Bug#1070488: Enable QUICK support
HTTP/3 is a key feature of nginx 1.26 and newer, we definitely need the ngx_http_v3_module enabled in this package.
Bug#1042899: bind9: Superfluous listen-on-v6 option given in named.conf.options
Package: bind9
Version: 1:9.18.16-1~deb12u1
Severity: minor
X-Debbugs-Cc: lzq...@gmail.com
On a default installation of bind9 on Debian, this option is included:
listen-on-v6 { any; };
According to the bind9 documentation, this is the default anyway, and does
not need to be specified:
https://bind9.readthedocs.io/en/stable/reference.html#namedconf-statement-listen-on-v6
Furthermore, this (unnecessary) listen-on option for IPv4 is not specified
in Debian's default configuration, making listen-on-v6's inclusion
inconsistent with the default IPv4 options:
listen-on { any; };
Therefore I propose this option is removed from the default bind9 Debian
configuration for consistency with IPv4:
listen-on-v6 { any; };
Bug#1037127: exim4-config: Example Dovecot authenticator for Exim allows plaintext non TLS AUTH by default
Package: exim4-config
Version: 4.94.2-7
Severity: normal
X-Debbugs-Cc: lzq...@gmail.com
In Debian unstable exim4.conf.template, the example authenticator for
Dovecot, dovecot_plain_server, does not enforce TLS security for plaintext
authentication by default.
The Exim config should be changed to only advertise AUTH if the connection
is encrypted, in line with the other plain text authenticators, by adding
the final three lines below:
# dovecot_plain_server:
# driver = dovecot
# public_name = PLAIN
# server_socket = /var/spool/exim4/dovecot.auth-client
# server_set_id = $auth1
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
# .endif
Bug#1014961: dovecot-core: Exim unix listener configuration example
Package: dovecot-core
Version: 1:2.3.13+dfsg1-2
Severity: wishlist
X-Debbugs-Cc: lzq...@gmail.com
In the default Exim configuration file there are instructions for setting up a
unix listener in Dovecot for authentication:
# Use dovecot as authentication backend
# Requires changes to dovecot configuration:
# 8X-
# --- /etc/dovecot/conf.d/10-master.conf2020-12-22 13:26:52.0 +
# +++ /etc/dovecot/conf.d/10-master.conf 2022-07-13 11:17:02.479100984 +
# @@ -108,6 +108,14 @@
## mode = 0666
##}
#
# +### SASL listener for exim start
# + # SASL exim
# + unix_listener /var/spool/exim4/dovecot.auth-client {
# + mode = 0660
# + group = Debian-exim
# + }
# +### SASL listener for exim end
# +
## Auth process is run as this user.
##user = $default_internal_user
# }
# 8X-
It would be good if this commented example for Exim was inserted into Dovecot's
10-master.conf configuration file underneath the Postfix example listener to
make setup quicker.
Bug#1014235: exim4: Include Dovecot SASL authenticator in default Exim configuration file
Package: exim4 Version: 4.94.2-7 Severity: wishlist X-Debbugs-Cc: lzq...@gmail.com The current preferred mechanism in the Exim configuration for authenticating users against system passwords is saslauthd, which requires installing additional software. Dovecot is commonly installed alongside Exim and contains a SASL mechanism for Exim to authenticate against: https://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_dovecot_authenticator.html https://doc.dovecot.org/configuration_manual/howto/exim_and_dovecot_sasl/ Therefore I think it would be useful for the default Exim configuration file to contain commented lines for using the Dovecot authenticator out of the box.
