X-Git-Url: http://git.madism.org/?p=apps%2Fmadmutt.git;a=blobdiff_plain;f=doc%2Fmanual.sgml.head;h=eace2afc1bb2a839601fe49445b30b832af2aca3;hp=da823171a21c630264d8fd15c7041a2b7c8548ca;hb=0f3e091d19c9ed02a522a5e8d9efc9ec725b5382;hpb=ba4333b5854d2caf6b486372b060376990fe089e diff --git a/doc/manual.sgml.head b/doc/manual.sgml.head index da82317..eace2af 100644 --- a/doc/manual.sgml.head +++ b/doc/manual.sgml.head @@ -2460,6 +2460,15 @@ ifndef feature_slang 'source ~/.mutt-ng/setup-ncurses' +Obsolete Variables + +

In the process of ensuring and creating more consistency, many +variables have been renamed and some of the old names were already +removed. Please see +for a complete list. + + + Advanced Usage @@ -3269,21 +3278,37 @@ current message into a whole different thread. -Delivery Status Notification (DSN) Support +Delivery Status Notification (DSN) Support

RFC1894 defines a set of MIME content types for relaying information about the status of electronic mail messages. These can be thought of as -``return receipts.'' Berkeley sendmail 8.8.x currently has some command -line options in which the mail client can make requests as to what type -of status messages should be returned. +``return receipts.'' + +Users can make use of it in one of the following two ways: -To support this, there are two variables. is used to request receipts for -different results (such as failed message, message delivered, etc.). - requests how much -of your message should be returned with the receipt (headers or full -message). Refer to the man page on sendmail for more details on DSN. + + Berkeley sendmail 8.8.x currently has some command line options + in which the mail client can make requests as to what type of status + messages should be returned. + The SMTP support via libESMTP supports it, too. + + +To support this, there are two variables: + + + + is used + to request receipts for different results (such as failed message, + message delivered, etc.). + + requests + how much of your message should be returned with the receipt + (headers or full message). + + + +Please see the reference chapter for possible values. @@ -3517,7 +3542,11 @@ score !~* =42

Mutt-ng can be built using a library called ``libESMTP'' which provides SMTP functionality. When muttng -v contains -+USE_LIBESMTP, this will be or is the case already. ++USE_LIBESMTP, this will be or is the case already. The SMTP +support includes support for Delivery Status Notification (see section) as well as +handling the .

To enable sending mail directly via SMTP without an MTA such as Postfix or SSMTP and the like, simply set the Some mail providers require user's to set a particular envelope +sender, i.e. they allow for only one value which may not be what the +user wants to send as the may be used +to set the envelope different from the Managing multiple IMAP/POP/NNTP accounts (OPTIONAL)

First of all, mutt-ng contains no security holes included by + intention but may contain unknown security holes. As a consequence, + please run mutt-ng only with as few permissions as possible. + +

Please do not run mutt-ng as the super user. + +

When configuring mutt-ng, there're some points to note about secure + setups. + +

In practice, mutt-ng can be easily made as vulnerable as even the + most insecure mail user agents (in their default configuration) just + by changing mutt-ng's configuration files: it then can execute + arbitrary programs and scripts attached to messages, send out private + data on its own, etc. Although this is not believed to the common type + of setup, please read this chapter carefully. + + Passwords + +

Although mutt-ng can be told the various passwords for accounts, + please never store passwords in configuration files. Besides the + fact that the system's operator can always read them, you could + forget to replace the actual password with asterisks when reporting + a bug or asking for help via, for example, a mailing list so that + your mail including your password could be archived by internet + search engines, etc. Please never store passwords on disk. + + + + Temporary Files + +

Mutt-ng uses many temporary files for viewing messages, verifying + digital signatures, etc. The + variable can be used to change the default permissions of these + files. Please only change it if you really know what you are doing. + Also, a different location for these files may be desired which can + be changed via the variable. + + + + Information Leaks + + Message-ID: headers + +

In the default configuration, mutt-ng will leak some information + to the outside world when sending messages: the generation of + variable. Please make sure that + you really know how local parts of these + + mailto:-style links + +

As mutt-ng be can be set up to be the mail client to handle + variable is For example, following a link like + + +mailto:joe@host?Attach=~/.gnupg/secring.gpg + + will send out the user's private gnupg keyring to When variable, mutt-ng will + + + + be less strict when interpreting these links by + prepending a turn on the variable by + force to let the user see all the headers + (because they still may leak information.) + + + + + + + + External applications + +

Mutt-ng in many places has to rely on external applications or + for convenience supports mechanisms involving external + applications. + + mailcap + +

One of these is the + variable for details.) These utilities may have security issues + like overriding arbitrary files, contain exploitable bugs or just + leak information which is a bad in combination with running them + without prompting. When using mutt-ng's autoview mechanism + involing use of mailcap files, please make sure that + + + + you manually select trustworthy applications with a + reasonable calling sequence + + you check the contents of mailcap files from time to time + (for example after doing software installations/upgrades) + + you, if you're the system's operator, always keep the + software packages involved up-to-date + + you never ever change the default value of the + variable + + + + + + Other + +

Besides the mailcap mechanism, mutt-ng uses a number of other + external utilities for operation. + +

The same security considerations apply for these as for tools + involved via mailcap (for example, mutt-ng is vulnerable to Denial + of Service Attacks with compressed folders support if the + uncompressed mailbox is too large for the disk it is saved to.) + +

As already noted, most of these problems are not built in but + caused by wrong configuration, so please check your configuration. + + + + + + + Reference Command line options

The following list contains all variables which, in the process of +providing more consistency, have been renamed and are partially even +removed already. The left column contains the old synonym variables, +the right column the full/new name: + +