TODO   [plain text]

 - doveadm fetch text mailbox <ns prefix> -> no replies, because
   mailbox_list_iter_init_namespaces() doesn't return ns prefixes
 - master passdb preserves userdb_* extra fields. should it preserve
   non-userdb_* extra fields too?
 - imap, pop3: if client init fails, wait a second or two before disconnecting
 - doveadm expunge parameter to delete empty mailboxes (for lazy-expunge)
 - doveadm search savedbefore 7d could be optimized in large mailboxes..
 - mdbox: storage rebuilding could log about changes it does
 - mdbox: broken extrefs header keeps causing index rebuilds
 - cache: mail_cache_lookup() should be able to return mail_cache_add()ed
   fields even before they've been flushed to disk. this is useful when copying
   messages and some plugin (e.g. mail_log) fetches some fields that are
   already added to cache (to avoid opening and parsing the message)
 - doveadm -A <<EOF expunge + purge + EOF
 - sent, drafts: .Sent/dovecot.index: modseq_hdr.log_offset too large
 - mail_max_lock_timeout error could be reported more nicely, also ones coming
   from lib-index
 - dsync: if mailbox is renamed due to it being invalid, its subscription
   isn't renamed
 - LSUB shows subscribed namespace prefix as prefix/, also SUBSCRIBE adds the /
 - sql pool: if async query is pending and sync query is sent and there
   are no more empty connections, it should flush the async query first
 - NTLMv1 and LM should be disabled if disable_plaintext_auth=yes
 - SEARCH SENT*/HEADER/etc. doesn't seem optimized when using with TEXT/BODY
 - dict sql: support ignoring some search key hierarchies (e.g. acl "anyone")

 - fts-solr: crashes if expunge is done while search is indexing
 - fts-solr: handle DELETE, RENAME. use mailbox GUIDs (optionally)

 - mdbox
    - dotlocking: cleanup should delete stale *.lock files
    - purging seems to be inefficient. run imaptest for a while, get >500
      files, start purging, it's slow until there are about 100 files left,
      then the rest is suddenly fast.
    - make sure that when reading mdbox mails sequentially the data is being
      read from disk in n kB blocks and reads cross mail boundaries and when
      reading the next mail it uses the previously read data in buffer
    - Add some kind of checksum about data+metadata and use it when checking
    - figure out a way to efficiently trigger purging when user has too much
      mail expunged (e.g. keep track of total storage size, trigger purging
      when it's 2*quota limit)
    - keep track of total bytes in dbox storage in map header. also if
      possible keep track of refcount=0 bytes. use these to optimize checks.
    - save some stuff to map index header so we don't need to keep retrying
      it. like when saving the lowest file_id which to bother checking.
    - test crash-fixing
    - mail_index_fsck() should perhaps cause dbox to be resynced?
    - optimize away reading file header?
 - maildir: out-of-disk-space failures apparently cause all kinds of
   problems, e.g. "Expunged message reappeared", "Duplicate file entry"?
 - deliver -r <address> used as autoreplies' From-address?
 - add fd limit checks/warnings
 - istream-seekable is inefficient. it shouldn't be reading the temp file
   immediately after writing to it
 - config process is handling requests too slowly. maybe add some caching.
    - maybe config should return all of the protocol/local/remote overrides
      when requested? then the caller could do a single lookup at start and
      merge them later internally. this would really help login processes.
 - ipv6: auth penalty should begin from /64 and gradually grow to /48 if
   necessary. and the same could be done for ipv4 as well..

 - dsync:
   - check for uid conflicts in the middle of mailbox based on next existing
     message, not previous
   - subscriptions syncing doesn't handle mixed hierarchy separators
   - Can't rename mailbox INBOX_019acf2169c5784b307f000074ccac23 to INBOX: Target mailbox already exists
   - copying can't work in non-full mode unless source mailbox is modified
     in some way. possibly add some COPY records to transaction log in future?
   - superfast mode: when syncing changes within a mailbox, use modseqs to
     figure out what has changed similar to QRESYNC.

 - lda: add some -h 'Header: value' parameter that adds/replaces header
 - ldap: fix multiple-gid support somehow
 - search: use mail_get_parts() only when it's already cached. if it's not,
   add it to cache afterwards.
 - move ssl proxying code to lib-master
 - proxy: verify ssl cert's cname
 - dict pooling

	/* currently non-external transactions can be applied multiple times,
	   causing multiple increments. */
	//FIXME:i_assert((t->flags & MAIL_INDEX_TRANSACTION_FLAG_EXTERNAL) != 0);
  ^ appears to work now though, probably because of the added syncing stuff..

 - transaction log corruption should make sure dovecot.index is rewritten
   and perhaps not delete the file.
 - use backup index in mail_index_fsck()

 - proxying: support fallbacking to local (or other?) server if the first
   one is down
 - i_panic("Message count decreased") happens - why?
     - at least one backtrace shows client_destroy -> client_command_cancel ->
 - fsck -> log_file_tail_offset 2273345664 -> 996 ->
   mail-transaction-log.c: line 341 (mail_transaction_log_set_mailbox_sync_pos):
   assertion failed: (file_offset >= log->head->saved_tail_offset)
 - virtual: If last message matching INTHREAD rule gets expunged, the rest of
   the thread doesn't go away
 - virtual: "Searched n% of the mailbox" gives broken numbers since
   ctx->seq jumps around. And why is it also returned when fts is enabled
   along with "Indexed n% of the mailbox"?
 - how do shared mailboxes work with plugins?
    - lazy-expunge, fts, etc.?
    - listescape+acl can't handle shared mailboxes with escape chars
 - dovecot-acl-list:
    - how does it work with global acls?
    - update immediately after SETACL: add/remove entries, update timestamps
    - read the entire file to memory only once and keep it there, stat() later
      to see if it has changed. if not, perhaps don't even bother stat()ing
      dovecot-acl files? at least not that often..
 - fs quota: getquotaroot inbox vs. other-box should return different quotas
   if two quotas are defined
 - new primes code: are hash tables now being resized too often?
 - auth_log_prefix setting similar to mail_log_prefix

 - thread indexes: if we expunge a duplicate message-id: and we have a sibling
   with identical message-id:, we can probably just move the children?
   (unless there are non-sibling duplicates)
 - SEARCH INTHREAD requires no thread sorting by date - don't do it
 - CONDSTORE: use per-flag/per-keyword conflict checking
 - QRESYNC: Drop expunges from the middle of given seq sets if possible
 - use universal hash functions?

 - UIDVALIDITY changed while saving -> sync errors
   - mbox: copy to Trash, manually delete copied msg, change uidvalidity,
     set nextuid=1, copy again -> error
   - recent_uids assert at least with mbox
 - quota fs: Should values returned by quota be divided by the actual
   filesystem block size instead of hardcoded DEV_BSIZE? not with AIX..
 - mailbox list fs: Listing subscriptions with children return options doesn't
   work unless iter_is_mailbox() returns the children flags
 - lucene: handle replacement chars?
 - squat:
   - support ORs
   - wrong indexid
   - fts_build_init() assertion failed: (last_uid < last_uid_locked)
   - is locking done right? it reads header without file being locked?
   - split after ~8 bytes?
   - expunges are delayed until more mails are added
 - test replacement chars (SEARCH / SORT / Squat)

 - DEBUG: buffer overflow checking code probably doesn't handle a successful
   t_try_realloc() or pool_alloconly_realloc() properly
 - ldap:
   - sasl bind + auth_bind=yes should probably be doing only sasl binds..
   - support multiple connections for doing auth binds
   - domain lookups which set the base for user lookup
   - same attribute can't be used for multiple values.
   - multiple attributes can't be merged to a single value.
   - multiple value could be joined with specified separator (per-field)
   - implement something like:
       user_attrs {
	 uid = %{ldap:uidNumber}
	 home = %{ldap:homeDirectory}
	 quota_bytes = *:bytes=%{ldap:quota}

 - maildir+pop3 fast updates:
   - with locking enabled, pop3 could just keep the one and same sync lock and
     do the whole thing using sync transaction
   - don't update dovecot-uidlist if dovecot.index.cache doesn't exist /
     there's nothing to cache
   - if all messages are expunged and there are no unknown extensions in index,
     unlink dovecot.index and rotate log and add some initial useful info to
     the log (uidvalidity, nextuid)

 - maildir
   - don't allow more than 26 keywords
   - physical separator could be configurable
   - lda+maildir: if new mails are in new/ or cur/ they're not added to
     dovecot-uidlist but newly saved mails are, so UIDs will be in wrong order

 - file_cache: we're growing the mmap in page size blocks, which is horribly
   slow if mremap() doesn't exist.

 - keywords:
    - add some limits to how many there can be
       - don't return \* in PERMANENTFLAGS when we're full
    - remove unused keywords?

 - mail caching
    - force bits should be used only for nonregistered fields
    - change envelope parsing not to use get_headers() so imap.envelope can
      actually be cached without all the headers..
    - if there's no other pressure for compression, we should do it when
      enough temp fields are ready to be dropped
    - we could try compressing same field values into a single
      location in cache file.
    - place some maximum limit of fields to cache file? maybe some soft and
      hard limits, so when soft limit is reached drop fields that have
      been used only once. when hard limit is reached drop any fields to get
      more space. all this to avoid cache file growing infinitely.

 - mbox
    - UID renumbering doesn't really work after all?
    - still problems with CRLF mboxes.. especially with broken Content-Length
      headers (pointing between CR-LF?)
    - syncing existing indexes takes 4x longer than creating new one, why?
    - how well does dirty sync + status work? it reads the last mail every
      time? not very good..
    - always add empty line. make the parser require it too? syncing should
      make sure there always exists two LFs at end of file. raw-mbox-stream
      should make sure the last message ends with LF even if it doesn't exist
      in the file
    - Quote "From ", unquote ">From "
    - COPY doesn't work to itself (lock assert crash, for now just disallowed)

 - index
    - read-only support for mailboxes where we don't have write-access
    - index file format changes:
        - split to "old" and "new" indexes and try to avoid loading "old" into
	  memory until needed
	- pack UIDs to beginning of file with UID ranges
	- use squat-like compressed uid ranges everywhere
        - write first extension intros in dovecot.index.log always with names
	   - or better yet, drop the intro concept completely as it is now
	- add "transaction boundaries" so we know which records belong to a
	  single transaction.
	   - only after that we can remove the transaction log offset
	     overwriting (otherwise we can get partial transactions in views)

 - lib-storage
    - x search charset asdf all -> should fail

 - login
    - Digest-MD5: support integrity protection, and maybe crypting. Do it
      through login process like SSL is done?

 - auth
    - with blocking passdb we're not caching lookups if the password was wrong
    - non-plaintext authentication doesn't support all features:
        - multiple passdbs don't work, only the first one is used
	- auth cache's last_success password change check doesn't exist
	- auth_cache_negative_ttl doesn't check password mismatches
    - dovecot-auth should limit how fast authentication requests are allowed
      from login processes. especially if there's one login/connection the speed
      should be something like once/sec. also limit how fast to accept new
    - support read-only logins. user could with alternative password get only
      read-access to mails so mails could be read relatively safely with
      untrusted computers. Maybe always send [ALERT] about the previous
      read-only login time with IP?

 - quota
    - if dovecot-uidlist can't be written, assume the new mails have UIDs 
      beginning from uidlist.next_uid. Whenever mails are expunged, overwrite
      the next_uid field with the current highest next_uid. Whenever we have
      assumed UIDs and uidlist gets updated, throw the client out with
      "inconsist mailbox".

 - ssl
    - add setting: ssl_options = bitmask. by default we enable all openssl
      workarounds, this could be used to disable some of them
    - gnutls support isn't working

 - search
    - message header search: we should ignore LWSP between two MIME blocks(?)
    - message_search_init() could accept multiple search keywords so we
      wouldn't need to call it separately for each one (so we wouldn't need
      to parse the message multiple times).
    - could optionally support scanning inside file attachments and use
      plugins to extract text out of them (word, excel, pdf, etc. etc.)
    - Create our own extension: When searching with TEXT/BODY, return
      the message text surrounding the keywords just like web search engines
      do. like: SEARCH X-PRINT-MATCHES TEXT "hello" -> * SEARCH 1 "He said:
      Hello world!" 2 "Hello, I'm ...". This would be especially useful with
      the above attachment scanning.

 - general
    - things break if next_uid gets to 2^32