610
627
# $save_name, $force_name and ``fcc-hook''.
630
# set crypt_autoencrypt=no
632
# Name: crypt_autoencrypt
637
# Setting this variable will cause Mutt to always attempt to PGP
638
# encrypt outgoing messages. This is probably only useful in
639
# connection to the ``send-hook'' command. It can be overridden
640
# by use of the pgp menu, when encryption is not required or
641
# signing is requested as well. If $smime_is_default is set,
642
# then OpenSSL is used instead to create S/MIME messages and
643
# settings can be overridden by use of the smime menu instead.
647
# set crypt_autopgp=yes
649
# Name: crypt_autopgp
654
# This variable controls whether or not mutt may automatically enable
655
# PGP encryption/signing for messages. See also $crypt_autoencrypt,
656
# $crypt_replyencrypt,
657
# $crypt_autosign, $crypt_replysign and $smime_is_default.
660
# set crypt_autosign=no
662
# Name: crypt_autosign
667
# Setting this variable will cause Mutt to always attempt to
668
# cryptographically sign outgoing messages. This can be overridden
669
# by use of the pgp menu, when signing is not required or
670
# encryption is requested as well. If $smime_is_default is set,
671
# then OpenSSL is used instead to create S/MIME messages and settings can
672
# be overridden by use of the smime menu instead of the pgp menu.
676
# set crypt_autosmime=yes
678
# Name: crypt_autosmime
683
# This variable controls whether or not mutt may automatically enable
684
# S/MIME encryption/signing for messages. See also $crypt_autoencrypt,
685
# $crypt_replyencrypt,
686
# $crypt_autosign, $crypt_replysign and $smime_is_default.
689
# set crypt_replyencrypt=yes
691
# Name: crypt_replyencrypt
696
# If set, automatically PGP or OpenSSL encrypt replies to messages which are
701
# set crypt_replysign=no
703
# Name: crypt_replysign
708
# If set, automatically PGP or OpenSSL sign replies to messages which are
711
# Note: this does not work on messages that are encrypted
716
# set crypt_replysignencrypted=no
718
# Name: crypt_replysignencrypted
723
# If set, automatically PGP or OpenSSL sign replies to messages
724
# which are encrypted. This makes sense in combination with
725
# $crypt_replyencrypt, because it allows you to sign all
726
# messages which are automatically encrypted. This works around
727
# the problem noted in $crypt_replysign, that mutt is not able
728
# to find out whether an encrypted message is also signed.
732
# set crypt_timestamp=yes
734
# Name: crypt_timestamp
739
# If set, mutt will include a time stamp in the lines surrounding
740
# PGP or S/MIME output, so spoofing such lines is more difficult.
741
# If you are using colors to mark these lines, and rely on these,
742
# you may unset this setting.
613
746
# set crypt_use_gpgme=no
615
748
# Name: crypt_use_gpgme
2170
# set crypt_autosign=no
2172
# Name: crypt_autosign
2177
# Setting this variable will cause Mutt to always attempt to
2178
# cryptographically sign outgoing messages. This can be overridden
2179
# by use of the pgp menu, when signing is not required or
2180
# encryption is requested as well. If $smime_is_default is set,
2181
# then OpenSSL is used instead to create S/MIME messages and settings can
2182
# be overridden by use of the smime menu instead of the pgp menu.
2186
# set crypt_autoencrypt=no
2188
# Name: crypt_autoencrypt
2193
# Setting this variable will cause Mutt to always attempt to PGP
2194
# encrypt outgoing messages. This is probably only useful in
2195
# connection to the ``send-hook'' command. It can be overridden
2196
# by use of the pgp menu, when encryption is not required or
2197
# signing is requested as well. If $smime_is_default is set,
2198
# then OpenSSL is used instead to create S/MIME messages and
2199
# settings can be overridden by use of the smime menu instead.
2203
# set pgp_ignore_subkeys=yes
2205
# Name: pgp_ignore_subkeys
2210
# Setting this variable will cause Mutt to ignore OpenPGP subkeys. Instead,
2211
# the principal key will inherit the subkeys' capabilities. Unset this
2212
# if you want to play interesting key selection games.
2216
# set crypt_replyencrypt=yes
2218
# Name: crypt_replyencrypt
2223
# If set, automatically PGP or OpenSSL encrypt replies to messages which are
2228
# set crypt_replysign=no
2230
# Name: crypt_replysign
2235
# If set, automatically PGP or OpenSSL sign replies to messages which are
2238
# Note: this does not work on messages that are encrypted
2243
# set crypt_replysignencrypted=no
2245
# Name: crypt_replysignencrypted
2250
# If set, automatically PGP or OpenSSL sign replies to messages
2251
# which are encrypted. This makes sense in combination with
2252
# $crypt_replyencrypt, because it allows you to sign all
2253
# messages which are automatically encrypted. This works around
2254
# the problem noted in $crypt_replysign, that mutt is not able
2255
# to find out whether an encrypted message is also signed.
2259
# set crypt_timestamp=yes
2261
# Name: crypt_timestamp
2266
# If set, mutt will include a time stamp in the lines surrounding
2267
# PGP or S/MIME output, so spoofing such lines is more difficult.
2268
# If you are using colors to mark these lines, and rely on these,
2269
# you may unset this setting.
2273
# set pgp_use_gpg_agent=no
2275
# Name: pgp_use_gpg_agent
2280
# If set, mutt will use a possibly-running gpg-agent(1) process.
2284
# set crypt_verify_sig=yes
2286
# Name: crypt_verify_sig
2291
# If ``yes'', always attempt to verify PGP or S/MIME signatures.
2292
# If ``ask-*'', ask whether or not to verify the signature.
2293
# If \Fi``no'', never attempt to verify cryptographic signatures.
2297
# set smime_is_default=no
2299
# Name: smime_is_default
2304
# The default behaviour of mutt is to use PGP on all auto-sign/encryption
2305
# operations. To override and to use OpenSSL instead this must be set.
2306
# However, this has no effect while replying, since mutt will automatically
2307
# select the same application that was used to sign/encrypt the original
2308
# message. (Note that this variable can be overridden by unsetting $crypt_autosmime.)
2312
# set smime_ask_cert_label=yes
2314
# Name: smime_ask_cert_label
2319
# This flag controls whether you want to be asked to enter a label
2320
# for a certificate about to be added to the database or not. It is
2325
# set smime_decrypt_use_default_key=yes
2327
# Name: smime_decrypt_use_default_key
2332
# If set (default) this tells mutt to use the default key for decryption. Otherwise,
2333
# if managing multiple certificate-key-pairs, mutt will try to use the mailbox-address
2334
# to determine the key to use. It will ask you to supply a key, if it can't find one.
2337
# set pgp_auto_decode=no
2339
# Name: pgp_auto_decode
2344
# If set, mutt will automatically attempt to decrypt traditional PGP
2345
# messages whenever the user performs an operation which ordinarily would
2346
# result in the contents of the message being operated on. For example,
2347
# if the user displays a pgp-traditional message which has not been manually
2348
# checked with the <check-traditional-pgp> function, mutt will automatically
2349
# check the message for traditional pgp.
2352
# set pgp_autoinline=no
2354
# Name: pgp_autoinline
2359
# This option controls whether Mutt generates old-style inline
2360
# (traditional) PGP encrypted or signed messages under certain
2361
# circumstances. This can be overridden by use of the pgp menu,
2362
# when inline is not required.
2364
# Note that Mutt might automatically use PGP/MIME for messages
2365
# which consist of more than a single MIME part. Mutt can be
2366
# configured to ask before sending PGP/MIME messages when inline
2367
# (traditional) would not work.
2369
# Also see the $pgp_mime_auto variable.
2371
# Also note that using the old-style PGP message format is strongly
2376
# set pgp_check_exit=yes
2378
# Name: pgp_check_exit
2383
# If set, mutt will check the exit code of the PGP subprocess when
2384
# signing or encrypting. A non-zero exit code means that the
2385
# subprocess failed.
2389
# set pgp_clearsign_command=""
2391
# Name: pgp_clearsign_command
2396
# This format is used to create an old-style ``clearsigned'' PGP
2397
# message. Note that the use of this format is strongly
2400
# This is a format string, see the $pgp_decode_command command for
2401
# possible printf(3)-like sequences.
2405
# set pgp_decode_command=""
2407
# Name: pgp_decode_command
2412
# This format strings specifies a command which is used to decode
2413
# application/pgp attachments.
2415
# The PGP command formats have their own set of printf(3)-like sequences:
2416
# %p Expands to PGPPASSFD=0 when a pass phrase is needed, to an empty
2417
# string otherwise. Note: This may be used with a %? construct.
2418
# %f Expands to the name of a file containing a message.
2419
# %s Expands to the name of a file containing the signature part
2420
# of a multipart/signed attachment when verifying it.
2421
# %a The value of $pgp_sign_as.
2422
# %r One or more key IDs.
2425
# For examples on how to configure these formats for the various versions
2426
# of PGP which are floating around, see the pgp and gpg sample configuration files in
2427
# the samples/ subdirectory which has been installed on your system
2428
# alongside the documentation.
2432
# set pgp_decrypt_command=""
2434
# Name: pgp_decrypt_command
2439
# This command is used to decrypt a PGP encrypted message.
2441
# This is a format string, see the $pgp_decode_command command for
2442
# possible printf(3)-like sequences.
2446
# set pgp_encrypt_only_command=""
2448
# Name: pgp_encrypt_only_command
2453
# This command is used to encrypt a body part without signing it.
2455
# This is a format string, see the $pgp_decode_command command for
2456
# possible printf(3)-like sequences.
2460
# set pgp_encrypt_sign_command=""
2462
# Name: pgp_encrypt_sign_command
2467
# This command is used to both sign and encrypt a body part.
2469
# This is a format string, see the $pgp_decode_command command for
2470
# possible printf(3)-like sequences.
2338
2474
# set pgp_entry_format="%4n %t%f %4l/0x%k %-4a %2c %u"
2539
# set pgp_mime_auto=ask-yes
2541
# Name: pgp_mime_auto
2546
# This option controls whether Mutt will prompt you for
2547
# automatically sending a (signed/encrypted) message using
2548
# PGP/MIME when inline (traditional) fails (for any reason).
2550
# Also note that using the old-style PGP message format is strongly
2555
# set pgp_auto_decode=no
2557
# Name: pgp_auto_decode
2737
# set pgp_strict_enc=yes
2739
# Name: pgp_strict_enc
2744
# If set, Mutt will automatically encode PGP/MIME signed messages as
2745
# quoted-printable. Please note that unsetting this variable may
2746
# lead to problems with non-verifyable PGP signatures, so only change
2747
# this if you know what you are doing.
2751
# set pgp_timeout=300
2758
# The number of seconds after which a cached passphrase will expire if
2763
# set pgp_use_gpg_agent=no
2765
# Name: pgp_use_gpg_agent
2558
2766
# Type: boolean
2562
# If set, mutt will automatically attempt to decrypt traditional PGP
2563
# messages whenever the user performs an operation which ordinarily would
2564
# result in the contents of the message being operated on. For example,
2565
# if the user displays a pgp-traditional message which has not been manually
2566
# checked with the <check-traditional-pgp> function, mutt will automatically
2567
# check the message for traditional pgp.
2570
# set pgp_decode_command=""
2572
# Name: pgp_decode_command
2577
# This format strings specifies a command which is used to decode
2578
# application/pgp attachments.
2580
# The PGP command formats have their own set of printf(3)-like sequences:
2581
# %p Expands to PGPPASSFD=0 when a pass phrase is needed, to an empty
2582
# string otherwise. Note: This may be used with a %? construct.
2583
# %f Expands to the name of a file containing a message.
2584
# %s Expands to the name of a file containing the signature part
2585
# of a multipart/signed attachment when verifying it.
2586
# %a The value of $pgp_sign_as.
2587
# %r One or more key IDs.
2590
# For examples on how to configure these formats for the various versions
2591
# of PGP which are floating around, see the pgp and gpg sample configuration files in
2592
# the samples/ subdirectory which has been installed on your system
2593
# alongside the documentation.
2597
# set pgp_getkeys_command=""
2599
# Name: pgp_getkeys_command
2604
# This command is invoked whenever mutt will need public key information.
2605
# Of the sequences supported by $pgp_decode_command, %r is the only
2606
# printf(3)-like sequence used with this format.
2770
# If set, mutt will use a possibly-running gpg-agent(1) process.
2624
# set pgp_decrypt_command=""
2626
# Name: pgp_decrypt_command
2631
# This command is used to decrypt a PGP encrypted message.
2633
# This is a format string, see the $pgp_decode_command command for
2634
# possible printf(3)-like sequences.
2638
# set pgp_clearsign_command=""
2640
# Name: pgp_clearsign_command
2645
# This format is used to create a old-style ``clearsigned'' PGP
2646
# message. Note that the use of this format is strongly
2649
# This is a format string, see the $pgp_decode_command command for
2650
# possible printf(3)-like sequences.
2654
# set pgp_sign_command=""
2656
# Name: pgp_sign_command
2661
# This command is used to create the detached PGP signature for a
2662
# multipart/signed PGP/MIME body part.
2664
# This is a format string, see the $pgp_decode_command command for
2665
# possible printf(3)-like sequences.
2669
# set pgp_encrypt_sign_command=""
2671
# Name: pgp_encrypt_sign_command
2676
# This command is used to both sign and encrypt a body part.
2678
# This is a format string, see the $pgp_decode_command command for
2679
# possible printf(3)-like sequences.
2683
# set pgp_encrypt_only_command=""
2685
# Name: pgp_encrypt_only_command
2690
# This command is used to encrypt a body part without signing it.
2692
# This is a format string, see the $pgp_decode_command command for
2693
# possible printf(3)-like sequences.
2697
# set pgp_import_command=""
2699
# Name: pgp_import_command
2704
# This command is used to import a key from a message into
2705
# the user's public key ring.
2707
# This is a format string, see the $pgp_decode_command command for
2708
# possible printf(3)-like sequences.
2712
# set pgp_export_command=""
2714
# Name: pgp_export_command
2719
# This command is used to export a public key from the user's
2722
# This is a format string, see the $pgp_decode_command command for
2723
# possible printf(3)-like sequences.
2727
2788
# set pgp_verify_key_command=""
2729
2790
# Name: pgp_verify_key_command
2742
# set pgp_list_secring_command=""
2744
# Name: pgp_list_secring_command
2749
# This command is used to list the secret key ring's contents. The
2750
# output format must be analogous to the one used by:
2751
# gpg --list-keys --with-colons.
2753
# This format is also generated by the pgpring utility which comes
2756
# This is a format string, see the $pgp_decode_command command for
2757
# possible printf(3)-like sequences.
2761
# set pgp_list_pubring_command=""
2763
# Name: pgp_list_pubring_command
2768
# This command is used to list the public key ring's contents. The
2769
# output format must be analogous to the one used by
2770
# gpg --list-keys --with-colons.
2772
# This format is also generated by the pgpring utility which comes
2775
# This is a format string, see the $pgp_decode_command command for
2776
# possible printf(3)-like sequences.
2780
# set forward_decrypt=yes
2782
# Name: forward_decrypt
2787
# Controls the handling of encrypted messages when forwarding a message.
2788
# When set, the outer layer of encryption is stripped off. This
2789
# variable is only used if $mime_forward is set and
2790
# $mime_forward_decode is unset.
2794
# set smime_timeout=300
2796
# Name: smime_timeout
2801
# The number of seconds after which a cached passphrase will expire if
2806
# set smime_encrypt_with=""
2808
# Name: smime_encrypt_with
2813
# This sets the algorithm that should be used for encryption.
2814
# Valid choices are ``des'', ``des3'', ``rc2-40'', ``rc2-64'', ``rc2-128''.
2815
# If unset, ``3des'' (TripleDES) is used.
2826
# Since for S/MIME there is no pubring/secring as with PGP, mutt has to handle
2827
# storage and retrieval of keys/certs by itself. This is very basic right now,
2828
# and stores keys and certificates in two different directories, both
2829
# named as the hash-value retrieved from OpenSSL. There is an index file
2830
# which contains mailbox-address keyid pair, and which can be manually
2831
# edited. This option points to the location of the private keys.
2835
# set smime_ca_location=""
2837
# Name: smime_ca_location
2842
# This variable contains the name of either a directory, or a file which
2843
# contains trusted certificates for use with OpenSSL.
2847
# set smime_certificates=""
2849
# Name: smime_certificates
2854
# Since for S/MIME there is no pubring/secring as with PGP, mutt has to handle
2855
# storage and retrieval of keys by itself. This is very basic right
2856
# now, and keys and certificates are stored in two different
2857
# directories, both named as the hash-value retrieved from
2858
# OpenSSL. There is an index file which contains mailbox-address
2859
# keyid pairs, and which can be manually edited. This option points to
2860
# the location of the certificates.
2864
# set smime_decrypt_command=""
2866
# Name: smime_decrypt_command
2871
# This format string specifies a command which is used to decrypt
2872
# application/x-pkcs7-mime attachments.
2874
# The OpenSSL command formats have their own set of printf(3)-like sequences
2876
# %f Expands to the name of a file containing a message.
2877
# %s Expands to the name of a file containing the signature part
2878
# of a multipart/signed attachment when verifying it.
2879
# %k The key-pair specified with $smime_default_key
2880
# %c One or more certificate IDs.
2881
# %a The algorithm used for encryption.
2882
# %C CA location: Depending on whether $smime_ca_location
2883
# points to a directory or file, this expands to
2884
# ``-CApath $smime_ca_location'' or ``-CAfile $smime_ca_location''.
2887
# For examples on how to configure these formats, see the smime.rc in
2888
# the samples/ subdirectory which has been installed on your system
2889
# alongside the documentation.
2893
# set smime_verify_command=""
2895
# Name: smime_verify_command
2900
# This command is used to verify S/MIME signatures of type multipart/signed.
2902
# This is a format string, see the $smime_decrypt_command command for
2903
# possible printf(3)-like sequences.
2907
# set smime_verify_opaque_command=""
2909
# Name: smime_verify_opaque_command
2914
# This command is used to verify S/MIME signatures of type
2915
# application/x-pkcs7-mime.
2917
# This is a format string, see the $smime_decrypt_command command for
2918
# possible printf(3)-like sequences.
2922
# set smime_sign_command=""
2924
# Name: smime_sign_command
2929
# This command is used to created S/MIME signatures of type
2930
# multipart/signed, which can be read by all mail clients.
2932
# This is a format string, see the $smime_decrypt_command command for
2933
# possible printf(3)-like sequences.
2937
# set smime_sign_opaque_command=""
2939
# Name: smime_sign_opaque_command
2944
# This command is used to created S/MIME signatures of type
2945
# application/x-pkcs7-signature, which can only be handled by mail
2946
# clients supporting the S/MIME extension.
2948
# This is a format string, see the $smime_decrypt_command command for
2949
# possible printf(3)-like sequences.
2953
# set smime_encrypt_command=""
2955
# Name: smime_encrypt_command
2960
# This command is used to create encrypted S/MIME messages.
2962
# This is a format string, see the $smime_decrypt_command command for
2963
# possible printf(3)-like sequences.
2967
# set smime_pk7out_command=""
2969
# Name: smime_pk7out_command
2974
# This command is used to extract PKCS7 structures of S/MIME signatures,
2975
# in order to extract the public X509 certificate(s).
2977
# This is a format string, see the $smime_decrypt_command command for
2978
# possible printf(3)-like sequences.
2982
# set smime_get_cert_command=""
2984
# Name: smime_get_cert_command
2989
# This command is used to extract X509 certificates from a PKCS7 structure.
2991
# This is a format string, see the $smime_decrypt_command command for
2992
# possible printf(3)-like sequences.
2996
# set smime_get_signer_cert_command=""
2998
# Name: smime_get_signer_cert_command
3003
# This command is used to extract only the signers X509 certificate from a S/MIME
3004
# signature, so that the certificate's owner may get compared to the
3005
# email's ``From:'' field.
3007
# This is a format string, see the $smime_decrypt_command command for
3008
# possible printf(3)-like sequences.
3012
# set smime_import_cert_command=""
3014
# Name: smime_import_cert_command
3019
# This command is used to import a certificate via smime_keys.
3021
# This is a format string, see the $smime_decrypt_command command for
3022
# possible printf(3)-like sequences.
3026
# set smime_get_cert_email_command=""
3028
# Name: smime_get_cert_email_command
3033
# This command is used to extract the mail address(es) used for storing
3034
# X509 certificates, and for verification purposes (to check whether the
3035
# certificate was issued for the sender's mailbox).
3037
# This is a format string, see the $smime_decrypt_command command for
3038
# possible printf(3)-like sequences.
3042
# set smime_default_key=""
3044
# Name: smime_default_key
3049
# This is the default key-pair to use for signing. This must be set to the
3050
# keyid (the hash-value that OpenSSL generates) to work properly
3054
# set ssl_client_cert=""
3056
# Name: ssl_client_cert
3061
# The file containing a client certificate and its associated private
3065
# set ssl_force_tls=no
3067
# Name: ssl_force_tls
3072
# If this variable is set, Mutt will require that all connections
3073
# to remote servers be encrypted. Furthermore it will attempt to
3074
# negotiate TLS even if the server does not advertise the capability,
3075
# since it would otherwise have to abort the connection anyway. This
3076
# option supersedes $ssl_starttls.
3079
# set ssl_starttls=yes
3081
# Name: ssl_starttls
3086
# If set (the default), mutt will attempt to use STARTTLS on servers
3087
# advertising the capability. When unset, mutt will not attempt to
3088
# use STARTTLS regardless of the server's capabilities.
3091
# set certificate_file="~/.mutt_certificates"
3093
# Name: certificate_file
3095
# Default: "~/.mutt_certificates"
3098
# This variable specifies the file where the certificates you trust
3099
# are saved. When an unknown certificate is encountered, you are asked
3100
# if you accept it or not. If you accept it, the certificate can also
3101
# be saved in this file and further connections are automatically
3104
# You can also manually add CA certificates in this file. Any server
3105
# certificate that is signed with one of these CA certificates is
3106
# also automatically accepted.
3109
# set certificate_file=~/.mutt/certificates
3112
# set ssl_usesystemcerts=yes
3114
# Name: ssl_usesystemcerts
3119
# If set to yes, mutt will use CA certificates in the
3120
# system-wide certificate store when checking if a server certificate
3121
# is signed by a trusted CA.
3124
# set entropy_file=""
3126
# Name: entropy_file
3131
# The file which includes random data that is used to initialize SSL
3132
# library functions.
3135
# set ssl_use_sslv2=yes
3137
# Name: ssl_use_sslv2
3142
# This variables specifies whether to attempt to use SSLv2 in the
3143
# SSL authentication process.
3146
# set ssl_use_sslv3=yes
3148
# Name: ssl_use_sslv3
3153
# This variables specifies whether to attempt to use SSLv3 in the
3154
# SSL authentication process.
3157
# set ssl_use_tlsv1=yes
3159
# Name: ssl_use_tlsv1
3164
# This variables specifies whether to attempt to use TLSv1 in the
3165
# SSL authentication process.
3168
# set ssl_min_dh_prime_bits=0
3170
# Name: ssl_min_dh_prime_bits
3175
# This variable specifies the minimum acceptable prime size (in bits)
3176
# for use in any Diffie-Hellman key exchange. A value of 0 will use
3177
# the default from the GNUTLS library.
3180
# set ssl_ca_certificates_file=""
3182
# Name: ssl_ca_certificates_file
3187
# This variable specifies a file containing trusted CA certificates.
3188
# Any server certificate that is signed with one of these CA
3189
# certificates is also automatically accepted.
3192
# set ssl_ca_certificates_file=/etc/ssl/certs/ca-certificates.crt
3202
# Used in connection with the <pipe-message> function following
3203
# <tag-prefix>. If this variable is unset, when piping a list of
3204
# tagged messages Mutt will concatenate the messages and will pipe them
3205
# all concatenated. When set, Mutt will pipe the messages one by one.
3206
# In both cases the messages are piped in the current sorted order,
3207
# and the $pipe_sep separator is added after each message.
3210
2803
# set pipe_decode=no
3212
2805
# Name: pipe_decode
4008
3640
# happens at the beginning of a line.
3643
# set smime_ask_cert_label=yes
3645
# Name: smime_ask_cert_label
3650
# This flag controls whether you want to be asked to enter a label
3651
# for a certificate about to be added to the database or not. It is
3656
# set smime_ca_location=""
3658
# Name: smime_ca_location
3663
# This variable contains the name of either a directory, or a file which
3664
# contains trusted certificates for use with OpenSSL.
3668
# set smime_certificates=""
3670
# Name: smime_certificates
3675
# Since for S/MIME there is no pubring/secring as with PGP, mutt has to handle
3676
# storage and retrieval of keys by itself. This is very basic right
3677
# now, and keys and certificates are stored in two different
3678
# directories, both named as the hash-value retrieved from
3679
# OpenSSL. There is an index file which contains mailbox-address
3680
# keyid pairs, and which can be manually edited. This option points to
3681
# the location of the certificates.
3685
# set smime_decrypt_command=""
3687
# Name: smime_decrypt_command
3692
# This format string specifies a command which is used to decrypt
3693
# application/x-pkcs7-mime attachments.
3695
# The OpenSSL command formats have their own set of printf(3)-like sequences
3697
# %f Expands to the name of a file containing a message.
3698
# %s Expands to the name of a file containing the signature part
3699
# of a multipart/signed attachment when verifying it.
3700
# %k The key-pair specified with $smime_default_key
3701
# %c One or more certificate IDs.
3702
# %a The algorithm used for encryption.
3703
# %C CA location: Depending on whether $smime_ca_location
3704
# points to a directory or file, this expands to
3705
# ``-CApath $smime_ca_location'' or ``-CAfile $smime_ca_location''.
3708
# For examples on how to configure these formats, see the smime.rc in
3709
# the samples/ subdirectory which has been installed on your system
3710
# alongside the documentation.
3714
# set smime_decrypt_use_default_key=yes
3716
# Name: smime_decrypt_use_default_key
3721
# If set (default) this tells mutt to use the default key for decryption. Otherwise,
3722
# if managing multiple certificate-key-pairs, mutt will try to use the mailbox-address
3723
# to determine the key to use. It will ask you to supply a key, if it can't find one.
3727
# set smime_default_key=""
3729
# Name: smime_default_key
3734
# This is the default key-pair to use for signing. This must be set to the
3735
# keyid (the hash-value that OpenSSL generates) to work properly
3739
# set smime_encrypt_command=""
3741
# Name: smime_encrypt_command
3746
# This command is used to create encrypted S/MIME messages.
3748
# This is a format string, see the $smime_decrypt_command command for
3749
# possible printf(3)-like sequences.
3753
# set smime_encrypt_with=""
3755
# Name: smime_encrypt_with
3760
# This sets the algorithm that should be used for encryption.
3761
# Valid choices are ``des'', ``des3'', ``rc2-40'', ``rc2-64'', ``rc2-128''.
3762
# If unset, ``3des'' (TripleDES) is used.
3766
# set smime_get_cert_command=""
3768
# Name: smime_get_cert_command
3773
# This command is used to extract X509 certificates from a PKCS7 structure.
3775
# This is a format string, see the $smime_decrypt_command command for
3776
# possible printf(3)-like sequences.
3780
# set smime_get_cert_email_command=""
3782
# Name: smime_get_cert_email_command
3787
# This command is used to extract the mail address(es) used for storing
3788
# X509 certificates, and for verification purposes (to check whether the
3789
# certificate was issued for the sender's mailbox).
3791
# This is a format string, see the $smime_decrypt_command command for
3792
# possible printf(3)-like sequences.
3796
# set smime_get_signer_cert_command=""
3798
# Name: smime_get_signer_cert_command
3803
# This command is used to extract only the signers X509 certificate from a S/MIME
3804
# signature, so that the certificate's owner may get compared to the
3805
# email's ``From:'' field.
3807
# This is a format string, see the $smime_decrypt_command command for
3808
# possible printf(3)-like sequences.
3812
# set smime_import_cert_command=""
3814
# Name: smime_import_cert_command
3819
# This command is used to import a certificate via smime_keys.
3821
# This is a format string, see the $smime_decrypt_command command for
3822
# possible printf(3)-like sequences.
3826
# set smime_is_default=no
3828
# Name: smime_is_default
3833
# The default behaviour of mutt is to use PGP on all auto-sign/encryption
3834
# operations. To override and to use OpenSSL instead this must be set.
3835
# However, this has no effect while replying, since mutt will automatically
3836
# select the same application that was used to sign/encrypt the original
3837
# message. (Note that this variable can be overridden by unsetting $crypt_autosmime.)
3848
# Since for S/MIME there is no pubring/secring as with PGP, mutt has to handle
3849
# storage and retrieval of keys/certs by itself. This is very basic right now,
3850
# and stores keys and certificates in two different directories, both
3851
# named as the hash-value retrieved from OpenSSL. There is an index file
3852
# which contains mailbox-address keyid pair, and which can be manually
3853
# edited. This option points to the location of the private keys.
3857
# set smime_pk7out_command=""
3859
# Name: smime_pk7out_command
3864
# This command is used to extract PKCS7 structures of S/MIME signatures,
3865
# in order to extract the public X509 certificate(s).
3867
# This is a format string, see the $smime_decrypt_command command for
3868
# possible printf(3)-like sequences.
3872
# set smime_sign_command=""
3874
# Name: smime_sign_command
3879
# This command is used to created S/MIME signatures of type
3880
# multipart/signed, which can be read by all mail clients.
3882
# This is a format string, see the $smime_decrypt_command command for
3883
# possible printf(3)-like sequences.
3887
# set smime_sign_opaque_command=""
3889
# Name: smime_sign_opaque_command
3894
# This command is used to created S/MIME signatures of type
3895
# application/x-pkcs7-signature, which can only be handled by mail
3896
# clients supporting the S/MIME extension.
3898
# This is a format string, see the $smime_decrypt_command command for
3899
# possible printf(3)-like sequences.
3903
# set smime_timeout=300
3905
# Name: smime_timeout
4018
# Specifies time, in seconds, to pause while displaying certain informational
4019
# messages, while moving from folder to folder and after expunging
4020
# messages from the current folder. The default is to pause one second, so
4021
# a value of zero for this option suppresses the pause.
3910
# The number of seconds after which a cached passphrase will expire if
3915
# set smime_verify_command=""
3917
# Name: smime_verify_command
3922
# This command is used to verify S/MIME signatures of type multipart/signed.
3924
# This is a format string, see the $smime_decrypt_command command for
3925
# possible printf(3)-like sequences.
3929
# set smime_verify_opaque_command=""
3931
# Name: smime_verify_opaque_command
3936
# This command is used to verify S/MIME signatures of type
3937
# application/x-pkcs7-mime.
3939
# This is a format string, see the $smime_decrypt_command command for
3940
# possible printf(3)-like sequences.
4024
3944
# set smtp_authenticators=""
4197
4117
# If your spool mailbox is in a non-default place where Mutt cannot find
4198
4118
# it, you can specify its location with this variable. Mutt will
4199
# automatically set this variable to the value of the environment
4200
# variable $MAIL if it is not set.
4119
# initially set this variable to the value of the environment
4120
# variable $MAIL or $MAILDIR if either is defined.
4123
# set ssl_ca_certificates_file=""
4125
# Name: ssl_ca_certificates_file
4130
# This variable specifies a file containing trusted CA certificates.
4131
# Any server certificate that is signed with one of these CA
4132
# certificates is also automatically accepted.
4135
# set ssl_ca_certificates_file=/etc/ssl/certs/ca-certificates.crt
4138
# set ssl_client_cert=""
4140
# Name: ssl_client_cert
4145
# The file containing a client certificate and its associated private
4149
# set ssl_force_tls=no
4151
# Name: ssl_force_tls
4156
# If this variable is set, Mutt will require that all connections
4157
# to remote servers be encrypted. Furthermore it will attempt to
4158
# negotiate TLS even if the server does not advertise the capability,
4159
# since it would otherwise have to abort the connection anyway. This
4160
# option supersedes $ssl_starttls.
4163
# set ssl_min_dh_prime_bits=0
4165
# Name: ssl_min_dh_prime_bits
4170
# This variable specifies the minimum acceptable prime size (in bits)
4171
# for use in any Diffie-Hellman key exchange. A value of 0 will use
4172
# the default from the GNUTLS library.
4175
# set ssl_starttls=yes
4177
# Name: ssl_starttls
4182
# If set (the default), mutt will attempt to use STARTTLS on servers
4183
# advertising the capability. When unset, mutt will not attempt to
4184
# use STARTTLS regardless of the server's capabilities.
4187
# set ssl_use_sslv2=no
4189
# Name: ssl_use_sslv2
4194
# This variable specifies whether to attempt to use SSLv2 in the
4195
# SSL authentication process.
4198
# set ssl_use_sslv3=yes
4200
# Name: ssl_use_sslv3
4205
# This variable specifies whether to attempt to use SSLv3 in the
4206
# SSL authentication process.
4209
# set ssl_use_tlsv1=yes
4211
# Name: ssl_use_tlsv1
4216
# This variable specifies whether to attempt to use TLSv1 in the
4217
# SSL authentication process.
4220
# set ssl_usesystemcerts=yes
4222
# Name: ssl_usesystemcerts
4227
# If set to yes, mutt will use CA certificates in the
4228
# system-wide certificate store when checking if a server certificate
4229
# is signed by a trusted CA.
4232
# set ssl_verify_dates=yes
4234
# Name: ssl_verify_dates
4239
# If set (the default), mutt will not automatically accept a server
4240
# certificate that is either not yet valid or already expired. You should
4241
# only unset this for particular known hosts, using the
4242
# <account-hook> function.
4245
# set ssl_verify_host=yes
4247
# Name: ssl_verify_host
4252
# If set (the default), mutt will not automatically accept a server
4253
# certificate whose host name does not match the host used in your folder
4254
# URL. You should only unset this for particular known hosts, using
4255
# the <account-hook> function.
4203
4258
# set status_chars="-*%A"