X-Git-Url: http://pileus.org/git/?a=blobdiff_plain;f=TODO.txt;h=7a0eeb0b4ddb5d2a9a900c54d00f43df8f9a5990;hb=87bcf29364c4640edb87cc2186b965d1a564d70c;hp=a6186a1f96f82ae74bb09c2c37bd8e06a8d95cec;hpb=3026bfee3c04ba09f13e4345eec0d6fbe14cc146;p=~andy%2Ffetchmail diff --git a/TODO.txt b/TODO.txt index a6186a1f..7a0eeb0b 100644 --- a/TODO.txt +++ b/TODO.txt @@ -1,12 +1,35 @@ Note that there is a separate todo.html with different content than this. soon - MUST: +- blacklist DigiNotar/Comodo/Türktrust hacks/certs, possibly with Chrome's serial# + list? +- check if wildcards from X.509 are handled as strictly as required by + the RFCs. +- audit if there are further untrusted data report_*() calls. - Debian Bug #475239, MIME decoder may break up words (need to quote results) - put bare IP addresses in brackets for SMTP (check if there are RFC 1123/5321/5322 differences) -- Debian Bug #531589: fetchmail ignores SIGUSR1 in idle mode. +- Fix further occurrences of SMTP reply code handling: + - for proper smtp_reponse caching of multiline codes (there are some) + - for stomping over control characters. +- check if smtpname and smtpaddress in particular work as advertised, + thread "Fetchmail with Postfix virtual users" around 2009-09-23 on + fetchmail-users@, by Joost Roeleveld and Gerard Seibert. +- virtual domain DOCUMENTATION (rewriting @example.com to + @virtual.example.com possible? Joost Roeleveld, thread "Fetchmail with + Postfix virtual users" around 2009-09-23 on fetchmail-users@). soon - SHOULD: +- support NIL and strings where they are alternatives to literals +- Debian Bug #531589: fetchmail ignores SIGUSR1 in idle mode. + seems non-trivial to fix: in imap_idle(), we wait for untagged + responses, and may be deep in SSL_peek -- and that restarts the + underlying blocking read() from the socket, so we never break out of + the SSL_peek() with SIGUSR1. +- add repoll for all kinds of auth failures + (requires framework to track which auth failed in auto mode) +- SockOpen sometimes exits with errno == 0, confusing users (found with + Google RealTime on Twitter) - make sure the man page completely lists all options (f. i. sslcertpath) in the tables. - allow \Deleted without \Seen, rf. @@ -14,24 +37,20 @@ soon - SHOULD: - document IMAP4 ACL requirements - CRYPTO: log configured server name on certificate mismatch (perhaps pay attention to via entries and stuff like that) -- CRYPTO: BerliOS Bug #11576, thread on fetchmail users "Invalid SSL certificate" by - Philip Susi, SSL negotiation does not use ERR_error_string(3ssl) to report - errors in a readable way, we just report socket errors with no good reason. - CRYPTO: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432618 * write a table of combinations of TLS/SSL options - add To: header to warning mails (authfail for instance) - Fix TOCTOU race around prc_filecheck* - Read CAPABILITY from greeting if present, saves one round trip. - Check if LAST argument is properly validated against message count. -- find a solution for the "invalid header" discards message problem - (escape headers and stuff reminder into body) - add Message-ID: header and other SHOULD headers to warning mails? -- report multiline SMTP errors properly (sample in private mail from - Earl Chew, 2007-07-30T02:28), Debian Bug #529899 - => requires reworking SMTP_ok to actually not only read the last line - of multiline replies, but buffer. +- report actual SMTP error with "SMTP listener refused delivery", sugg. + Richard Brooksby, fetchmail-users 2010-04-06. soon - MAY: +- find a better replacement for sscanf parsing - we don't usually + detect errors in format strings such as "* %d FETCH " because we don't + check if the FETCH is (a) present, (b) consumed. - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471176 => fetchmail: support utf-8 encoding in log file Revisit http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=400719 @@ -42,13 +61,13 @@ soon - MAY: - revise ticker, and add something like .........20%.... ... 100% (suggested by Yue Wu) - questionable: - Convert POP3 UIDs to X-UIDL? - fetch IMAP message in one go (fetchmail-devel by Adam Simpkins around Nov 2nd)? -6.4: +7.0: +- Properly free host/user entries (through C++ class instantiation and destructors...) - Remove stupid options, such as spambounce, or deferred bounces for anything but wrong addresses - Do not ever guess envelope from content headers such as To:/Cc:/Resent-To: or @@ -63,6 +82,8 @@ questionable: (silently allowing g+x). - make UID code more efficient, parsing is O(n^2), should be no worse than O(n log n), lookup is O(n), should be O(log n). + * Idea for C: use tfind/tsearch. Need to split idlist up + so it only keeps the ids, and use an array to track status. - help systematic debugging - by making logging more strict (Postfix's msg_* as example??) - by adding a --loggingtest or something that emits @@ -90,6 +111,10 @@ questionable: - CRYPTO: perhaps port to NSS? Check license and features and required procedure changes. - Redhat Bugs #333741 (crypto consolidation), #346891 (port fetchmail to NSS) - CRYPTO: make the SSL default v3 (rather than v23). +- CRYPTO: remove sslfingerprint? too easily abused (see NEWS) +- CRYPTO: force sslcertck +- CRYPTO: by default forbid cleartext or other compromising password + schemes over insecure connections? - put more hints to the FAQ (should we call it FGA?) as first support place - make sure we print socket error messages such as connection reset by peer to hint users the problem is not in fetchmail @@ -124,6 +149,8 @@ questionable: - allow forcing RETR (RETR vs. TOP, fetchmail-users, drbob 2008-01-11) - CRYPTO: use SASL? - make logfile more useful (redirect not only in daemon mode) +- close/reopen logfile on certain signals (for newsyslog/logrotate + support) - for virtual mapping, we don't currently support local user aliases or regexp matching with replacement. This would be useful for hosting several virtual domains in one multidrop mailbox, as in @@ -146,7 +173,12 @@ questionable: This probably entails some form of extended user mapping inside fetchmail, for map_name() in transact.c, and possibly find_server_names() ibidem. +- more verbose diagnostics, what, why, how, ... (what does fetchmail do, what + does it expect, what does it get instead, what does that mean, how can the + user fix it; references to the manual) + DOCUMENTATION: - Add info whether Keywords are global, server or user keywords - consolidate multidrop documentation +- HOWTO (on configuration, and on SSL in particular)