+ _\b6_\b. _\bS_\be_\bc_\bu_\br_\bi_\bt_\by _\bC_\bo_\bn_\bs_\bi_\bd_\be_\br_\ba_\bt_\bi_\bo_\bn_\bs
+
+ First of all, mutt-ng contains no security holes included by intention but may
+ contain unknown security holes. As a consequence, please run mutt-ng only with
+ as few permissions as possible.
+
+ Please do not run mutt-ng as the super user.
+
+ When configuring mutt-ng, there're some points to note about secure setups.
+
+ In practice, mutt-ng can be easily made as vulnerable as even the most insecure
+ mail user agents (in their default configuration) just by changing mutt-ng's
+ configuration files: it then can execute arbitrary programs and scripts
+ attached to messages, send out private data on its own, etc. Although this is
+ not believed to the common type of setup, please read this chapter carefully.
+
+ _\b6_\b._\b1 _\bP_\ba_\bs_\bs_\bw_\bo_\br_\bd_\bs
+
+ Although mutt-ng can be told the various passwords for accounts, please never
+ store passwords in configuration files. Besides the fact that the system's
+ operator can always read them, you could forget to replace the actual password
+ with asterisks when reporting a bug or asking for help via, for example, a
+ mailing list so that your mail including your password could be archived by
+ internet search engines, etc. Please never store passwords on disk.
+
+ _\b6_\b._\b2 _\bT_\be_\bm_\bp_\bo_\br_\ba_\br_\by _\bF_\bi_\bl_\be_\bs
+
+ Mutt-ng uses many temporary files for viewing messages, verifying digital sig-
+ natures, etc. The _\b$_\bu_\bm_\ba_\bs_\bk (section 7.4.331 , page 170) variable can be used to
+ change the default permissions of these files. Please only change it if you
+ really know what you are doing. Also, a different location for these files may
+ be desired which can be changed via the _\b$_\bt_\bm_\bp_\bd_\bi_\br (section 7.4.327 , page 169)
+ variable.
+
+ _\b6_\b._\b3 _\bI_\bn_\bf_\bo_\br_\bm_\ba_\bt_\bi_\bo_\bn _\bL_\be_\ba_\bk_\bs
+
+ _\b6_\b._\b3_\b._\b1 _\bM_\be_\bs_\bs_\ba_\bg_\be_\b-_\bI_\bD_\b: _\bh_\be_\ba_\bd_\be_\br_\bs
+
+ In the default configuration, mutt-ng will leak some information to the outside
+ world when sending messages: the generation of Message-ID: headers includes a
+ step counter which is increased (and rotated) with every message sent. If you'd
+ like to hide this information probably telling others how many mail you sent in
+ which time, you at least need to remove the %P expando from the default setting
+ of the _\b$_\bm_\bs_\bg_\bi_\bd_\b__\bf_\bo_\br_\bm_\ba_\bt (section 7.4.147 , page 124) variable. Please make sure
+ that you really know how local parts of these Message-ID: headers are composed.
+
+ The Mutt Next Generation E-Mail Client 81
+
+ _\b6_\b._\b3_\b._\b2 _\bm_\ba_\bi_\bl_\bt_\bo_\b:_\b-_\bs_\bt_\by_\bl_\be _\bl_\bi_\bn_\bk_\bs
+
+ As mutt-ng be can be set up to be the mail client to handle mailto: style links
+ in websites, there're security considerations, too. To keep the old behavior by
+ default, mutt-ng will be strict in interpreting them which means that arbitrary
+ header fields can be embedded in these links which could override existing
+ header fields or attach arbitrary files. This may be problematic if the
+ _\b$_\be_\bd_\bi_\bt_\b__\bh_\be_\ba_\bd_\be_\br_\bs (section 7.4.58 , page 102) variable is _\bu_\bn_\bs_\be_\bt, i.e. the user
+ doesn't want to see header fields while editing the message.
+
+ For example, following a link like
+
+ mailto:joe@host?Attach=~/.gnupg/secring.gpg
+
+ will send out the user's private gnupg keyring to joe@host if the user doesn't
+ follow the information on screen carefully enough.
+
+ When _\bu_\bn_\bs_\be_\bt_\bt_\bi_\bn_\bg the _\b$_\bs_\bt_\br_\bi_\bc_\bt_\b__\bm_\ba_\bi_\bl_\bt_\bo (section 7.4.315 , page 166) variable, mutt-
+ ng will
+
+ +\bo be less strict when interpreting these links by prepending a X-Mailto-
+ string to all header fields embedded in such a link _\ba_\bn_\bd
+
+ +\bo turn on the _\b$_\be_\bd_\bi_\bt_\b__\bh_\be_\ba_\bd_\be_\br_\bs (section 7.4.58 , page 102) variable by force
+ to let the user see all the headers (because they still may leak informa-
+ tion.)
+
+ _\b6_\b._\b4 _\bE_\bx_\bt_\be_\br_\bn_\ba_\bl _\ba_\bp_\bp_\bl_\bi_\bc_\ba_\bt_\bi_\bo_\bn_\bs