- {"pgp_check_exit", DT_BOOL, R_NONE, OPTPGPCHECKEXIT, "yes" },
- /*
- ** .pp
- ** If \fIset\fP, Madmutt will check the exit code of the PGP subprocess when
- ** signing or encrypting. A non-zero exit code means that the
- ** subprocess failed.
- ** (PGP only)
- */
- {"pgp_long_ids", DT_BOOL, R_NONE, OPTPGPLONGIDS, "no" },
- /*
- ** .pp
- ** If \fIset\fP, use 64 bit PGP key IDs. \fIUnset\fP uses the normal 32 bit Key IDs.
- ** (PGP only)
- */
- {"pgp_retainable_sigs", DT_BOOL, R_NONE, OPTPGPRETAINABLESIG, "no" },
- /*
- ** .pp
- ** If \fIset\fP, signed and encrypted messages will consist of nested
- ** multipart/signed and multipart/encrypted body parts.
- ** .pp
- ** This is useful for applications like encrypted and signed mailing
- ** lists, where the outer layer (multipart/encrypted) can be easily
- ** removed, while the inner multipart/signed part is retained.
- ** (PGP only)
- */
- {"pgp_autoinline", DT_BOOL, R_NONE, OPTPGPAUTOINLINE, "no" },
- /*
- ** .pp
- ** This option controls whether Madmutt generates old-style inline
- ** (traditional) PGP encrypted or signed messages under certain
- ** circumstances. This can be overridden by use of the \fIpgp-menu\fP,
- ** when inline is not required.
- ** .pp
- ** Note that Madmutt might automatically use PGP/MIME for messages
- ** which consist of more than a single MIME part. Madmutt can be
- ** configured to ask before sending PGP/MIME messages when inline
- ** (traditional) would not work.
- ** See also: ``$$pgp_mime_auto''.
- ** .pp
- ** Also note that using the old-style PGP message format is \fBstrongly\fP
- ** \fBdeprecated\fP.
- ** (PGP only)
- */
- {"pgp_replyinline", DT_BOOL, R_NONE, OPTPGPREPLYINLINE, "no" },
- /*
- ** .pp
- ** Setting this variable will cause Madmutt to always attempt to
- ** create an inline (traditional) message when replying to a
- ** message which is PGP encrypted/signed inline. This can be
- ** overridden by use of the \fIpgp-menu\fP, when inline is not
- ** required. This option does not automatically detect if the
- ** (replied-to) message is inline; instead it relies on Madmutt
- ** internals for previously checked/flagged messages.
- ** .pp
- ** Note that Madmutt might automatically use PGP/MIME for messages
- ** which consist of more than a single MIME part. Madmutt can be
- ** configured to ask before sending PGP/MIME messages when inline
- ** (traditional) would not work.
- ** See also: ``$$pgp_mime_auto''.
- ** .pp
- ** Also note that using the old-style PGP message format is \fBstrongly\fP
- ** \fBdeprecated\fP.
- ** (PGP only)
- **
- */
- {"pgp_show_unusable", DT_BOOL, R_NONE, OPTPGPSHOWUNUSABLE, "yes" },
- /*
- ** .pp
- ** If \fIset\fP, Madmutt will display non-usable keys on the PGP key selection
- ** menu. This includes keys which have been revoked, have expired, or
- ** have been marked as ``disabled'' by the user.
- ** (PGP only)
- */
- {"pgp_sign_as", DT_STR, R_NONE, UL &PgpSignAs, "" },
- /*
- ** .pp
- ** If you have more than one key pair, this option allows you to specify
- ** which of your private keys to use. It is recommended that you use the
- ** keyid form to specify your key (e.g., ``\fT0x00112233\fP'').
- ** (PGP only)
- */
- {"pgp_timeout", DT_NUM, R_NONE, UL &PgpTimeout, "300" },
- /*
- ** .pp
- ** The number of seconds after which a cached passphrase will expire if
- ** not used. Default: 300.
- ** (PGP only)
- */
- {"pgp_sort_keys", DT_SORT|DT_SORT_KEYS, R_NONE, UL &PgpSortKeys, "address" },
- /*
- ** .pp
- ** Specifies how the entries in the ``pgp keys'' menu are sorted. The
- ** following are legal values:
- ** .pp
- ** .dl
- ** .dt address .dd sort alphabetically by user id
- ** .dt keyid .dd sort alphabetically by key id
- ** .dt date .dd sort by key creation date
- ** .dt trust .dd sort by the trust of the key
- ** .de
- ** .pp
- ** If you prefer reverse order of the above values, prefix it with
- ** ``reverse-''.
- ** (PGP only)
- */
- {"pgp_mime_auto", DT_QUAD, R_NONE, OPT_PGPMIMEAUTO, "ask-yes" },
- /*
- ** .pp
- ** This option controls whether Madmutt will prompt you for
- ** automatically sending a (signed/encrypted) message using
- ** PGP/MIME when inline (traditional) fails (for any reason).
- ** .pp
- ** Also note that using the old-style PGP message format is \fBstrongly\fP
- ** \fBdeprecated\fP.
- ** (PGP only)
- */
- {"pgp_auto_decode", DT_BOOL, R_NONE, OPTPGPAUTODEC, "no" },
- /*
- ** .pp
- ** If \fIset\fP, Madmutt will automatically attempt to decrypt traditional PGP
- ** messages whenever the user performs an operation which ordinarily would
- ** result in the contents of the message being operated on. For example,
- ** if the user displays a pgp-traditional message which has not been manually
- ** checked with the check-traditional-pgp function, Madmutt will automatically
- ** check the message for traditional pgp.
- */
- /* XXX Default values! */
- {"pgp_decode_command", DT_STR, R_NONE, UL &PgpDecodeCommand, "" },
- /*
- ** .pp
- ** This format strings specifies a command which is used to decode
- ** application/pgp attachments.
- ** .pp
- ** The PGP command formats have their own set of \fTprintf(3)\fP-like sequences:
- ** .pp
- ** .dl
- ** .dt %p .dd Expands to PGPPASSFD=0 when a pass phrase is needed, to an empty
- ** string otherwise. Note: This may be used with a %? construct.
- ** .dt %f .dd Expands to the name of a file containing a message.
- ** .dt %s .dd Expands to the name of a file containing the signature part
- ** . of a multipart/signed attachment when verifying it.
- ** .dt %a .dd The value of $$pgp_sign_as.
- ** .dt %r .dd One or more key IDs.
- ** .de
- ** .pp
- ** For examples on how to configure these formats for the various versions
- ** of PGP which are floating around, see the pgp*.rc and gpg.rc files in
- ** the \fTsamples/\fP subdirectory which has been installed on your system
- ** alongside the documentation.
- ** (PGP only)
- */
- {"pgp_getkeys_command", DT_STR, R_NONE, UL &PgpGetkeysCommand, "" },
- /*
- ** .pp
- ** This command is invoked whenever Madmutt will need public key information.
- ** \fT%r\fP is the only \fTprintf(3)\fP-like sequence used with this format.
- ** (PGP only)
- */
- {"pgp_verify_command", DT_STR, R_NONE, UL &PgpVerifyCommand, "" },
- /*
- ** .pp
- ** This command is used to verify PGP signatures.
- ** (PGP only)
- */
- {"pgp_decrypt_command", DT_STR, R_NONE, UL &PgpDecryptCommand, "" },
- /*
- ** .pp
- ** This command is used to decrypt a PGP encrypted message.
- ** (PGP only)
- */
- {"pgp_clearsign_command", DT_STR, R_NONE, UL &PgpClearSignCommand, "" },
- /*
- ** .pp
- ** This format is used to create a old-style ``clearsigned'' PGP message.
- ** .pp
- ** Note that the use of this format is \fBstrongly\fP \fBdeprecated\fP.
- ** (PGP only)
- */
- {"pgp_sign_command", DT_STR, R_NONE, UL &PgpSignCommand, "" },
- /*
- ** .pp
- ** This command is used to create the detached PGP signature for a
- ** multipart/signed PGP/MIME body part.
- ** (PGP only)
- */
- {"pgp_encrypt_sign_command", DT_STR, R_NONE, UL &PgpEncryptSignCommand, "" },
- /*
- ** .pp
- ** This command is used to both sign and encrypt a body part.
- ** (PGP only)
- */
- {"pgp_encrypt_only_command", DT_STR, R_NONE, UL &PgpEncryptOnlyCommand, "" },
- /*
- ** .pp
- ** This command is used to encrypt a body part without signing it.
- ** (PGP only)
- */
- {"pgp_import_command", DT_STR, R_NONE, UL &PgpImportCommand, "" },
- /*
- ** .pp
- ** This command is used to import a key from a message into
- ** the user's public key ring.
- ** (PGP only)
- */
- {"pgp_export_command", DT_STR, R_NONE, UL &PgpExportCommand, "" },
- /*
- ** .pp
- ** This command is used to export a public key from the user's
- ** key ring.
- ** (PGP only)
- */
- {"pgp_verify_key_command", DT_STR, R_NONE, UL &PgpVerifyKeyCommand, "" },
- /*
- ** .pp
- ** This command is used to verify key information from the key selection
- ** menu.
- ** (PGP only)
- */
- {"pgp_list_secring_command", DT_STR, R_NONE, UL &PgpListSecringCommand, "" },
- /*
- ** .pp
- ** This command is used to list the secret key ring's contents. The
- ** output format must be analogous to the one used by
- ** \fTgpg --list-keys --with-colons\fP.
- ** .pp
- ** This format is also generated by the \fTpgpring\fP utility which comes
- ** with Madmutt.
- ** (PGP only)
- */
- {"pgp_list_pubring_command", DT_STR, R_NONE, UL &PgpListPubringCommand, "" },
- /*
- ** .pp
- ** This command is used to list the public key ring's contents. The
- ** output format must be analogous to the one used by
- ** \fTgpg --list-keys --with-colons\fP.
- ** .pp
- ** This format is also generated by the \fTpgpring\fP utility which comes
- ** with Madmutt.
- ** (PGP only)
- */
- {"forward_decrypt", DT_BOOL, R_NONE, OPTFORWDECRYPT, "yes" },
- /*
- ** .pp
- ** Controls the handling of encrypted messages when forwarding a message.
- ** When \fIset\fP, the outer layer of encryption is stripped off. This
- ** variable is only used if ``$$mime_forward'' is \fIset\fP and
- ** ``$$mime_forward_decode'' is \fIunset\fP.
- ** (PGP only)
- */
- {"smime_timeout", DT_NUM, R_NONE, UL &SmimeTimeout, "300" },
- /*
- ** .pp
- ** The number of seconds after which a cached passphrase will expire if
- ** not used.
- ** (S/MIME only)
- */
- {"smime_encrypt_with", DT_STR, R_NONE, UL &SmimeCryptAlg, "" },
- /*
- ** .pp
- ** This sets the algorithm that should be used for encryption.
- ** Valid choices are ``\fTdes\fP'', ``\fTdes3\fP'', ``\fTrc2-40\fP'',
- ** ``\fTrc2-64\fP'', ``\frc2-128\fP''.
- ** .pp
- ** If \fIunset\fP ``\fI3des\fP'' (TripleDES) is used.
- ** (S/MIME only)
- */
- {"smime_keys", DT_PATH, R_NONE, UL &SmimeKeys, "" },
- /*
- ** .pp
- ** Since there is no pubring/secring as with PGP, Madmutt has to handle
- ** storage ad retrieval of keys/certs by itself. This is very basic right now,
- ** and stores keys and certificates in two different directories, both
- ** named as the hash-value retrieved from OpenSSL. There is an index file
- ** which contains mailbox-address keyid pair, and which can be manually
- ** edited. This one points to the location of the private keys.
- ** (S/MIME only)
- */
- {"smime_ca_location", DT_PATH, R_NONE, UL &SmimeCALocation, "" },
- /*
- ** .pp
- ** This variable contains the name of either a directory, or a file which
- ** contains trusted certificates for use with OpenSSL.
- ** (S/MIME only)
- */
- {"smime_certificates", DT_PATH, R_NONE, UL &SmimeCertificates, "" },
- /*
- ** .pp
- ** Since there is no pubring/secring as with PGP, Madmutt has to handle
- ** storage and retrieval of keys by itself. This is very basic right
- ** now, and keys and certificates are stored in two different
- ** directories, both named as the hash-value retrieved from
- ** OpenSSL. There is an index file which contains mailbox-address
- ** keyid pairs, and which can be manually edited. This one points to
- ** the location of the certificates.
- ** (S/MIME only)
- */
- {"smime_decrypt_command", DT_STR, R_NONE, UL &SmimeDecryptCommand, "" },
- /*
- ** .pp
- ** This format string specifies a command which is used to decrypt
- ** \fTapplication/x-pkcs7-mime\fP attachments.
- ** .pp
- ** The OpenSSL command formats have their own set of \fTprintf(3)\fP-like sequences
- ** similar to PGP's:
- ** .pp
- ** .dl
- ** .dt %f .dd Expands to the name of a file containing a message.
- ** .dt %s .dd Expands to the name of a file containing the signature part
- ** . of a multipart/signed attachment when verifying it.
- ** .dt %k .dd The key-pair specified with $$smime_default_key
- ** .dt %c .dd One or more certificate IDs.
- ** .dt %a .dd The algorithm used for encryption.
- ** .dt %C .dd CA location: Depending on whether $$smime_ca_location
- ** . points to a directory or file, this expands to
- ** . "-CApath $$smime_ca_location" or "-CAfile $$smime_ca_location".
- ** .de
- ** .pp
- ** For examples on how to configure these formats, see the smime.rc in
- ** the \fTsamples/\fP subdirectory which has been installed on your system
- ** alongside the documentation.
- ** (S/MIME only)
- */
- {"smime_verify_command", DT_STR, R_NONE, UL &SmimeVerifyCommand, "" },
- /*
- ** .pp
- ** This command is used to verify S/MIME signatures of type \fTmultipart/signed\fP.
- ** (S/MIME only)
- */
- {"smime_verify_opaque_command", DT_STR, R_NONE, UL &SmimeVerifyOpaqueCommand, "" },
- /*
- ** .pp
- ** This command is used to verify S/MIME signatures of type
- ** \fTapplication/x-pkcs7-mime\fP.
- ** (S/MIME only)
- */
- {"smime_sign_command", DT_STR, R_NONE, UL &SmimeSignCommand, "" },
- /*
- ** .pp
- ** This command is used to created S/MIME signatures of type
- ** \fTmultipart/signed\fP, which can be read by all mail clients.
- ** (S/MIME only)
- */
- {"smime_sign_opaque_command", DT_STR, R_NONE, UL &SmimeSignOpaqueCommand, "" },
- /*
- ** .pp
- ** This command is used to created S/MIME signatures of type
- ** \fTapplication/x-pkcs7-signature\fP, which can only be handled by mail
- ** clients supporting the S/MIME extension.
- ** (S/MIME only)
- */
- {"smime_encrypt_command", DT_STR, R_NONE, UL &SmimeEncryptCommand, "" },
- /*
- ** .pp
- ** This command is used to create encrypted S/MIME messages.
- ** (S/MIME only)
- */
- {"smime_pk7out_command", DT_STR, R_NONE, UL &SmimePk7outCommand, "" },
- /*
- ** .pp
- ** This command is used to extract PKCS7 structures of S/MIME signatures,
- ** in order to extract the public X509 certificate(s).
- ** (S/MIME only)
- */
- {"smime_get_cert_command", DT_STR, R_NONE, UL &SmimeGetCertCommand, "" },
- /*
- ** .pp
- ** This command is used to extract X509 certificates from a PKCS7 structure.
- ** (S/MIME only)
- */
- {"smime_get_signer_cert_command", DT_STR, R_NONE, UL &SmimeGetSignerCertCommand, "" },
- /*
- ** .pp
- ** This command is used to extract only the signers X509 certificate from a S/MIME
- ** signature, so that the certificate's owner may get compared to the
- ** email's ``\fTFrom:\fP'' header field.
- ** (S/MIME only)
- */
- {"smime_import_cert_command", DT_STR, R_NONE, UL &SmimeImportCertCommand, "" },
- /*
- ** .pp
- ** This command is used to import a certificate via \fTsmime_keysng\fP.
- ** (S/MIME only)
- */
- {"smime_get_cert_email_command", DT_STR, R_NONE, UL &SmimeGetCertEmailCommand, "" },
- /*
- ** .pp
- ** This command is used to extract the mail address(es) used for storing
- ** X509 certificates, and for verification purposes (to check whether the
- ** certificate was issued for the sender's mailbox).
- ** (S/MIME only)
- */
- {"smime_default_key", DT_STR, R_NONE, UL &SmimeDefaultKey, "" },
- /*
- ** .pp
- ** This is the default key-pair to use for signing. This must be set to the
- ** keyid (the hash-value that OpenSSL generates) to work properly
- ** (S/MIME only)
- */
-#if defined(USE_LIBESMTP)
- {"smtp_user", DT_STR, R_NONE, UL &SmtpAuthUser, "" },
- /*
- ** .pp
- ** Availability: SMTP
- **
- ** .pp
- ** Defines the username to use with SMTP AUTH. Setting this variable will
- ** cause Madmutt to attempt to use SMTP AUTH when sending.
- */
- {"smtp_pass", DT_STR, R_NONE, UL &SmtpAuthPass, "" },
- /*
- ** .pp
- ** Availability: SMTP
- **
- ** .pp
- ** Defines the password to use with SMTP AUTH. If ``$$smtp_user''
- ** is set, but this variable is not, you will be prompted for a password
- ** when sending.
- ** .pp
- ** \fBNote:\fP Storing passwords in a configuration file
- ** presents a security risk since the superuser of your machine may read it
- ** regardless of the file's permissions.
- */
- {"smtp_host", DT_STR, R_NONE, UL &SmtpHost, "" },
- /*
- ** .pp
- ** Availability: SMTP
- **
- ** .pp
- ** Defines the SMTP host which will be used to deliver mail, as opposed
- ** to invoking the sendmail binary. Setting this variable overrides the
- ** value of ``$$sendmail'', and any associated variables.
- */
- {"smtp_port", DT_NUM, R_NONE, UL &SmtpPort, "25" },
- /*
- ** .pp
- ** Availability: SMTP
- **
- ** .pp
- ** Defines the port that the SMTP host is listening on for mail delivery.
- ** Must be specified as a number.
- ** .pp
- ** Defaults to 25, the standard SMTP port, but RFC 2476-compliant SMTP
- ** servers will probably desire 587, the mail submission port.
- */
- {"smtp_use_tls", DT_STR, R_NONE, UL &SmtpUseTLS, "" },
- /*
- ** .pp
- ** Availability: SMTP (and SSL)
- **
- ** .pp
- ** Defines wether to use STARTTLS. If this option is set to ``\fIrequired\fP''
- ** and the server does not support STARTTLS or there is an error in the
- ** TLS Handshake, the connection will fail. Setting this to ``\fIenabled\fP''
- ** will try to start TLS and continue without TLS in case of an error.
- **
- **.pp
- ** Madmutt still needs to have SSL support enabled in order to use it.
- */
-#endif
-#if defined(USE_SSL) || defined(USE_GNUTLS)
-#ifdef USE_SSL
- {"ssl_client_cert", DT_PATH, R_NONE, UL &SslClientCert, "" },
- /*
- ** .pp
- ** Availability: SSL
- **
- ** .pp
- ** The file containing a client certificate and its associated private
- ** key.
- */
-#endif /* USE_SSL */
- {"ssl_force_tls", DT_BOOL, R_NONE, OPTSSLFORCETLS, "no" },
- /*
- ** .pp
- ** If this variable is \fIset\fP, Madmutt will require that all connections
- ** to remote servers be encrypted. Furthermore it will attempt to
- ** negotiate TLS even if the server does not advertise the capability,
- ** since it would otherwise have to abort the connection anyway. This
- ** option supersedes ``$$ssl_starttls''.
- */
- {"ssl_starttls", DT_QUAD, R_NONE, OPT_SSLSTARTTLS, "yes" },
- /*
- ** .pp
- ** Availability: SSL or GNUTLS
- **
- ** .pp
- ** If \fIset\fP (the default), Madmutt will attempt to use STARTTLS on servers
- ** advertising the capability. When \fIunset\fP, Madmutt will not attempt to
- ** use STARTTLS regardless of the server's capabilities.
- */
- {"certificate_file", DT_PATH, R_NONE, UL &SslCertFile, "~/.mutt_certificates"},
- /*
- ** .pp
- ** Availability: SSL or GNUTLS
- **
- ** .pp
- ** This variable specifies the file where the certificates you trust
- ** are saved. When an unknown certificate is encountered, you are asked
- ** if you accept it or not. If you accept it, the certificate can also
- ** be saved in this file and further connections are automatically
- ** accepted.
- ** .pp
- ** You can also manually add CA certificates in this file. Any server
- ** certificate that is signed with one of these CA certificates are
- ** also automatically accepted.
- ** .pp
- ** Example: \fTset certificate_file=~/.madmutt/certificates\fP
- */
-# if defined(_MAKEDOC) || !defined (USE_GNUTLS)
- {"ssl_usesystemcerts", DT_BOOL, R_NONE, OPTSSLSYSTEMCERTS, "yes" },
- /*
- ** .pp
- ** Availability: SSL
- **
- ** .pp
- ** If set to \fIyes\fP, Madmutt will use CA certificates in the
- ** system-wide certificate store when checking if server certificate
- ** is signed by a trusted CA.
- */
- {"entropy_file", DT_PATH, R_NONE, UL &SslEntropyFile, "" },
- /*
- ** .pp
- ** Availability: SSL
- **
- ** .pp
- ** The file which includes random data that is used to initialize SSL
- ** library functions.
- */
- {"ssl_use_sslv2", DT_BOOL, R_NONE, OPTSSLV2, "no" },
- /*
- ** .pp
- ** Availability: SSL
- **
- ** .pp
- ** This variables specifies whether to attempt to use SSLv2 in the
- ** SSL authentication process.
- */
-# endif /* _MAKEDOC || !USE_GNUTLS */
- {"ssl_use_sslv3", DT_BOOL, R_NONE, OPTSSLV3, "yes" },
- /*
- ** .pp
- ** Availability: SSL or GNUTLS
- **
- ** .pp
- ** This variables specifies whether to attempt to use SSLv3 in the
- ** SSL authentication process.
- */
- {"ssl_use_tlsv1", DT_BOOL, R_NONE, OPTTLSV1, "yes" },
- /*
- ** .pp
- ** Availability: SSL or GNUTLS
- **
- ** .pp
- ** This variables specifies whether to attempt to use TLSv1 in the
- ** SSL authentication process.
- */
-# ifdef USE_GNUTLS
- {"ssl_min_dh_prime_bits", DT_NUM, R_NONE, UL &SslDHPrimeBits, "0" },
- /*
- ** .pp
- ** Availability: GNUTLS
- **
- ** .pp
- ** This variable specifies the minimum acceptable prime size (in bits)
- ** for use in any Diffie-Hellman key exchange. A value of 0 will use
- ** the default from the GNUTLS library.
- */
- {"ssl_ca_certificates_file", DT_PATH, R_NONE, UL &SslCACertFile, "" },
- /*
- ** .pp
- ** This variable specifies a file containing trusted CA certificates.
- ** Any server certificate that is signed with one of these CA
- ** certificates are also automatically accepted.
- ** .pp
- ** Example: \fTset ssl_ca_certificates_file=/etc/ssl/certs/ca-certificates.crt\fP
- */
-# endif /* USE_GNUTLS */
-# endif /* USE_SSL || USE_GNUTLS */
- {"pipe_split", DT_BOOL, R_NONE, OPTPIPESPLIT, "no" },
- /*
- ** .pp
- ** Used in connection with the \fIpipe-message\fP command and the ``tag-
- ** prefix'' or ``tag-prefix-cond'' operators.
- ** If this variable is \fIunset\fP, when piping a list of
- ** tagged messages Madmutt will concatenate the messages and will pipe them
- ** as a single folder. When \fIset\fP, Madmutt will pipe the messages one by one.
- ** In both cases the messages are piped in the current sorted order,
- ** and the ``$$pipe_sep'' separator is added after each message.
- */
- {"pipe_decode", DT_BOOL, R_NONE, OPTPIPEDECODE, "no" },
- /*
- ** .pp
- ** Used in connection with the \fIpipe-message\fP command. When \fIunset\fP,
- ** Madmutt will pipe the messages without any preprocessing. When \fIset\fP, Madmutt
- ** will weed headers and will attempt to PGP/MIME decode the messages
- ** first.
- */
- {"pipe_sep", DT_STR, R_NONE, UL &PipeSep, "\n"},
- /*
- ** .pp
- ** The separator to add between messages when piping a list of tagged
- ** messages to an external Unix command.
- */
- {"pop_authenticators", DT_STR, R_NONE, UL &PopAuthenticators, "" },