KNOWN BUGS/MISFEATURES/DEFICIENCIES IN THE IMAP TOOLKIT
Last Updated: 10 December 2002
The following are known problems/deficiencies in the imap-2002a toolkit:
. Possible problems for some installations:
. In some versions of Redhat Linux, SVR4-style timezone name lookup
doesn't work properly due to a bug in glibc. The workaround is to
edit os_lnx.c to include tz_bsd.c instead of tz_sv4.c. Note that
other versions of Linux don't support BSD-style timezone name
lookup, so don't make this change unless it's needed on your system.
. In some systems, the OpenSSL distribution is installed other than at
the standard /usr/local/ssl location. If this is the case on your
system and you want to build with SSL support, you will need to set
the SSLDIR variable, either by including a setting of EXTRASPECIALS
in the make command line, e.g.
build lnp SPECIALAUTHENTICATORS=ssl EXTRASPECIALS="SSLDIR=/usr/ssl"
or by editing imap-2002a/src/osdep/unix/Makefile
. /tmp, /usr/tmp or /var/tmp (if present), and the mail spool directory
must be protected 1777 (world write with sticky bit); otherwise
mailbox locking and updates won't work.
. Multiple access protection locking does not work if the mailbox or
/tmp are NFS mounted.
. Shared access mailbox formats (mbx, mtx, mx, and tenex) do not work
well with NFS and such usage is not supported. mmdf and unix formats
are supported for use over NFS; however there won't be any multiple
access locking protection.
. Server startup delays may occur if a reverse DNS (IP address to name)
lookup on the client's IP address does not complete in an expeditious
fashion. This is actually a DNS problem and should be fixed in the
DNS and/or the server's host table. A workaround exists (see the
top-level Makefile for details) but is not recommended and can not
be used at all with Kerberos.
. At the insistance of the security gurus, SSL certification validation
is now on by default. This means that you must now use the new
/novalidate-cert switch if establishing an SSL connection to a server
with a self-signed certificate; i.e. if "imap.blurdybloop.com" has a
self-signed certificate, you must use a mailbox name such as
{imap.blurdybloop.com/ssl/novalidate-cert}INBOX
to get an SSL session instead of just
{imap.blurdybloop.com/ssl}INBOX
. GCC 8.x and above on SGI systems does not correct pass/return
structures which are smaller than 16 bytes and are not 8 bytes. The
problem is that structures are padded at the wrong end; e.g. a 4 byte
structure is loaded into the lower 4 bytes of the register when it
should be loaded into the upper 4 bytes of the register. This affects
IRIX 6 the most because it is a 64-bit system and 4 byte structures are
common. This compiler bug impacts the use of inet_ntoa() in c-client
and causes syslog messages to show IP addresses as 255.255.255.255
instead of the correct values. The fix is either to use SGI's C compiler
instead of GCC or link with an implementation of inet_ntoa() that was
built with GCC instead of the standard SGI C library version.
. By default, the UNIX SSL build assumes that RSAREF is not needed, because
RSA Security Inc. released the RSA public key encryption algorithm into
the public domain on September 6, 2000. There is no longer any need to
use RSAREF, and since RSAREF is slower than OpenSSL's RSA routines
there's good reason not to. If for some reason you still want to use
RSAREF, you will need to edit imap-2002a/src/osdep/unix/Makefile to
change SSLRSA to load libRSAglue and librsaref.
. By default, the UNIX SSL build assumes that no name conflict exists
between OpenSSL and Kerberos 5. If you are using an older version
of Kerberos, you may need to edit imap-2002a/src/osdep/unix/Makefile
to change SSLCRYPTO so that it loads the OpenSSL libcrypto library
explicitly as libcrypto.a.
. By default, host names are canonicalized via gethostbyname() and
gethostbyaddr() for everything except for SSL certificate validation.
This can represent a security bug due to DNS spoofing, but is more
likely to deliver results that users expect and also may be necessary
to get Kerberos to work. Set variable "trustdns" in mail.c to NIL if
you want to disable this.
. Bugs:
. It doesn't work to have a "}" character as a user name in /user= in a
mailbox name, even if the user name is quoted. In other words,
{blurdybloop.com/user="foo}bar"}zap won't work; foo will be interpreted
as an unterminated quoted string and the remote mailbox name will be
bar"}zap.
. Case-independent searching only works for the 26 Roman alphabetics and
not for any other characters
. The experimental mx driver has performance problems and shouldn't be used
. docs/internal.txt is out of date (again)
. Annoyances:
. Friendly host names (e.g. "server" instead of "server.foo.com") can't be
used in a mailbox name with SSL certificate validation; you have to enter
the fully-qualified domain name. This is a requirement established by
the security gurus.
. IMAP client limitations:
. No SASL protection mechanisms (SASL authentication mechanisms are
supported)
. POP client limitations:
. No SASL protection mechanisms (SASL authentication mechanisms are
supported)
. No POP3 UID support
. NNTP client limitations:
. No extensions support
. No SASL support
. SMTP client limitations:
. No SASL protection mechanisms (SASL authentication mechanisms are
supported)
. No support for use of TURN, ETRN, and pipelining.
. No support for enhanced status codes
. UNIX limitations:
. Supported local file formats: mbx, mh, mmdf, mtx, mx, news, phile, tenex,
unix
. Supported SASL mechanisms: CRAM-MD5, PLAIN, LOGIN, ANONYMOUS, GSSAPI
. Sticky UIDs are not supported in the mh, mtx, and tenex drivers
. Creation of keywords is not supported in the mh, mtx, and tenex drivers
. Flat file formats (mbx, mmdf, mtx, phile, tenex, unix) do not permit
mailboxes to have inferior names
. SSL temporary key should be seeded better than it is.
. Amiga limitations:
. Supported local file formats: mbx, mh, mmdf, mtx, mx, news, phile, tenex,
unix
. Supported SASL mechanisms: CRAM-MD5, PLAIN, LOGIN, ANONYMOUS
. Sticky UIDs are not supported in the mh, mtx, and tenex drivers
. Creation of keywords is not supported in the mh, mtx, and tenex drivers
. Flat file formats (mbx, mmdf, mtx, phile, tenex, unix) do not permit
mailboxes to have inferior names
. Win32 (Win9x/NT/Windows 2000) limitations:
. Supported local file formats: mbx, mtx, tenex, unix
. Supported SASL mechanisms: CRAM-MD5, PLAIN, LOGIN, ANONYMOUS, GSSAPI
. No server SSL or TLS support.
. No server authentication for GSSAPI
. No server authentication for CRAM-MD5 on NT/Windows 2000.
. Sticky UIDs are not supported in the mtxnt and tenexnt drivers
. Creation of keywords is not supported in the mtxnt and tenexnt drivers
. No support for TCP open timeouts
. Flat file formats (mbx, mtx, tenex, unix) do not permit mailboxes to have
inferior names
. Win16 (Win3.1)/DOS limitations:
. Supported local file formats: bezerk, mtx
. Supported SASL mechanisms: CRAM-MD5, LOGIN, ANONYMOUS
. Supported TCPs: B&W, Novell, PC-NFs, PC/TCP, Waterloo, Winsock
. Sticky UIDs are not supported on local files
. Creation of keywords are not supported on local files
. Bezerk driver is read-only and does not handle LF-only newlines well
. No support for any TCP timeouts on Waterloo DOS
. No support for TCP open timeouts on Winsock and generic DOS
. Flat file formats (bezerk, mtx) do not permit mailboxes to have inferior
names
. Does not work well unless a mailgets routine is armed when fetching
texts.
. Mac limitations:
. No local file drivers
. Supported SASL mechanisms: CRAM-MD5, LOGIN, ANONYMOUS
. Does not output human-friendly time zone string
. TOPS-20 limitations:
. No local file drivers
. Supported SASL mechanisms: CRAM-MD5, LOGIN, ANONYMOUS
. No support for any TCP timeouts
. VMS limitations:
. No local file drivers
. Supported SASL mechanisms: CRAM-MD5, LOGIN, ANONYMOUS
. Supported TCPs: Multinet, Netlib
. No support for any TCP timeouts on VMS Netlib
. No support for TCP open timeouts on VMS Multinet
. Time zone must be configured at build time
. Does not output human-friendly time zone string
. Windows CE limitations:
. No local file drivers
. Supported SASL mechanisms: CRAM-MD5, LOGIN, ANONYMOUS
. No support for TCP open timeouts
. Not finished, only builds c-client library
. OS/2 limitations:
. Not finished, does not build
