Cyrus IMAP 2.1.x Release Notes

Changes to the Cyrus IMAP Server since 2.1.14

  • Correct a potential DOS attack in the fud daemon.

  • Arbitron now works again

  • Telemetry logging for mupdate

  • Duplicate Suppression logging for redirect sieve actions

  • A number of bugs in reconstruct have been fixed. also added the -p and -x options

  • Better stubbing out of user_deleteacl

  • No longer log any shutdown() failures

  • Improved IPv6 support (for systems with two getnameinfo implementations)

  • Misc Documentation Improvements

Changes to the Cyrus IMAP Server since 2.1.13

  • Be more forgiving in the parsing of MIME boundary headers, specifically those generated by Eudora where the outer boundaries are substrings of the inner boundaries. This feature can be disabled by enabling the rfc2046_strict option.

  • Allow cyradm to handle aggregate mailbox sets for ACL and DELETE operations.

  • Add a lmtp_downcase_rcpt option to force the lowercasing of recipient addresses (Henrique de Moraes Holschuh <>).

  • Include more MIME headers in sieve rejection notices

  • Add an mbexamine command for debugging purposes

  • LMTP will now fatal error if we cannot initialize the duplicate delivery database.

  • Continued audit by Security Appraisers and Bynari

  • Correctly terminate the processes by calling service_abort even on successful exit (helps to fix a db3 lockers problem)

  • Fix some murder+altnamespace/unixhiersep issues

  • Fix imclient’s handling of literals.

  • Add support for the windows-1256 character set

  • Don’t log ‘could not shut down filedescriptor’ messages when the socket is already not connected

  • Now include a script to convert sieve script names to the altnamespace format

  • Added a –with-extraident configure option to make it easier to set the extra version information that is compiled into the binary.

  • Minor build fixes.

  • Minor other bug fixes.

Changes to the Cyrus IMAP Server since 2.1.12

  • Add maxfds= option in cyrus.conf

  • “The shutdown() Patch” by Henrique de Moraes Holschuh <> and Jeremy Howard <>

  • Now report both built-with and running-with OpenSSL versions

  • Misc other small bugfixes

  • Security Appraisers and Bynari review of the majority of the modules in imap/

Changes to the Cyrus IMAP Server since 2.1.11

  • Master now will forcibly exit if a service is not executable

  • Master now has a daemon mode and pidfile support (-d and -p options)

  • Berkeley DB Configuration methods have changed. Hopefully they’re more generic now. You can still use –with-dbdir, or you can use –with-bdb-libdir and –with-bdb-incdir

  • timsieved now handles usernames with dots (when unixhierarchysep is active)

  • tugowar has been removed from the distribution.

  • Squatter now has an option to skip unmodified mailboxes.

  • Properly hash username to remove a user’s sieve scripts when their INBOX is removed.

  • Reset output buffer when prot_flush returns EOF.

  • Minor Makefile improvements with use of $(srcdir)

  • Remotepurge improvement for empty mailboxes

  • Fix for AFS overwriting the canonicalized username in ptloader

  • Security audit of imapd.c performed by SecurityAppraisers and Bynari

Changes to the Cyrus IMAP Server since 2.1.10

  • Fixed some potential buffer overflows in the sieve code, as well as a pre-login buffer overflow in the IMAP parsing code.

  • ipurge can now skip flagged messages

  • Fix a problem with the flat backend and tracking new files

  • Fix a problem with the memory pool routines on 64-bit machines

Changes to the Cyrus IMAP Server since 2.1.9

  • support Berkley DB 4.1

  • more portable use of errno throughout

  • timsieved now does telemetry logging

  • libcyrus.a no longer supplies fs_get() and fs_give()

Changes to the Cyrus IMAP Server since 2.1.8

  • Fix a strlcpy() off-by-one error.

  • Better handling of errors in connecting to LMTP servers for deliver and lmtpproxyd.

  • Fix bug in pop3proxyd’s pop3s handling.

  • Fix Exim install documentation.

Changes to the Cyrus IMAP Server since 2.1.7

  • Fix a severe locking problem during failed CREATEs

  • Change default locking method to fcntl from flock

  • Don’t cleanup the original mailbox during a RENAME while holding the mailbox list lock

  • Quoting fixes in cyradm

  • Small pathname fix in rehash script

Changes to the Cyrus IMAP Server since 2.1.6

  • Correct some minor version number errors.

Changes to the Cyrus IMAP Server since 2.1.5

  • Better locking of the mailbox list during mupdate operations for CREATE and RENAME

  • Permissions fixes for annotations.

  • pop3proxyd now does telemetry logging

  • Cleanup a number of leaks in the murder code

  • Correct semantics of our provided strlcpy(). Fix places where strlcpy() was being used incorrectly.

  • Correct a significant memory leak in the memory pool routines

  • OpenSSL is now handled correctly for the perl modules

  • Small documentation cleanups

  • The normal assortment of small bugfixes

Changes to the Cyrus IMAP Server since 2.1.4

  • Sieve is no longer dependent on duplicate delivery suppression (it still uses the duplicate delivery database however).

  • Sieve now supports draft-segmuller-sieve-relation-02.txt

  • imtest now includes all the functionality previously kept in pop3test, lmtptest, smtptest, and mupdatetest. imtest will notice if it is invoked with one of these names and do the right thing. The -P flag can be used to force a particular protocol. As part of this, the default install location for mupdatetest has changed to be the same as the other test utilities. imtest also includes new MANAGESIEVE functionality (sivtest) as well as the ability to reconnect to the same server multiple times (useful for testing SSL/TLS session caching and DIGEST-MD5 fast reauth).

  • snmpgen generates stubbed out code so we don’t waste resources on something that just doesn’t work. At some point in time, we’ll make it work again as it would be useful to gather aggregate statistics on what commands are being used so we can better tune the server. This change closes bug #1191. New bug 1267 opened to re-enable the feature.

  • Added the chk_cyrus program to help point out missing message files and/or mailboxes

  • ANNOTATEMORE improvements. Server annotation support has been added. We are also now using the /vendor/cmu/cyrus-imapd hierarchy. The “info” command in cyradm now returns annotations for the given mailbox (provided that ANNOTATEMORE support is compiled into the server)

  • The RENAME command has been almost entirely rewritten. Now we rely on mailbox-level locking instead of locking the entire mailboxes file for the duration of the rename. ctl_cyrusdb -r now also cleans up “reserved” mailboxes that may appear in the event of a crash.

  • ctl_mboxlist can now dump only a particular partition

  • The configuration subsystem now uses a hash table to speed up lookups of options. Additionally, the hash table implementation has been updated to possibly take advantage of memory pools.

  • Many bugfixes related to the Cyrus Murder. Includes improvments to subscription handling as well as correct merging of seen state on mailbox moves.

  • Can now configure an external debugger (debug_command option in imapd.conf.

  • Misc. autoconf-related fixes (most notably those related to sasl_checkapop and O_DSYNC).

  • Misc. locking-related fixes.

  • Security fixes related to handling large literals in getxstring(), as well as correct usage of layers in timsieved.

Changes to the Cyrus IMAP Server since 2.1.3

  • All “MAIL” and “SIEVE” notifications are now handled by notifyd which is a daemon that supports multiple notification methods. The mailnotifier and sievenotifier options have been added to /etc/imapd.conf to configure notifications. (Ken Murchison)

  • Many feature enhancements and bugfixes for the Cyrus Murder. The code now supports live (but not transparent) moving of mailboxes from one server to another.

  • Some warning fixes.

  • fdatasync() is no longer required.

  • Fixed a bug in imap/append.c that would show itself if a message was being delivered to five or more different partitions.

  • Deliveries now don’t create a redudant temporary file using tmpfile(); the staging directory is used instead. (Ken Murchison)

  • Fix a possible crashing bug in squatter. (Ken Murchison)

  • Deleting a user now also removes their Sieve scripts.

  • cyrusdb_skiplist: release locks during iteration. Should prevent denial of service attacks and possibly increase performance.

  • cyrusdb_skiplist: introduce a new mode using O_DSYNC writes which is possibly faster on Solaris. Currently off (it seems to hurt performance on Linux).

  • master has preliminary code to avoid forking storms.

  • sieveshell should now loop through all available SASL mechanisms before conceding defeat.

  • sieveshell can now upload a file to a different name.

Changes to the Cyrus IMAP Server since 2.1.2

  • fud now runs from the Cyrus master process; more generally, the Cyrus master process can deal with UDP services. (Amos Gouaux,

  • Sieve has been updated to be compliant with RFC 3028 and draft-martin-sieve-notify-01. All notify actions and any fileinto and/or redirect actions using stringlists will have to be updated/changed.

  • added cvt_cyrusdb for quick conversions between different cyrusdb backends.

  • fixed a bug in the Sieve header cache, where legal header names were being rejected.

  • many Murder-related fixes

  • suppress a bogus TLS session reuse DBERROR message

  • make the list of acceptable TLS ciphers configurable in /etc/imapd.conf

  • cyrusdb_skiplist fixes; it’s now suitable for using in production environments though there are still performance problems outstanding

Changes to the Cyrus IMAP Server since 2.1.1

  • now compatible with Berkeley DB4 (Larry M. Rosenbaum,

  • timsieved now supports proxying via loginuseacl (Amos Gouaux,

  • Sieve vacation now does a case-insensitive comparison of :addresses

  • Warning-related bug fixes from Henrique de Moras Holschuh

  • automatic archival of db3 files so that filesystem backups are always consistent (Ken Murchison,

  • added a skiplist database backend, still needs more testing

  • further work on the Cyrus Murder

  • fixed bug in remotepurge dealing with mailboxes with characters that need to be escaped inside quoted-strings

  • Cyrus::IMAP::Admin now supports referrals

  • cyradm, via Cyrus::IMAP::Shell, now can remove quotaroots

  • timsieved, sieveshell, and the MANAGESIEVE protocol extended with referrals

Changes to the Cyrus IMAP Server since 2.1.0

  • now compatible with Cyrus SASL 2.1.0

  • fixed a problem with LMTP AUTH and unix domain sockets

  • make deleting users faster

  • add a “-n” switch to remotepurge

  • cyradm now does implicit SASL authorization

  • fix for Sieve :matches comparator