system environment/daemons

dovecot - Secure imap and pop3 server

Website: http://www.dovecot.org/
License: MIT and LGPLv2
Description:
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security
primarily in mind.  It also contains a small POP3 server.  It supports mail
in either of maildir or mbox formats.

The SQL drivers and authentication plug-ins are in their subpackages.

Packages

dovecot-2.2.36.4-1.el7.x86_64 [4.4 MiB] Changelog by Django (2019-08-31):
* CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
   when scanning data in quoted strings, leading to out of bounds heap
   memory writes. Found by Nick Roessler and Rafi Rubin.
 * CVE-2019-7524: Missing input buffer size validation leads into
   arbitrary buffer overflow when reading fts or pop3 uidl header
   from Dovecot index. Exploiting this requires direct write access to
   the index files.
dovecot-2.2.36-1.el7.x86_64 [4.4 MiB] Changelog by Django (2018-10-22):
* login-proxy: If ssl_require_crl=no, allow revoked certificates.
   Also don't do CRL checks for incoming client certificates.
 * stats plugin: Don't temporarily enable PR_SET_DUMPABLE while opening
   /proc/self/io. This may still cause security problems if the process
   is ptrace()d at the same time. Instead, open it while still running
   as root.
 + doveadm: Added mailbox cache decision&remove commands. See
   doveadm-mailbox(1) man page for details.
 + doveadm: Added rebuild attachments command for rebuilding
   $HasAttachment or $HasNoAttachment flags for matching mails. See
   doveadm-rebuild(1) man page for details.
 + cassandra: Use fallback_consistency on more types of errors
 - cassandra: Fix consistency=quorum to work
 - dsync: Lock file generation failed if home directory didn't exist
 - In some configs if namespace root directory didn't yet exist, Dovecot
   failed to create mailboxes.lock when trying to create mailboxes
 - Snippet generation for HTML mails didn't ignore &entities inside
   blockquotes, producing strange looking snippets.
 - imapc: Fix assert-crash if getting disconnected and after
   reconnection all mails in the selected mailbox are gone.
 - pop3c: Handle unexpected server disconnections without assert-crash
 - fts: Fixes to indexing mails via virtual mailboxes.
 - fts: If mails contained NUL characters, the text around it wasn't
   indexed.
 - Obsolete dovecot.index.cache offsets were sometimes used. Trying to
   fetch a field that was just added to cache file may not have always
   found it.
 - dict-sql: Fix crash when reading NULL value from database
 - charset_alias: compile fails with Solaris Studio, reported by
   John Woods.
 - Fix local name handling in v2.2.34 SNI code, bug found by cPanel.
 - imapc: Don't try to add mails to index if they already exist there.
 - imapc: If email is modified in istream_opened hook, mail size isn't
   updated.
 - lib-dcrypt: When reading encrypted data, more data would not be
   read if buffer was not consumed causing panic or hang.
 - notify: When notify plugin is used and transaction commit fails in
   dsync, crash occurs.
 - sdbox: When delivering to a mailbox that is over quota, temp files
   are not cleaned up when saving or copying fails.
 * CVE-2017-15130: TLS SNI config lookups may lead to excessive
   memory usage, causing imap-login/pop3-login VSZ limit to be reached
   and the process restarted. This happens only if Dovecot config has
   local_name { } or local { } configuration blocks and attacker uses
   randomly generated SNI servernames.
 * CVE-2017-14461: Parsing invalid email addresses may cause a crash or
   leak memory contents to attacker. For example, these memory contents
   might contain parts of an email from another user if the same imap
   process is reused for multiple users. First discovered by Aleksandar
   Nikolic of Cisco Talos. Independently also discovered by "flxflndy"
   via HackerOne.
 * CVE-2017-15132: Aborted SASL authentication leaks memory in login
   process.
 * Linux: Core dumping is no longer enabled by default via
   PR_SET_DUMPABLE, because this may allow attackers to bypass
   chroot/group restrictions. Found by cPanel Security Team. Nowadays
   core dumps can be safely enabled by using "sysctl -w
   fs.suid_dumpable=2". If the old behaviour is wanted, it can still be
   enabled by setting:
   import_environment=$import_environment PR_SET_DUMPABLE=1
 * doveconf output now includes the hostname.
 + mail_attachment_detection_options setting controls when
   $HasAttachment and $HasNoAttachment keywords are set for mails.
 + imap: Support fetching body snippets using FETCH (SNIPPET) or
   (SNIPPET (LAZY=FUZZY))
 + fs-compress: Automatically detect whether input is compressed or not.
   Prefix the compression algorithm with "maybe-" to enable the
   detection, for example: "compress:maybe-gz:6:..."
 + Added settings to change dovecot.index* files' optimization behavior.
   See https://wiki2.dovecot.org/IndexFiles#Settings
 + Auth cache can now utilize auth workers to do password hash
   verification by setting auth_cache_verify_password_with_worker=yes.
 + Added charset_alias plugin. See
   https://wiki2.dovecot.org/Plugins/CharsetAlias
 + imap_logout_format and pop3_logout_format settings now support all of
   the generic variables (e.g. %{rip}, %{session}, etc.)
 + Added auth_policy_check_before_auth, auth_policy_check_after_auth
   and auth_policy_report_after_auth settings.
 - v2.2.33: doveadm-server: Various fixes related to log handling.
 - v2.2.33: doveadm failed when trying to access UNIX socket that didn't
   require authentication.
 - v2.2.33: doveadm log reopen stopped working
 - v2.2.30+: IMAP stopped advertising SPECIAL-USE capability
 - v2.2.30+: IMAP stopped sending untagged OK/NO storage notifications
 - replication: dsync sends unnecessary replication notification for
   changes it does internally. NOTE: Folder creates, renames, deletes
   and subscribes still trigger unnecessary replication notifications,
   but these should be rather rare.
 - mail_always/never_cache_fields setting changes weren't applied for
   existing dovecot.index.cache files.
 - Fix compiling and other problems with OpenSSL v1.1
 - auth policy: With master user logins, lookup using login username.
 - FTS reindexed all mails unnecessarily after loss of
   dovecot.index.cache file
 - mdbox rebuild repeatedly fails with "missing map extension"
 - SSL connections may have been hanging with imapc or doveadm client.
 - cassandra: Using protocol v3 (Cassandra v2.1) caused memory leaks and
   also timestamps weren't set to queries.
 - fs-crypt silently ignored public/private keys specified in
   configuration (mail_crypt_global_public/private_key) and just
   emitted plaintext output.
 - lock_method=dotlock caused crashes
 - imapc: Reconnection may cause crashes and other errors
dovecot-2.2.33.1-1.el7.centos.x86_64 [4.3 MiB] Changelog by Django (2017-10-15):
doveadm director commands wait for the changes to be visible in the
  whole ring before they return. This is especially useful in testing.
  Environments listed in import_environment setting are now set or
  preserved when executing standalone commands (e.g. doveadm)
+ doveadm proxy: Support proxying logs. Previously the logs were
  visible only in the backend's logs.
+ Added %{if}, see https://wiki2.dovecot.org/Variables#Conditionals
+ Added a new notify_status plugin, which can be used to update dict
  with current status of a mailbox when it changes. See
  https://wiki2.dovecot.org/Plugins/NotifyStatus
+ Mailbox list index can be disabled for a namespace by appending
  ":LISTINDEX=" to location setting.
+ dsync/imapc: Added dsync_hashed_headers setting to specify which
  headers are used to match emails.
+ pop3-migration: Add pop3_migration_ignore_extra_uidls=yes to ignore
  mails that are visible in POP3 but not IMAP. This could happen if
  new mails were delivered during the migration run.
+ pop3-migration: Further improvements to help with Zimbra
+ pop3-migration: Cache POP3 UIDLs in imapc's dovecot.index.cache
  if indexes are enabled. These are used to optimize incremental syncs.
+ cassandra, dict-sql: Use prepared statements if protocol version>3.
+ auth: Added %{ldap_dn} variable for passdb/userdb ldap
- acl: The "create" (k) permission in global acl-file was sometimes
  ignored, allowing users to create mailboxes when they shouldn't have.
- sdbox: Mails were always opened when expunging, unless
  mail_attachment_fs was explicitly set to empty.
- lmtp/doveadm proxy: hostip passdb field was ignored, which caused
  unnecessary DNS lookups if host field wasn't an IP
- lmtp proxy: Fix crash when receiving unexpected reply in RCPT TO
- quota_clone: Update also when quota is unlimited (broken in v2.2.31)
- mbox, zlib: Fix assert-crash when accessing compressed mbox
- doveadm director kick -f parameter didn't work
- doveadm director flush <host> resulted flushing all hosts, if <host>
  wasn't an IP address.
- director: Various fixes to handling backend/director changes at
  abnormal times, especially while ring was unsynced. These could have
  resulted in crashes, non-optimal behavior or ignoring some of the
  changes.
- director: Use less CPU in imap-login processes when moving/kicking
  many users.
- lmtp: Session IDs were duplicated/confusing with multiple RCPT TOs
  when lmtp_rcpt_check_quota=yes
- doveadm sync -1 fails when local mailboxes exist that do not exist
  remotely. This commonly happened when lazy_expunge mailbox was
  autocreated when incremental sync expunged mails.
- pop3: rawlog_dir setting didn't work
dovecot-2.2.28-1.el7.centos.x86_64 [4.1 MiB] Changelog by Django (2017-04-06):
director: "doveadm director move" to same host now refreshes user's
  timeout. This allows keeping user constantly in the same backend by
  just periodically moving the user there.
  When new mailbox is created, use initially INBOX's
  dovecot.index.cache caching decisions.
  Expunging mails writes GUID to dovecot.index.log now only if the
  GUID is quickly available from index/cache.
  pop3c: Increase timeout for PASS command to 5 minutes.
  Mail access errors are no longer ignored when searching or sorting.
  With IMAP the untagged SEARCH/SORT reply is still sent the same as
  before, but NO reply is returned instead of OK.
+ Make dovecot.list.index's filename configurable. This is needed when
  there are multiple namespaces pointing to the same mail root
  (e.g. lazy_expunge namespace for mdbox).
+ Add size.virtual to dovecot.index when folder vsizes are accessed
  (e.g. quota=count). This is mainly a workaround to avoid slow quota
  recalculation performance when message sizes get lost from
  dovecot.index.cache due to corruption or some other reason.
+ auth: Support OAUTHBEARER and XOAUTH2 mechanisms. Also support them
  in lib-dsasl for client side.
+ auth: Support filtering by SASL mechanism: passdb { mechanisms }
+ Shrink the mail processes' memory usage by not storing settings
  duplicated unnecessarily many times.
+ imap: Add imap_fetch_failure setting to control what happens when
  FETCH fails for some mails (see example-config).
+ imap: Include info about last command in disconnection log line.
+ imap: Created new SEARCH=X-MIMEPART extension. It's currently not
  advertised by default, since it's not fully implemented.
+ fts-solr: Add support for basic authentication.
+ Cassandra: Support automatically retrying failed queries if
  execution_retry_interval and execution_retry_times are set.
+ doveadm: Added "mailbox path" command.
+ mail_log plugin: If plugin { mail_log_cached_only=yes }, log the
  wanted fields only if it doesn't require opening the email.
+ mail_vsize_bg_after_count setting added (see example-config).
+ mail_sort_max_read_count setting added (see example-config).
+ pop3c: Added pop3c_features=no-pipelining setting to prevent using
  PIPELINING extension even though it's advertised.
- Index files: day_first_uid wasn't updated correctly since v2.2.26.
  This caused dovecot.index.cache to be non-optimal.
- imap: SEARCH/SORT may have assert-crashed in
  client_check_command_hangs
- imap: FETCH X-MAILBOX may have assert-crashed in virtual mailboxes.
- imap: Running time in tagged command reply was often wrongly 0.
- search: Using NOT n:* or NOT UID n:* wasn't handled correctly
- director: doveadm director kick was broken
- director: Fix crash when using director_flush_socket
- director: Fix some bugs when moving users between backends
- imapc: Various error handling fixes and improvements
- master: doveadm process status output had a lot of duplicates.
- autoexpunge: If mailbox's rename timestamp is newer than mail's
  save-timestamp, use it instead. This is useful when autoexpunging
  e.g. Trash/* and an entire mailbox is deleted by renaming it under
  Trash to prevent it from being autoexpunged too early.
- autoexpunge: Multiple processes may have been trying to expunge the
  same mails simultaneously. This was problematic especially with
  lazy_expunge plugin.
- auth: %{passdb:*} was empty in auth-worker processes
- auth-policy: hashed_password was always sent empty.
- dict-sql: Merge multiple UPDATEs to a single statement if possible.
- fts-solr: Escape {} chars when sending queries
- fts: fts_autoindex_exclude = \Special-use caused crashes
- doveadm-server: Fix leaks and other problems when process is reused
  for multiple requests (service_count != 1)
- sdbox: Fix assert-crash on mailbox create race
- lda/lmtp: deliver_log_format values weren't entirely correct if Sieve
  was used. especially %{storage_id} was broken.
- lmtp_user_concurrency_limit didn't work if userdb changed username
dovecot-2.2.27-1.el7.centos.x86_64 [4.1 MiB] Changelog by Django (2017-01-14):
dovecot.list.index.log rotation sizes/times were changed so that
  the .log file stays smaller and .log.2 is deleted sooner.
+ Added mail_crypt plugin that allows encryption of stored emails.
  See http://wiki2.dovecot.org/Plugins/MailCrypt
+ stats: Global stats can be sent to Carbon server by setting
  stats_carbon_server=ip:port
+ imap/pop3 proxy: If passdb returns proxy_not_trusted, don't send
  ID/XCLIENT
+ Added generic hash modifier for %variables:
  %{<hash algorithm>;rounds=<n>,truncate=<bits>,salt=s>:field}
  Hash algorithm is any of the supported ones, e.g. md5, sha1, sha256.
  Also "pkcs5" is supported using SHA256. For example: %{sha256:user}
  or %{md5;truncate=32:user}.
+ Added support for SHA3-256 and SHA3-512 hashes.
+ config: Support DNS wildcards in local_name, e.g.
  local_name *.example.com { .. } matches anything.example.com, but
  not multiple.anything.example.com.
+ config: Support multiple names in local_name, e.g.
  local_name "1.example.com 2.example.com" { .. }
- Fixed crash in auth process when auth-policy was configured and
  authentication was aborted/failed without a username set.
- director: If two users had different tags but the same hash,
  the users may have been redirected to the wrong tag's hosts.
- Index files may have been thought incorrectly lost, causing
  "Missing middle file seq=.." to be logged and index rebuild.
  This happened more easily with IMAP hibernation enabled.
- Various fixes to restoring state correctly in un-hibernation.
- dovecot.index files were commonly 4 bytes per email too large. This
  is because 3 bytes per email were being wasted that could have been
  used for IMAP keywords.
- Various fixes to handle dovecot.list.index corruption better.
- lib-fts: Fixed assert-crash in address tokenizer with specific input.
- Fixed assert-crash in HTML to text parsing with specific input
  (e.g. for FTS indexing or snippet generation)
- doveadm sync -1: Fixed handling mailbox GUID conflicts.
- sdbox, mdbox: Perform full index rebuild if corruption is detected
  inside lib-index, which runs index fsck.
- quota: Don't skip quota checks when moving mails between different
  quota roots.
- search: Multiple sequence sets or UID sets in search parameters
  weren't handled correctly. They were incorrectly merged together.
dovecot-2.2.26-1.el7.centos.x86_64 [4.1 MiB] Changelog by Django (2016-07-29):
- Fixed some compiling issues.
- auth: Fixed assert-crash when using NTLM or SKEY mechanisms and
  multiple passdbs.
- auth: Fixed crash when exporting to auth-worker passdb extra fields
  that had empty values.
- dsync: Fixed assert-crash in dsync_brain_sync_mailbox_deinit
dovecot-2.2.25-1.el7.centos.x86_64 [4.0 MiB] Changelog by Django (2016-07-27):
lmtp: Start tracking lmtp_user_concurrency_limit and reject already
  at RCPT TO stage. This avoids MTA unnecessarily completing DATA only
  to get an error.
  doveadm: Previously only mail settings were read from protocol
  doveadm { .. } section. Now all settings are.
+ quota: Added quota_over_flag_lazy_check setting. It avoids checking
  quota_over_flag always at startup. Instead it's checked only when
  quota is being read for some other purpose.
+ auth: Added a new auth policy service:
  http://wiki2.dovecot.org/Authentication/Policy
+ auth: Added PBKDF2 password scheme
+ auth: Added %{auth_user}, %{auth_username} and %{auth_domain}
+ auth: Added ":remove" suffix to extra field names to remove them.
+ auth: Added "delay_until=<timestamp>[+<max random secs>]" passdb
  extra field. The auth will wait until <timestamp> and optionally some
  randomness and then return success.
+ dict proxy: Added idle_msecs=<n> parameter. Support async operations.
+ Performance improvements for handling large mailboxes.
+ Added lib-dcrypt API for providing cryptographic functions.
+ Added "doveadm mailbox update" command
+ imap commands' output now includes timing spent on the "syncing"
  stage if it's larger than 0.
+ cassandra: Added metrics=<path> to connect setting to output internal
  statistics in JSON format every second to <path>.
+ doveadm mailbox delete: Added -e parameter to delete only empty
  mailboxes. Added --unsafe option to quickly delete a mailbox,
  bypassing lazy_expunge and quota plugins.
+ doveadm user & auth cache flush are now available via doveadm-server.
+ doveadm service stop <services> will stop specified services while
  leaving the rest of Dovecot running.
+ quota optimization: Avoid reading mail sizes for backends which
  don't need them (count, fs, dirsize)
+ Added mailbox { autoexpunge_max_mails=<n> } setting.
+ Added welcome plugin: http://wiki2.dovecot.org/Plugins/Welcome
+ fts: Added fts_autoindex_exclude setting.
- v2.2.24's MIME parser was assert-crashing on mails having truncated
  MIME headers.
- auth: With multiple userdbs the final success/failure result wasn't
  always correct. The last userdb's result was always used.
- doveadm backup was sometimes deleting entire mailboxes unnecessarily.
- doveadm: Command -parameters weren't being sent to doveadm-server.
- If dovecot.index read failed e.g. because mmap() reached VSZ limit,
  an empty index could have been opened instead, corrupting the
  mailbox state.
- imapc: Fixed EXPUNGE handling when imapc_features didn't have modseq.
- lazy-expunge: Fixed a crash when copying failed. Various other fixes.
- fts-lucene: Fixed crash on index rescan.
- auth_stats=yes produced broken output
- dict-ldap: Various fixes
- dict-sql: NULL values crashed. Now they're treated as "not found".
dovecot-2.2.24-1.el7.centos.x86_64 [3.6 MiB] Changelog by Django (2016-06-29):
doveconf now warns if it sees a global setting being changed when
  the same setting was already set inside some filters. (A common
  mistake has been adding more plugins to a global mail_plugins
  setting after it was already set inside protocol { .. }, which
  caused the global setting to be ignored for that protocol.)
  LMTP proxy: Increased default timeout 30s -> 125s. This makes it
  less likely to reach the timeout and cause duplicate deliveries.
  LMTP and indexer now append ":suffix" to session IDs to make it
  unique for the specific user's delivery. (Fixes duplicate session
  ID warnings in stats process.)
+ Added dict-ldap for performing read-only LDAP dict lookups.
+ lazy-expunge: All mails can be saved to a single specified mailbox.
+ mailbox { autoexpunge } supports now wildcards in mailbox names.
+ doveadm HTTP API: Added support for proxy commands
+ imapc: Reconnect when getting disconnected in non-selected state.
+ imapc: Added imapc_features=modseq to access MODSEQs/HIGHESTMODSEQ.
  This is especially useful for incremental dsync.
+ doveadm auth/user: Auth lookup performs debug logging if
  -o auth_debug=yes is given to doveadm.
+ Added passdb/userdb { auth_verbose=yes|no } setting.
+ Cassandra: Added user, password, num_threads, connect_timeout and
  request_timeout settings.
+ doveadm user -e <value>: Print <value> with %variables expanded.
- Huge header lines could have caused Dovecot to use too much memory
  (depending on config and used IMAP commands). (Typically this would
  result in only the single user's process dying with out of memory
  due to reaching service { vsz_limit } - not a global DoS).
- dsync: Detect and handle invalid/stale -s state string better.
- dsync: Fixed crash caused by specific mailbox renames
- auth: Auth cache is now disabled passwd-file. It was unnecessary and
  it broke %variables in extra fields.
- fts-tika: Don't crash if it returns 500 error
- dict-redis: Fixed timeout handling
- SEARCH INTHREAD was crashing
- stats: Only a single fifo_listeners was supported, making it
  impossible to use both auth_stats=yes and mail stats plugin.
- SSL errors were logged in separate "Stacked error" log lines
  instead of as part of the disconnection reason.
- MIME body parser didn't handle properly when a child MIME part's
  --boundary had the same prefix as the parent.
dovecot-2.2.21-1.el7.centos.x86_64 [3.4 MiB] Changelog by Django (2015-12-11):
- doveadm mailbox list (and some others) were broken in v2.2.20
- director: Fixed making backend changes when running with only a
  single director server.
- virtual plugin: Fixed crash when trying to open nonexistent
  autocreated backend mailbox.
dovecot-2.2.19-1.el7.centos.x86_64 [3.6 MiB] Changelog by Django (2015-10-07):
pop3_deleted_flag has been broken since v2.2.10. Using it would
   cause buffer overflows, which could be exploitable. However, this
   bug would have become visible quite soon after users had deleted
   some POP3 mails, because the pop3 processes would have started
   crashing all the time even in normal use.
   "doveadm director flush" command has a changed meaning now:
   It safely moves users to their wanted backends, instead of simply
   forgetting the mapping entirely and leaving the existing connections
   untouched. Use -F parameter to get the original unsafe behavior.
 + Added imap-hibernate processes (see imap_hibernate_timeout setting).
   IDLEing IMAP connections can be hibernated, which saves memory.
 + Optimized tracking mailboxes' vsizes (= sum of all messages' sizes).
   If mailbox_list_index=yes, it's also stored in there. This makes it
   very efficient to look up vsizes for all mailboxes.
 + Added a quota "count" backend, which uses the mailbox vsizes to get
   the current quota usage. It requires using the new quota_vsizes=yes
   setting, which tracks the messages' "virtual sizes" rather than
   "physical sizes". Their distiction is minor and mostly irrelevant
   nowadays (if mail sizes should be counted with LF or CRLF newlines).
 + "doveadm director up/down" commands added. The monitoring script
   should be using these commands instead of changing the vhost count.
   This allows admin to manually disable a server by changing the vhost
   count to 0 without the monitoring script changing it back.
 + Added support for HAProxy protocol: http://wiki2.dovecot.org/HAProxy
 + Added push-notification plugin framework, which can be used to
   easily implement push notifications to various backends. Implemented
   "ox" backend for notifying Open-Xchange via HTTP/json.
 + imap_logout_format supports more variables now, e.g. number of
   deleted messages.
 + pop3: Added pop3_delete_type setting (related to pop3_deleted_flag).
 + plugin { fts_enforced=yes } setting now fails body searches unless
   it can be done via the full text search engine.
 + Added %{passdb:*} and %{userdb:*} variables to various places
 + auth: Added ":protected" suffix for passdb and userdb fields. If
   used, the field doesn't overwrite an existing field.
 + IMAP/POP3 proxy: If a backend server dies, avoid client reconnection
   spikes by slowly disconnecting clients over time. This is enabled by
   setting login_proxy_max_disconnect_delay=secs passdb extra field.
 + imap: Added new read-only METADATA entries: /private/specialuse,
   /shared/comment, /shared/admin
 + imap: If client disconnects in the middle of a command, log how long
   the command had been running.
 - mdbox: Rebuilding could have caused message's reference count to
   overflow the 16bit number in some situations, causing problems when
   trying to expunge the duplicates.
 - Various search fixes (fts, solr, tika, lib-charset, indexer)
 - Various virtual plugin fixes
 - Various fixes and optimizations to dsync, imapc and pop3-migration
 - imap: Various RFC compliancy and crash fixes to NOTIFY
   Properly implemented checking of ABI version for Sieve interpreter plugins,
   much like Dovecot itself does for plugins. This will prevent plugin ABI
   mismatches.
 + Implemented a vnd.dovecot.environment extension. This builds upon the
   standard environment extension and adds a few more environment items, such
   as username and default mailbox. It also creates a variables namespace so
   that environment items can be accessed directly. I am still thinking about
   more environment items that can be added.
 + Sieve extprograms plugin: Made line endings of the input passed to the
   external programs configurable. This can be configured separately for each
   of the three extensions.
 + ManageSieve: Implemented proxy XCLIENT support. This allows the proxy to
   pass client information to the back-end.
 - ManageSieve: Fixed an assert failure occurring when a client disconnects
   during the GETSCRIPT command.
 - doveadm sieve plugin: Fixed incorrect initialization of mail user. This
   caused a few memory leaks.
 - sieve-filter command line tool: Fixed handling of failure-related implicit
   keep when there is an explicit default destination folder. This caused
   message duplication.
 - lib-sieve: Fixed bug in RFC5322 header folding. Words longer than the
   optimal line length caused empty lines in the output, which would break the
   resulting message header. This surfaced in References: headers with very
   long message IDs.
dovecot-2.2.18-1.el7.centos.x86_64 [3.4 MiB] Changelog by Django (2015-05-21):
- director: Login UNIX sockets were normally detected as doveadm or
   director ring sockets, causing it to break in existing installations.
 - sdbox: When copying a mail in alt storage, place the destination to
   alt storage as well.
dovecot-2.2.16-1.el7.centos.x86_64 [3.5 MiB] Changelog by Django (2015-05-05):
* dbox: Resyncing (e.g. doveadm force-resync) no longer deletes
   dovecot.index.cache file. The cache file was rarely the problem
   so this just caused unnecessary slowness.
 * Mailbox name limits changed during mailbox creation: Each part of
   a hierarchical name (e.g. "x" or "y" in "x/y") can now be up to 255
   chars long (instead of 200). This also reduces the max number of
   hierarchical levels to 16 (instead of 20) to keep the maximum name
   length 4096 (a common PATH_MAX limit). The 255 char limit is
   hopefully large enough for migrations from all existing systems.
   It's also the limit on many filesystems.

 + director: Added director_consistent_hashing setting to enable
   consistent hashing (instead of the mostly-random MD5 hashing).
   This causes fewer user moves between backends when backend counts
   are changed, which may improve performance (mainly due to caching).
 + director: Added support for "tags", which allows one director ring
   to serve multiple backend clusters with different sets of users.
 + LMTP server: Added lmtp_user_concurrency_limit setting to limit how
   many LMTP deliveries can be done concurrently for a single user.
 + LMTP server: Added support for STARTTLS command.
 + If logging data is generated faster than it can be written, log a
   warning about it and show information about it in log process's
   process title in ps output. Also don't allow a single service to
   flood too long at the cost of delaying other services' logging.
 + stats: Added support for getting global statistics.
 + stats: Use the same session IDs as the rest of Dovecot.
 + stats: Plugins can now create their own statistics fields
 + doveadm server: Non-mail related commands can now also be used
   via doveadm server (TCP socket).
 + doveadm proxying: passdb lookup can now override doveadm_port and
   change the username.
 + doveadm: Search query supports now "oldestonly" parameter to stop
   immediately on the first non-match. This can be used to optimize:
   doveadm expunge mailbox Trash savedbefore 30d oldestonly
 + doveadm: Added "save" command to directly save mails to specified
   mailbox (bypassing Sieve).
 + doveadm fetch: Added body.snippet field, which returns the first
   100 chars of a message without whitespace or HTML tags. The result
   is stored into dovecot.index.cache, so it can be fetched efficiently.
 + dsync: Added -t <timestamp> parameter to sync only mails newer than
   the given received-timestamp.
 + dsync: Added -F [-]<flag> parameter to sync only mails with[out] the
   given flag/keyword.
 + dsync: Added -a <mailbox> parameter to specify the virtual mailbox
   containing user's all mails. If this mailbox is already found to
   contain the wanted mail (by its GUID), the message is copied from
   there instead of being re-saved. (This isn't efficient enough yet
   for incremental replication.)
 + dsync: -m parameter can now specify \Special-use names for mailboxes.
 + imapc: Added imapc_features=gmail-migration to help migrations from
   GMail. See http://wiki2.dovecot.org/Migration/Gmail
 + imapc: Added imapc_features=search to support IMAP SEARCH command.
   (Currently requires ESEARCH support from remote server.)
 + expire plugin: Added expire_cache=yes setting to cache most of the
   database lookups in dovecot index files.
 + quota: If overquota-flag in userdb doesn't match the current quota
   usage, execute a configured script.
 + redis dict: Added support for expiring keys (:expire_secs=n) and
   specifying the database number (:db=n)
 - auth: Don't crash if master user login is attempted without
   any configured master=yes passdbs
 - Parsing UTF-8 text for mails could have caused broken results
   sometimes if buffering was split in the middle of a UTF-8 character.
   This affected at least searching messages.
 - String sanitization for some logged output wasn't done properly:
   UTF-8 text could have been truncated wrongly or the truncation may
   not have happened at all.
 - fts-lucene: Lookups from virtual mailbox consisting of over 32
   physical mailboxes could have caused crashes.
dovecot-2.2.15-4.el7.centos.x86_64 [3.4 MiB] Changelog by Django (2015-02-08):
+ with patch: lib-ssl-iostream: Close the plain iostreams when 
    ssl-iostream is destroyed.
dovecot-2.2.15-3.el7.centos.x86_64 [3.4 MiB] Changelog by Django (2015-02-08):
+ lmtp: Added support for STARTTLS command. 
  + lmtp: Added TLS security information to Received: header when 
    STARTTLS was used.
dovecot-2.2.15-2.el7.centos.x86_64 [3.4 MiB] Changelog by Django (2014-10-31):
+ Added a Pigeonhole version banner to doveconf output. This way, future
    bug reports will also include Pigeonhole version information.
  - Fixed handling of implicit keep. Last version erroneously reported
    that implicit keep succeeded after an earlier failure, while it in
    fact had failed. Particularly occurred for mailbox quota errors.
  - Fixed segfault occurring on SunOS systems when there is no active
    script.
dovecot-2.2.15-1.el7.centos.x86_64 [3.4 MiB] Changelog by Django (2014-10-30):
- Plugins can now print a banner comment in doveconf output
    (typically the plugin version)
  - Replication plugin now triggers low (instead of high) priority for
    mail copying operations.
  - IMAP/POP3/ManageSieve proxy: If destination server can't be
    connected to, retry connecting once per second up to the value of
    proxy_timeout. This allows quick restarts/upgrades on the backend
    server without returning login failures.
  - Internal passdb lookups (e.g. done by lmtp/doveadm proxy) wasn't
    returning failure in some situations where it should have (e.g.
    allow_nets mismatch)
  - LMTP uses mail_log_prefix now for logging mail deliveries instead of
    a hardcoded prefix. The non-delivery log prefix is still hardcoded
    though.

     + passdb allow_nets=local matches lookups that don't contain an IP
       address (internally done by Dovecot services)
     + Various debug logging and error logging improvements
     - Various race condition fixes to LAYOUT=index
      - v2.2.14 virtual plugin crashed in some situations
dovecot-2.2.13-2.el7.centos.x86_64 [3.2 MiB] Changelog by Django (2014-08-01):
- defined virtual user "vmail" for mailbox-access 
    and virtual mailstorage /srv/vmail defined.

Listing created by Repoview-0.6.6-4.el7