X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=config%2Fconf.pl;h=7d0baa23964c539b33b4cafbe178f32d39fd4da5;hp=9107ba60b159229d29c00a29979b50657a06d277;hb=4bc49df676b788846c6e777f929dbc742159f8d1;hpb=8f557b942c5a3fb6663c349f4cc7d4a1c8aa4504 diff --git a/config/conf.pl b/config/conf.pl index 9107ba60..7d0baa23 100755 --- a/config/conf.pl +++ b/config/conf.pl @@ -1,7 +1,7 @@ #!/usr/bin/env perl # conf.pl # -# Copyright (c) 1999-2007 The SquirrelMail Project Team +# Copyright (c) 1999-2009 The SquirrelMail Project Team # Licensed under the GNU GPL. For full terms see COPYING. # # A simple configure script to configure SquirrelMail @@ -547,7 +547,7 @@ $list_supported_imap_servers = ##################################################################################### if ( $config_use_color == 1 ) { - $WHT = "\x1B[37;1m"; + $WHT = "\x1B[1m"; $NRM = "\x1B[0m"; } else { $WHT = ""; @@ -906,7 +906,7 @@ while ( ( $command ne "q" ) && ( $command ne "Q" ) && ( $command ne ":q" ) ) { $NRM = ""; } else { $config_use_color = 1; - $WHT = "\x1B[37;1m"; + $WHT = "\x1B[1m"; $NRM = "\x1B[0m"; } } elsif ( $command =~ /^w([0-9]+)/ ) { @@ -1747,17 +1747,22 @@ sub display_use_tls($) { # $encode_header_key sub command114 { - print "Encryption key allows to hide SquirrelMail Received: headers\n"; - print "in outbound messages. Interface uses encryption key to encode\n"; - print "username, remote address and proxied address, then stores encoded\n"; - print "information in X-Squirrel-* headers.\n"; + print "This encryption key allows the hiding of SquirrelMail Received:\n"; + print "headers in outbound messages. SquirrelMail uses the encryption\n"; + print "key to encode the username, remote address, and proxied address\n"; + print "and then stores that encoded information in X-Squirrel-* headers.\n"; print "\n"; - print "Warning: used encryption function is not bulletproof. When used\n"; - print "with static encryption keys, it provides only minimal security\n"; - print "measures and information can be decoded quickly.\n"; + print "Warning: the encryption function used to accomplish this is not\n"; + print "bulletproof. When used with a static encryption key as it is here,\n"; + print "it provides only minimal security and the encoded user information\n"; + print "in the X-Squirrel-* headers can be decoded quickly by a skilled\n"; + print "attacker.\n"; print "\n"; - print "Encoded information can be decoded with decrypt_headers.php script\n"; - print "from SquirrelMail contrib/ directory.\n"; + print "When you need to inspect an email sent from your system with the\n"; + print "X-Squirrel-* headers, you can decode the user information therein\n"; + print "by using the decrypt_headers.php script found in the SquirrelMail\n"; + print "contrib/ directory. You'll need the encryption key that you\n"; + print "defined here when doing so.\n"; print "\n"; print "Enter encryption key: "; $new_encode_header_key = ; @@ -2539,7 +2544,8 @@ sub command310 { } sub command311 { - print " Given that users are not allowed to modify their + print "$NRM"; + print "\n Given that users are not allowed to modify their email address, can they edit their full name? "; @@ -2560,17 +2566,23 @@ sub command311 { } sub command311b { - print " SquirrelMail adds username information to every sent email - in order to prevent possible sender forging when users are allowed - to change their email and/or full name. + print "$NRM"; + print "\n SquirrelMail adds username information to every outgoing + email in order to prevent possible sender forging when users are + allowed to change their email and/or full name. - You can remove user information from this header (y), if you think that + You can remove user information from this header (y) if you think that it violates privacy or security. Note: If users are allowed to change their email addresses, this setting will make it difficult to determine who sent what where. Use at your own risk. + Note: If you have defined a header encryption key in your SMTP or + Sendmail settings (see the \"Server Settings\" option page), this + setting is ignored because all user information in outgoing messages + is encoded. + "; if ( lc($hide_auth_header) eq "true" ) {