mirror of
https://github.com/uw-imap/imap.git
synced 2024-11-16 10:28:23 +01:00
22f316e36d
MD5 2126fd125ea26b73b20f01fcd5940369
235 lines
12 KiB
Plaintext
235 lines
12 KiB
Plaintext
/* ========================================================================
|
|
* Copyright 1988-2007 University of Washington
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
*
|
|
* ========================================================================
|
|
*/
|
|
|
|
KNOWN BUGS/MISFEATURES/DEFICIENCIES IN THE IMAP TOOLKIT
|
|
Last Updated: 15 November 2007
|
|
|
|
The following are known problems/deficiencies in the imap-2007 toolkit:
|
|
|
|
. Possible problems for some installations:
|
|
. In some versions of Redhat Linux, SVR4-style timezone name lookup
|
|
doesn't work properly due to a bug in glibc. The workaround is to
|
|
edit os_lnx.c to include tz_bsd.c instead of tz_sv4.c. Note that
|
|
other versions of Linux don't support BSD-style timezone name
|
|
lookup, so don't make this change unless it's needed on your system.
|
|
. In some systems, the OpenSSL distribution is installed other than at
|
|
the standard /usr/local/ssl location. If this is the case on your
|
|
system and you want to build with SSL support, you will need to set
|
|
the SSLDIR variable, either by including a setting of EXTRASPECIALS
|
|
in the make command line, e.g.
|
|
build lnp SPECIALAUTHENTICATORS=ssl EXTRASPECIALS="SSLDIR=/usr/ssl"
|
|
or by editing .../src/osdep/unix/Makefile
|
|
. /tmp, /usr/tmp or /var/tmp (if present), and the mail spool directory
|
|
must be protected 1777 (world write with sticky bit); otherwise
|
|
mailbox locking and updates won't work. An alternative to 1777 on
|
|
the mail spool directory is to install the mlock program that is
|
|
bundled with the IMAP toolkit.
|
|
. Multiple access protection locking does not work if the mailbox or
|
|
/tmp are NFS mounted.
|
|
. Shared access mailbox formats (mbx, mtx, mx, and tenex) do not work
|
|
well with NFS and such usage is not supported. mmdf and unix formats
|
|
are supported for use over NFS; however there won't be any multiple
|
|
access locking protection.
|
|
. Server startup delays may occur if a reverse DNS (IP address to name)
|
|
lookup on the client's IP address does not complete in an expeditious
|
|
fashion. This is actually a DNS problem and should be fixed in the
|
|
DNS and/or the server's host table. A workaround exists (see the
|
|
top-level Makefile for details) but is not recommended and can not
|
|
be used at all with Kerberos.
|
|
. At the insistance of the security gurus, SSL certification validation
|
|
is now on by default. This means that you must now use the new
|
|
/novalidate-cert switch if establishing an SSL connection to a server
|
|
with a self-signed certificate; i.e. if "imap.example.com" has a
|
|
self-signed certificate, you must use a mailbox name such as
|
|
{imap.example.com/ssl/novalidate-cert}INBOX
|
|
to get an SSL session instead of just
|
|
{imap.example.com/ssl}INBOX
|
|
. GCC 8.x and above on SGI systems does not correctly pass/return
|
|
structures which are smaller than 16 bytes and are not 8 bytes. The
|
|
problem is that structures are padded at the wrong end; e.g. a 4 byte
|
|
structure is loaded into the lower 4 bytes of the register when it
|
|
should be loaded into the upper 4 bytes of the register. This affects
|
|
IRIX 6 the most because it is a 64-bit system and 4 byte structures are
|
|
common. This compiler bug impacts the use of inet_ntoa() in c-client
|
|
and causes syslog messages to show IP addresses as 255.255.255.255
|
|
instead of the correct values. The fix is either to use SGI's C compiler
|
|
instead of GCC or link with an implementation of inet_ntoa() that was
|
|
built with GCC instead of the standard SGI C library version.
|
|
. By default, the UNIX SSL build assumes that RSAREF is not needed, because
|
|
RSA Security Inc. released the RSA public key encryption algorithm into
|
|
the public domain on September 6, 2000. There is no longer any need to
|
|
use RSAREF, and since RSAREF is slower than OpenSSL's RSA routines
|
|
there's good reason not to. If for some reason you still want to use
|
|
RSAREF, you will need to edit .../src/osdep/unix/Makefile to
|
|
change SSLRSA to load libRSAglue and librsaref.
|
|
. By default, the UNIX SSL build assumes that no name conflict exists
|
|
between OpenSSL and Kerberos 5. If you are using an older version
|
|
of Kerberos, you may need to edit .../src/osdep/unix/Makefile
|
|
to change SSLCRYPTO so that it loads the OpenSSL libcrypto library
|
|
explicitly as libcrypto.a.
|
|
. By default, host names are canonicalized via gethostbyname() and
|
|
gethostbyaddr() for everything except for SSL certificate validation.
|
|
This can represent a security bug due to DNS spoofing, but is more
|
|
likely to deliver results that users expect and also may be necessary
|
|
to get Kerberos to work. Set variable "trustdns" in mail.c to NIL if
|
|
you want to disable this.
|
|
|
|
. Bugs:
|
|
. It doesn't work to have a "}" character as a user name in /user= in a
|
|
mailbox name, even if the user name is quoted. In other words,
|
|
{example.com/user="foo}bar"}zap
|
|
won't work; foo will be interpreted as an unterminated quoted string
|
|
and the remote mailbox name will be
|
|
bar"}zap.
|
|
. The experimental mx driver has performance problems and shouldn't be used
|
|
. docs/internal.txt is out of date (again)
|
|
|
|
. UIDPLUS bugs/limitations:
|
|
. Not supported in all local file formats (see below).
|
|
. There are two known issues with UIDPLUS in the mmdf and unix formats:
|
|
(a) If the destination mailbox is currently selected (whether in this
|
|
or another session), no COPYUID or APPENDUID is returned. The other
|
|
choice was to assign a UID based upon the uid_last value and hope
|
|
that the session selecting the mailbox would pick it up and update
|
|
uid_last. The problem was a timing race if another message was
|
|
copied/appended to that mailbox before the selecting session updated
|
|
the mailbox. If the timing race is lost, then all UID in the mailbox
|
|
would be reassigned by the selecting session, thus making the
|
|
returned APPENDUID/COPYUID data useless and causing a performance
|
|
problem.
|
|
Earlier versions did the "hope for the best" method. This was
|
|
revoked in favor of not returning COPYUID/APPENDUID.
|
|
Although this violates RFC 4315, there is a loophole which, although
|
|
for other purposes, permits this behavior.
|
|
(b) There is a known failure if the destination mailbox is currently
|
|
selected by legacy software (e.g. older versions of the IMAP
|
|
server, Pine, etc.). In this case, all UIDs end up being
|
|
reassigned by the legacy software.
|
|
|
|
. Annoyances:
|
|
. Friendly host names (e.g. "server" instead of "server.foo.com") can't be
|
|
used in a mailbox name with SSL certificate validation; you have to enter
|
|
the fully-qualified domain name. This is a requirement established by
|
|
the security gurus.
|
|
|
|
. IMAP client limitations:
|
|
. No SASL protection mechanisms (SASL authentication mechanisms are
|
|
supported)
|
|
|
|
. NNTP client limitations:
|
|
. Non-standard IMAP SCAN extension not supported
|
|
|
|
. POP client limitations:
|
|
. No SASL protection mechanisms (SASL authentication mechanisms are
|
|
supported)
|
|
. No POP3 UID support
|
|
. Non-standard IMAP SCAN extension not supported
|
|
|
|
. SMTP client limitations:
|
|
. No SASL protection mechanisms (SASL authentication mechanisms are
|
|
supported)
|
|
. No support for use of TURN, ETRN, and pipelining.
|
|
. No support for enhanced status codes
|
|
|
|
. UNIX limitations:
|
|
. IPv6 is supported but is not the default on most platforms; you have to
|
|
use IP=6 in the make command
|
|
. Supported local file formats: mbx, mh, mmdf, mix, mtx, mx, news, phile,
|
|
tenex, unix
|
|
. Supported SASL mechanisms: CRAM-MD5, PLAIN, LOGIN, ANONYMOUS, GSSAPI
|
|
. Sticky UIDs are not supported in the mh, mtx, and tenex drivers
|
|
. Creation of keywords is not supported in the mh, mtx, and tenex drivers
|
|
. Copy and append of keywords only works in the mbx driver.
|
|
. Flat file formats (mbx, mmdf, mtx, phile, tenex, unix) do not permit
|
|
mailboxes to have inferior names
|
|
. SSL temporary key should be seeded better than it is.
|
|
. UIDPLUS support is limited to the unix, mmdf, mbx, mx, and mix formats.
|
|
. Non-standard IMAP SCAN extension not support for mh and news formats.
|
|
|
|
. Amiga limitations:
|
|
. Supported local file formats: mbx, mh, mmdf, mix, mtx, mx, news, phile,
|
|
tenex, unix
|
|
. Supported SASL mechanisms: CRAM-MD5, PLAIN, LOGIN, ANONYMOUS
|
|
. Sticky UIDs are not supported in the mh, mtx, and tenex drivers
|
|
. Creation of keywords is not supported in the mh, mtx, and tenex drivers
|
|
. Copy and append of keywords only works in the mbx driver.
|
|
. Flat file formats (mbx, mmdf, mtx, phile, tenex, unix) do not permit
|
|
mailboxes to have inferior names
|
|
. UIDPLUS support is limited to the unix, mmdf, mbx, mx, and mix formats.
|
|
. Non-standard IMAP SCAN extension not supported for mh and news formats.
|
|
|
|
. Win32 (Win9x/NT/Windows 2000) limitations:
|
|
. IPv6 is supported in W2K builds but is not the default; you have to use
|
|
IP=6 in the nmake command
|
|
. Supported local file formats: mbx, mtx, tenex, unix
|
|
. Supported SASL mechanisms: CRAM-MD5, PLAIN, LOGIN, ANONYMOUS, GSSAPI
|
|
. No server SSL or TLS support.
|
|
. No server authentication for GSSAPI
|
|
. No server authentication for CRAM-MD5 on NT-based Windows (NT/2K/XP);
|
|
it does work on DOS-based Windows (9x/Me).
|
|
. Sticky UIDs are not supported in the mtxnt and tenexnt drivers
|
|
. Creation of keywords is not supported in the mtxnt and tenexnt drivers
|
|
. Copy and append of keywords only works in the mbxnt driver.
|
|
. No support for TCP open timeouts
|
|
. Flat file formats (mbx, mtx, tenex, unix) do not permit mailboxes to have
|
|
inferior names
|
|
. UIDPLUS support is limited to the unix and mbx formats.
|
|
|
|
. Win16 (Win3.1)/DOS limitations:
|
|
. IPv6 not supported
|
|
. Supported local file formats: bezerk, mtx
|
|
. Supported SASL mechanisms: CRAM-MD5, LOGIN, ANONYMOUS
|
|
. Supported TCPs: B&W, Novell, PC-NFs, PC/TCP, Waterloo, Winsock
|
|
. Sticky UIDs are not supported on local files
|
|
. Creation of keywords are not supported on local files
|
|
. Bezerk driver is read-only and does not handle LF-only newlines well
|
|
. No support for any TCP timeouts on Waterloo DOS
|
|
. No support for TCP open timeouts on Winsock and generic DOS
|
|
. Flat file formats (bezerk, mtx) do not permit mailboxes to have inferior
|
|
names
|
|
. Does not work well unless a mailgets routine is armed when fetching
|
|
texts.
|
|
|
|
. Mac limitations:
|
|
. IPv6 not supported
|
|
. No local file drivers
|
|
. Supported SASL mechanisms: CRAM-MD5, LOGIN, ANONYMOUS
|
|
. Does not output human-friendly time zone string
|
|
|
|
. TOPS-20 limitations:
|
|
. IPv6 not supported
|
|
. No local file drivers
|
|
. Supported SASL mechanisms: CRAM-MD5, LOGIN, ANONYMOUS
|
|
. No support for any TCP timeouts
|
|
|
|
. VMS limitations:
|
|
. IPv6 not supported
|
|
. No local file drivers
|
|
. Supported SASL mechanisms: CRAM-MD5, LOGIN, ANONYMOUS
|
|
. Supported TCPs: Multinet, Netlib
|
|
. No support for any TCP timeouts on VMS Netlib
|
|
. No support for TCP open timeouts on VMS Multinet
|
|
. Time zone must be configured at build time
|
|
. Does not output human-friendly time zone string
|
|
|
|
. Windows CE limitations:
|
|
. IPv6 not yet supported
|
|
. No local file drivers
|
|
. Supported SASL mechanisms: CRAM-MD5, LOGIN, ANONYMOUS
|
|
. No support for TCP open timeouts
|
|
. Not finished, only builds c-client library
|
|
|
|
. OS/2 limitations:
|
|
. IPv6 not supported
|
|
. Not finished, does not build
|