I've found that Binc is broken in a non-chrooted environment. 1) Various bits of meta data (subscribed folders, uidvalidity data etc) are stored in files that are referred to in different ways:
- sometimes as "/filename" (which only works under chroot) - sometimes as "/path/to/imap-folder/filename" (which also only works under chroot) - sometimes as "/absolute/path/from/filesystem/root/filename" (which works all the time, so long as it's before the chroot) - sometimes as "filename" (may or may not work at all) It would probably be a good plan to either remove non-chrooted use as an option or make the choice of filesystem names more consistent. Personally, I'd prefer to have the option of not running with chroot so that I don't _have_ to run checkpassword as root (since I'm not a getpwnam kind of guy). Therefore I think that the most consistent approach would be to refer to filenames as ./path/to/filename and only open user-specific files after any chroot or chdir (see below). 2) There also isn't a chdir into the directory supplied by checkpassword in a non-chrooted environment. Also: There's a getpwnam in bincimap-auth-checkpassword.cc. Surely that's a waste of time at best (it's completely breaks any virtual user scenarios). By design, shouldn't binc let checkpassword will handle authentication and authorisation? The idea of forcing TLS doesn't appeal to me, as I believe it's up to the system owner to determine policy. It's easy enought to disable, but it sure would be nice if the "clear text passwords in unencrypted connections" flag worked. My belief is that the endpoints of any connection are the weakest points, not the network in between, and that TLS and SSL are therefore less useful than taking precautions with the data storage (by encrypting it, for instance). But that's just me. :) Otherwise, Binc seems to be a pretty reasonable IMAP server. A larger memory footprint than courier-imap, but it feels a bit faster, whatever that means. Not needing GDBM/BDB libraries is also nice. I suppose the memory footprint may be able to be reduced by adopting the DJB-style 'qmail-popup' and 'qmail-pop3d' separation, but that's a whole new can of worms. Roland
