(ucfq --with-colons dovecot-sieve | cut -d: -f1); do + # we mimic dpkg as closely as possible, so we remove configuration + # files with dpkg backup extensions too: + ### Some of the following is from Tore Anderson: + for ext in '~' '%' .bak .dpkg-tmp .dpkg-new .dpkg-old .dpkg-dist .ucf-new .ucf-old .ucf-dist; do + rm -f "$conffile$ext" + done + # remove the configuration file itself + rm -f "$conffile" + # and finally clear it out from the ucf database + if which ucf >/dev/null; then + ucf --purge "$conffile" + fi + if which ucfr >/dev/null; then + ucfr --purge dovecot-sieve "$conffile" + fi + done +fi + +#DEBHELPER# diff --git a/dovecot-sieve.triggers b/dovecot-sieve.triggers new file mode 100644 index 0000000..903b9e7 --- /dev/null +++ b/dovecot-sieve.triggers @@ -0,0 +1,2 @@ +activate-noawait register-dovecot-plugin + diff --git a/dovecot-solr.README.Debian b/dovecot-solr.README.Debian new file mode 100644 index 0000000..edc5d75 --- /dev/null +++ b/dovecot-solr.README.Debian @@ -0,0 +1,2 @@ +After installing this package, the solr XML schema can be found in +/usr/share/dovecot/solr-schema-*.xml diff --git a/dovecot-solr.install b/dovecot-solr.install new file mode 100644 index 0000000..c14caf4 --- /dev/null +++ b/dovecot-solr.install @@ -0,0 +1 @@ +doc/solr-*.xml usr/share/dovecot diff --git a/dovecot-solr.links b/dovecot-solr.links new file mode 100644 index 0000000..7536822 --- /dev/null +++ b/dovecot-solr.links @@ -0,0 +1 @@ +/usr/share/bug/dovecot-core /usr/share/bug/dovecot-solr diff --git a/dovecot-solr.triggers b/dovecot-solr.triggers new file mode 100644 index 0000000..903b9e7 --- /dev/null +++ b/dovecot-solr.triggers @@ -0,0 +1,2 @@ +activate-noawait register-dovecot-plugin + diff --git a/dovecot-sqlite.links b/dovecot-sqlite.links new file mode 100644 index 0000000..2204ea7 --- /dev/null +++ b/dovecot-sqlite.links @@ -0,0 +1 @@ +/usr/share/bug/dovecot-core /usr/share/bug/dovecot-sqlite diff --git a/dovecot-sqlite.triggers b/dovecot-sqlite.triggers new file mode 100644 index 0000000..903b9e7 --- /dev/null +++ b/dovecot-sqlite.triggers @@ -0,0 +1,2 @@ +activate-noawait register-dovecot-plugin + diff --git a/dovecot-submissiond.postinst b/dovecot-submissiond.postinst new file mode 100644 index 0000000..7459606 --- /dev/null +++ b/dovecot-submissiond.postinst @@ -0,0 +1,27 @@ +#!/bin/sh + +set -e + +if [ "$1" = "configure" ]; then + CONFFILES="conf.d/20-submission.conf" + + for conffile in $CONFFILES ; do + # Tell ucf that the file in /usr/share/dovecot is the latest + # maintainer version, and let it handle how to manage the real + # configuration file in /etc/dovecot. + ucf --three-way "/usr/share/dovecot/$conffile" "/etc/dovecot/$conffile" + # Use --force to allow hijacking the file from dovecot-submission + ucfr --force dovecot-submissiond "/etc/dovecot/$conffile" + done + + if [ -f /usr/share/dovecot/protocols.d/submission.protocol ]; then + rm -f /usr/share/dovecot/protocols.d/submission.protocol + fi + cat < /usr/share/dovecot/protocols.d/submissiond.protocol +protocols { + submission = yes +} +EOF +fi + +#DEBHELPER# diff --git a/dovecot-submissiond.postrm b/dovecot-submissiond.postrm new file mode 100644 index 0000000..eaea028 --- /dev/null +++ b/dovecot-submissiond.postrm @@ -0,0 +1,29 @@ +#!/bin/sh +set -e + +if [ "$1" = "purge" ] ; then + for conffile in $(ucfq --with-colons dovecot-submissiond | cut -d: -f1); do + # we mimic dpkg as closely as possible, so we remove configuration + # files with dpkg backup extensions too: + ### Some of the following is from Tore Anderson: + for ext in '~' '%' .bak .dpkg-tmp .dpkg-new .dpkg-old .dpkg-dist .ucf-new .ucf-old .ucf-dist; do + rm -f "$conffile$ext" + done + # remove the configuration file itself + rm -f "$conffile" + # and finally clear it out from the ucf database + if which ucf >/dev/null; then + ucf --purge "$conffile" + fi + if which ucfr >/dev/null; then + ucfr --purge dovecot-submissiond "$conffile" + fi + done + +fi + +if [ "$1" = "purge" ] || [ "$1" = "remove" ]; then + rm -f /usr/share/dovecot/protocols.d/submissiond.protocol +fi + +#DEBHELPER# diff --git a/dovecot-submissiond.prerm b/dovecot-submissiond.prerm new file mode 100644 index 0000000..2ad0a1f --- /dev/null +++ b/dovecot-submissiond.prerm @@ -0,0 +1,12 @@ +#!/bin/sh +set -e + +if [ -d /run/systemd/system ]; then + deb-systemd-invoke stop dovecot.socket || true +fi + +if [ -x "/etc/init.d/dovecot" ]; then + invoke-rc.d dovecot stop +fi + +#DEBHELPER# diff --git a/dovecot-submissiond.triggers b/dovecot-submissiond.triggers new file mode 100644 index 0000000..a71d0af --- /dev/null +++ b/dovecot-submissiond.triggers @@ -0,0 +1 @@ +activate-noawait register-dovecot-plugin diff --git a/gbp.conf b/gbp.conf new file mode 100644 index 0000000..d2026bc --- /dev/null +++ b/gbp.conf @@ -0,0 +1,14 @@ +[DEFAULT] +pristine-tar = True +sign-tags = True +component=pigeonhole + +[buildpackage] +export-dir = ../build-area/ + +[dch] +meta = True +id-length = 7 + +[pq] +patch-numbers = False diff --git a/maildirmake.dovecot b/maildirmake.dovecot new file mode 100644 index 0000000..5313d13 --- /dev/null +++ b/maildirmake.dovecot @@ -0,0 +1,28 @@ +#!/bin/sh +# +# maildirmake.dovecot -- create maildirs +# Copyright (c) 2003, Jaldhar H. Vyas +# "Do what thou wilt" shall be the whole of the license. +# +dir="$1" +owner="$2" +if [ -z "$dir" ]; then + echo "Must supply a directory path" + exit 1 +fi + +if [ "$dir" = "-h" ]; then + echo "usage: $0 directory [user]" + exit 0 +fi + +umask 077 +mkdir -p "$dir/cur" "$dir/new" "$dir/tmp" || exit 1 +chmod 0700 "$dir" "$dir/cur" "$dir/new" "$dir/tmp" || exit 1 + +if [ -n "$owner" ]; then + chown -R "$owner" "$dir" || exit 1 +fi + +exit 0 + diff --git a/maildirmake.dovecot.1 b/maildirmake.dovecot.1 new file mode 100644 index 0000000..a814c81 --- /dev/null +++ b/maildirmake.dovecot.1 @@ -0,0 +1,46 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH "MAILDIRMAKE.DOVECOT" "1" "23 November 2005" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +maildirmake.dovecot \- creates maildirs and maildir subfolders +.SH SYNOPSIS +.B maildirmake.dovecot +\fBdirectory\fR [ \fRowner\fR ] \fR +.br +.SH DESCRIPTION +.\" TeX users may be more comfortable with the \fB\fP and +.\" \fI\fP escape sequences to invode bold face and italics, +.\" respectively. +\fBmaildirmake.dovecot\fP creates a maildir and its maildir subfolders (cur, new, tmp). +\fBdirectory\fP is the name of the new maildir. If \fBdirectory\fP exists cur, new, tmp directories are created inside it. +.TP +You can specify \fBowner\fP to change directories ownership if you have ownership modification permission. +.TP +\fBmaildirmake.dovecot\fP is very basic. It is strongly recommended to use \fBmaildirmake\fP if you want to do serious maildir management. +.SH OPTIONS +.TP +\fB-h\fP +Show options summary and exits immediately. +.SH SEE ALSO +.BR maildirmake (1). +.BR maildir (5). +.SH AUTHOR +.TP +dovecot was written by Timo Sirainen . maildirmake.dovecot script was written by Jaldhar H. Vyas +.PP +This manual page was written by Henry Precheur , +for the Debian project (but may be used by others). diff --git a/patches/0001-lda-Fix-using-USER-environment-if-d-hasn-t-been-spec.patch b/patches/0001-lda-Fix-using-USER-environment-if-d-hasn-t-been-spec.patch new file mode 100644 index 0000000..2d55416 --- /dev/null +++ b/patches/0001-lda-Fix-using-USER-environment-if-d-hasn-t-been-spec.patch @@ -0,0 +1,38 @@ +From 0d490d6453b4779bc711f1b998e6d09ae2aab8a8 Mon Sep 17 00:00:00 2001 +From: Timo Sirainen +Date: Mon, 26 May 2025 09:37:35 +0300 +Subject: [PATCH] lda: Fix using USER environment if -d hasn't been specified + +This became broken at some point. +--- + src/lda/main.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +Index: dovecot/src/lda/main.c +=================================================================== +--- dovecot.orig/src/lda/main.c ++++ dovecot/src/lda/main.c +@@ -453,9 +453,6 @@ int main(int argc, char *argv[]) + i_fatal_status(EX_USAGE, "Unknown argument: %s", argv[optind]); + } + +- if (master_service_settings_read_simple(master_service, &error) < 0) +- i_fatal("%s", error); +- + process_euid = geteuid(); + if ((service_flags & MAIL_STORAGE_SERVICE_FLAG_USERDB_LOOKUP) != 0) + ; +@@ -485,6 +482,13 @@ int main(int argc, char *argv[]) + i_fatal_status(EX_USAGE, + "destination user parameter (-d user) not given"); + } ++ struct master_service_settings_input set_input = { ++ .preserve_user = TRUE, ++ }; ++ struct master_service_settings_output set_output; ++ if (master_service_settings_read(master_service, &set_input, ++ &set_output, &error) < 0) ++ i_fatal("%s", error); + master_service_init_finish(master_service); + + dinput.mail_from = mail_from; diff --git a/patches/0002-lda-Default-mail_home-HOME-environment-if-not-using-.patch b/patches/0002-lda-Default-mail_home-HOME-environment-if-not-using-.patch new file mode 100644 index 0000000..b5ac966 --- /dev/null +++ b/patches/0002-lda-Default-mail_home-HOME-environment-if-not-using-.patch @@ -0,0 +1,34 @@ +From 42864e4182c7bfe2931fdf888f3cb4ba77953dee Mon Sep 17 00:00:00 2001 +From: Timo Sirainen +Date: Mon, 26 May 2025 09:45:56 +0300 +Subject: [PATCH] lda: Default mail_home=$HOME environment if not using userdb + lookup + +The previous code to do this was removed by +e57d5b9002f910c095ee5b55821395fcf1da016a +--- + src/lda/main.c | 5 +++++ + 1 file changed, 5 insertions(+) + +Index: dovecot/src/lda/main.c +=================================================================== +--- dovecot.orig/src/lda/main.c ++++ dovecot/src/lda/main.c +@@ -478,12 +478,17 @@ int main(int argc, char *argv[]) + "Couldn't lookup our username (uid=%s)", + dec2str(process_euid)); + } ++ struct settings_root *set_root = ++ master_service_get_settings_root(master_service); ++ settings_root_override(set_root, "mail_home", home, ++ SETTINGS_OVERRIDE_TYPE_DEFAULT); + } else { + i_fatal_status(EX_USAGE, + "destination user parameter (-d user) not given"); + } + struct master_service_settings_input set_input = { + .preserve_user = TRUE, ++ .preserve_home = TRUE, + }; + struct master_service_settings_output set_output; + if (master_service_settings_read(master_service, &set_input, diff --git a/patches/Use-_FORTIFY_SOURCE-level-3.patch b/patches/Use-_FORTIFY_SOURCE-level-3.patch new file mode 100644 index 0000000..5fba84a --- /dev/null +++ b/patches/Use-_FORTIFY_SOURCE-level-3.patch @@ -0,0 +1,58 @@ +From: =?utf-8?q?Christian_G=C3=B6ttsche?= +Date: Thu, 22 Dec 2022 17:00:53 +0100 +Subject: Use _FORTIFY_SOURCE level 3 + +Forwarded: not-needed +--- + m4/dovecot.m4 | 6 +++--- + pigeonhole/m4/dovecot.m4 | 6 +++--- + 2 files changed, 6 insertions(+), 6 deletions(-) + +Index: dovecot/m4/dovecot.m4 +=================================================================== +--- dovecot.orig/m4/dovecot.m4 ++++ dovecot/m4/dovecot.m4 +@@ -9,7 +9,7 @@ dnl modifications, as long as this notic + # serial 42 + + dnl +-dnl Check for support for D_FORTIFY_SOURCE=2 ++dnl Check for support for D_FORTIFY_SOURCE=3 + dnl + + AC_DEFUN([AC_CC_D_FORTIFY_SOURCE],[ +@@ -17,8 +17,8 @@ AC_DEFUN([AC_CC_D_FORTIFY_SOURCE],[ + AS_IF([test "$enable_hardening" = yes], [ + case "$host" in + *) +- gl_COMPILER_OPTION_IF([-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2], [ +- CFLAGS="$CFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2" ++ gl_COMPILER_OPTION_IF([-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3], [ ++ CFLAGS="$CFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3" + ], + [], + [AC_LANG_PROGRAM()] +Index: dovecot/pigeonhole/m4/dovecot.m4 +=================================================================== +--- dovecot.orig/pigeonhole/m4/dovecot.m4 ++++ dovecot/pigeonhole/m4/dovecot.m4 +@@ -9,7 +9,7 @@ dnl modifications, as long as this notic + # serial 41 + + dnl +-dnl Check for support for D_FORTIFY_SOURCE=2 ++dnl Check for support for D_FORTIFY_SOURCE=3 + dnl + + AC_DEFUN([AC_CC_D_FORTIFY_SOURCE],[ +@@ -17,8 +17,8 @@ AC_DEFUN([AC_CC_D_FORTIFY_SOURCE],[ + AS_IF([test "$enable_hardening" = yes], [ + case "$host" in + *) +- gl_COMPILER_OPTION_IF([-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2], [ +- CFLAGS="$CFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2" ++ gl_COMPILER_OPTION_IF([-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3], [ ++ CFLAGS="$CFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3" + ], + [], + [AC_LANG_PROGRAM()] diff --git a/patches/bug1104549-gssapi-regression.patch b/patches/bug1104549-gssapi-regression.patch new file mode 100644 index 0000000..d95115c --- /dev/null +++ b/patches/bug1104549-gssapi-regression.patch @@ -0,0 +1,21 @@ +Description: Fix GSSAPI regression + Dovecot 2.4 introduced a regression that broke GSSAPI authentication for + some clients. This patch contains a fix provided by the upstream maintainers. +Origin: https://dovecot.org/mailman3/archives/list/dovecot@dovecot.org/message/O54EAGLIXXHMOH7BQCCKHHB3Z32HDWVR/ +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104549 +Last-Update: 2025-05-02 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: dovecot/src/auth/mech-gssapi.c +=================================================================== +--- dovecot.orig/src/auth/mech-gssapi.c ++++ dovecot/src/auth/mech-gssapi.c +@@ -672,7 +672,7 @@ mech_gssapi_auth_initial(struct auth_req + + if (data_size == 0) { + /* The client should go first */ +- auth_request_handler_reply_continue(request, NULL, 0); ++ auth_request_handler_reply_continue(request, uchar_empty_ptr, 0); + } else { + mech_gssapi_auth_continue(request, data, data_size); + } diff --git a/patches/fit-32-bit-test-integers.patch b/patches/fit-32-bit-test-integers.patch new file mode 100644 index 0000000..3238f76 --- /dev/null +++ b/patches/fit-32-bit-test-integers.patch @@ -0,0 +1,61 @@ +Index: dovecot/src/lib/test-event-filter.c +=================================================================== +--- dovecot.orig/src/lib/test-event-filter.c ++++ dovecot/src/lib/test-event-filter.c +@@ -1003,32 +1003,32 @@ static void test_event_filter_interval_v + { "field > 1mins", 60 * 1000 * 1000, FALSE }, + { "field < 1mins", 60 * 1000 * 1000, FALSE }, + +- { "field = 1hours", 60L * 60 * 1000 * 1000, TRUE }, +- { "field = 1h", 60L * 60 * 1000 * 1000, TRUE }, +- { "field = 3600000000", 60L * 60 * 1000 * 1000, TRUE }, +- { "field >= 1hours", 60L * 60 * 1000 * 1000, TRUE }, +- { "field <= 1hours", 60L * 60 * 1000 * 1000, TRUE }, +- { "field > 1mins", 60L * 60 * 1000 * 1000, TRUE }, +- { "field > 1hours", 60L * 60 * 1000 * 1000, FALSE }, +- { "field < 1hours", 60L * 60 * 1000 * 1000, FALSE }, ++ { "field = 1hours", 60LL * 60 * 1000 * 1000, TRUE }, ++ { "field = 1h", 60LL * 60 * 1000 * 1000, TRUE }, ++ { "field = 3600000000", 60LL * 60 * 1000 * 1000, TRUE }, ++ { "field >= 1hours", 60LL * 60 * 1000 * 1000, TRUE }, ++ { "field <= 1hours", 60LL * 60 * 1000 * 1000, TRUE }, ++ { "field > 1mins", 60LL * 60 * 1000 * 1000, TRUE }, ++ { "field > 1hours", 60LL * 60 * 1000 * 1000, FALSE }, ++ { "field < 1hours", 60LL * 60 * 1000 * 1000, FALSE }, + +- { "field = 1days", 24L * 60 * 60 * 1000 * 1000, TRUE }, +- { "field = 1d", 24L * 60 * 60 * 1000 * 1000, TRUE }, +- { "field = 86400000000", 24L * 60 * 60 * 1000 * 1000, TRUE }, +- { "field >= 1days", 24L * 60 * 60 * 1000 * 1000, TRUE }, +- { "field <= 1days", 24L * 60 * 60 * 1000 * 1000, TRUE }, +- { "field > 1hours", 24L * 60 * 60 * 1000 * 1000, TRUE }, +- { "field > 1days", 24L * 60 * 60 * 1000 * 1000, FALSE }, +- { "field < 1days", 24L * 60 * 60 * 1000 * 1000, FALSE }, ++ { "field = 1days", 24LL * 60 * 60 * 1000 * 1000, TRUE }, ++ { "field = 1d", 24LL * 60 * 60 * 1000 * 1000, TRUE }, ++ { "field = 86400000000", 24LL * 60 * 60 * 1000 * 1000, TRUE }, ++ { "field >= 1days", 24LL * 60 * 60 * 1000 * 1000, TRUE }, ++ { "field <= 1days", 24LL * 60 * 60 * 1000 * 1000, TRUE }, ++ { "field > 1hours", 24LL * 60 * 60 * 1000 * 1000, TRUE }, ++ { "field > 1days", 24LL * 60 * 60 * 1000 * 1000, FALSE }, ++ { "field < 1days", 24LL * 60 * 60 * 1000 * 1000, FALSE }, + +- { "field = 1weeks", 7L * 24 * 60 * 60 * 1000 * 1000, TRUE }, +- { "field = 1w", 7L * 24 * 60 * 60 * 1000 * 1000, TRUE }, +- { "field = 604800000000", 7L * 24 * 60 * 60 * 1000 * 1000, TRUE }, +- { "field >= 1weeks", 7L * 24 * 60 * 60 * 1000 * 1000, TRUE }, +- { "field <= 1weeks", 7L * 24 * 60 * 60 * 1000 * 1000, TRUE }, +- { "field > 1days", 7L * 24 * 60 * 60 * 1000 * 1000, TRUE }, +- { "field > 1weeks", 7L * 24 * 60 * 60 * 1000 * 1000, FALSE }, +- { "field < 1weeks", 7L * 24 * 60 * 60 * 1000 * 1000, FALSE }, ++ { "field = 1weeks", 7LL * 24 * 60 * 60 * 1000 * 1000, TRUE }, ++ { "field = 1w", 7LL * 24 * 60 * 60 * 1000 * 1000, TRUE }, ++ { "field = 604800000000", 7LL * 24 * 60 * 60 * 1000 * 1000, TRUE }, ++ { "field >= 1weeks", 7LL * 24 * 60 * 60 * 1000 * 1000, TRUE }, ++ { "field <= 1weeks", 7LL * 24 * 60 * 60 * 1000 * 1000, TRUE }, ++ { "field > 1days", 7LL * 24 * 60 * 60 * 1000 * 1000, TRUE }, ++ { "field > 1weeks", 7LL * 24 * 60 * 60 * 1000 * 1000, FALSE }, ++ { "field < 1weeks", 7LL * 24 * 60 * 60 * 1000 * 1000, FALSE }, + }; + + struct event_filter *filter; diff --git a/patches/fix-man-errors.patch b/patches/fix-man-errors.patch new file mode 100644 index 0000000..88c8de6 --- /dev/null +++ b/patches/fix-man-errors.patch @@ -0,0 +1,72 @@ +Description: Fix groff errors in upstream manpages +Author: Noah Meyerhans +Forwarded: no +Last-Update: 2025-05-02 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: dovecot/doc/man/dovecot-lda.1 +=================================================================== +--- dovecot.orig/doc/man/dovecot-lda.1 ++++ dovecot/doc/man/dovecot-lda.1 +@@ -1,5 +1,6 @@ +-.TH "" "" "March 2025" "78ffb79" "Dovecot" +-dovecot-lda - Dovecot's local mail delivery agent ++.TH "DOVECOT-LDA" "1" "March 2025" "78ffb79" "Dovecot" ++.SH "NAME" ++\fBdovecot-lda\fR - Dovecot's local mail delivery agent + .SH "SYNOPSIS" + .P + \fBdovecot-lda\fR \[lB]\fB-ek\fR\[rB] \[lB]\fB-a\fR \fIaddress\fR\[rB] \[lB]\fB-c\fR \fIconfig_file\fR\[rB] \[lB]\fB-d\fR \fIusername\fR\[rB] \[lB]\fB-f\fR \fIenvelope_sender\fR\[rB] \[lB]\fB-m\fR \fImailbox\fR\[rB] \[lB]\fB-o\fR \fIsetting=value\fR\[rB] \[lB]\fB-p\fR \fIpath\fR\[rB] \[lB]\fB-r\fR \fIaddress\fR\[rB] +Index: dovecot/doc/man/doveadm-deduplicate.1 +=================================================================== +--- dovecot.orig/doc/man/doveadm-deduplicate.1 ++++ dovecot/doc/man/doveadm-deduplicate.1 +@@ -6,7 +6,7 @@ + \fBdoveadm\fR \[lB]\fIGLOBAL OPTIONS\fR\[rB] \fBdeduplicate\fR \[lB]\fB-u\fR \fIuser\fR | \fB-A\fR | \fB-F\fR \fIfile\fR | \fB--no-userdb-lookup\fR\[rB] \[lB]\fB-S\fR \fIsocket_path\fR\[rB] \[lB]\fB-m\fR\[rB] \fIsearch_query\fR + .SH "DESCRIPTION" + .P +-. doveadm(1) will delete the newest duplicated messages from the mailbox and keep the oldest. ++doveadm(1) will delete the newest duplicated messages from the mailbox and keep the oldest. + .P + Deduplication across multiple mailboxes is not supported. + .SH "GLOBAL OPTIONS" +@@ -157,7 +157,7 @@ Run the \fIcommand\fR only for the given + .RS 0 + .RS 4 + .P +-' will be sufficient. See doveadm-search-query(7) for details. ++will be sufficient. See doveadm-search-query(7) for details. + .RE 0 + + .RE 0 +@@ -179,7 +179,7 @@ guid uid + 8aad0f0a30169f4bea620000ca356bad 18756 + 923e301ab9219b4b4f440000ca356bad 18748 + 923e301ab9219b4b4f440000ca356bad 18753 +-... ++\fR... + .fi + .RE + .P +@@ -196,7 +196,7 @@ guid uid + 8aad0f0a30169f4bea620000ca356bad 18751 + 923e301ab9219b4b4f440000ca356bad 18748 + a7999e1530739c4bd26d0000ca356bad 18749 +-... ++\fR... + .fi + .RE + .SH "REPORTING BUGS" +Index: dovecot/doc/man/doveadm-fetch.1 +=================================================================== +--- dovecot.orig/doc/man/doveadm-fetch.1 ++++ dovecot/doc/man/doveadm-fetch.1 +@@ -377,7 +377,7 @@ The date-time attribute when present, ot + .RS 0 + .RS 4 + .P +-Fetch messages matching this search query. See doveadm-search-query(1) for details. ++Fetch messages matching this search query. See doveadm-search-query(7) for details. + .RE 0 + + .RE 0 diff --git a/patches/series b/patches/series new file mode 100644 index 0000000..276da5e --- /dev/null +++ b/patches/series @@ -0,0 +1,27 @@ +#split-protocols.patch +#fix-mail_plugin_dir-default.patch +#ssl-cert-location.patch +#tcpwrapper.patch +#default-mail_location.patch +#mboxlocking.patch +#dovecot_name.patch +#ssl-dh-params-location.patch +skip-rfc-subdir.patch +#Correct-misspellings.patch +#test-backtrace.patch +#doveadm-director.1-drop-acute-accent.patch +#Fix-32bit-sign-comparisons.patch +#Improve-cross-compile-support.patch +#Silence-LTO-related-compiler-warning.patch +#md4-md5-disable-optimization-causing-unaligned-access.patch +#Support-openssl-3.0.patch +#Debug-flaky-unit-test.patch +#auth-Fix-handling-passdbs-with-identical-driver-args-but-.patch +#auth-Add-a-comment-about-updating-userdb_find.patch +#Fix-uninitialized-read-in-doveadm-oldstats.patch +0001-lda-Fix-using-USER-environment-if-d-hasn-t-been-spec.patch +0002-lda-Default-mail_home-HOME-environment-if-not-using-.patch +Use-_FORTIFY_SOURCE-level-3.patch +fit-32-bit-test-integers.patch +bug1104549-gssapi-regression.patch +fix-man-errors.patch diff --git a/patches/skip-rfc-subdir.patch b/patches/skip-rfc-subdir.patch new file mode 100644 index 0000000..5f35dc0 --- /dev/null +++ b/patches/skip-rfc-subdir.patch @@ -0,0 +1,34 @@ +From: Noah Meyerhans +Date: Thu, 21 May 2020 21:48:59 -0700 +Subject: Don't try to build doc/rfc subdir components +Forwarded: not-needed +--- + pigeonhole/configure.ac | 1 - + pigeonhole/doc/Makefile.am | 1 - + pigeonhole/doc/Makefile.in | 1 - + 3 files changed, 3 deletions(-) + +Index: dovecot/pigeonhole/configure.ac +=================================================================== +--- dovecot.orig/pigeonhole/configure.ac ++++ dovecot/pigeonhole/configure.ac +@@ -258,7 +258,6 @@ doc/Makefile + doc/man/Makefile + doc/example-config/Makefile + doc/example-config/conf.d/Makefile +-doc/rfc/Makefile + doc/extensions/Makefile + doc/locations/Makefile + doc/plugins/Makefile +Index: dovecot/pigeonhole/doc/Makefile.am +=================================================================== +--- dovecot.orig/pigeonhole/doc/Makefile.am ++++ dovecot/pigeonhole/doc/Makefile.am +@@ -1,7 +1,6 @@ + SUBDIRS = \ + man \ + example-config \ +- rfc \ + extensions \ + locations \ + plugins diff --git a/po/nl.po b/po/nl.po new file mode 100644 index 0000000..e5c0446 --- /dev/null +++ b/po/nl.po @@ -0,0 +1,102 @@ +# Dutch translation of dovecot debconf templates. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the dovecot package. +# Frans Spiesschaert , 2014. +# +msgid "" +msgstr "" +"Project-Id-Version: dovecot\n" +"Report-Msgid-Bugs-To: dovecot@packages.debian.org\n" +"POT-Creation-Date: 2013-11-07 07:06+0100\n" +"PO-Revision-Date: 2014-10-04 22:25+0200\n" +"Last-Translator: Frans Spiesschaert \n" +"Language-Team: Debian Dutch l10n Team \n" +"Language: nl\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: error +#. Description +#: ../dovecot-core.templates:2001 +msgid "Wrong location for SSL certificates" +msgstr "De SSL-certificaten staan op een verkeerde plaats" + +#. Type: error +#. Description +#: ../dovecot-core.templates:2001 +msgid "" +"This machine uses SSL certificates for Dovecot. These certificates should be " +"moved from /etc/ssl to /etc/dovecot and Dovecot's configuration file (/etc/" +"dovecot/conf.d/10-ssl.conf) should be updated accordingly." +msgstr "" +"Deze computer gebruikt SSL-certificaten voor Dovecot. Deze certificaten " +"moeten verplaatst worden van /etc/ssl naar /etc/dovecot en het " +"configuratiebestand van Dovecot (/etc/dovecot/conf.d/10-ssl.conf) moet in " +"die zin aangepast worden." + +#. Type: error +#. Description +#: ../dovecot-core.templates:2001 +msgid "Please read /usr/share/doc/dovecot-core/README.Debian.gz for details." +msgstr "" +"Raadpleeg /usr/share/doc/dovecot-core/README.Debian.gz voor de details." + +#. Type: boolean +#. Description +#: ../dovecot-core.templates:3001 +msgid "Create a self-signed SSL certificate?" +msgstr "Een door uzelf ondertekend SSL-certificaat aanmaken?" + +#. Type: boolean +#. Description +#: ../dovecot-core.templates:3001 +msgid "" +"An SSL certificate is needed in order to use IMAP or POP3 over SSL/TLS. No " +"such certificate was found." +msgstr "" +"U heeft een SSL-certificaat nodig om IMAP of POP3 over SSL/TLS te kunnen " +"gebruiken. Een dergelijk certificaat werd niet gevonden." + +#. Type: boolean +#. Description +#: ../dovecot-core.templates:3001 +msgid "" +"Please choose whether you want to create one now. This will then be a self-" +"signed certificate." +msgstr "" +"Geef aan of u nu een dergelijk certificaat wilt aanmaken. In dat geval zal " +"het een door uzelf ondertekend certificaat zijn." + +#. Type: boolean +#. Description +#: ../dovecot-core.templates:3001 +msgid "" +"If you choose not to create a certificate, please adapt Dovecot's " +"configuration file (/etc/dovecot/conf.d/10-ssl.conf)." +msgstr "" +"Indien u ervoor kiest om geen certificaat aan te maken, dan moet u het " +"configuratiebestand van Dovecot (/etc/dovecot/conf.d/10-ssl.conf) wijzigen." + +#. Type: string +#. Description +#: ../dovecot-core.templates:4001 +msgid "Host name:" +msgstr "Computernaam" + +#. Type: string +#. Description +#: ../dovecot-core.templates:4001 +msgid "Please enter the host name to use in the SSL certificate." +msgstr "" +"Geef aan welke computernaam gebruikt moet worden in het SSL-certificaat." + +#. Type: string +#. Description +#: ../dovecot-core.templates:4001 +msgid "" +"It will become the \"commonName\" field of the generated SSL certificate." +msgstr "" +"Die komt terecht in het veld \"commonName\" van het SSL-certificaat dat " +"aangemaakt wordt." diff --git a/rules b/rules new file mode 100755 index 0000000..6ae93cd --- /dev/null +++ b/rules @@ -0,0 +1,249 @@ +#!/usr/bin/make -f + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +SHELL=/bin/bash -O extglob +PIGEONHOLE_DIR=$(CURDIR)/pigeonhole + +export DEB_BUILD_MAINT_OPTIONS=hardening=+all optimize=+lto + +# LP: 1636781 - strip incompatible default linker option +ifeq ($(shell dpkg-vendor --derives-from Ubuntu && echo yes),yes) + export DEB_LDFLAGS_MAINT_STRIP = -Wl,-Bsymbolic-functions +endif + +DOV_DEB_CFLAGS= +DOV_DEB_CXXFLAGS= +DOV_DEB_LDFLAGS= + +# Ensure that stacktrace generation works: +DOV_DEB_LDFLAGS += -rdynamic +include /usr/share/dpkg/architecture.mk +ifneq ($(filter armel armhf hppa mips64el mipsel riscv64 sparc64, $(DEB_HOST_ARCH)),) + DOV_DEB_CFLAGS += -funwind-tables + DOV_DEB_CXXFLAGS += -funwind-tables +endif + +# Extra hardening flags +DOV_DEB_CFLAGS += -fstack-clash-protection +DOV_DEB_CXXFLAGS += -fstack-clash-protection +DOV_DEB_LDFLAGS += -fstack-clash-protection + + +export DEB_CFLAGS_MAINT_APPEND = $(DOV_DEB_CFLAGS) +export DEB_CXXFLAGS_MAINT_APPEND = $(DOV_DEB_CXXFLAGS) +export DEB_LDFLAGS_MAINT_APPEND = $(DOV_DEB_LDFLAGS) + + +ifeq ($(DEB_HOST_ARCH_OS),linux) + CONFIGURE_APPARMOR = --with-apparmor +endif + +ifeq (i386,$(DEB_HOST_ARCH)) + CONFIGURE_Y2038=--disable-year2038 +else + CONFIGURE_Y2038=--enable-year2038 +endif + +CLEANFILES=src/lib-settings/settings-history-core.c \ + src/lib-dict-backend/dict-drivers-register.c \ + src/lib-sql/test-database.db \ + pigeonhole/src/plugins/settings/pigeonhole-settings-dynamic.c + +# Macros to help move files to the module packages +CORE_DIR=$(CURDIR)/debian/dovecot-core +PKG_DIR=$(CURDIR)/debian/dovecot-PKG +MOVE=install -d $(PKG_DIR:PKG=$(2))/$(dir $(1)); mv $(CORE_DIR)/$(1) $(PKG_DIR:PKG=$(2))/$(dir $(1)); + +# Files to move from dovecot-core to the individual packages. Files added to +# _files will be automatically moved from dovecot's tree to the +# respective package. +auth-lua_files = usr/lib/dovecot/modules/auth/libauthdb_lua.so + +imapd_files = usr/lib/dovecot/imap* \ + usr/lib/dovecot/modules/lib??_imap_!(*sieve*) \ + usr/share/dovecot/conf.d/??-imap* + +pop3d_files = usr/lib/dovecot/pop3* \ + usr/share/dovecot/conf.d/??-pop3* + +lmtpd_files = usr/lib/dovecot/lmtp* \ + usr/share/dovecot/conf.d/??-lmtp* + +managesieved_files = usr/lib/dovecot/managesieve* \ + usr/lib/dovecot/modules/settings/libmanagesieve* \ + usr/share/dovecot/conf.d/??-managesieve.conf + +submissiond_files = usr/lib/dovecot/submission* \ + usr/share/dovecot/conf.d/??-submission.conf + +pgsql_files = usr/lib/dovecot/modules/auth/libdriver_pgsql* \ + usr/lib/dovecot/modules/dict/libdriver_pgsql* \ + usr/lib/dovecot/modules/libdriver_pgsql* + +mysql_files = usr/lib/dovecot/modules/auth/libdriver_mysql* \ + usr/lib/dovecot/modules/dict/libdriver_mysql* \ + usr/lib/dovecot/modules/libdriver_mysql* + +sqlite_files = usr/lib/dovecot/modules/auth/libdriver_sqlite* \ + usr/lib/dovecot/modules/dict/libdriver_sqlite* \ + usr/lib/dovecot/modules/libdriver_sqlite* + +gssapi_files = usr/lib/dovecot/modules/auth/libmech_gssapi* + +ldap_files = usr/lib/dovecot/modules/auth/libauthdb_ldap* \ + usr/lib/dovecot/modules/dict/libdict_ldap* \ + usr/lib/dovecot/libdovecot-ldap* \ + usr/share/dovecot/*-ldap.conf.ext \ + usr/share/dovecot/conf.d/*-ldap.conf.ext + +sieve_files = usr/bin/sieve* \ + usr/lib/dovecot/modules/lib??_sieve* \ + usr/lib/dovecot/modules/lib??_imap_*sieve* \ + usr/lib/dovecot/modules/doveadm/lib??_doveadm_sieve* \ + usr/lib/dovecot/modules/sieve \ + usr/lib/dovecot/libdovecot-sieve* \ + usr/share/man/man1/sieve* \ + usr/share/dovecot/conf.d/??-sieve.conf \ + usr/share/dovecot/conf.d/??-sieve-extprograms.conf + +flatcurve_files = usr/lib/dovecot/modules/lib??_fts_flatcurve_* \ + usr/share/dovecot/conf.d/??-fts-flatcurve.conf + +solr_files = usr/lib/dovecot/modules/lib??_fts_solr_* + +dev_files = usr/include/* \ + usr/lib/dovecot/dovecot-config \ + usr/share/aclocal/*.m4 + +%: + dh $@ + +override_dh_autoreconf: + dh_autoreconf debian/autogen.sh + +override_dh_auto_configure: + KRB5CONFIG=krb5-config.mit systemdsystemunitdir=/usr/lib/systemd/system dh_auto_configure -- \ + --enable-experimental-mail-utf8 \ + --with-ldap=plugin \ + --with-ssl=openssl \ + --with-sql=plugin \ + --with-pgsql \ + --with-mysql \ + --with-sqlite \ + --with-gssapi=plugin \ + --with-solr \ + --with-flatcurve \ + --with-ioloop=best \ + --with-icu \ + $(CONFIGURE_APPARMOR) \ + --with-lz4 \ + --with-lua=plugin \ + --with-sodium \ + --libdir=\$${prefix}/lib \ + --libexecdir=\$${prefix}/lib \ + --docdir=\$${prefix}/share/doc/dovecot-core \ + --with-moduledir=\$${prefix}/lib/dovecot/modules \ + --with-rundir=/run/dovecot \ + --disable-rpath \ + --disable-static \ + $(CONFIGURE_Y2038) + +ifeq (i386,$(DEB_HOST_ARCH)) + sed -i 's/TIME_T_MAX_BITS 32/TIME_T_MAX_BITS 31/' config.h +endif + + $(MAKE) dovecot-config +# remove unreproducible '-ffile-prefix-map=/build/1st/dovecot-2.3.10.1+dfsg1=.' +# '-fdebug-prefix-map=/build/dovecot-O55xqn/dovecot-2.3.10.1+dfsg1=.' + sed -i 's/\s\+-ffile-prefix-map=\S\+=.\s\+/ /g' dovecot-config + sed -i 's/\s\+-fdebug-prefix-map=\S\+=.\s\+/ /g' dovecot-config + +# Pigeonhole + touch $(PIGEONHOLE_DIR)/stamp.h.in + dh_auto_configure -D $(PIGEONHOLE_DIR) -- \ + --with-dovecot=../ \ + --libdir=\$${prefix}/lib \ + --libexecdir=\$${prefix}/lib \ + --disable-static \ + --with-ldap=plugin + +override_dh_auto_build: +# Remove all-settings.c and let it be re-generated from the (patched) +# component settings files. + rm -f src/config/all-settings.c +# Create doc/stamp-man, which may have been removed on an earlier +# 'clean' invocation, so we don't try to download docs content from +# the internet: + touch doc/stamp-man + dh_auto_build + dh_auto_build -D $(PIGEONHOLE_DIR) + +override_dh_auto_clean: + dh_auto_clean + dh_auto_clean -D $(PIGEONHOLE_DIR) + -rm -f $(CLEANFILES) + +override_dh_auto_install: +# Install everything under dovecot-core + $(MAKE) install DESTDIR=$(CORE_DIR) + $(MAKE) -C $(PIGEONHOLE_DIR) install DESTDIR=$(CORE_DIR) + rm `find $(CURDIR)/debian -name '*.la'` + rm $(CORE_DIR)/usr/lib/dovecot/decode2text.sh + +override_dh_install: +# dh_auto_install has installed everything in the dovecot-core package. +# Run dh_install to install additional files from the source directory +# or debian/ to the individual packages. NOTE: there is nothing in +# debian/tmp! + dh_install + install -D -m 0755 $(CORE_DIR)/usr/share/doc/dovecot-core/mkcert.sh \ + $(CORE_DIR)/usr/share/dovecot/mkcert.sh + rm $(CORE_DIR)/usr/share/doc/dovecot-core/mkcert.sh + rm $(CORE_DIR)/usr/share/doc/dovecot-core/dovecot-openssl.cnf + rm $(CORE_DIR)/usr/share/doc/dovecot-core/solr-*.xml + +# We want the dovecot.conf managed by ucf, not the upstream default: + rm -f $(CORE_DIR)/etc/dovecot/dovecot.conf + cp -r debian/conf/* $(CORE_DIR)/usr/share/dovecot/ + $(foreach package,$(patsubst dovecot-%,%,$(shell dh_listpackages)),\ + $(foreach file,$($(package)_files),\ + $(call MOVE,$(file),$(package)))) + + rmdir $(CORE_DIR)/usr/include + rmdir $(CORE_DIR)/usr/share/aclocal + install -d $(PKG_DIR:PKG=dev)/usr/share/dovecot + grep ABI_VERSION config.h | awk '{print $$NF}' | tr -d \" \ + | tr '[A-Z]' '[a-z]' > $(PKG_DIR:PKG=dev)/usr/share/dovecot/dovecot-abi +# sanity check the ABI: + grep -F -q abi $(PKG_DIR:PKG=dev)/usr/share/dovecot/dovecot-abi + +# Install apport hook + install -D -m 644 debian/source_dovecot.py $(CURDIR)/debian/dovecot-core/usr/share/apport/package-hooks/dovecot-core.py + + install -D -m644 debian/dovecot-imapd.ufw.profile debian/dovecot-imapd/etc/ufw/applications.d/dovecot-imapd + install -D -m644 debian/dovecot-pop3d.ufw.profile debian/dovecot-pop3d/etc/ufw/applications.d/dovecot-pop3d + +override_dh_installpam: + dh_installpam -pdovecot-core --name=dovecot + +override_dh_installinit: + dh_installinit -pdovecot-core --name=dovecot -u"defaults 20" + +override_dh_installsystemd: + dh_installsystemd -pdovecot-core dovecot.service + dh_installsystemd -pdovecot-core --no-enable dovecot.socket + +override_dh_gencontrol: + dh_gencontrol -- -Vdovecot:ABI-Version=$(shell cat $(CURDIR)/debian/dovecot-dev/usr/share/dovecot/dovecot-abi) + +override_dh_makeshlibs: +# Do not add an ldconfig trigger; none of the dovecot shared libraries +# are public. + dh_makeshlibs -n + +override_dh_installdocs: + dh_installdocs + cp pigeonhole/README $(CORE_DIR)/usr/share/doc/dovecot-core/pigeonhole.README + cp pigeonhole/NEWS $(CORE_DIR)/usr/share/doc/dovecot-core/pigeonhole.NEWS diff --git a/salsa-ci.yml b/salsa-ci.yml new file mode 100644 index 0000000..4defe1d --- /dev/null +++ b/salsa-ci.yml @@ -0,0 +1,13 @@ +--- +include: + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml + +# The test suite does not pass reprotest +variables: + SALSA_CI_DISABLE_REPROTEST: 1 + SALSA_CI_DISABLE_CROSSBUILD_ARM64: 1 + SALSA_CI_DISABLE_BUILD_PACKAGE_TWICE: 0 + +test-build-twice: + extends: .test-build-package-twice + timeout: 2h diff --git a/source/format b/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/source/lintian-overrides b/source/lintian-overrides new file mode 100644 index 0000000..d4d4b5b --- /dev/null +++ b/source/lintian-overrides @@ -0,0 +1 @@ +dovecot source: intra-source-package-circular-dependency dovecot-core dovecot-sieve diff --git a/source_dovecot.py b/source_dovecot.py new file mode 100644 index 0000000..84fb839 --- /dev/null +++ b/source_dovecot.py @@ -0,0 +1,38 @@ +#!/usr/bin/python3 + +'''Dovecot Apport interface + +Copyright (C) 2010 Canonical Ltd/ +Author: Chuck Short + +This program is free software; you can redistribute it and/or modify it +under the terms of the GNU General Public License as published by the +Free Software Foundation; either version 2 of the License, or (at your +option) any later version. See http://www.gnu.org/copyleft/gpl.html for +the full text of the license. +''' + +from apport.hookutils import * + +def add_info(report, ui): + response = ui.yesno("The output of dovecot -n may help developers diagnose your bug more quickly, however, it may contain sensitive information. Do you want to include it in your bug report?") + + if response is None: #user canceled + raise StopIteration + + elif response: + report['DovecotConf'] = root_command_output(['/usr/sbin/dovecot', '-n']) + + + elif not response: + ui.information("The contents of dovecot -n will NOT be includeded in the bug report") + + packages = ['dovecot-common', 'dovecot-core', 'dovecot-dev', 'dovecot-pop3d', 'dovecot-imapd', 'mail-stack-delivery', 'dovecot-postfix'] + versions = '' + for package in packages: + try: + version = package.get_version(package) + except: + version = 'N/A' + versions += '%s %s\n' %(package, version) + report['DovecotInstalledVersions'] = versions diff --git a/tests/control b/tests/control new file mode 100644 index 0000000..496cfcc --- /dev/null +++ b/tests/control @@ -0,0 +1,14 @@ +Tests: doveadm +Depends: dovecot-core +Restrictions: needs-root + +Tests: systemd +Depends: dovecot-core, systemd-sysv + +Test-Command: run-parts --report --exit-on-error debian/tests/usage +Depends: dovecot-imapd, dovecot-pop3d, python3 +Restrictions: needs-root, breaks-testbed, allow-stderr + +Tests: testmails +Restrictions: needs-root, breaks-testbed +Depends: dovecot-imapd, dovecot-pop3d, lsb-release, python3, python3-passlib diff --git a/tests/doveadm b/tests/doveadm new file mode 100755 index 0000000..9e2bd04 --- /dev/null +++ b/tests/doveadm @@ -0,0 +1,7 @@ +#!/bin/sh + +set -e + +echo "Checking if dovecot is running" +doveadm -f flow instance list | grep -q 'running=yes' +echo "OK" diff --git a/tests/systemd b/tests/systemd new file mode 100755 index 0000000..48afbf5 --- /dev/null +++ b/tests/systemd @@ -0,0 +1,22 @@ +#!/bin/sh + +set -e + +echo "Checking whether dovecot.service is enabled" +systemctl is-enabled dovecot.service + +echo "Checking whether dovecot.service is a native unit" +source=$(systemctl show -pSourcePath dovecot.service | cut -d = -f 2) +if [ -n "$source" ]; then + echo $source + exit 1 +else + echo "OK (no SourcePath found)" +fi + +echo "Checking whether dovecot.socket is inactive" +status=$(systemctl show -pActiveState dovecot.socket | cut -d = -f 2) +echo $status +if [ "$status" != inactive ]; then + exit 1 +fi diff --git a/tests/testmails b/tests/testmails new file mode 100755 index 0000000..67d5f3b --- /dev/null +++ b/tests/testmails @@ -0,0 +1,254 @@ +#!/usr/bin/python3 + +import grp +import imaplib +import os +import os.path +import poplib +import pwd +import random +import string +import subprocess +import sys +import unittest + +from passlib.hash import des_crypt + + +def random_string(length): + '''Return a random string, consisting of ASCII letters, with given + length.''' + + s = '' + maxind = len(string.ascii_letters)-1 + for _ in range(length): + s += string.ascii_letters[random.randint(0, maxind)] + return s.lower() + + +def login_exists(login): + '''Checks whether the given login exists on the system.''' + + try: + pwd.getpwnam(login) + return True + except KeyError: + return False + + +def get_distribution(): + '''Return the name of the Linux Distribution we are running.''' + cmd = ['lsb_release', '-si'] + output = subprocess.check_output(cmd) + return output.strip() + + +class TestUser: + '''Create a temporary test user and remove it again on close.''' + + def __init__(self): + '''Create a new user account with a random password.''' + + self.login = None + + while True: + login = random_string(8) + if not login_exists(login): + break + + self.salt = random_string(2) + self.password = random_string(8) + self.crypted = des_crypt.using(salt=self.salt).hash(self.password) + + subprocess.check_call(['useradd', '-p', self.crypted, '-m', login]) + + self.login = login + p = pwd.getpwnam(self.login) + self.uid = p[2] + self.gid = p[3] + + def __del__(self): + '''Remove the created user account.''' + + if self.login: + self.close() + + def close(self): + '''Remove the created user account.''' + + subprocess.check_call(['userdel', '-f', '-r', self.login]) + self.login = None + + +class DovecotBasics(unittest.TestCase): + '''Base operational tests for Dovecot server.''' + + def setUp(self): + '''Create test scenario. + + We want to test the default setup, but pre-setup an mbox on a tmp user + ''' + + self.distribution = get_distribution() + self.user = TestUser() + + # create fresh test mailbox with one new and one old mail + self.mailbox = '/var/mail/' + self.user.login + self.orig_mbox = '''From test1@test1.com Fri Nov 17 02:21:08 2006 +Date: Thu, 16 Nov 2006 17:12:23 -0800 +From: Test User 1 +To: Dovecot tester +Subject: Test 1 +Status: N + +Some really important news. + +From test2@test1.com Tue Nov 28 11:29:34 2006 +Date: Tue, 28 Nov 2006 11:29:34 +0100 +From: Test User 2 +To: Dovecot tester +Subject: Test 2 +Status: R + +More news. + +Get cracking! +''' + with open(self.mailbox, 'w') as f: + f.write(self.orig_mbox) + os.chown(self.mailbox, self.user.uid, grp.getgrnam('mail')[2]) + os.chmod(self.mailbox, 0o660) + + def tearDown(self): + self.user.close() + + def _test_pop3_proto(self, pop): + '''Internal factorization of POP3 protocol checks with an established + connection.''' + + # check empty password + self.assertEqual(pop.user(self.user.login), b'+OK') + self.assertRaises(poplib.error_proto, pop.pass_, '') + + # check wrong password + self.assertEqual(pop.user(self.user.login), b'+OK') + self.assertRaises(poplib.error_proto, pop.pass_, '123') + + # check correct password + self.assertEqual(pop.user(self.user.login), b'+OK') + self.assertEqual(pop.pass_(self.user.password), b'+OK Logged in.') + + # check messages + self.assertEqual(pop.stat()[0], 2, b'2 available messages') + self.assertEqual(pop.list()[1], [b'1 163', b'2 161']) + self.assertEqual('\n'.join(l.decode() for l in pop.retr(1)[1]), '''Date: Thu, 16 Nov 2006 17:12:23 -0800 +From: Test User 1 +To: Dovecot tester +Subject: Test 1 + +Some really important news.''') + self.assertEqual('\n'.join(l.decode() for l in pop.retr(2)[1]), '''Date: Tue, 28 Nov 2006 11:29:34 +0100 +From: Test User 2 +To: Dovecot tester +Subject: Test 2 + +More news. + +Get cracking!''') + + self.assertEqual(pop.quit(), b'+OK Logging out.') + + def test_pop3(self): + '''Test POP3 protocol.''' + + pop = poplib.POP3('localhost') + self.assertEqual(pop.getwelcome(), b'+OK Dovecot ready.') + + self._test_pop3_proto(pop) + + def test_pop3s(self): + '''Test POP3S protocol.''' + + pop = poplib.POP3_SSL('localhost') + self.assertEqual(pop.getwelcome(), b'+OK Dovecot ready.') + + self._test_pop3_proto(pop) + + def _test_imap_proto(self, imap): + '''Internal factorization of IMAP4 protocol checks with an established + connection.''' + + # invalid passwords + self.assertRaises(imaplib.IMAP4.error, imap.login, + self.user.login, '') + self.assertRaises(imaplib.IMAP4.error, imap.login, + self.user.login, '123') + + # correct password + imap.login(self.user.login, self.user.password) + + # list mailboxes + status, imlist = imap.list() + self.assertEqual(status, 'OK') + self.assertTrue(imlist[0].decode().endswith('INBOX')) + + # check mails + imap.select() + self.assertEqual(imap.search(None, 'ALL'), ('OK', [b'1 2'])) + self.assertEqual(imap.fetch('1', '(FLAGS)'), + ('OK', [b'1 (FLAGS (\\Recent))'])) + self.assertEqual(imap.fetch('2', '(FLAGS)'), + ('OK', [b'2 (FLAGS (\\Seen \\Recent))'])) + self.assertEqual(imap.fetch('1', '(BODY[TEXT])')[1][0][1], + b'Some really important news.\r\n') + self.assertEqual(imap.fetch('2', '(BODY[TEXT])')[1][0][1], + b'More news.\r\n\r\nGet cracking!') + + self.assertEqual(imap.fetch('1', '(RFC822)')[1], + [(b'1 (RFC822 {163}', + b'''Date: Thu, 16 Nov 2006 17:12:23 -0800\r +From: Test User 1 \r +To: Dovecot tester \r +Subject: Test 1\r +\r +Some really important news.\r +'''), b')']) + + # delete mail 1 + self.assertEqual(imap.store('1', '+FLAGS', '\\Deleted')[0], 'OK') + self.assertEqual(imap.expunge()[0], 'OK') + self.assertEqual(imap.search(None, 'ALL'), ('OK', [b'1'])) + + # old mail 2 is mail 1 now + self.assertEqual(imap.fetch('1', '(RFC822)')[1], + [(b'1 (RFC822 {161}', + b'''Date: Tue, 28 Nov 2006 11:29:34 +0100\r +From: Test User 2 \r +To: Dovecot tester \r +Subject: Test 2\r +\r +More news.\r +\r +Get cracking!'''), b')']) + imap.close() + imap.logout() + + def test_imap(self): + '''Test IMAP4 protocol.''' + + imap = imaplib.IMAP4('localhost') + self._test_imap_proto(imap) + + def test_imaps(self): + '''Test IMAP4S protocol.''' + + imap = imaplib.IMAP4_SSL('localhost') + self._test_imap_proto(imap) + + +if __name__ == '__main__': + os.dup2(1, 2) + suite = unittest.TestSuite() + suite.addTest(unittest.TestLoader().loadTestsFromTestCase(DovecotBasics)) + result = unittest.TextTestRunner(verbosity=2).run(suite) + sys.exit(not result.wasSuccessful()) diff --git a/tests/usage/00_setup b/tests/usage/00_setup new file mode 100755 index 0000000..b802eac --- /dev/null +++ b/tests/usage/00_setup @@ -0,0 +1,57 @@ +#!/bin/sh + +set -e + +echo "Setting up dovecot for the test" +# Move aside 10-auth.conf to disable passwd-based auth +if [ -f /etc/dovecot/conf.d/10-auth.conf ]; then + mv /etc/dovecot/conf.d/10-auth.conf /etc/dovecot/conf.d/10-auth.conf.bak +fi + +cat >/etc/dovecot/local.conf <<-EOF +mail_driver = maildir +mail_path = ~/Maildir +mail_inbox_path = ~/Maildir + +auth_mechanisms = plain + +passdb static { + driver = static + passdb_static_password = test +} + +userdb static { + driver = static + fields { + uid=nobody + gid=nogroup + home=/srv/dovecot-dep8/%u + } +} +EOF + +mkdir -p /srv/dovecot-dep8 +chown nobody:nogroup /srv/dovecot-dep8 + +echo "Restarting the service" +systemctl restart dovecot + +echo "Sending a test message via the LDA" +/usr/lib/dovecot/dovecot-lda -f "test@example.com" -d dep8 < +Message-Id: +From: Test User +To: dep8 +Subject: DEP-8 test + +This is just a test +EOF + +echo "Verifying that the email was correctly delivered" +if [ -z "$(doveadm search -u dep8 header message-id dep8-test-1@debian.org)" ]; then + echo "Message not found" + exit 1 +fi + +echo "Done" +echo diff --git a/tests/usage/imap b/tests/usage/imap new file mode 100755 index 0000000..5bdede7 --- /dev/null +++ b/tests/usage/imap @@ -0,0 +1,38 @@ +#!/usr/bin/python3 +import imaplib + +imaplib.Debug = 4 + +print("Testing IMAP") +print("Connecting") +client = imaplib.IMAP4('localhost') + +print("Checking for STARTTLS capability") +assert 'STARTTLS' in client.capabilities + +client.starttls() + +print("Logging in") +client.login('dep8', 'test') + +print("Selecting INBOX") +client.select() + +print("Looking for the test message") +res, uids = client.search(None, 'HEADER', 'MESSAGE-ID', '""') + +assert res == 'OK' +assert len(uids[0]) > 0 + +uid = uids[0].split()[0] + +print("Fetching and verifying test message") +res, data = client.fetch(uid, '(RFC822)') + +assert res == 'OK' + +lines = data[0][1].splitlines() + +assert b'Subject: DEP-8 test' in lines + +print("Done") diff --git a/tests/usage/pop3 b/tests/usage/pop3 new file mode 100755 index 0000000..00b1657 --- /dev/null +++ b/tests/usage/pop3 @@ -0,0 +1,31 @@ +#!/usr/bin/python3 +import poplib + +print("Testing POP3") +print("Connecting") +client = poplib.POP3('localhost') +client.set_debuglevel(2) + +print("Checking for STARTTLS capability") +assert 'STLS' in client.capa() + +client.stls() + +print("Logging in") +client.user('dep8') +client.pass_('test') + +print("Listing INBOX") +res, data, _ = client.list() +assert res.startswith(b'+OK') + +print("Fetching and verifying test message") +for entry in data: + _id, _ = entry.split(maxsplit=1) + res, body, _ = client.retr(int(_id)) + if b'Subject: DEP-8 test' in body: + break +else: + raise AssertionError("Test message not found") + +print("Done") diff --git a/upstream/metadata b/upstream/metadata new file mode 100644 index 0000000..02236b7 --- /dev/null +++ b/upstream/metadata @@ -0,0 +1,5 @@ +Name: dovecot +Repository: https://github.com/dovecot/core +Repository-Browse: https://github.com/dovecot/core +Contact: Dovecot Mailing List +Bug-Submit: Dovecot Mailing List diff --git a/upstream/signing-key.asc b/upstream/signing-key.asc new file mode 100644 index 0000000..66bc6ad --- /dev/null +++ b/upstream/signing-key.asc @@ -0,0 +1,25 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mDMEZ49ZxhYJKwYBBAHaRw8BAQdABhVJFqsoq7gZeXhY/xcz5Vc0i+vM/Df8RDSW +lzPHsoC0MkRvdmVjb3QgQ29tbXVuaXR5IEVkaXRpb24gPGRvdmVjb3QtY2VAZG92 +ZWNvdC5vcmc+iJAEExYIADgWIQTvCIIHn9TtMr+LI7KhsJ74TtxSGQUCZ49ZxgIb +AwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRChsJ74TtxSGUgvAP9gNC6pZKBV +micPYvE2UOTvX8WoEcjWI1UptTxFsHXOjwEA6DZiPoPn9Vvl4PuyG8TavjDslOL8 +pfn+XKZho2WoAgSJAjMEEAEKAB0WIQQr50qrPudU37nIDTMYo0iu7UCdoQUCZ49a +xgAKCRAYo0iu7UCdoVPOD/452ZnhEYW2/VxgDmD7DNaaxdfL/vKifc9MP2sJm+a2 +T95zHpm/erV2xw3gPpKcLuMaPhkexf6MMhoh9GnUnwEuoOfMWhMAn26RNPFvuUL0 +a73qoxRY9D+Q/PUNjNsNFj/3c8VIC3DeQhO77wVblLWr9+7J9GrzKtBCkb7zC5Xf +8zjLkCWZ15S0kVKNvBsZzEzLYVN/+Kk1s1WP4x1gnQdPm8N7+b4XAQSOUXLjkL5S +vGyIUuHwnYHQJeH51L+q8SpzEr59K9OiVYOCm0ICl28xjOjIC9Ym7a8W5Xa5new3 +ScxNeTuxRItYeDyxXi+YIYGHWYGjmppmlq3VksXirUHfgNoipVSbmGxCukShSsfH +f/40iO8DRFRnsUN2lzN4TCcT1ayQvKoyMFuoXQJonuLdbc7E+YLNIPsW66+aoAuW +g+5j2QFMFxAJS9IoTCsVQv52MuCj2X5KgwmBcYSgWGpoog9Yx+aaVQQ+X++9FX8r +RcnyOGOBaA6htH4g1kUOWwZ/NxObRiA7QLo4Rz6CJrU7ueRIaeSCCXTxCb5dJDeE +IB1MZh1artKZ6Rko+cv/Vy0Ojb0JfPDDoQyhblPIXhlJN8/4zFCjxilMDA9CTAB6 +kY1TVGp138CDnJHZvCdvbrlWf7ktw3+CGKQsZq96Jf756L28dTA42E+WqCBFMZna +V7g4BGePWcYSCisGAQQBl1UBBQEBB0A50U//EHUvujYRMNqQ3XMVt8lxU7HtdmsH +Bamh6BjmLgMBCAeIeAQYFggAIBYhBO8Iggef1O0yv4sjsqGwnvhO3FIZBQJnj1nG +AhsMAAoJEKGwnvhO3FIZEZQBAKuMI//Cjl38pD68fQfcnIMDV2YnXjvaswe7jbDr +Jyo4AQDr/VanhFwPxSlZ3MKY4PWyLw4Fm9mTT2ofcluFttRsDg== +=eQ4x +-----END PGP PUBLIC KEY BLOCK----- diff --git a/watch b/watch new file mode 100644 index 0000000..3d07aed --- /dev/null +++ b/watch @@ -0,0 +1,8 @@ +# watch control file for uscan +version=4 +# core +opts="pgpmode=auto, dversionmangle=s/\+dfsg\d*//, uversionmangle=s/\.-[0-9]+//, oversionmangle=s/(.*)/$1+dfsg1/" \ + https://dovecot.org/releases/2.4/dovecot-([\.0-9]+)(-[0-9]+)?\.tar\.gz debian +# pigeonhole +opts="pgpmode=auto, dversionmangle=s/\+dfsg\d*//, uversionmangle=s/\.-[0-9]//, oversionmangle=s/(.*)/$1+dfsg1/, component=pigeonhole" \ + https://pigeonhole.dovecot.org/releases/2.4/dovecot-pigeonhole-([\.0-9]+)(-[0-9]+)?\.tar\.gz ignore uupdate -- 2.30.2