Upgrading Dovecot v2.2 to v2.3
==============================

Downgrading is possible to v2.2.27 and later. (v2.2.27 accidentally broke
dovecot.index* backwards compatibility a bit.)

Settings changes
----------------

 * 'director_doveadm_port' setting removed. Name the 'inet_listener doveadm {
   .. }' instead.
 * 'mdbox_purge_preserve_alt' setting removed. It's always assumed to be "yes"
   now.
 * 'director_consistent_hashing' setting removed. It's always assumed to be
   "yes" now.
 * 'recipient_delimiters' setting used to be treated as a separator string. Now
   it's instead treated as a list of alternative delimiter characters.
 * Time interval based settings no longer default to "seconds". All numbers
   must explicitly be followed by the time unit (except 0). This is important,
   because some settings now support milliseconds as well.

Localhost auth penalty
----------------------

Dovecot no longer disables auth penalty waits for clients connecting from
localhost (or login_trusted_networks in general). The previous idea was that it
would likely be a webmail that would have its own delays, but there are no
guarantees about this.

If the old behavior is still wanted, it's possible to do nowadays even more
generically with e.g.:

---%<-------------------------------------------------------------------------
passdb {
 driver = passwd-file
 args = username_format=%{rip} /etc/dovecot/passdb
}
---%<-------------------------------------------------------------------------

/etc/dovecot/passdb:

---%<-------------------------------------------------------------------------
127.0.0.1:::::::nodelay=yes
192.168.10.124:::::::nodelay=yes
---%<-------------------------------------------------------------------------

Setting default changes
-----------------------

 * mdbox_rotate_size=2M -> 10M
 * mailbox_list_index=no -> yes
 * imap_logout_format=in=%i out=%o
    * -> in=%i out=%o deleted=%{deleted} expunged=%{expunged}
      trashed=%{trashed} hdr_count=%{fetch_hdr_count}
      hdr_bytes=%{fetch_hdr_bytes} body_count=%{fetch_body_count}
      body_bytes=%{fetch_body_bytes}
 * ssl_cipher_list=ALL:!LOW:!SSLv2:!EXP:!aNULL
    * ->
      ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
 * mail_log_prefix="%s(%u): "
    * -> "%s(%u)<%{pid}><%{session}>: "
 * mysql: ssl_verify_server_cert=no -> yes
 * ssl_options: no_compression is now enabled by default.

Diffie-Hellman parameters for SSL
---------------------------------

 * ssl-parameters.dat file is now obsolete. You should use ssl_dh setting
   instead:'ssl_dh=</etc/dovecot/dh.pem'
    * You can convert an existing ssl-parameters.dat to dh.pem:

      ---%<-------------------------------------------------------------------
      dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh
      -inform der > /etc/dovecot/dh.pem
      ---%<-------------------------------------------------------------------

Other changes
-------------

 * doveadm: table formatter prints the header now to stdout, not stderr
 * doveadm: Removed mount commands
 * subscriptions file is written in a new version 2 format. Dovecot v2.2.17 and
   newer can read this file.
 * mail_log plugin: Headers are logged as UTF-8 (instead of MIME-encoded)
 * auth: When iterating users in userdb passwd, skip users that aren't in the
   first/last_valid_gid range
 * auth protocol has changed some error fields:
    * temp -> code=temp_fail
    * authz -> code=authz_fail
    * user_disabled -> code=user_disabled
    * pass_expired -> code=pass_expired

(This file was created from the wiki on 2017-10-10 04:42)
