updating @since tags to indicate version in stable

[squirrelmail.git] / config / config_default.php

diff --git a/config/config_default.php b/config/config_default.php
index 47d71ab4dbbcbdb677fcaf500a370f30c03c7335..f564b4cf9fd9d70d55bc95e2e115ae2a94957e43 100644 (file)
--- a/config/config_default.php
+++ b/config/config_default.php
@@ -143,18 +143,23 @@ $smtpServerAddress = 'localhost';
 $smtpPort = 25;
 
 /**
- * SquirrelMail header control
+ * SquirrelMail header encryption
  *
- * Option can be used to disable Received: headers added by SquirrelMail.
- * This can increase user's privacy and solve problems with spam filters
- * that increase spam marks for dynamic dialup addresses.
+ * Encryption key allows to hide SquirrelMail Received: headers
+ * in outbound messages. Interface uses encryption key to encode
+ * username, remote address and proxied address, then stores encoded
+ * information in X-Squirrel-* headers.
  *
- * If admin enables this setting, system should have some logging facility
- * or other tools to control users. SquirrelMail's Received: header provides
- * information, that can't be forged by webmail user.
- * @global bool $skip_SM_header
+ * Warning: used encryption function is not bulletproof. When used
+ * with static encryption keys, it provides only minimal security
+ * measures and information can be decoded quickly.
+ *
+ * Encoded information can be decoded with decrypt_headers.php script
+ * from SquirrelMail contrib/ directory.
+ * @global string $encode_header_key
+ * @since 1.5.1 and 1.4.5
  */
-$skip_SM_header = false;
+$encode_header_key = '';
 
 /**
  * Path to Sendmail
@@ -194,6 +199,7 @@ $imapPort = 143;
  *   macosx
  *   hmailserver
  *   mercury32
+ *   dovecot
  *   other
  *
  * Please note that this changes only some of server settings.
@@ -525,6 +531,22 @@ $default_use_mdn = true;
 $edit_identity = true;
 $edit_name = true;
 
+/**
+ * SquirrelMail adds username information to every sent email.
+ * It is done in order to prevent possible sender forging when 
+ * end users are allowed to change their email and name 
+ * information.
+ *
+ * You can disable this header, if you think that it violates
+ * user's privacy or security. Please note, that setting will
+ * work only when users are not allowed to change their identity.
+ *
+ * See SquirrelMail bug tracker #847107 for more details about it.
+ * @global bool $hide_auth_header
+ * @since 1.5.1 and 1.4.5
+ */
+$hide_auth_header = false;
+
 /**
  * Server Side Threading Control
  *
@@ -1007,4 +1029,4 @@ $config_use_color = 2;
  * sent and regular output to begin, which will majorly screw
  * things up when we try to send more headers later.
  */
-?>
+?>
\ No newline at end of file