Dovecot Changelog

New in version 2.2.15

October 25th, 2014
  • Plugins can now print a banner comment in doveconf output (typically the plugin version)
  • Replication plugin now triggers low (instead of high) priority for mail copying operations.
  • IMAP/POP3/ManageSieve proxy: If destination server can't be connected to, retry connecting once per second up to the value of proxy_timeout. This allows quick restarts/upgrades on the backend server without returning login failures.
  • Internal passdb lookups (e.g. done by lmtp/doveadm proxy) wasn't returning failure in some situations where it should have (e.g. allow_nets mismatch)
  • LMTP uses mail_log_prefix now for logging mail deliveries instead of a hardcoded prefix. The non-delivery log prefix is still hardcoded though.
  • passdb allow_nets=local matches lookups that don't contain an IP address (internally done by Dovecot services)
  • Various debug logging and error logging improvements
  • Various race condition fixes to LAYOUT=index
  • v2.2.14 virtual plugin crashed in some situations

New in version 2.2.14 (October 15th, 2014)

  • Some of the more important fixes since RC1:
  • Fixed several race conditions with dovecot.index.cache handling that may have caused unnecessary "cache is corrupted" errors.
  • auth: If auth client listed userdb and disconnected before finishing, the auth worker process got stuck (and eventually all workers could get used up and requests would start failing).
  • Some of the larger changes since v2.2.13:
  • lmtp: Delivered-To: header no longer contains around the email address. Other MDAs don't have it either.
  • "Out of disk space" errors are now treated as temporary errors (not the same as "Out of disk quota").
  • replication plugin: Use replication only for users who have a non-empty mail_replica setting.
  • lmtp proxy: Log a line about each mail delivery.Added login_source_ips setting. This can be used to set the source IP address round-robin from a pool of IPs (in case you run out of TCP ports).Rawlog settings can use tcp:: as the path.virtual plugin: Don't keep more than virtual_max_open_mailboxes (default 64) number of backend mailboxes open.SSL/TLS compression can be disabled with ssl_options=no_compressionacl: Global ACL file now supports "quotes" around patterns.Added last-login plugin to set user's last-login timestamp on login.LDAP auth: Allow passdb credentials lookup also with auth_bind=yes
  • IMAP: MODSEQ was sent in FETCH reply even if CONDSTORE/QRESYNC wasn't enabled. This broke at least old Outlooks.
  • passdb static treated missing password field the same as an empty password field.
  • mdbox: Fixed potential infinite looping when scanning a broken mdbox file.
  • imap-login, pop3-login: Fixed potential crashes when client disconnected unexpectedly.
  • imap proxy: The connection was hanging in some usage patterns. This mainly affected older Outlooks.
  • lmtp proxy: The proxy sometimes delivered empty mails in error situations or potentially delivered truncated mails.
  • fts-lucene: If whitespace_chars was set, we may have ended up indexing some garbage words, growing the index size unnecessarily.
  • -c and -i parameters for dovecot/doveadm commands were ignored if the config socket was readable.
  • quota: Quota recalculation didn't include INBOX in some setups.
  • Mail headers were sometimes added to dovecot.index.cache in wrong order. The main problem this caused was with dsync+imapc incremental syncing when the second sync thought the local mailbox had changed.
  • doveadm backup didn't notice if emails were missing from the middle of the destination mailbox. Now it deletes and resyncs the mailbox.

New in version 2.2.11 (February 12th, 2014)

  • acl plugin: Added an alternative global ACL file that can contain mailbox patterns. See for details.
  • imap proxy: Added proxy_nopipelining passdb setting to work around other IMAP servers' bugs (MS Exchange 2013 especially).
  • Added %{auth_user}, %{auth_username} and %{auth_domain} variables. See for details.
  • Added support for LZ4 compression.
  • stats: Track also wall clock time for commands.
  • pop3_migration plugin improvements to try harder to match the UIDLs correctly.
  • imap: SEARCH/SORT PARTIAL reponses may have been too large.
  • doveadm backup: Fixed assert-crash when syncing mailbox deletion.

New in version 2.2.10 (December 20th, 2013)

  • auth: passdb/userdb dict rewrite to support much more complex setups. See doc/example-config/dovecot-dict-auth.conf.ext. The old settings will continue to work.
  • auth: Added userdb result_success/failure/tempfail and skip settings, similar to passdb's. See
  • imap: Implemented SETQUOTA command for admin user when quota_set is configured. See
  • quota: Support "*" and "?" wildcards in mailbox names in quota_rules
  • mysql: Added ssl_verify_server_cert=no|yes parameter. This currently defaults to "no" to make sure nothing breaks, but likely will become "yes" in Dovecot v2.3.
  • ldap: Added blocking=yes setting to use auth worker processes for ldap lookups. This is a workaround for now to be able to use multiple simultaneous LDAP connections.
  • pop3c+dsync performance improvements
  • quota-status: quota_grace was ignored
  • ldap: Fixed memory leak with auth_bind=yes and without auth_bind_userdn.
  • imap: Don't send HIGHESTMODSEQ anymore on SELECT/EXAMINE when CONDSTORE/QRESYNC has never before been enabled for the mailbox.
  • imap: Fixes to handling mailboxes without permanent modseqs. (When [NOMODSEQ] is returned by SELECT, mainly with in-memory indexes.)
  • imap: Various fixes to METADATA support.
  • stats plugin: Processes that only temporarily dropped privileges (e.g. indexer-worker) may have been logging errors about not being able to open /proc/self/io.

New in version 2.2.9 (November 26th, 2013)

  • Full text search indexing can now be done automatically after saving/copying mails by setting plugin { fts_autoindex=yes }
  • replicator: Added replication_dsync_parameters setting to pass "doveadm sync" parameters (for controlling what to replicate).
  • Added mail-filter plugin
  • Added liblzma/xz support (zlib_save=xz)
  • v2.2.8's improved cache file handling exposed several old bugs related to fetching mail headers.
  • v2.2.7's iostream handling changes were causing some connections to be disconnected before flushing their output (e.g. POP3 logout message wasn't being sent)

New in version 2.2.8 (November 20th, 2013)

  • Some usage of passdb checkpassword could have been exploitable by local users. You may need to modify your setup to keep it working. See

New in version 2.2.7 (November 4th, 2013)

  • Some usage of passdb checkpassword could have been exploitable by local users. You may need to modify your setup to keep it working. See
  • auth: Added ability to truncate values logged by auth_verbose_passwords (see 10-logging.conf comment)
  • mdbox: Added "mdbox_deleted" storage, which can be used to access messages with refcount=0. For example: doveadm import mdbox_deleted:~/mdbox "" mailbox inbox subject oops
  • ssl-params: Added ssl_dh_parameters_length setting.
  • master process was doing a hostname.domain lookup for each created process, which may have caused a lot of unnecessary DNS lookups.
  • dsync: Syncing over 100 messages at once caused problems in some situations, causing messages to get new UIDs.
  • fts-solr: Different Solr hosts for different users didn't work.

New in version 2.2.6 (September 26th, 2013)

  • acl: If public/shared namespace has a shared subscriptions file for all users, don't list subscription entries that are not visible to the user accessing it.
  • doveadm: Added "auth lookup" command for doing passdb lookup.
  • login_log_format_elements: Added %{orig_user}, %{orig_username} and %{orig_domain} expanding to the username exactly as sent by the client (before any changes auth process made).
  • Added ssl_prefer_server_ciphers setting.
  • auth_verbose_passwords: Log the password also for unknown users.
  • Linux: Added optional support for SO_REUSEPORT with inet_listener { reuse_port=yes }
  • director: v2.2.5 changes caused "SYNC lost" errors
  • dsync: Many fixes and error handling improvements
  • doveadm -A: Don't waste CPU by doing a separate config lookup for each user
  • Long-running ssl-params process no longer prevents Dovecot restart
  • mbox: Fixed mailbox_list_index=yes to work correctly

New in version 2.2.5 (August 6th, 2013)

  • SSL: Added support for ECDH/ECDHE cipher suites (by David Hicks)
  • Added some missing man pages (by Pascal Volk)
  • quota-status: Added quota_status_toolarge setting (by Ulrich Zehl)
  • director: Users near expiration could have been redirected to different servers at the same time.
  • pop3: Avoid assert-crash if client disconnects during LIST.
  • mdbox: Corrupted index header still wasn't automatically fixed.
  • dsync: Various fixes to work better with imapc and pop3c storages.
  • ldap: sasl_bind=yes caused crashes, because Dovecot's lib-sasl symbols conflicted with Cyrus SASL library.
  • imap: Various error handling fixes to CATENATE. (Found using Apple's stress test script.)