#!/usr/bin/env perl
# conf.pl
#
-# Copyright (c) 1999-2007 The SquirrelMail Project Team
+# Copyright (c) 1999-2009 The SquirrelMail Project Team
# Licensed under the GNU GPL. For full terms see COPYING.
#
# A simple configure script to configure SquirrelMail
#####################################################################################
if ( $config_use_color == 1 ) {
- $WHT = "\x1B[37;1m";
+ $WHT = "\x1B[1m";
$NRM = "\x1B[0m";
} else {
$WHT = "";
$NRM = "";
} else {
$config_use_color = 1;
- $WHT = "\x1B[37;1m";
+ $WHT = "\x1B[1m";
$NRM = "\x1B[0m";
}
} elsif ( $command =~ /^w([0-9]+)/ ) {
# $encode_header_key
sub command114 {
- print "Encryption key allows to hide SquirrelMail Received: headers\n";
- print "in outbound messages. Interface uses encryption key to encode\n";
- print "username, remote address and proxied address, then stores encoded\n";
- print "information in X-Squirrel-* headers.\n";
+ print "This encryption key allows the hiding of SquirrelMail Received:\n";
+ print "headers in outbound messages. SquirrelMail uses the encryption\n";
+ print "key to encode the username, remote address, and proxied address\n";
+ print "and then stores that encoded information in X-Squirrel-* headers.\n";
print "\n";
- print "Warning: used encryption function is not bulletproof. When used\n";
- print "with static encryption keys, it provides only minimal security\n";
- print "measures and information can be decoded quickly.\n";
+ print "Warning: the encryption function used to accomplish this is not\n";
+ print "bulletproof. When used with a static encryption key as it is here,\n";
+ print "it provides only minimal security and the encoded user information\n";
+ print "in the X-Squirrel-* headers can be decoded quickly by a skilled\n";
+ print "attacker.\n";
print "\n";
- print "Encoded information can be decoded with decrypt_headers.php script\n";
- print "from SquirrelMail contrib/ directory.\n";
+ print "When you need to inspect an email sent from your system with the\n";
+ print "X-Squirrel-* headers, you can decode the user information therein\n";
+ print "by using the decrypt_headers.php script found in the SquirrelMail\n";
+ print "contrib/ directory. You'll need the encryption key that you\n";
+ print "defined here when doing so.\n";
print "\n";
print "Enter encryption key: ";
$new_encode_header_key = <STDIN>;
}
sub command311 {
- print " Given that users are not allowed to modify their
+ print "$NRM";
+ print "\n Given that users are not allowed to modify their
email address, can they edit their full name?
";
}
sub command311b {
- print " SquirrelMail adds username information to every sent email
- in order to prevent possible sender forging when users are allowed
- to change their email and/or full name.
+ print "$NRM";
+ print "\n SquirrelMail adds username information to every outgoing
+ email in order to prevent possible sender forging when users are
+ allowed to change their email and/or full name.
- You can remove user information from this header (y), if you think that
+ You can remove user information from this header (y) if you think that
it violates privacy or security.
Note: If users are allowed to change their email addresses,
this setting will make it difficult to determine who sent what where.
Use at your own risk.
+ Note: If you have defined a header encryption key in your SMTP or
+ Sendmail settings (see the \"Server Settings\" option page), this
+ setting is ignored because all user information in outgoing messages
+ is encoded.
+
";
if ( lc($hide_auth_header) eq "true" ) {