X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=config%2Fconfig_default.php;h=c77cfb472e5f588008c852796bf71f3034fd24b4;hb=5e78e498d44e3dee64a06b13062817d533950f11;hp=2203bc588c7b8fb30d9c882f13bbf4d3e3f11bf2;hpb=3cbf882e8ebef2064f97b553055136e7e4c8d8d9;p=squirrelmail.git diff --git a/config/config_default.php b/config/config_default.php index 2203bc58..c77cfb47 100644 --- a/config/config_default.php +++ b/config/config_default.php @@ -10,6 +10,14 @@ * conf.pl if at all possible. That is the easiest and cleanest way * to configure. * + * Note on SECURITY: some options require putting a password in this file. + * Please make sure that you adapt its permissions appropriately to avoid + * passwords being leaked to e.g. other system users. Take extra care when + * the webserver is shared with untrusted users. + * + * @copyright © 2000-2006 The SquirrelMail Project Team + * @license http://opensource.org/licenses/gpl-license.php GNU Public License + * @version $Id$ * @package squirrelmail * @subpackage config */ @@ -143,29 +151,48 @@ $smtpServerAddress = 'localhost'; $smtpPort = 25; /** - * SquirrelMail header control + * SquirrelMail header encryption * - * Option can be used to disable Received: headers added by SquirrelMail. - * This can increase user's privacy and solve problems with spam filters - * that increase spam marks for dynamic dialup addresses. + * Encryption key allows to hide SquirrelMail Received: headers + * in outbound messages. Interface uses encryption key to encode + * username, remote address and proxied address, then stores encoded + * information in X-Squirrel-* headers. * - * If admin enables this setting, system should have some logging facility - * or other tools to control users. SquirrelMail's Received: header provides - * information, that can't be forged by webmail user. - * @global bool $skip_SM_header + * Warning: used encryption function is not bulletproof. When used + * with static encryption keys, it provides only minimal security + * measures and information can be decoded quickly. + * + * Encoded information can be decoded with decrypt_headers.php script + * from SquirrelMail contrib/ directory. + * @global string $encode_header_key + * @since 1.5.1 and 1.4.5 */ -$skip_SM_header = false; +$encode_header_key = ''; /** * Path to Sendmail * * Program that should be used when sending email. SquirrelMail expects that * this program will follow options used by original sendmail - * (http://www.sendmail.org). + * (http://www.sendmail.org). Support of -f argument is required. * @global string $sendmail_path */ $sendmail_path = '/usr/sbin/sendmail'; +/** + * Extra sendmail command arguments. + * + * Sets additional sendmail command arguments. Make sure that arguments are + * supported by your sendmail program. -f argument is added automatically by + * SquirrelMail scripts. Variable defaults to standard /usr/sbin/sendmail + * arguments. If you use qmail-inject, nbsmtp or any other sendmail wrapper, + * which does not support -t and -i arguments, set variable to empty string + * or use arguments suitable for your mailer. + * @global string $sendmail_args + * @since 1.5.1 and 1.4.8 + */ +$sendmail_args = '-i -t'; + /** * IMAP server address * @@ -187,13 +214,15 @@ $imapPort = 143; * * The type of IMAP server you are running. * Valid type are the following (case is important): + * bincimap * courier * cyrus + * dovecot * exchange - * uw - * macosx * hmailserver + * macosx * mercury32 + * uw * other * * Please note that this changes only some of server settings. @@ -205,22 +234,30 @@ $imapPort = 143; $imap_server_type = 'other'; /** - * Advanced IMAP authentication options control + * Secure IMAP connection controls + * + * 0 - use plain text connection, + * 1 - use imaps (adds tls:// prefix to hostname), + * 2 - use IMAP STARTTLS extension (rfc2595). * - * CRAM-MD5, DIGEST-MD5, Plain, and TLS - * Set reasonable defaults - you'd never know this was there unless you ask for it - * @global bool $use_imap_tls + * Was boolean before 1.5.1. + * @global integer $use_imap_tls + * @since 1.4.0 */ -$use_imap_tls = false; +$use_imap_tls = 0; /** - * Advanced SMTP authentication options control + * Secure SMTP connection controls * - * CRAM-MD5, DIGEST-MD5, Plain, and TLS - * Set reasonable defaults - you'd never know this was there unless you ask for it - * @global bool $use_smtp_tls + * 0 - use plain text connection, + * 1 - use ssmtp (adds tls:// prefix to hostname), + * 2 - use SMTP STARTTLS extension (rfc2487). + * + * Was boolean before 1.5.1. + * @global integer $use_smtp_tls + * @since 1.4.0 */ -$use_smtp_tls = false; +$use_smtp_tls = 0; /** * SMTP authentication mechanism @@ -230,6 +267,28 @@ $use_smtp_tls = false; */ $smtp_auth_mech = 'none'; +/** + * Custom SMTP authentication username + * + * IMAP username is used if variable is set to empty string. + * Variable is included in main configuration file only from 1.5.2 version. + * Older versions stored it in config_local.php. + * @global string $smtp_sitewide_user + * @since 1.5.0 + */ +$smtp_sitewide_user = ''; + +/** + * Custom SMTP authentication password + * + * IMAP password is used if $smtp_sitewide_user global is set to empty string. + * Variable is included in main configuration file only from 1.5.2 version. + * Older versions stored it in config_local.php. + * @global string $smtp_sitewide_pass + * @since 1.5.0 + */ +$smtp_sitewide_pass = ''; + /** * IMAP authentication mechanism * @@ -419,21 +478,25 @@ $noselect_fix_enable = false; /** * Path to the data/ directory * + * You need to create this directory yourself (see INSTALL). + * * It is a possible security hole to have a writable directory * under the web server's root directory (ex: /home/httpd/html). - * For this reason, it is possible to put the data directory - * anywhere you would like. The path name can be absolute or - * relative (to the config directory). It doesn't matter. Here - * are two examples: + * The path name can be absolute or relative (to the config directory). + * If path is relative, it must use SM_PATH constant. + * Here are two examples: * * Absolute: - * $data_dir = '/usr/local/squirrelmail/data/'; + * $data_dir = '/var/local/squirrelmail/data/'; * * Relative (to main SM directory): * $data_dir = SM_PATH . 'data/'; + * (NOT recommended: you need to secure apache to make sure these + * files are not world readable) + * * @global string $data_dir */ -$data_dir = SM_PATH . 'data/'; +$data_dir = '/var/local/squirrelmail/data/'; /** * Attachments directory @@ -446,12 +509,13 @@ $data_dir = SM_PATH . 'data/'; * list files in this directory. Confidential data might be laying * around there. * + Since the webserver is not able to list the files in the content - * is also impossible for the webserver to delete files lying around - * there for too long. + * is also impossible for the webserver to delete files lying around + * there for too long. You should have some script that deletes + * left over temp files. * + It should probably be another directory than data_dir. * @global string $attachment_dir */ -$attachment_dir = $data_dir; +$attachment_dir = '/var/local/squirrelmail/attach/'; /** * Hash level used for data directory. @@ -500,6 +564,7 @@ $default_use_priority = true; * This option disables display of "created by SquirrelMail developers" * strings and provider link * @global bool $hide_sm_attributions + * @since 1.2.0 */ $hide_sm_attributions = false; @@ -525,25 +590,48 @@ $default_use_mdn = true; $edit_identity = true; $edit_name = true; +/** + * SquirrelMail adds username information to every sent email. + * It is done in order to prevent possible sender forging when + * end users are allowed to change their email and name + * information. + * + * You can disable this header, if you think that it violates + * user's privacy or security. Please note, that setting will + * work only when users are not allowed to change their identity. + * + * See SquirrelMail bug tracker #847107 for more details about it. + * @global bool $hide_auth_header + * @since 1.5.1 and 1.4.5 + */ +$hide_auth_header = false; + /** * Server Side Threading Control * - * If you want to enable server side thread sorting options - * Your IMAP server must support the THREAD extension for - * this to work. - * @global bool $allow_thread_sort + * Set it to true, if you want to disable server side thread + * sorting options. Your IMAP server must support the THREAD + * extension for this to have any effect. + * + * Older SquirrelMail versions used $allow_thread_sort option. + * @global bool $disable_thread_sort + * @since 1.5.1 */ -$allow_thread_sort = false; +$disable_thread_sort = false; /** * Server Side Sorting Control * - * to use server-side sorting instead of SM client side. - * Your IMAP server must support the SORT extension for this - * to work. - * @global bool $allow_server_sort + * Set it to true, if you want to disable server side sorting + * and use SM client side sorting instead (client side sorting + * can be slow). Your IMAP server must support the SORT extension + * for this to have any effect. + * + * Older SquirrelMail versions used $allow_server_sort option. + * @global bool $disable_server_sort + * @since 1.5.1 */ -$allow_server_sort = false; +$disable_server_sort = false; /** * IMAP Charset Use Control @@ -720,6 +808,87 @@ $theme[39]['NAME'] = 'Simple Green'; $theme[40]['PATH'] = SM_PATH . 'themes/wood_theme.php'; $theme[40]['NAME'] = 'Wood'; +$theme[41]['PATH'] = SM_PATH . 'themes/bluesome.php'; +$theme[41]['NAME'] = 'Bluesome'; + +$theme[42]['PATH'] = SM_PATH . 'themes/simple_green2.php'; +$theme[42]['NAME'] = 'Simple Green 2'; + +$theme[43]['PATH'] = SM_PATH . 'themes/simple_purple.php'; +$theme[43]['NAME'] = 'Simple Purple'; + +$theme[44]['PATH'] = SM_PATH . 'themes/autumn.php'; +$theme[44]['NAME'] = 'Autumn'; + +$theme[45]['PATH'] = SM_PATH . 'themes/autumn2.php'; +$theme[45]['NAME'] = 'Autumn 2'; + +$theme[46]['PATH'] = SM_PATH . 'themes/blue_on_blue.php'; +$theme[46]['NAME'] = 'Blue on Blue'; + +$theme[47]['PATH'] = SM_PATH . 'themes/classic_blue.php'; +$theme[47]['NAME'] = 'Classic Blue'; + +$theme[48]['PATH'] = SM_PATH . 'themes/classic_blue2.php'; +$theme[48]['NAME'] = 'Classic Blue 2'; + +$theme[49]['PATH'] = SM_PATH . 'themes/powder_blue.php'; +$theme[49]['NAME'] = 'Powder Blue'; + +$theme[50]['PATH'] = SM_PATH . 'themes/techno_blue.php'; +$theme[50]['NAME'] = 'Techno Blue'; + +$theme[51]['PATH'] = SM_PATH . 'themes/turquoise.php'; +$theme[51]['NAME'] = 'Turquoise'; + +/** + * Templates + * You can define your own template and put it in a new directory + * under SM_PATH/templates. The ID must match the name of + * the template directory as the example below. You can name the + * template whatever you want. For an example of a template, see + * the ones included in the SM_PATH/templates directory. + * + * To add a new template to the options that users can choose from, just + * add a new number to the array at the bottom, and follow the pattern. + * + * $templateset_default sets theme that will be used by default. + * + * @global integer $templateset_default + */ +$templateset_default = 0; + +$aTemplateSet[0]['ID'] = 'default'; +$aTemplateSet[0]['NAME'] = 'Default'; +$aTemplateSet[1]['ID'] = 'default_advanced'; +$aTemplateSet[1]['NAME'] = 'Advanced'; + +/** + * Default interface font size. + * @global string $default_fontsize + * @since 1.5.1 + */ +$default_fontsize = ''; + +/** + * Default font set + * @global string $default_fontset + * @since 1.5.1 + */ +$default_fontset = ''; + +/** + * List of available fontsets. + * @global array $fontsets + * @since 1.5.1 + */ +$fontsets = array(); +$fontsets['serif'] = 'serif'; +$fontsets['sans'] = 'helvetica,arial,sans-serif'; +$fontsets['comicsans'] = 'comic sans ms,sans-serif'; +$fontsets['verasans'] = 'bitstream vera sans,verdana,sans-serif'; +$fontsets['tahoma'] = 'tahoma,sans-serif'; + /** * LDAP server(s) * Array of arrays with LDAP server parameters. See @@ -732,6 +901,9 @@ $theme[40]['NAME'] = 'Wood'; * 'name' => 'Netcenter Member Directory', * 'base' => 'ou=member_directory,o=netcenter.com' * ); + * + * NOTE: please see security note at the top of this file when + * entering a password. */ // Add your ldap server options here @@ -768,6 +940,24 @@ $abook_global_file_writeable = false; */ $abook_global_file_listing = true; +/** + * Controls file based address book entry size + * + * This setting controls space allocated to file based address book records. + * End users will be unable to save address book entry, if total entry size + * (quoted address book fields + 4 delimiters + linefeed) exceeds allowed + * address book length size. + * + * Same setting is applied to personal and global file based address books. + * + * It is strongly recommended to keep default setting value. Change it only + * if you really want to store address book entries that are bigger than two + * kilobytes (2048). + * @global integer $abook_file_line_length + * @since 1.5.2 + */ +$abook_file_line_length = 2048; + /** * MOTD * @@ -802,6 +992,9 @@ $motd = ""; * The DSN is in the format: mysql://user:pass@hostname/dbname * The table is the name of the table to use within the * specified database. + * + * NOTE: please see security note at the top of this file when + * entering a password. */ $addrbook_dsn = ''; $addrbook_table = 'address'; @@ -810,33 +1003,63 @@ $addrbook_table = 'address'; */ $prefs_dsn = ''; $prefs_table = 'userprefs'; +/** + * Preference key field + * @global string $prefs_key_field + */ $prefs_key_field = 'prefkey'; +/** + * Size of preference key field + * @global integer $prefs_key_size + * @since 1.5.1 + */ +$prefs_key_size = 64; +/** + * Preference owner field + * @global string $prefs_user_field + */ $prefs_user_field = 'user'; +/** + * Size of preference owner field + * @global integer $prefs_user_size + * @since 1.5.1 + */ +$prefs_user_size = 128; +/** + * Preference value field + * @global string $prefs_val_field + */ $prefs_val_field = 'prefval'; +/** + * Size of preference key field + * @global integer $prefs_val_size + * @since 1.5.1 + */ +$prefs_val_size = 65536; /*** Global sql database options ***/ /** * DSN of global address book database * @global string $addrbook_global_dsn - * @since 1.5.1 + * @since 1.5.1 and 1.4.4 */ $addrbook_global_dsn = ''; /** * Table used for global database address book * @global string $addrbook_global_table - * @since 1.5.1 + * @since 1.5.1 and 1.4.4 */ $addrbook_global_table = 'global_abook'; /** * Control writing into global database address book * @global boolean $addrbook_global_writeable - * @since 1.5.1 + * @since 1.5.1 and 1.4.4 */ $addrbook_global_writeable = false; /** * Control listing of global database address book * @global boolean $addrbook_global_listing - * @since 1.5.1 + * @since 1.5.1 and 1.4.4 */ $addrbook_global_listing = false; @@ -858,25 +1081,12 @@ $squirrelmail_default_language = 'en_US'; * This option controls what character set is used when sending * mail and when sending HTML to the browser. Option works only * with US English (en_US) translation. Other translations use - * charsets that are set in functions/i18n.php. + * charsets that are set in translation settings. * * @global string $default_charset */ $default_charset = 'iso-8859-1'; -/** - * Available Languages - * - * This option controls number of languages available to end user in - * language selection preferences. You can use space separated list - * of translations installed in locale/ directory or special keys - * 'all' (all languages are available) and 'none' (language selection - * is disabled, interface is set to $squirrelmail_default_language - * @global string $available_languages - * @since 1.5.0 - */ -$available_languages = 'all'; - /** * Alternative Language Names Control * @@ -909,15 +1119,62 @@ $aggressive_decoding = false; */ $lossy_encoding = false; +/** + * Controls use of time zone libraries + * + * Possible values: + * + * Use of any other value switches to default SquirrelMail time zone + * handling ($time_zone_type). + * @global integer $time_zone_type + * @since 1.5.1 + */ +$time_zone_type = 0; + +/** + * Location base + * + * This is used to build the URL to the SquirrelMail location. + * It should contain only the protocol and hostname/port parts + * of the URL; the full path will be appended automatically. + * + * If not specified or empty, it will be autodetected. + * + * Examples: + * http://webmail.example.org + * http://webmail.example.com:8080 + * https://webmail.example.com:6691 + * + * To be clear: do not include any of the path elements, so if + * SquirrelMail is at http://www.example.net/web/mail/src/login.php, you + * write: http://www.example.net + * + * @global string $config_location_base + * @since 1.5.2 and 1.4.8 + */ +$config_location_base = ''; + /*** Tweaks ***/ /** - * Advanced DHTML tree control + * Iframe sandbox code control * - * Use experimental DHTML folder listing - * @global bool $advanced_tree - * @since 1.5.0 + * Use iframe to render html emails + * (temp option used during debuging of new code) + * @global bool $use_iframe + * @since 1.5.1 */ -$advanced_tree = false; +$use_iframe = false; /** * Message Icons control @@ -984,17 +1241,3 @@ $no_list_for_subscribe = false; * @global integer $config_use_color */ $config_use_color = 2; - -/** - * This option includes special configuration options - */ -@include SM_PATH . 'config/config_local.php'; - -/** - * Make sure there are no characters after the PHP closing - * tag below (including newline characters and whitespace). - * Otherwise, that character will cause the headers to be - * sent and regular output to begin, which will majorly screw - * things up when we try to send more headers later. - */ -?>