X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=config%2Fconfig_default.php;h=068c5670c9f9b42715dcb4b0d47266801ed36965;hp=8d24c2e744481f78ffe125751d4bd956e652bb2e;hb=432db2fc4af6edc726e9a52f023cd3bd1d664667;hpb=7be4d7172a48b9d2268b56f3c1450828923c8958

diff --git a/config/config_default.php b/config/config_default.php
index 8d24c2e7..068c5670 100644
--- a/config/config_default.php
+++ b/config/config_default.php
@@ -143,18 +143,23 @@ $smtpServerAddress = 'localhost';
 $smtpPort = 25;
 
 /**
- * SquirrelMail header control
+ * SquirrelMail header encryption
  *
- * Option can be used to disable Received: headers added by SquirrelMail.
- * This can increase user's privacy and solve problems with spam filters
- * that increase spam marks for dynamic dialup addresses.
+ * Encryption key allows to hide SquirrelMail Received: headers
+ * in outbound messages. Interface uses encryption key to encode
+ * username, remote address and proxied address, then stores encoded
+ * information in X-Squirrel-* headers.
  *
- * If admin enables this setting, system should have some logging facility
- * or other tools to control users. SquirrelMail's Received: header provides
- * information, that can't be forged by webmail user.
- * @global bool $skip_SM_header
+ * Warning: used encryption function is not bulletproof. When used
+ * with static encryption keys, it provides only minimal security
+ * measures and information can be decoded quickly.
+ *
+ * Encoded information can be decoded with decrypt_headers.php script
+ * from SquirrelMail contrib/ directory.
+ * @global string $encode_header_key
+ * @since 1.5.1
  */
-$skip_SM_header = false;
+$encode_header_key = '';
 
 /**
  * Path to Sendmail
@@ -194,6 +199,7 @@ $imapPort = 143;
  *   macosx
  *   hmailserver
  *   mercury32
+ *   dovecot
  *   other
  *
  * Please note that this changes only some of server settings.
@@ -525,6 +531,21 @@ $default_use_mdn = true;
 $edit_identity = true;
 $edit_name = true;
 
+/**
+ * SquirrelMail adds username information to every sent email.
+ * It is done in order to prevent possible sender forging when 
+ * end users are allowed to change their email and name 
+ * information.
+ *
+ * You can disable this header, if you think that it violates
+ * user's privacy or security. Please note, that setting will
+ * work only when users are not allowed to change their identity.
+ *
+ * See SquirrelMail bug tracker #847107 for more details about it.
+ * @global bool $hide_auth_header
+ */
+$hide_auth_header = false;
+
 /**
  * Server Side Threading Control
  *