rev |
line source |
yuuji@0
|
1 /* ========================================================================
|
yuuji@0
|
2 * Copyright 1988-2007 University of Washington
|
yuuji@0
|
3 *
|
yuuji@0
|
4 * Licensed under the Apache License, Version 2.0 (the "License");
|
yuuji@0
|
5 * you may not use this file except in compliance with the License.
|
yuuji@0
|
6 * You may obtain a copy of the License at
|
yuuji@0
|
7 *
|
yuuji@0
|
8 * http://www.apache.org/licenses/LICENSE-2.0
|
yuuji@0
|
9 *
|
yuuji@0
|
10 *
|
yuuji@0
|
11 * ========================================================================
|
yuuji@0
|
12 */
|
yuuji@0
|
13
|
yuuji@0
|
14 KNOWN BUGS/MISFEATURES/DEFICIENCIES IN THE IMAP TOOLKIT
|
yuuji@0
|
15 Last Updated: 15 November 2007
|
yuuji@0
|
16
|
yuuji@0
|
17 The following are known problems/deficiencies in the imap-2007 toolkit:
|
yuuji@0
|
18
|
yuuji@0
|
19 . Possible problems for some installations:
|
yuuji@0
|
20 . In some versions of Redhat Linux, SVR4-style timezone name lookup
|
yuuji@0
|
21 doesn't work properly due to a bug in glibc. The workaround is to
|
yuuji@0
|
22 edit os_lnx.c to include tz_bsd.c instead of tz_sv4.c. Note that
|
yuuji@0
|
23 other versions of Linux don't support BSD-style timezone name
|
yuuji@0
|
24 lookup, so don't make this change unless it's needed on your system.
|
yuuji@0
|
25 . In some systems, the OpenSSL distribution is installed other than at
|
yuuji@0
|
26 the standard /usr/local/ssl location. If this is the case on your
|
yuuji@0
|
27 system and you want to build with SSL support, you will need to set
|
yuuji@0
|
28 the SSLDIR variable, either by including a setting of EXTRASPECIALS
|
yuuji@0
|
29 in the make command line, e.g.
|
yuuji@0
|
30 build lnp SPECIALAUTHENTICATORS=ssl EXTRASPECIALS="SSLDIR=/usr/ssl"
|
yuuji@0
|
31 or by editing .../src/osdep/unix/Makefile
|
yuuji@0
|
32 . /tmp, /usr/tmp or /var/tmp (if present), and the mail spool directory
|
yuuji@0
|
33 must be protected 1777 (world write with sticky bit); otherwise
|
yuuji@0
|
34 mailbox locking and updates won't work. An alternative to 1777 on
|
yuuji@0
|
35 the mail spool directory is to install the mlock program that is
|
yuuji@0
|
36 bundled with the IMAP toolkit.
|
yuuji@0
|
37 . Multiple access protection locking does not work if the mailbox or
|
yuuji@0
|
38 /tmp are NFS mounted.
|
yuuji@0
|
39 . Shared access mailbox formats (mbx, mtx, mx, and tenex) do not work
|
yuuji@0
|
40 well with NFS and such usage is not supported. mmdf and unix formats
|
yuuji@0
|
41 are supported for use over NFS; however there won't be any multiple
|
yuuji@0
|
42 access locking protection.
|
yuuji@0
|
43 . Server startup delays may occur if a reverse DNS (IP address to name)
|
yuuji@0
|
44 lookup on the client's IP address does not complete in an expeditious
|
yuuji@0
|
45 fashion. This is actually a DNS problem and should be fixed in the
|
yuuji@0
|
46 DNS and/or the server's host table. A workaround exists (see the
|
yuuji@0
|
47 top-level Makefile for details) but is not recommended and can not
|
yuuji@0
|
48 be used at all with Kerberos.
|
yuuji@0
|
49 . At the insistance of the security gurus, SSL certification validation
|
yuuji@0
|
50 is now on by default. This means that you must now use the new
|
yuuji@0
|
51 /novalidate-cert switch if establishing an SSL connection to a server
|
yuuji@0
|
52 with a self-signed certificate; i.e. if "imap.example.com" has a
|
yuuji@0
|
53 self-signed certificate, you must use a mailbox name such as
|
yuuji@0
|
54 {imap.example.com/ssl/novalidate-cert}INBOX
|
yuuji@0
|
55 to get an SSL session instead of just
|
yuuji@0
|
56 {imap.example.com/ssl}INBOX
|
yuuji@0
|
57 . GCC 8.x and above on SGI systems does not correctly pass/return
|
yuuji@0
|
58 structures which are smaller than 16 bytes and are not 8 bytes. The
|
yuuji@0
|
59 problem is that structures are padded at the wrong end; e.g. a 4 byte
|
yuuji@0
|
60 structure is loaded into the lower 4 bytes of the register when it
|
yuuji@0
|
61 should be loaded into the upper 4 bytes of the register. This affects
|
yuuji@0
|
62 IRIX 6 the most because it is a 64-bit system and 4 byte structures are
|
yuuji@0
|
63 common. This compiler bug impacts the use of inet_ntoa() in c-client
|
yuuji@0
|
64 and causes syslog messages to show IP addresses as 255.255.255.255
|
yuuji@0
|
65 instead of the correct values. The fix is either to use SGI's C compiler
|
yuuji@0
|
66 instead of GCC or link with an implementation of inet_ntoa() that was
|
yuuji@0
|
67 built with GCC instead of the standard SGI C library version.
|
yuuji@0
|
68 . By default, the UNIX SSL build assumes that RSAREF is not needed, because
|
yuuji@0
|
69 RSA Security Inc. released the RSA public key encryption algorithm into
|
yuuji@0
|
70 the public domain on September 6, 2000. There is no longer any need to
|
yuuji@0
|
71 use RSAREF, and since RSAREF is slower than OpenSSL's RSA routines
|
yuuji@0
|
72 there's good reason not to. If for some reason you still want to use
|
yuuji@0
|
73 RSAREF, you will need to edit .../src/osdep/unix/Makefile to
|
yuuji@0
|
74 change SSLRSA to load libRSAglue and librsaref.
|
yuuji@0
|
75 . By default, the UNIX SSL build assumes that no name conflict exists
|
yuuji@0
|
76 between OpenSSL and Kerberos 5. If you are using an older version
|
yuuji@0
|
77 of Kerberos, you may need to edit .../src/osdep/unix/Makefile
|
yuuji@0
|
78 to change SSLCRYPTO so that it loads the OpenSSL libcrypto library
|
yuuji@0
|
79 explicitly as libcrypto.a.
|
yuuji@0
|
80 . By default, host names are canonicalized via gethostbyname() and
|
yuuji@0
|
81 gethostbyaddr() for everything except for SSL certificate validation.
|
yuuji@0
|
82 This can represent a security bug due to DNS spoofing, but is more
|
yuuji@0
|
83 likely to deliver results that users expect and also may be necessary
|
yuuji@0
|
84 to get Kerberos to work. Set variable "trustdns" in mail.c to NIL if
|
yuuji@0
|
85 you want to disable this.
|
yuuji@0
|
86
|
yuuji@0
|
87 . Bugs:
|
yuuji@0
|
88 . It doesn't work to have a "}" character as a user name in /user= in a
|
yuuji@0
|
89 mailbox name, even if the user name is quoted. In other words,
|
yuuji@0
|
90 {example.com/user="foo}bar"}zap
|
yuuji@0
|
91 won't work; foo will be interpreted as an unterminated quoted string
|
yuuji@0
|
92 and the remote mailbox name will be
|
yuuji@0
|
93 bar"}zap.
|
yuuji@0
|
94 . The experimental mx driver has performance problems and shouldn't be used
|
yuuji@0
|
95 . docs/internal.txt is out of date (again)
|
yuuji@0
|
96
|
yuuji@0
|
97 . UIDPLUS bugs/limitations:
|
yuuji@0
|
98 . Not supported in all local file formats (see below).
|
yuuji@0
|
99 . There are two known issues with UIDPLUS in the mmdf and unix formats:
|
yuuji@0
|
100 (a) If the destination mailbox is currently selected (whether in this
|
yuuji@0
|
101 or another session), no COPYUID or APPENDUID is returned. The other
|
yuuji@0
|
102 choice was to assign a UID based upon the uid_last value and hope
|
yuuji@0
|
103 that the session selecting the mailbox would pick it up and update
|
yuuji@0
|
104 uid_last. The problem was a timing race if another message was
|
yuuji@0
|
105 copied/appended to that mailbox before the selecting session updated
|
yuuji@0
|
106 the mailbox. If the timing race is lost, then all UID in the mailbox
|
yuuji@0
|
107 would be reassigned by the selecting session, thus making the
|
yuuji@0
|
108 returned APPENDUID/COPYUID data useless and causing a performance
|
yuuji@0
|
109 problem.
|
yuuji@0
|
110 Earlier versions did the "hope for the best" method. This was
|
yuuji@0
|
111 revoked in favor of not returning COPYUID/APPENDUID.
|
yuuji@0
|
112 Although this violates RFC 4315, there is a loophole which, although
|
yuuji@0
|
113 for other purposes, permits this behavior.
|
yuuji@0
|
114 (b) There is a known failure if the destination mailbox is currently
|
yuuji@0
|
115 selected by legacy software (e.g. older versions of the IMAP
|
yuuji@0
|
116 server, Pine, etc.). In this case, all UIDs end up being
|
yuuji@0
|
117 reassigned by the legacy software.
|
yuuji@0
|
118
|
yuuji@0
|
119 . Annoyances:
|
yuuji@0
|
120 . Friendly host names (e.g. "server" instead of "server.foo.com") can't be
|
yuuji@0
|
121 used in a mailbox name with SSL certificate validation; you have to enter
|
yuuji@0
|
122 the fully-qualified domain name. This is a requirement established by
|
yuuji@0
|
123 the security gurus.
|
yuuji@0
|
124
|
yuuji@0
|
125 . IMAP client limitations:
|
yuuji@0
|
126 . No SASL protection mechanisms (SASL authentication mechanisms are
|
yuuji@0
|
127 supported)
|
yuuji@0
|
128
|
yuuji@0
|
129 . NNTP client limitations:
|
yuuji@0
|
130 . Non-standard IMAP SCAN extension not supported
|
yuuji@0
|
131
|
yuuji@0
|
132 . POP client limitations:
|
yuuji@0
|
133 . No SASL protection mechanisms (SASL authentication mechanisms are
|
yuuji@0
|
134 supported)
|
yuuji@0
|
135 . No POP3 UID support
|
yuuji@0
|
136 . Non-standard IMAP SCAN extension not supported
|
yuuji@0
|
137
|
yuuji@0
|
138 . SMTP client limitations:
|
yuuji@0
|
139 . No SASL protection mechanisms (SASL authentication mechanisms are
|
yuuji@0
|
140 supported)
|
yuuji@0
|
141 . No support for use of TURN, ETRN, and pipelining.
|
yuuji@0
|
142 . No support for enhanced status codes
|
yuuji@0
|
143
|
yuuji@0
|
144 . UNIX limitations:
|
yuuji@0
|
145 . IPv6 is supported but is not the default on most platforms; you have to
|
yuuji@0
|
146 use IP=6 in the make command
|
yuuji@0
|
147 . Supported local file formats: mbx, mh, mmdf, mix, mtx, mx, news, phile,
|
yuuji@0
|
148 tenex, unix
|
yuuji@0
|
149 . Supported SASL mechanisms: CRAM-MD5, PLAIN, LOGIN, ANONYMOUS, GSSAPI
|
yuuji@0
|
150 . Sticky UIDs are not supported in the mh, mtx, and tenex drivers
|
yuuji@0
|
151 . Creation of keywords is not supported in the mh, mtx, and tenex drivers
|
yuuji@0
|
152 . Copy and append of keywords only works in the mbx driver.
|
yuuji@0
|
153 . Flat file formats (mbx, mmdf, mtx, phile, tenex, unix) do not permit
|
yuuji@0
|
154 mailboxes to have inferior names
|
yuuji@0
|
155 . SSL temporary key should be seeded better than it is.
|
yuuji@0
|
156 . UIDPLUS support is limited to the unix, mmdf, mbx, mx, and mix formats.
|
yuuji@0
|
157 . Non-standard IMAP SCAN extension not support for mh and news formats.
|
yuuji@0
|
158
|
yuuji@0
|
159 . Amiga limitations:
|
yuuji@0
|
160 . Supported local file formats: mbx, mh, mmdf, mix, mtx, mx, news, phile,
|
yuuji@0
|
161 tenex, unix
|
yuuji@0
|
162 . Supported SASL mechanisms: CRAM-MD5, PLAIN, LOGIN, ANONYMOUS
|
yuuji@0
|
163 . Sticky UIDs are not supported in the mh, mtx, and tenex drivers
|
yuuji@0
|
164 . Creation of keywords is not supported in the mh, mtx, and tenex drivers
|
yuuji@0
|
165 . Copy and append of keywords only works in the mbx driver.
|
yuuji@0
|
166 . Flat file formats (mbx, mmdf, mtx, phile, tenex, unix) do not permit
|
yuuji@0
|
167 mailboxes to have inferior names
|
yuuji@0
|
168 . UIDPLUS support is limited to the unix, mmdf, mbx, mx, and mix formats.
|
yuuji@0
|
169 . Non-standard IMAP SCAN extension not supported for mh and news formats.
|
yuuji@0
|
170
|
yuuji@0
|
171 . Win32 (Win9x/NT/Windows 2000) limitations:
|
yuuji@0
|
172 . IPv6 is supported in W2K builds but is not the default; you have to use
|
yuuji@0
|
173 IP=6 in the nmake command
|
yuuji@0
|
174 . Supported local file formats: mbx, mtx, tenex, unix
|
yuuji@0
|
175 . Supported SASL mechanisms: CRAM-MD5, PLAIN, LOGIN, ANONYMOUS, GSSAPI
|
yuuji@0
|
176 . No server SSL or TLS support.
|
yuuji@0
|
177 . No server authentication for GSSAPI
|
yuuji@0
|
178 . No server authentication for CRAM-MD5 on NT-based Windows (NT/2K/XP);
|
yuuji@0
|
179 it does work on DOS-based Windows (9x/Me).
|
yuuji@0
|
180 . Sticky UIDs are not supported in the mtxnt and tenexnt drivers
|
yuuji@0
|
181 . Creation of keywords is not supported in the mtxnt and tenexnt drivers
|
yuuji@0
|
182 . Copy and append of keywords only works in the mbxnt driver.
|
yuuji@0
|
183 . No support for TCP open timeouts
|
yuuji@0
|
184 . Flat file formats (mbx, mtx, tenex, unix) do not permit mailboxes to have
|
yuuji@0
|
185 inferior names
|
yuuji@0
|
186 . UIDPLUS support is limited to the unix and mbx formats.
|
yuuji@0
|
187
|
yuuji@0
|
188 . Win16 (Win3.1)/DOS limitations:
|
yuuji@0
|
189 . IPv6 not supported
|
yuuji@0
|
190 . Supported local file formats: bezerk, mtx
|
yuuji@0
|
191 . Supported SASL mechanisms: CRAM-MD5, LOGIN, ANONYMOUS
|
yuuji@0
|
192 . Supported TCPs: B&W, Novell, PC-NFs, PC/TCP, Waterloo, Winsock
|
yuuji@0
|
193 . Sticky UIDs are not supported on local files
|
yuuji@0
|
194 . Creation of keywords are not supported on local files
|
yuuji@0
|
195 . Bezerk driver is read-only and does not handle LF-only newlines well
|
yuuji@0
|
196 . No support for any TCP timeouts on Waterloo DOS
|
yuuji@0
|
197 . No support for TCP open timeouts on Winsock and generic DOS
|
yuuji@0
|
198 . Flat file formats (bezerk, mtx) do not permit mailboxes to have inferior
|
yuuji@0
|
199 names
|
yuuji@0
|
200 . Does not work well unless a mailgets routine is armed when fetching
|
yuuji@0
|
201 texts.
|
yuuji@0
|
202
|
yuuji@0
|
203 . Mac limitations:
|
yuuji@0
|
204 . IPv6 not supported
|
yuuji@0
|
205 . No local file drivers
|
yuuji@0
|
206 . Supported SASL mechanisms: CRAM-MD5, LOGIN, ANONYMOUS
|
yuuji@0
|
207 . Does not output human-friendly time zone string
|
yuuji@0
|
208
|
yuuji@0
|
209 . TOPS-20 limitations:
|
yuuji@0
|
210 . IPv6 not supported
|
yuuji@0
|
211 . No local file drivers
|
yuuji@0
|
212 . Supported SASL mechanisms: CRAM-MD5, LOGIN, ANONYMOUS
|
yuuji@0
|
213 . No support for any TCP timeouts
|
yuuji@0
|
214
|
yuuji@0
|
215 . VMS limitations:
|
yuuji@0
|
216 . IPv6 not supported
|
yuuji@0
|
217 . No local file drivers
|
yuuji@0
|
218 . Supported SASL mechanisms: CRAM-MD5, LOGIN, ANONYMOUS
|
yuuji@0
|
219 . Supported TCPs: Multinet, Netlib
|
yuuji@0
|
220 . No support for any TCP timeouts on VMS Netlib
|
yuuji@0
|
221 . No support for TCP open timeouts on VMS Multinet
|
yuuji@0
|
222 . Time zone must be configured at build time
|
yuuji@0
|
223 . Does not output human-friendly time zone string
|
yuuji@0
|
224
|
yuuji@0
|
225 . Windows CE limitations:
|
yuuji@0
|
226 . IPv6 not yet supported
|
yuuji@0
|
227 . No local file drivers
|
yuuji@0
|
228 . Supported SASL mechanisms: CRAM-MD5, LOGIN, ANONYMOUS
|
yuuji@0
|
229 . No support for TCP open timeouts
|
yuuji@0
|
230 . Not finished, only builds c-client library
|
yuuji@0
|
231
|
yuuji@0
|
232 . OS/2 limitations:
|
yuuji@0
|
233 . IPv6 not supported
|
yuuji@0
|
234 . Not finished, does not build
|