X-Git-Url: http://git.madism.org/?a=blobdiff_plain;f=doc%2Fmanual.sgml.head;h=66898380e82f6d0daba757719c90577de4ceb117;hb=618ceafdc9564dbb8f3bf45c3869297a1d5a3320;hp=7bbf027feb3ec6b0ff40f5b6c6ae1369e5b30e11;hpb=be393b838c5e0b8dfe9bedcc7a4a63f05caae7c4;p=apps%2Fmadmutt.git diff --git a/doc/manual.sgml.head b/doc/manual.sgml.head index 7bbf027..6689838 100644 --- a/doc/manual.sgml.head +++ b/doc/manual.sgml.head @@ -1664,82 +1664,132 @@ is ``*'', Format = Flowed -

Mutt-ng contains support for so-called For introductory information on . - -

When you receive emails that are marked as Introduction - -set wrapmargin = 10 - +

Mutt-ng contains support for so-called The code above makes the line break 10 columns before the right -side of the terminal. +

For introductory information on . -

If your terminal is so wide that the lines are embarrassingly long, -you can also set a maximum line length: + - -set max_line_length = 120 - + Receiving: Display Setup -

The example above will give you lines not longer than 120 -characters. +

When you receive emails that are marked as When you view at + set wrapmargin = 10 + - ->Bill, can you please send last month's progress report to Mr. ->Morgan? We also urgently need the cost estimation for the new ->production server that we want to set up before our customer's ->project will go live. - +

The code above makes the line break 10 columns before the right + side of the terminal. -

This obviously doesn't look very nice, and it makes it very -hard to differentiate between text and quoting character. The -solution is to configure mutt-ng to "stuff" the quoting: +

If your terminal is so wide that the lines are embarrassingly long, + you can also set a maximum line length: - -set stuff_quoted - + + set max_line_length = 120 + -

This will lead to a nicer result that is easier to read: +

The example above will give you lines not longer than 120 + characters. - -> Bill, can you please send last month's progress report to Mr. -> Morgan? We also urgently need the cost estimation for the new -> production server that we want to set up before our customer's -> project will go live. - +

When you view at + >Bill, can you please send last month's progress report to Mr. + >Morgan? We also urgently need the cost estimation for the new + >production server that we want to set up before our customer's + >project will go live. + -

If you want mutt-ng to send emails with This obviously doesn't look very nice, and it makes it very + hard to differentiate between text and quoting character. The + solution is to configure mutt-ng to "stuff" the quoting: - -set text_flowed - + + set stuff_quoted + + +

This will lead to a nicer result that is easier to read: + + + > Bill, can you please send last month's progress report to Mr. + > Morgan? We also urgently need the cost estimation for the new + > production server that we want to set up before our customer's + > project will go live. + + + + + Sending -

Additionally, you have to use an editor which supports writing -If you want mutt-ng to send emails with + set text_flowed + + +

Additionally, you have to use an editor which supports writing + Also note that + + just a space for formatting reasons + + + + Please make sure that you manually prepend a space to each of them. + + + + Additional Notes + +

For completeness, the variable provides the mechanism + to generate a @@ -2460,6 +2510,15 @@ ifndef feature_slang 'source ~/.mutt-ng/setup-ncurses' +Obsolete Variables + +

In the process of ensuring and creating more consistency, many +variables have been renamed and some of the old names were already +removed. Please see +for a complete list. + + + Advanced Usage @@ -3269,21 +3328,37 @@ current message into a whole different thread. -Delivery Status Notification (DSN) Support +Delivery Status Notification (DSN) Support

RFC1894 defines a set of MIME content types for relaying information about the status of electronic mail messages. These can be thought of as -``return receipts.'' Berkeley sendmail 8.8.x currently has some command -line options in which the mail client can make requests as to what type -of status messages should be returned. +``return receipts.'' + +Users can make use of it in one of the following two ways: + + + Berkeley sendmail 8.8.x currently has some command line options + in which the mail client can make requests as to what type of status + messages should be returned. + The SMTP support via libESMTP supports it, too. + + +To support this, there are two variables: + + + + is used + to request receipts for different results (such as failed message, + message delivered, etc.). + + requests + how much of your message should be returned with the receipt + (headers or full message). -To support this, there are two variables. is used to request receipts for -different results (such as failed message, message delivered, etc.). - requests how much -of your message should be returned with the receipt (headers or full -message). Refer to the man page on sendmail for more details on DSN. + + +Please see the reference chapter for possible values. @@ -3512,6 +3587,42 @@ score !~* =42 +SMTP Support (OPTIONAL) + +

Mutt-ng can be built using a library called ``libESMTP'' which +provides SMTP functionality. When muttng -v contains ++USE_LIBESMTP, this will be or is the case already. The SMTP +support includes support for Delivery Status Notification (see section) as well as +handling the . + +

To enable sending mail directly via SMTP without an MTA such as +Postfix or SSMTP and the like, simply set the variable pointing to your SMTP server. + +

Authentication mechanisms are available via the and variables. + +

Transport Encryption via the StartTLS command is also available. For +this to work, first of all Mutt-ng must be built with SSL or GNUTLS. +Secondly, the variable must be either set +to ``enabled'' or ``required.'' In both cases, StartTLS will be used if +the server supports it: for the second case, the connection will fail if +it doesn't while switching back to unencrypted communication for the +first one. + +

Some mail providers require user's to set a particular envelope +sender, i.e. they allow for only one value which may not be what the +user wants to send as the may be used +to set the envelope different from the + Managing multiple IMAP/POP/NNTP accounts (OPTIONAL)

@@ -4237,6 +4348,164 @@ muttrc. +Security Considerations + +

First of all, mutt-ng contains no security holes included by + intention but may contain unknown security holes. As a consequence, + please run mutt-ng only with as few permissions as possible. + +

Please do not run mutt-ng as the super user. + +

When configuring mutt-ng, there're some points to note about secure + setups. + +

In practice, mutt-ng can be easily made as vulnerable as even the + most insecure mail user agents (in their default configuration) just + by changing mutt-ng's configuration files: it then can execute + arbitrary programs and scripts attached to messages, send out private + data on its own, etc. Although this is not believed to the common type + of setup, please read this chapter carefully. + + Passwords + +

Although mutt-ng can be told the various passwords for accounts, + please never store passwords in configuration files. Besides the + fact that the system's operator can always read them, you could + forget to replace the actual password with asterisks when reporting + a bug or asking for help via, for example, a mailing list so that + your mail including your password could be archived by internet + search engines, etc. Please never store passwords on disk. + + + + Temporary Files + +

Mutt-ng uses many temporary files for viewing messages, verifying + digital signatures, etc. The + variable can be used to change the default permissions of these + files. Please only change it if you really know what you are doing. + Also, a different location for these files may be desired which can + be changed via the variable. + + + + Information Leaks + + Message-ID: headers + +

In the default configuration, mutt-ng will leak some information + to the outside world when sending messages: the generation of + variable. Please make sure that + you really know how local parts of these + + mailto:-style links + +

As mutt-ng be can be set up to be the mail client to handle + variable is For example, following a link like + + +mailto:joe@host?Attach=~/.gnupg/secring.gpg + + will send out the user's private gnupg keyring to When variable, mutt-ng will + + + + be less strict when interpreting these links by + prepending a turn on the variable by + force to let the user see all the headers + (because they still may leak information.) + + + + + + + + External applications + +

Mutt-ng in many places has to rely on external applications or + for convenience supports mechanisms involving external + applications. + + mailcap + +

One of these is the + variable for details.) + + These utilities may have a variety of security vulnerabilities, + including overwriting of arbitrary files, information leaks or + other exploitable bugs. These vulnerabilities may go unnoticed by + the user, especially when they are called automatically (and + without interactive prompting) from the mailcap file(s). When + using mutt-ng's autoview mechanism in combination with mailcap + files, please be sure to... + + + + manually select trustworth applications with a reasonable + calling sequence + + periodically check the contents of mailcap files, + especially after software installations or upgrades + + keep the software packages referenced in the mailcap file up to date + + leave the variable in its default + state to restrict mailcap expandos to a safe set of characters + + + + + + Other + +

Besides the mailcap mechanism, mutt-ng uses a number of other + external utilities for operation. + +

The same security considerations apply for these as for tools + involved via mailcap (for example, mutt-ng is vulnerable to Denial + of Service Attacks with compressed folders support if the + uncompressed mailbox is too large for the disk it is saved to.) + +

As already noted, most of these problems are not built in but + caused by wrong configuration, so please check your configuration. + + + + + + + Reference Command line options

The following list contains all variables which, in the process of +providing more consistency, have been renamed and are partially even +removed already. The left column contains the old synonym variables, +the right column the full/new name: + +