The version of imapproxy packaged, 1.2.7, is the last released version. Unfortunately, this version is from 2010. There have been several good changes to imapproxy, but no new release has been cut. Many of these changes have security implications.
Here's a list of selected changes in chronological order:
- Warn against using port 993
- Fix LOGIN command so that it handles literal arguments correctly
- Fix possible buffer overflow issue
- Add the ability to authenticate to the IMAP server using SASL plain
- Fix server connection starvation and synchronization issues
- When NO or BAD response is returned from the server against a LOGIN or
AUTHENTICATE request, we now log the full server response and pass it
back to the client (useful if client is watching for RFC 5530 response
codes).
- Fix server connection synchronization issues in the SELECT cache code
- Allow configuration setting values to contain spaces
- Fixed problem where default TLS CA data would never be loaded
- Fixed bug in SSL context initialization
- Added support for up to TLS v1.2
- Added support for ECDHE ciphers
- Added ability to manually specify TLS ciphers
- Added server certificate validation
The last change was in January 2014. A daily tarball is available here:
http://squirrelmail.org/download.php#imap_proxy
We have been running the code from 2014 in production since 2015, and it's been solid. Here's a link to our PPA, which has the updated version, using the daily tarball from back then:
https://launchpad.net/~wiktel/+archive/ubuntu/ppa/+packages
Attached is the debdiff from another approach to updating the package. This is based off the package in Yakkety, with the imapproxy SVN changes broken out into individual patches in debian/patches. (I used git-svn + git format-patch for this, and stripped the git markings).