X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=blobdiff_plain;f=rt%2Fetc%2FRT_Config.pm.in;h=fd976de1f30907dff30bbbb9d2cfb3c348a0dcf8;hp=ae1bc888db8fc2e859ef4fd077a3071b81774fbc;hb=9aee669886202be7035e6c6049fc71bc99dd3013;hpb=f072467021f7d677cfe7a5d1aed2e9c899c9d71a diff --git a/rt/etc/RT_Config.pm.in b/rt/etc/RT_Config.pm.in index ae1bc888d..fd976de1f 100644 --- a/rt/etc/RT_Config.pm.in +++ b/rt/etc/RT_Config.pm.in @@ -1,297 +1,443 @@ +# +# RT was configured with: +# +# $ @CONFIGURE_INCANT@ +# package RT; +############################# WARNING ############################# +# # +# NEVER EDIT RT_Config.pm ! # +# # +# Instead, copy any sections you want to change to # +# RT_SiteConfig.pm and edit them there. Otherwise, # +# your changes will be lost when you upgrade RT. # +# # +############################# WARNING ############################# + =head1 NAME RT::Config -=for testing +=head1 Base configuration + +=over 4 + +=item C<$rtname> + +C<$rtname> is the string that RT will look for in mail messages to +figure out what ticket a new piece of mail belongs to. -use RT::Config; +Your domain name is recommended, so as not to pollute the namespace. +Once you start using a given tag, you should probably never change it; +otherwise, mail for existing tickets won't get put in the right place. =cut -=head1 WARNING +Set($rtname, "example.com"); -NEVER EDIT RT_Config.pm. +=item C<$Organization> -Instead, copy any sections you want to change to F and edit them there. +You should set this to your organization's DNS domain. For example, +I or I. It is used by the linking +interface to guarantee that ticket URIs are unique and easy to +construct. Changing it after you have created tickets in the system +will B all existing ticket links! =cut -=head1 Base Configuration - -=over 4 +Set($Organization, "example.com"); -=item C<$rtname> +=item C<$CorrespondAddress>, C<$CommentAddress> -C<$rtname> is the string that RT will look for in mail messages to -figure out what ticket a new piece of mail belongs to. +RT is designed such that any mail which already has a ticket-id +associated with it will get to the right place automatically. -Your domain name is recommended, so as not to pollute the namespace. -once you start using a given tag, you should probably never change it. -(otherwise, mail for existing tickets won't get put in the right place) +C<$CorrespondAddress> and C<$CommentAddress> are the default addresses +that will be listed in From: and Reply-To: headers of correspondence +and comment mail tracked by RT, unless overridden by a queue-specific +address. They should be set to email addresses which have been +configured as aliases for F. =cut -Set($rtname , "example.com"); +Set($CorrespondAddress, ''); +Set($CommentAddress, ''); -=item C<$EmailSubjectTagRegex> +=item C<$WebDomain> -This regexp controls what subject tags RT recognizes as its own. -If you're not dealing with historical C<$rtname> values, you'll likely -never have to enable this feature. +Domain name of the RT server, e.g. 'www.example.com'. It should not +contain anything except the server name. -Be VERY CAREFUL with it. Note that it overrides C<$rtname> for subject -token matching and that you should use only "non-capturing" parenthesis -grouping. For example: +=cut -C +Set($WebDomain, "localhost"); -and NOT +=item C<$WebPort> -C +If we're running as a superuser, run on port 80. Otherwise, pick a +high port for this user. -This setting would make RT behave exactly as it does without the -setting enabled. +443 is default port for https protocol. =cut -#Set($EmailSubjectTagRegex, qr/\Q$rtname\E/i ); +Set($WebPort, 80); +=item C<$WebPath> +If you're putting the web UI somewhere other than at the root of your +server, you should set C<$WebPath> to the path you'll be serving RT +at. -=item C<$Organization> +C<$WebPath> requires a leading / but no trailing /, or it can be +blank. -You should set this to your organization's DNS domain. For example, -I or I. It's used by the linking interface to -guarantee that ticket URIs are unique and easy to construct. +In most cases, you should leave C<$WebPath> set to "" (an empty +value). =cut -Set($Organization , "example.com"); +Set($WebPath, ""); -=item C<$MinimumPasswordLength> +=item C<$Timezone> -C<$MinimumPasswordLength> defines the minimum length for user -passwords. Setting it to 0 disables this check. +C<$Timezone> is the default timezone, used to convert times entered by +users into GMT, as they are stored in the database, and back again; +users can override this. It should be set to a timezone recognized by +your server. =cut -Set($MinimumPasswordLength , "5"); +Set($Timezone, "US/Eastern"); -=item C<$Timezone> +=item C<@Plugins> + +Once a plugin has been downloaded and installed, use C to add +to the enabled C<@Plugins> list: + + Plugin( "RT::Extension::SLA" ); + Plugin( "RT::Authen::ExternalAuth" ); + +RT will also accept the distribution name (i.e. C) +instead of the package name (C). + +=cut + +Set(@Plugins, (qw(RTx::Calendar + RT::Extension::MobileUI))); #RTx::Checklist )); + +=item C<@StaticRoots> + +Set C<@StaticRoots> to serve extra paths with a static handler. The +contents of each hashref should be the the same arguments as +L takes. These paths will be checked before +any plugin or core static paths. + +Example: -C<$Timezone> is used to convert times entered by users into GMT and back again -It should be set to a timezone recognized by your local unix box. + Set( @StaticRoots, + { + path => qr{^/static/}, + root => '/local/path/to/static/parent', + }, + ); =cut -Set($Timezone , 'US/Eastern'); +Set( @StaticRoots, () ); =back -=head1 Database Configuration + + + +=head1 Database connection =over 4 =item C<$DatabaseType> -Database driver being used; case matters. - -Valid types are "mysql", "Oracle" and "Pg" +Database driver being used; case matters. Valid types are "mysql", +"Oracle", and "Pg". "SQLite" is also available for non-production use. =cut -Set($DatabaseType , '@DB_TYPE@'); +Set($DatabaseType, "@DB_TYPE@"); =item C<$DatabaseHost>, C<$DatabaseRTHost> -The domain name of your database server. +The domain name of your database server. If you're running MySQL and +on localhost, leave it blank for enhanced performance. -If you're running mysql and it's on localhost, -leave it blank for enhanced performance +C is the fully-qualified hostname of your RT server, +for use in granting ACL rights on MySQL. =cut -Set($DatabaseHost , '@DB_HOST@'); -Set($DatabaseRTHost , '@DB_RT_HOST@'); +Set($DatabaseHost, "@DB_HOST@"); +Set($DatabaseRTHost, "@DB_RT_HOST@"); =item C<$DatabasePort> The port that your database server is running on. Ignored unless it's -a positive integer. It's usually safe to leave this blank +a positive integer. It's usually safe to leave this blank; RT will +choose the correct default. =cut -Set($DatabasePort , '@DB_PORT@'); +Set($DatabasePort, "@DB_PORT@"); =item C<$DatabaseUser> -The name of the database user (inside the database) +The name of the user to connect to the database as. =cut -Set($DatabaseUser , '@DB_RT_USER@'); +Set($DatabaseUser, "@DB_RT_USER@"); =item C<$DatabasePassword> -Password the C<$DatabaseUser> should use to access the database +The password the C<$DatabaseUser> should use to access the database. =cut -Set($DatabasePassword , '@DB_RT_PASS@'); +Set($DatabasePassword, q{@DB_RT_PASS@}); =item C<$DatabaseName> -The name of the RT's database on your database server. For Oracle -it's SID, DB objects are created in L<$DatabaseUser>'s schema. +The name of the RT database on your database server. For Oracle, the +SID and database objects are created in C<$DatabaseUser>'s schema. + +=cut + +Set($DatabaseName, q{@DB_DATABASE@}); + +=item C<%DatabaseExtraDSN> + +Allows additional properties to be passed to the database connection +step. Possible properties are specific to the database-type; see +https://metacpan.org/pod/DBI#connect + +For PostgreSQL, for instance, the following enables SSL (but does no +certificate checking, providing data hiding but no MITM protection): + + # See https://metacpan.org/pod/DBD::Pg#connect + # and http://www.postgresql.org/docs/8.4/static/libpq-ssl.html + Set( %DatabaseExtraDSN, sslmode => 'require' ); + +For MySQL, the following acts similarly if the server has enabled SSL. +Otherwise, it provides no protection; MySQL provides no way to I +SSL connections: + + # See https://metacpan.org/pod/DBD::mysql#connect + # and http://dev.mysql.com/doc/refman/5.1/en/ssl-options.html + Set( %DatabaseExtraDSN, mysql_ssl => 1 ); =cut -Set($DatabaseName , '@DB_DATABASE@'); +Set(%DatabaseExtraDSN, ()); -=item C<$DatabaseRequireSSL> +=item C<$DatabaseAdmin> -If you're using Postgres and have compiled in SSL support, -set C<$DatabaseRequireSSL> to 1 to turn on SSL communication +The name of the database administrator to connect to the database as +during upgrades. =cut -Set($DatabaseRequireSSL , undef); +Set($DatabaseAdmin, "@DB_DBA@"); -=item C<$UseSQLForACLChecks> +=back -In RT for ages ACL are checked after search what in some situtations -result in empty search pages and wrong count of tickets. -Set C<$UseSQLForACLChecks> to 1 to use SQL and get rid of these problems. -However, this option is beta. In some cases it result in performance -improvements, but some setups can not handle it. + +=head1 Logging + +The default is to log anything except debugging information to syslog. +Check the L POD for information about how to get things +by syslog, mail or anything else, get debugging info in the log, etc. + +It might generally make sense to send error and higher by email to +some administrator. If you do this, be careful that this email isn't +sent to this RT instance. Mail loops will generate a critical log +message. + +=over 4 + +=item C<$LogToSyslog>, C<$LogToSTDERR> + +The minimum level error that will be logged to the specific device. +From lowest to highest priority, the levels are: + + debug info notice warning error critical alert emergency + +Many syslogds are configured to discard or file debug messages away, so +if you're attempting to debug RT you may need to reconfigure your +syslogd or use one of the other logging options. + +Logging to your screen affects scripts run from the command line as well +as the STDERR sent to your webserver (so these logs will usually show up +in your web server's error logs). =cut -Set($UseSQLForACLChecks, undef); +Set($LogToSyslog, "info"); +Set($LogToSTDERR, "info"); -=item C<$TicketsItemMapSize> +=item C<$LogToFile>, C<$LogDir>, C<$LogToFileNamed> + +Logging to a standalone file is also possible. The file needs to both +exist and be writable by all direct users of the RT API. This generally +includes the web server and whoever rt-crontool runs as. Note that +rt-mailgate and the RT CLI go through the webserver, so their users do +not need to have write permissions to this file. If you expect to have +multiple users of the direct API, Best Practical recommends using syslog +instead of direct file logging. -In RT at display page of a ticket and there is the current search, -then links for first, next, previous and last ticket are shown in -the menu. +You should set C<$LogToFile> to one of the levels documented above. -To build full map RT has to fetch full result set out of DB what can -eat lots of resourses. Using this option it's possible to limit number -of tickets fetched. +=cut + +Set($LogToFile, undef); +Set($LogDir, q{@RT_LOG_PATH@}); +Set($LogToFileNamed, "rt.log"); #log to rt.log + +=item C<$LogStackTraces> + +If set to a log level then logging will include stack traces for +messages with level equal to or greater than specified. + +NOTICE: Stack traces include parameters supplied to functions or +methods. It is possible for stack trace logging to reveal sensitive +information such as passwords or ticket content in your logs. + +=cut + +Set($LogStackTraces, ""); -Set C<$TicketsItemMapSize> to number of tickets you want RT to look -at to build the map. If full result set is bigger than that number -then there would be no 'last' link in the menu. +=item C<@LogToSyslogConf> -Set this to zero to return back to old behaviour. +Additional options to pass to L; the most +interesting flags include C, C, and possibly C. +See the L documentation for more information. =cut -Set($TicketsItemMapSize, 1000); +Set(@LogToSyslogConf, ()); =back -=head1 Incoming Mail Gateway Configuration + + +=head1 Incoming mail gateway =over 4 +=item C<$EmailSubjectTagRegex> + +This regexp controls what subject tags RT recognizes as its own. If +you're not dealing with historical C<$rtname> values, or historical +queue-specific subject tags, you'll likely never have to change this +configuration. + +Be B with it. Note that it overrides C<$rtname> for +subject token matching. + +The setting below would make RT behave exactly as it does without the +setting enabled. + +=cut + +# Set($EmailSubjectTagRegex, qr/\Q$rtname\E/i ); + =item C<$OwnerEmail> C<$OwnerEmail> is the address of a human who manages RT. RT will send -errors generated by the mail gateway to this address. This address -should _not_ be an address that's managed by your RT instance. +errors generated by the mail gateway to this address; it will also be +displayed as the contact person on the RT's login page. Because RT +sends errors to this address, it should I be an address that's +managed by your RT instance, to avoid mail loops. =cut -Set($OwnerEmail , 'root'); +Set($OwnerEmail, 'root'); =item C<$LoopsToRTOwner> If C<$LoopsToRTOwner> is defined, RT will send mail that it believes -might be a loop to C<$OwnerEmail> +might be a loop to C<$OwnerEmail>. =cut -Set($LoopsToRTOwner , 1); +Set($LoopsToRTOwner, 1); =item C<$StoreLoops> If C<$StoreLoops> is defined, RT will record messages that it believes -to be part of mail loops. - -As it does this, it will try to be careful not to send mail to the -sender of these messages +to be part of mail loops. As it does this, it will try to be careful +not to send mail to the sender of these messages. =cut -Set($StoreLoops , undef); +Set($StoreLoops, undef); =item C<$MaxAttachmentSize> -C<$MaxAttachmentSize> sets the maximum size (in bytes) of attachments stored -in the database. - -For mysql and oracle, we set this size at 10 megabytes. -If you're running a postgres version earlier than 7.1, you will need -to drop this to 8192. (8k) +C<$MaxAttachmentSize> sets the maximum size (in bytes) of attachments +stored in the database. This setting is irrelevant unless one of +$TruncateLongAttachments or $DropLongAttachments (below) are set, B +the database is stored in Oracle. On Oracle, attachments larger than +this can be fully stored, but will be truncated to this length when +read. =cut - -Set($MaxAttachmentSize , 10000000); +Set($MaxAttachmentSize, 10_000_000); # 10M =item C<$TruncateLongAttachments> -C<$TruncateLongAttachments>: if this is set to a non-undef value, -RT will truncate attachments longer than C<$MaxAttachmentSize>. +If this is set to a non-undef value, RT will truncate attachments +longer than C<$MaxAttachmentSize>. =cut -Set($TruncateLongAttachments , undef); +Set($TruncateLongAttachments, undef); =item C<$DropLongAttachments> -C<$DropLongAttachments>: if this is set to a non-undef value, -RT will silently drop attachments longer than C. - -=cut - -Set($DropLongAttachments , undef); - -=item C<$ParseNewMessageForTicketCcs> - -If C<$ParseNewMessageForTicketCcs> is true, RT will attempt to divine -Ticket 'Cc' watchers from the To and Cc lines of incoming messages -Be forewarned that if you have _any_ addresses which forward mail to -RT automatically and you enable this option without modifying -C<$RTAddressRegexp> below, you will get yourself into a heap of trouble. +If this is set to a non-undef value, RT will silently drop attachments +longer than C. C<$TruncateLongAttachments>, above, +takes priority over this. =cut -Set($ParseNewMessageForTicketCcs , undef); +Set($DropLongAttachments, undef); -=item C<$RTAddressRegexp> +=item C<$RTAddressRegexp> -C<$RTAddressRegexp> is used to make sure RT doesn't add itself as a ticket CC if -the setting above is enabled. It is important that you set this to a -regular expression that matches all addresses used by your RT. This lets RT -avoid sending mail to itself. It will also hide RT addresses from the list of -"One-time Cc" and Bcc lists on ticket reply. +C<$RTAddressRegexp> is used to make sure RT doesn't add itself as a +ticket CC if C<$ParseNewMessageForTicketCcs>, above, is enabled. It +is important that you set this to a regular expression that matches +all addresses used by your RT. This lets RT avoid sending mail to +itself. It will also hide RT addresses from the list of "One-time Cc" +and Bcc lists on ticket reply. -If you have a number of addresses configured in your RT database already, you -can generate a naive first pass regexp by using +If you have a number of addresses configured in your RT database +already, you can generate a naive first pass regexp by using: perl etc/upgrade/generate-rtaddressregexp +If left blank, RT will compare each address to your configured +C<$CorrespondAddress> and C<$CommentAddress> before searching for a +Queue configured with a matching "Reply Address" or "Comment Address" +on the Queue Admin page. + =cut -Set($RTAddressRegexp , undef); +Set($RTAddressRegexp, undef); =item C<$IgnoreCcRegexp> @@ -306,51 +452,55 @@ Set($IgnoreCcRegexp, undef); =item C<$CanonicalizeEmailAddressMatch>, C<$CanonicalizeEmailAddressReplace> -RT provides functionality which allows the system to rewrite -incoming email addresses. In its simplest form, -you can substitute the value in $ -for the value in $ -(These values are passed to the $ subroutine in - F) - -By default, that routine performs a C on any address -passed to it. +RT provides functionality which allows the system to rewrite incoming +email addresses, using L. The +default implementation replaces all occurrences of the regular +expression in C with +C, via C. The +most common use of this is to replace C<@something.example.com> with +C<@example.com>. If more complex noramlization is required, +L can be overridden to provide it. =cut -#Set($CanonicalizeEmailAddressMatch , '@subdomain\.example\.com$'); -#Set($CanonicalizeEmailAddressReplace , '@example.com'); +# Set($CanonicalizeEmailAddressMatch, '@subdomain\.example\.com$'); +# Set($CanonicalizeEmailAddressReplace, '@example.com'); + +=item C<$ValidateUserEmailAddresses> -=item C<$CanonicalizeEmailAddressMatch> +By default C<$ValidateUserEmailAddresses> is 1, and RT will refuse to create +users with an invalid email address (as specified in RFC 2822) or with +an email address made of multiple email addresses. -Set this to true and the create new user page will use the values that you -enter in the form but use the function CanonicalizeUserInfo in -F +Set this to 0 to skip any email address validation. Doing so may open up +vulnerabilities. =cut -Set($CanonicalizeOnCreate, 0); +Set($ValidateUserEmailAddresses, 1); -=item C<$ValidateUserEmailAddresses> +=item C<$NonCustomerEmailRegexp> -If C<$ValidateUserEmailAddresses> is true, RT will refuse to create users with -an invalid email address (as specified in RFC 2822) or with an email address -made of multiple email adresses. +Normally, when a ticket is linked to a customer, any requestors on that +ticket that didn't previously have customer memberships are linked to +the customer also. C<$NonCustomerEmailRegexp> is a regexp for email +addresses that should I automatically be linked to a customer in +this way. =cut -Set($ValidateUserEmailAddresses, undef); +Set($NonCustomerEmailRegexp, undef); =item C<@MailPlugins> -C<@MailPlugins> is a list of auth plugins for L -to use; see L +C<@MailPlugins> is a list of authentication plugins for +L to use; see L =cut =item C<$UnsafeEmailCommands> -C<$UnsafeEmailCommands>, if set to true, enables 'take' and 'resolve' +C<$UnsafeEmailCommands>, if set to 1, enables 'take' and 'resolve' as possible actions via the mail gateway. As its name implies, this is very unsafe, as it allows email with a forged sender to possibly resolve arbitrary tickets! @@ -360,19 +510,38 @@ resolve arbitrary tickets! =item C<$ExtractSubjectTagMatch>, C<$ExtractSubjectTagNoMatch> The default "extract remote tracking tags" scrip settings; these -detect when your RT is talking to another RT, and adjusts the -subject accordingly. +detect when your RT is talking to another RT, and adjust the subject +accordingly. =cut -Set($ExtractSubjectTagMatch, qr/\[.+? #\d+\]/); +Set($ExtractSubjectTagMatch, qr/\[[^\]]+? #\d+\]/); Set($ExtractSubjectTagNoMatch, ( ${RT::EmailSubjectTagRegex} ? qr/\[(?:${RT::EmailSubjectTagRegex}) #\d+\]/ : qr/\[\Q$RT::rtname\E #\d+\]/)); +=item C<$CheckMoreMSMailHeaders> + +Some email clients create a plain text version of HTML-formatted +email to help other clients that read only plain text. +Unfortunately, the plain text parts sometimes end up with +doubled newlines and these can then end up in RT. This +is most often seen in MS Outlook. + +Enable this option to have RT check for additional mail headers +and attempt to identify email from MS Outlook. When detected, +RT will then clean up double newlines. Note that it may +clean up intentional double newlines as well. + +=cut + +Set( $CheckMoreMSMailHeaders, 0); + =back -=head1 Outgoing Mail Configuration + + +=head1 Outgoing mail =over 4 @@ -380,28 +549,36 @@ Set($ExtractSubjectTagNoMatch, ( ${RT::EmailSubjectTagRegex} C<$MailCommand> defines which method RT will use to try to send mail. We know that 'sendmailpipe' works fairly well. If 'sendmailpipe' -doesn't work well for you, try 'sendmail'. Other options are 'smtp' -or 'qmail'. +doesn't work well for you, try 'sendmail'. 'qmail' is also a supported +value. -Note that you should remove the '-t' from C<$SendmailArguments> -if you use 'sendmail' rather than 'sendmailpipe' - -For testing purposes, or to simply disable sending mail out into the world, you -can set C<$MailCommand> to 'testfile' which writes all mail to a temporary -file. RT will log the location of the temporary file so you can extract mail -from it afterwards. +For testing purposes, or to simply disable sending mail out into the +world, you can set C<$MailCommand> to 'mbox' which logs all mail, in +mbox format, to files in F based in the process start +time. The 'testfile' option is similar, but the files that it creates +(under /tmp) are temporary, and removed upon process completion; the +format is also not mbox-compatable. =cut -Set($MailCommand , 'sendmailpipe'); +#Set($MailCommand, "sendmailpipe"); +Set($MailCommand, "sendmail"); =item C<$SetOutgoingMailFrom> -C<$SetOutgoingMailFrom> tells RT to set the sender envelope with the correspond -mail address of the ticket's queue. +C<$SetOutgoingMailFrom> tells RT to set the sender envelope to the +Correspond mail address of the ticket's queue. + +Warning: If you use this setting, bounced mails will appear to be +incoming mail to the system, thus creating new tickets. -Warning: If you use this setting, bounced mails will appear to be incoming -mail to the system, thus creating new tickets. +If the value contains an C<@>, it is assumed to be an email address and used as +a global envelope sender. Expected usage in this case is to simply set the +same envelope sender on all mail from RT, without defining +C<$OverrideOutgoingMailFrom>. If you do define C<$OverrideOutgoingMailFrom>, +anything specified there overrides the global value (including Default). + +This option only works if C<$MailCommand> is set to 'sendmailpipe'. =cut @@ -414,10 +591,12 @@ address of the queue as it is handed to sendmail -f. This helps force the From_ header away from www-data or other email addresses that show up in the "Sent by" line in Outlook. -The option is a hash reference of queue name to email address. +The option is a hash reference of queue id/name to email address. If +there is no ticket involved, then the value of the C key will +be used. -If there is no ticket involved, then the value of the C key will be -used. +This option only works if C<$SetOutgoingMailFrom> is enabled and +C<$MailCommand> is set to 'sendmailpipe'. =cut @@ -426,502 +605,508 @@ Set($OverrideOutgoingMailFrom, { # 'General' => 'general@rt.example.com', }); -=back - =item C<$DefaultMailPrecedence> -C<$DefaultMailPrecedence> is used to control the default -Precedence level of outgoing mail where none is specified. -By default it is C, but if you only send mail to -your staff, you may wish to change it. +C<$DefaultMailPrecedence> is used to control the default Precedence +level of outgoing mail where none is specified. By default it is +C, but if you only send mail to your staff, you may wish to +change it. -Note that you can set the precedence of individual templates -by including an explicit Precedence header. +Note that you can set the precedence of individual templates by +including an explicit Precedence header. If you set this value to C then we do not set a default Precedence header to outgoing mail. However, if there already is a -Precedence header it will be preserved. +Precedence header, it will be preserved. =cut -Set($DefaultMailPrecedence, 'bulk'); - -=back +Set($DefaultMailPrecedence, "bulk"); =item C<$DefaultErrorMailPrecedence> C<$DefaultErrorMailPrecedence> is used to control the default -Precedence level of outgoing mail that indicates some kind of -error condition. By default it is C, but if you only send -mail to your staff, you may wish to change it. +Precedence level of outgoing mail that indicates some kind of error +condition. By default it is C, but if you only send mail to your +staff, you may wish to change it. If you set this value to C then we do not add a Precedence header to error mail. =cut -Set($DefaultErrorMailPrecedence, 'bulk'); - -=back +Set($DefaultErrorMailPrecedence, "bulk"); =item C<$UseOriginatorHeader> C<$UseOriginatorHeader> is used to control the insertion of an -RT-Originator Header in every outgoing mail, containing the -mail address of the transaction creator. +RT-Originator Header in every outgoing mail, containing the mail +address of the transaction creator. =cut Set($UseOriginatorHeader, 1); -=back - -=head1 Sendmail Configuration +=item C<$UseFriendlyFromLine> -These options only take effect if C<$MailCommand> is 'sendmail' or -'sendmailpipe' +By default, RT sets the outgoing mail's "From:" header to "SenderName +via RT". Setting C<$UseFriendlyFromLine> to 0 disables it. -=over 4 +=cut -=item C<$SendmailArguments> +Set($UseFriendlyFromLine, 1); -C<$SendmailArguments> defines what flags to pass to C<$SendmailPath> -If you picked 'sendmailpipe', you MUST add a -t flag to C<$SendmailArguments> -These options are good for most sendmail wrappers and workalikes +=item C<$FriendlyFromLineFormat> -These arguments are good for sendmail brand sendmail 8 and newer -C +C format of the friendly 'From:' header; its arguments are +SenderName and SenderEmailAddress. =cut -Set($SendmailArguments , "-oi -t"); +Set($FriendlyFromLineFormat, "\"%s via RT\" <%s>"); +=item C<$UseFriendlyToLine> -=item C<$SendmailBounceArguments> +RT can optionally set a "Friendly" 'To:' header when sending messages +to Ccs or AdminCcs (rather than having a blank 'To:' header. -C<$SendmailBounceArguments> defines what flags to pass to C<$Sendmail> -assuming RT needs to send an error (ie. bounce). +This feature DOES NOT WORK WITH SENDMAIL[tm] BRAND SENDMAIL. If you +are using sendmail, rather than postfix, qmail, exim or some other +MTA, you _must_ disable this option. =cut -Set($SendmailBounceArguments , '-f "<>"'); +Set($UseFriendlyToLine, 0); -=item C<$SendmailPath> +=item C<$FriendlyToLineFormat> -If you selected 'sendmailpipe' above, you MUST specify the path to -your sendmail binary in C<$SendmailPath>. +C format of the friendly 'To:' header; its arguments are +WatcherType and TicketId. =cut -Set($SendmailPath , "/usr/sbin/sendmail"); +Set($FriendlyToLineFormat, "\"%s of ". RT->Config->Get('rtname') ." Ticket #%s\":;"); +=item C<$NotifyActor> -=back +By default, RT doesn't notify the person who performs an update, as +they already know what they've done. If you'd like to change this +behavior, Set C<$NotifyActor> to 1 -=head1 SMTP Configuration +=cut -These options only take effect if C<$MailCommand> is 'smtp' +Set($NotifyActor, 0); -=over 4 +=item C<$RecordOutgoingEmail> -=item C<$SMTPServer> +By default, RT records each message it sends out to its own internal +database. To change this behavior, set C<$RecordOutgoingEmail> to 0 -C<$SMTPServer> should be set to the hostname of the SMTP server to use +If this is disabled, users' digest mail delivery preferences +(i.e. EmailFrequency) will also be ignored. =cut -Set($SMTPServer, undef); - -=item C<$SMTPFrom> - -C<$SMTPFrom> should be set to the 'From' address to use, if not the -email's 'From' +Set($RecordOutgoingEmail, 1); -=cut +=item C<$VERPPrefix>, C<$VERPDomain> -Set($SMTPFrom, undef); +Setting these options enables VERP support +L. -=item C<$SMTPDebug> +Uncomment the following two directives to generate envelope senders +of the form C<${VERPPrefix}${originaladdress}@${VERPDomain}> +(i.e. rt-jesse=fsck.com@rt.example.com ). -C<$SMTPDebug> should be set to true to debug SMTP mail sending +This currently only works with sendmail and sendmailpipe. =cut -Set($SMTPDebug, 0); - -=back +# Set($VERPPrefix, "rt-"); +# Set($VERPDomain, $RT::Organization); -=head1 Other Mailer Configuration -=over 4 +=item C<$ForwardFromUser> -=item C<@MailParams> +By default, RT forwards a message using queue's address and adds RT's +tag into subject of the outgoing message, so recipients' replies go +into RT as correspondents. -C<@MailParams> defines a list of options passed to $MailCommand if it -is not 'sendmailpipe', 'sendmail', or 'smtp' +To change this behavior, set C<$ForwardFromUser> to 1 and RT +will use the address of the current user and remove RT's subject tag. =cut -Set(@MailParams, ()); +Set($ForwardFromUser, 0); -=item C<$CorrespondAddress>, C<$CommentAddress> +=item C<$HTMLFormatter> -RT is designed such that any mail which already has a ticket-id associated -with it will get to the right place automatically. +RT's default pure-perl formatter may fail to successfully convert even +on some relatively simple HTML; this will result in blank C +parts, which is particuarly unfortunate if HTML templates are not in +use. -C<$CorrespondAddress> and C<$CommentAddress> are the default addresses -that will be listed in From: and Reply-To: headers of correspondence -and comment mail tracked by RT, unless overridden by a queue-specific -address. +If the optional dependency L is installed, RT will +use external programs to render HTML to plain text. The default is to +try, in order, C, C, C, C, C, and +then fall back to the C pure-perl formatter if none are installed. -=cut +Set C<$HTMLFormatter> to one of the above programs (or the full path to +such) to use a different program than the above would choose by default. +Setting this requires that L be installed. -Set($CorrespondAddress , ''); +If the chosen formatter is not in the webserver's $PATH, you may set +this option the full path to one of the aforementioned executables. -Set($CommentAddress , ''); +=cut -=item C<$DashboardAddress> +Set($HTMLFormatter, undef); -The email address from which RT will send dashboards. If none is set, then -C<$OwnerEmail> will be used. +=back -=cut +=head2 Email dashboards -Set($DashboardAddress, ''); +=over 4 -=item C<$UseFriendlyFromLine> +=item C<$DashboardAddress> -By default, RT sets the outgoing mail's "From:" header to -"SenderName via RT". Setting C<$UseFriendlyFromLine> to 0 disables it. +The email address from which RT will send dashboards. If none is set, +then C<$OwnerEmail> will be used. =cut -Set($UseFriendlyFromLine, 1); +Set($DashboardAddress, ''); -=item C<$FriendlyFromLineFormat> +=item C<$DashboardSubject> -C format of the friendly 'From:' header; its arguments -are SenderName and SenderEmailAddress. +Lets you set the subject of dashboards. Arguments are the frequency (Daily, +Weekly, Monthly) of the dashboard and the dashboard's name. =cut -Set($FriendlyFromLineFormat, "\"%s via RT\" <%s>"); - -=item C<$UseFriendlyToLine> +Set($DashboardSubject, "%s Dashboard: %s"); -RT can optionally set a "Friendly" 'To:' header when sending messages to -Ccs or AdminCcs (rather than having a blank 'To:' header. +=item C<@EmailDashboardRemove> -This feature DOES NOT WORK WITH SENDMAIL[tm] BRAND SENDMAIL -If you are using sendmail, rather than postfix, qmail, exim or some other MTA, -you _must_ disable this option. +A list of regular expressions that will be used to remove content from +mailed dashboards. =cut -Set($UseFriendlyToLine, 0); - -=item C<$FriendlyToLineFormat> +Set(@EmailDashboardRemove, ()); -C format of the friendly 'To:' header; its arguments -are WatcherType and TicketId. +=back -=cut -Set($FriendlyToLineFormat, "\"%s of ". RT->Config->Get('rtname') ." Ticket #%s\":;"); -=item C<$NotifyActor> +=head2 Sendmail configuration -By default, RT doesn't notify the person who performs an update, as they -already know what they've done. If you'd like to change this behaviour, -Set C<$NotifyActor> to 1 +These options only take effect if C<$MailCommand> is 'sendmail' or +'sendmailpipe' -=cut +=over 4 -Set($NotifyActor, 0); +=item C<$SendmailArguments> -=item C<$RecordOutgoingEmail> +C<$SendmailArguments> defines what flags to pass to C<$SendmailPath> +These options are good for most sendmail wrappers and work-a-likes. -By default, RT records each message it sends out to its own internal database. -To change this behavior, set C<$RecordOutgoingEmail> to 0 +These arguments are good for sendmail brand sendmail 8 and newer: +C =cut -Set($RecordOutgoingEmail, 1); - -=item C<$VERPPrefix>, C<$VERPPrefix> +Set($SendmailArguments, "-oi"); -VERP support (http://cr.yp.to/proto/verp.txt) -uncomment the following two directives to generate envelope senders -of the form C<${VERPPrefix}${originaladdress}@${VERPDomain}> -(i.e. rt-jesse=fsck.com@rt.example.com ). +=item C<$SendmailBounceArguments> -This currently only works with sendmail and sendmailppie. +C<$SendmailBounceArguments> defines what flags to pass to C<$Sendmail> +assuming RT needs to send an error (i.e. bounce). =cut -# Set($VERPPrefix, 'rt-'); -# Set($VERPDomain, $RT::Organization); - - -=item C<$ForwardFromUser> +Set($SendmailBounceArguments, '-f "<>"'); -By default, RT forwards a message using queue's address and adds RT's tag into -subject of the outgoing message, so recipients' replies go into RT as correspondents. +=item C<$SendmailPath> -To change this behavior, set C<$ForwardFromUser> to true value and RT will use -address of the current user and leave subject without RT's tag. +If you selected 'sendmailpipe' above, you MUST specify the path to +your sendmail binary in C<$SendmailPath>. =cut -Set($ForwardFromUser, 0); - -=item C<$ShowBccHeader> +Set($SendmailPath, "/usr/sbin/sendmail"); -By default RT hides from the web UI information about blind copies user sent on -reply or comment. -To change this set the following option to true value. +=back -=cut +=head2 Other mailers -Set($ShowBccHeader, 0); +=over 4 -=item C<$DashboardSubject> +=item C<@MailParams> -Lets you set the subject of dashboards. Arguments are the frequency (Daily, -Weekly, Monthly) of the dashboard and the dashboard's name. [_1] for the name -of the dashboard. +C<@MailParams> defines a list of options passed to $MailCommand if it +is not 'sendmailpipe' or 'sendmail'; =cut -Set($DashboardSubject, '%s Dashboard: %s'); +Set(@MailParams, ()); =back -=head1 GnuPG Configuration -A full description of the (somewhat extensive) GnuPG integration can be found -by running the command `perldoc L` (or `perldoc - lib/RT/Crypt/GnuPG.pm` from your RT install directory). +=head1 Web interface =over 4 -=item C<%GnuPG> +=item C<$WebDefaultStylesheet> -Set C to 'inline' to use inline encryption and -signatures instead of 'RFC' (GPG/MIME: RFC3156 and RFC1847) format. +This determines the default stylesheet the RT web interface will use. +RT ships with several themes by default: -If you want to allow people to encrypt attachments inside the DB then -set C to true + rudder The default theme for RT 4.2 + aileron The default layout for RT 4.0 + web2 The default layout for RT 3.8 + ballard Theme which doesn't rely on JavaScript for menuing -Set C to false if you don't want to reject -emails encrypted for key RT doesn't have and can not decrypt. +This bundled distibution of RT also includes: + freeside4 Integration with Freeside (enabled by default) + freeside3 Previous Freeside theme -Set C to false if you don't want to reject letters -with incorrect GnuPG data. +This value actually specifies a directory in F +from which RT will try to load the file main.css (which should @import +any other files the stylesheet needs). This allows you to easily and +cleanly create your own stylesheets to apply to RT. This option can +be overridden by users in their preferences. =cut -Set( %GnuPG, - Enable => @RT_GPG@, - OutgoingMessagesFormat => 'RFC', # Inline - AllowEncryptDataInDB => 0, +Set($WebDefaultStylesheet, "freeside4"); - RejectOnMissingPrivateKey => 1, - RejectOnBadData => 1, -); +=item C<$DefaultQueue> -=item C<%GnuPGOptions> +Use this to select the default queue name that will be used for +creating new tickets. You may use either the queue's name or its +ID. This only affects the queue selection boxes on the web interface. + +=cut -Options of GnuPG program. +# Set($DefaultQueue, "General"); -If you override this in your RT_SiteConfig, you should be sure -to include a homedir setting. +=item C<$RememberDefaultQueue> -NOTE that options with '-' character MUST be quoted. +When a queue is selected in the new ticket dropdown, make it the new +default for the new ticket dropdown. =cut -Set(%GnuPGOptions, - homedir => '@RT_VAR_PATH@/data/gpg', +# Set($RememberDefaultQueue, 1); -# URL of a keyserver -# keyserver => 'hkp://subkeys.pgp.net', +=item C<$EnableReminders> -# enables the automatic retrieving of keys when encrypting -# 'auto-key-locate' => 'keyserver', +Hide all links and portlets related to Reminders by setting this to 0 -# enables the automatic retrieving of keys when verifying signatures -# 'auto-key-retrieve' => undef, -); +=cut +Set($EnableReminders, 1); -=back +=item C<@CustomFieldValuesSources> -=head1 Logging Configuration +Set C<@CustomFieldValuesSources> to a list of class names which extend +L. This can be used to pull lists of +custom field values from external sources at runtime. -The default is to log anything except debugging -information to syslog. Check the L POD for -information about how to get things by syslog, mail or anything -else, get debugging info in the log, etc. +=cut -It might generally make sense to send error and higher by email to -some administrator. If you do this, be careful that this email -isn't sent to this RT instance. Mail loops will generate a critical -log message. +Set(@CustomFieldValuesSources, ('RT::CustomFieldValues::Queues')); -=over 4 +=item C<%CustomFieldGroupings> -=item C<$LogToSyslog>, C<$LogToScreen> +This option affects the display of ticket and user custom fields in the +web interface. It does not address the sorting of custom fields within +the groupings; which is controlled by the Ticket Custom Fields tab in +Queue Configuration in the Admin UI. -The minimum level error that will be logged to the specific device. -From lowest to highest priority, the levels are: - debug info notice warning error critical alert emergency +A nested datastructure defines how to group together custom fields +under a mix of built-in and arbitrary headings ("groupings"). -=cut +Set C<%CustomFieldGroupings> to a nested structure similar to the following: -Set($LogToSyslog , 'info'); -Set($LogToScreen , 'info'); + Set(%CustomFieldGroupings, + 'RT::Ticket' => [ + 'Grouping Name' => ['CF Name', 'Another CF'], + 'Another Grouping' => ['Some CF'], + 'Dates' => ['Shipped date'], + ], + 'RT::User' => [ + 'Phones' => ['Fax number'], + ], + ); -=item C<$LogToFile>, C<$LogDir>, C<$LogToFileNamed> +The first level keys are record types for which CFs may be used, and the +values are either hashrefs or arrayrefs -- if arrayrefs, then the +ordering is preserved during display, otherwise groupings are displayed +alphabetically. The second level keys are the grouping names and the +values are array refs containing a list of CF names. -Logging to a standalone file is also possible, but note that the -file should needs to both exist and be writable by all direct users -of the RT API. This generally include the web server, whoever -rt-crontool runs as. Note that as rt-mailgate and the RT CLI go -through the webserver, so their users do not need to have write -permissions to this file. If you expect to have multiple users of -the direct API, Best Practical recommends using syslog instead of -direct file logging. +There are several special built-in groupings which RT displays in +specific places (usually the collapsible box of the same title). The +ordering of these standard groupings cannot be modified. You may also +only append Custom Fields to the list in these boxes, not reorder or +remove core fields. -=cut +For C, these groupings are: C, C, C, C -Set($LogToFile , undef); -Set($LogDir, '@RT_LOG_PATH@'); -Set($LogToFileNamed , "rt.log"); #log to rt.log +For C: C, C, C, C -=item C<$LogStackTraces> +Extensions may also add their own built-in groupings, refer to the individual +extension documentation for those. -If set to a log level then logging will include stack traces for -messages with level equal to or greater than specified. +=item C<$CanonicalizeRedirectURLs> -NOTICE: Stack traces include parameters supplied to functions or -methods. It is possible for stack trace logging to reveal sensitive -information such as passwords or ticket content in your logs. +Set C<$CanonicalizeRedirectURLs> to 1 to use C<$WebURL> when +redirecting rather than the one we get from C<%ENV>. + +Apache's UseCanonicalName directive changes the hostname that RT +finds in C<%ENV>. You can read more about what turning it On or Off +means in the documentation for your version of Apache. + +If you use RT behind a reverse proxy, you almost certainly want to +enable this option. =cut -Set($LogStackTraces, ''); +Set($CanonicalizeRedirectURLs, 0); -=item C<@LogToSyslogConf> +=item C<$CanonicalizeURLsInFeeds> -On Solaris or UnixWare, set to ( socket => 'inet' ). Options here -override any other options RT passes to L. -Other interesting flags include facility and logopt. (See the -L documentation for more information.) (Maybe -ident too, if you have multiple RT installations.) +Set C<$CanonicalizeURLsInFeeds> to 1 to use C<$WebURL> in feeds +rather than the one we get from request. + +If you use RT behind a reverse proxy, you almost certainly want to +enable this option. =cut -Set(@LogToSyslogConf, ()); +Set($CanonicalizeURLsInFeeds, 0); -=item C<$StatementLog>, +=item C<@JSFiles> -RT has rudimentary SQL statement logging support if you have -DBIx-SearchBuilder 1.31_1 or higher; simply set C<$StatementLog> to be -the level that you wish SQL statements to be logged at. +A list of additional JavaScript files to be included in head. =cut -Set($StatementLog, undef); +Set(@JSFiles, qw//); -=back +=item C<$JSMinPath> -=head1 Web Interface Configuration +Path to the jsmin binary; if specified, it will be used to minify +C. The default, and the fallback if the binary cannot be +found, is to simply concatenate the files. -=over 4 +jsmin can be installed by running 'make jsmin' from the RT install +directory, or from http://www.crockford.com/javascript/jsmin.html -=item C<$WebDefaultStylesheet> +=cut -This determines the default stylesheet the RT web interface will use. -RT ships with several themes by default: +# Set($JSMinPath, "/path/to/jsmin"); - web2 The totally new, default layout for RT 3.8 - 3.5-default RT 3.5 and 3.6 original layout - 3.4-compat A 3.4 compatibility stylesheet to make RT look - (mostly) like 3.4 +=item C<@CSSFiles> -This bundled distibution of RT also includes (enabled by default): - freeside2.1 Integration with Freeside +A list of additional CSS files to be included in head. -This value actually specifies a directory in F -from which RT will try to load the file main.css (which should -@import any other files the stylesheet needs). This allows you to -easily and cleanly create your own stylesheets to apply to RT. This -option can be overridden by users in their preferences. +If you're a plugin author, refer to RT->AddStyleSheets. =cut -Set($WebDefaultStylesheet, 'freeside2.1'); +Set(@CSSFiles, qw//); =item C<$UsernameFormat> -This determines how user info is displayed. 'concise' will show one of -either NickName, RealName, Name or EmailAddress, depending on what exists -and whether the user is privileged or not. 'verbose' will show RealName and -EmailAddress. +This determines how user info is displayed. 'concise' will show the +first of RealName, Name or EmailAddress that has a value. 'verbose' will +show EmailAddress, and the first of RealName or Name which is defined. +The default, 'role', uses 'verbose' for unprivileged users, and the Name +followed by the RealName for privileged users. =cut -Set($UsernameFormat, 'verbose'); +Set($UsernameFormat, "concise"); -=item C<$WebDomain> +=item C<$UserSearchResultFormat> -Domain name of the RT server, eg 'www.example.com'. It should not contain -anything else, but server name. +This controls the display of lists of users returned from the User +Summary Search. The display of users in the Admin interface is +controlled by C<%AdminSearchResultFormat>. =cut -Set( $WebDomain, 'localhost' ); - -=item C<$WebPort> +Set($UserSearchResultFormat, + q{ '__id__/TITLE:#'} + .q{,'__Name__/TITLE:Name'} + .q{,__RealName__, __EmailAddress__} +); -If we're running as a superuser, run on port 80 -Otherwise, pick a high port for this user. +=item C<@UserSummaryPortlets> -443 is default port for https protocol. +A list of portlets to be displayed on the User Summary page. +By default, we show all of the available portlets. +Extensions may provide their own portlets for this page. =cut -Set($WebPort, 80);# + ($< * 7274) % 32766 + ($< && 1024)); +Set(@UserSummaryPortlets, (qw/ExtraInfo CreateTicket ActiveTickets InactiveTickets/)); -=item C<$WebPath> +=item C<$UserSummaryExtraInfo> -If you're putting the web ui somewhere other than at the root of -your server, you should set C<$WebPath> to the path you'll be -serving RT at. +This controls what information is displayed on the User Summary +portal. By default the user's Real Name, Email Address and Username +are displayed. You can remove these or add more as needed. This +expects a Format string of user attributes. Please note that not all +the attributes are supported in this display because we're not +building a table. -C<$WebPath> requires a leading / but no trailing /, or it can be blank. +=cut + +Set($UserSummaryExtraInfo, "RealName, EmailAddress, Name"); -In most cases, you should leave C<$WebPath> set to '' (an empty value). +=item C<$UserSummaryTicketListFormat> + +Control the appearance of the Active and Inactive ticket lists in the +User Summary. =cut -Set($WebPath, ""); +Set($UserSummaryTicketListFormat, q{ + '__id__/TITLE:#', + '__Subject__/TITLE:Subject', + Status, + QueueName, + Owner, + Priority, + '__NEWLINE__', + '', + '__Requestors__', + '__CreatedRelative__', + '__ToldRelative__', + '__LastUpdatedRelative__', + '__TimeLeft__' +}); =item C<$WebBaseURL>, C<$WebURL> -Usually you don't want to set these options. The only obviouse reason is -RT accessible via https protocol on non standard port, eg -'https://rt.example.com:9999'. In all other cases these options are computed -using C<$WebDomain>, C<$WebPort> and C<$WebPath>. +Usually you don't want to set these options. The only obvious reason +is if RT is accessible via https protocol on a non standard port, e.g. +'https://rt.example.com:9999'. In all other cases these options are +computed using C<$WebDomain>, C<$WebPort> and C<$WebPath>. -C<$WebBaseURL> is the scheme, server and port (eg 'http://rt.example.com') -for constructing urls to the web UI. C<$WebBaseURL> doesn't need a trailing /. +C<$WebBaseURL> is the scheme, server and port +(e.g. 'http://rt.example.com') for constructing URLs to the web +UI. C<$WebBaseURL> doesn't need a trailing /. -C<$WebURL> is the C<$WebBaseURL>, C<$WebPath> and trailing /, for example: -'http://www.example.com/rt/'. +C<$WebURL> is the C<$WebBaseURL>, C<$WebPath> and trailing /, for +example: 'http://www.example.com/rt/'. =cut @@ -937,20 +1122,20 @@ Set($WebURL, RT->Config->Get('WebBaseURL') . RT->Config->Get('WebPath') . "/"); =item C<$WebImagesURL> C<$WebImagesURL> points to the base URL where RT can find its images. -Define the directory name to be used for images in rt web -documents. +Define the directory name to be used for images in RT web documents. =cut -Set($WebImagesURL, RT->Config->Get('WebPath') . "/NoAuth/images/"); +Set($WebImagesURL, RT->Config->Get('WebPath') . "/static/images/"); =item C<$LogoURL> -C<$LogoURL> points to the URL of the RT logo displayed in the web UI +C<$LogoURL> points to the URL of the RT logo displayed in the web UI. +This can also be configured via the web UI. =cut -Set($LogoURL, RT->Config->Get('WebImagesURL') . "bplogo.gif"); +Set($LogoURL, RT->Config->Get('WebImagesURL') . "bpslogo.png"); =item C<$LogoLinkURL> @@ -969,30 +1154,11 @@ will be passed through C for localization. Set($LogoAltText, "Best Practical Solutions, LLC corporate logo"); -=item C<$LogoImageHeight> - -C<$LogoImageHeight> is the value of the C attribute of the logo -C tag. - -=cut - -Set($LogoImageHeight, 33); - -=item C<$LogoImageWidth> - -C<$LogoImageWidth> is the value of the C attribute of the logo -C tag. - -=cut - -Set($LogoImageWidth, 177); - =item C<$WebNoAuthRegex> -What portion of RT's URL space should not require authentication. - -This is mostly for extension and doesn't mean RT will work without -login if you change it. +What portion of RT's URL space should not require authentication. The +default is almost certainly correct, and should only be changed if you +are extending RT. =cut @@ -1000,537 +1166,729 @@ Set($WebNoAuthRegex, qr{^ /rt (?:/+NoAuth/ | /+REST/\d+\.\d+/NoAuth/) }x ); =item C<$SelfServiceRegex> -What portion of RT's URLspace should be accessible to Unprivileged users -This does not override the redirect from F to -F when Unprivileged users attempt to access -ticked displays +What portion of RT's URLspace should be accessible to Unprivileged +users This does not override the redirect from F +to F when Unprivileged users attempt to +access ticked displays. =cut Set($SelfServiceRegex, qr!^(?:/+SelfService/)!x ); -=item C<$MessageBoxWidth>, C<$MessageBoxHeight> - -For message boxes, set the entry box width, height and what type of -wrapping to use. These options can be overridden by users in their -preferences. - -Default width: 72, height: 15 +=item C<$WebFlushDbCacheEveryRequest> -These settings only apply to the non-RichText message box. -See below for Rich Text settings. +By default, RT clears its database cache after every page view. This +ensures that you've always got the most current information when +working in a multi-process (mod_perl or FastCGI) Environment. Setting +C<$WebFlushDbCacheEveryRequest> to 0 will turn this off, which will +speed RT up a bit, at the expense of a tiny bit of data accuracy. =cut -Set($MessageBoxWidth, 72); -Set($MessageBoxHeight, 15); +Set($WebFlushDbCacheEveryRequest, 1); -=item C<$MessageBoxWrap> +=item C<%ChartFont> -Default wrapping: "HARD" (choices "SOFT", "HARD") +The L module (which RT uses for graphs) ships with a built-in font +that doesn't have full Unicode support. You can use a given TrueType +font for a specific language by setting %ChartFont to (language =E +the absolute path of a font) pairs. Your GD library must have support +for TrueType fonts to use this option. If there is no entry for a +language in the hash then font with 'others' key is used. -Wrapping is disabled when using MessageBoxRichText because -of a bad interaction between IE and wrapping with the Rich -Text Editor. +RT comes with two TrueType fonts covering most available languages. =cut -Set($MessageBoxWrap, "HARD"); +Set( + %ChartFont, + 'zh-cn' => "$RT::FontPath/DroidSansFallback.ttf", + 'zh-tw' => "$RT::FontPath/DroidSansFallback.ttf", + 'ja' => "$RT::FontPath/DroidSansFallback.ttf", + 'others' => "$RT::FontPath/DroidSans.ttf", +); + +=item C<$ChartsTimezonesInDB> -=item C<$MessageBoxRichText> +RT stores dates using the UTC timezone in the DB, so charts grouped by +dates and time are not representative. Set C<$ChartsTimezonesInDB> to 1 +to enable timezone conversions using your DB's capabilities. You may +need to do some work on the DB side to use this feature, read more in +F. -Should "rich text" editing be enabled? This option lets your users send html email messages from the web interface. +At this time, this feature only applies to MySQL and PostgreSQL. =cut -Set($MessageBoxRichText, 1); +Set($ChartsTimezonesInDB, 0); -=item C<$MessageBoxRichTextHeight> +=item C<@ChartColors> -Height of RichText javascript enabled editing boxes (in pixels) +An array of 6-digit hexadecimal RGB color values used for chart series. By +default there are 12 distinct colors. =cut -Set($MessageBoxRichTextHeight, 200); +Set(@ChartColors, qw( + 66cc66 ff6666 ffcc66 663399 + 3333cc 339933 993333 996633 + 33cc33 cc3333 cc9933 6633cc +)); -=item C<$MessageBoxIncludeSignature> +=back -Should your user's signatures (from their Preferences page) be included in Comments and Replies -=cut -Set($MessageBoxIncludeSignature, 1); +=head2 Home page -=item C<$MessageBoxIncludeSignatureOnComment> +=over 4 + +=item C<$DefaultSummaryRows> -Should your user's signatures (from their Preferences page) be included in Comments. Setting this to false overrides C<$MessageBoxIncludeSignature>. +C<$DefaultSummaryRows> is default number of rows displayed in for +search results on the front page. =cut -Set($MessageBoxIncludeSignatureOnComment, 1); +Set($DefaultSummaryRows, 10); -=item C<$WikiImplicitLinks> +=item C<$HomePageRefreshInterval> -Support implicit links in WikiText custom fields? A true value -causes InterCapped or ALLCAPS words in WikiText fields to -automatically become links to searches for those words. If used on -RTFM articles, it links to the RTFM article with that name. +C<$HomePageRefreshInterval> is default number of seconds to refresh +the RT home page. Choose from [0, 120, 300, 600, 1200, 3600, 7200]. =cut -Set($WikiImplicitLinks, 0); +Set($HomePageRefreshInterval, 0); -=item C<$TrustHTMLAttachments> +=item C<$HomepageComponents> -if C is not defined, we will display them -as text. This prevents malicious HTML and javascript from being -sent in a request (although there is probably more to it than that) +C<$HomepageComponents> is an arrayref of allowed components on a +user's customized homepage ("RT at a glance"). =cut -Set($TrustHTMLAttachments, undef); +Set( + $HomepageComponents, + [ + qw(QuickCreate Quicksearch MyCalendar MyAdminQueues MySupportQueues MyReminders RefreshHomepage Dashboards SavedSearches FindUser ) # loc_qw + ] +); -=item C<$AlwaysDownloadAttachments> +=back -Always download attachments, regardless of content type. If set, -this overrides C. -=cut -Set($AlwaysDownloadAttachments, undef); -=item C<$AttachmentUnits> +=head2 Ticket search + +=over 4 + +=item C<$UseSQLForACLChecks> -Controls the units (kilobytes or bytes) that attachment sizes use -for display. The default is to display kilobytes if the attachment -is larger than 1024 bytes, bytes otherwise. If you set -C<$AttachmentUnits> to C<'k'> then attachment sizes will always be -displayed in kilobytes. If set to C<'b'>, then sizes will be bytes. +Historically, ACLs were checked on display, which could lead to empty +search pages and wrong ticket counts. Set C<$UseSQLForACLChecks> to 0 +to go back to this method; this will reduce the complexity of the +generated SQL statements, at the cost of the aforementioned bugs. =cut -Set($AttachmentUnits, undef); +Set($UseSQLForACLChecks, 1); -=item C<$EditCustomFieldsSingleColumn> +=item C<$TicketsItemMapSize> + +On the display page of a ticket from search results, RT provides links +to the first, next, previous and last ticket from the results. In +order to build these links, RT needs to fetch the full result set from +the database, which can be resource-intensive. -When displaying a list of Ticket Custom Fields for editing, RT defaults -to a 2 column list. If you set this to 1, it will instead display the -Custom Fields in a single column. +Set C<$TicketsItemMapSize> to number of tickets you want RT to examine +to build these links. If the full result set is larger than this +number, RT will omit the "last" link in the menu. Set this to zero to +always examine all results. =cut -Set($EditCustomFieldsSingleColumn, 0); +Set($TicketsItemMapSize, 1000); -=item C<$RedistributeAutoGeneratedMessages> +=item C<$SearchResultsRefreshInterval> -Should RT redistribute correspondence that it identifies as -machine generated? A true value will do so; setting this to '0' -will cause no such messages to be redistributed. -You can also use 'privileged' (the default), which will redistribute -only to privileged users. This helps to protect against malformed -bounces and loops caused by autocreated requestors with bogus addresses. +C<$SearchResultsRefreshInterval> is default number of seconds to +refresh search results in RT. Choose from [0, 120, 300, 600, 1200, +3600, 7200]. =cut -Set($RedistributeAutoGeneratedMessages, 'privileged'); +Set($SearchResultsRefreshInterval, 0); -=item C<$PreferRichText> +=item C<$DefaultSearchResultFormat> -If C<$PreferRichText> is set to a true value, RT will show HTML/Rich text -messages in preference to their plaintext alternatives. RT "scrubs" the -html to show only a minimal subset of HTML to avoid possible contamination -by cross-site-scripting attacks. +C<$DefaultSearchResultFormat> is the default format for RT search +results =cut -Set($PreferRichText, undef); +Set ($DefaultSearchResultFormat, qq{ + '__id__/TITLE:#', + '__Subject__/TITLE:Subject', + Customer, + Status, + QueueName, + Owner, + Priority, + '__NEWLINE__', + '__NBSP__', + '__Requestors__', + '__CustomerTags__', + '__CreatedRelative__', + '__ToldRelative__', + '__LastUpdatedRelative__', + '__TimeLeft__'}); -=item C<$WebExternalAuth> +=item C<$DefaultSearchResultOrderBy> -If C<$WebExternalAuth> is defined, RT will defer to the environment's -REMOTE_USER variable. +What Tickets column should we order by for RT Ticket search results. =cut -Set($WebExternalAuth, undef); +Set($DefaultSearchResultOrderBy, 'id'); -=item C<$WebExternalAuthContinuous> +=item C<$DefaultSearchResultOrder> -If C<$WebExternalAuthContinuous> is defined, RT will check for the -REMOTE_USER on each access. If you would prefer this to only happen -once (at initial login) set this to a false value. The default setting -will help ensure that if your external auth system deauthenticates a -user, RT notices as soon as possible. +When ordering RT Ticket search results by C<$DefaultSearchResultOrderBy>, +should the sort be ascending (ASC) or descending (DESC). =cut -Set($WebExternalAuthContinuous, 1); +Set($DefaultSearchResultOrder, 'ASC'); -=item C<$WebFallbackToInternalAuth> +=item C<$DefaultSelfServiceSearchResultFormat> -If C<$WebFallbackToInternalAuth> is defined, the user is allowed a chance -of fallback to the login screen, even if REMOTE_USER failed. +C<$DefaultSelfServiceSearchResultFormat> is the default format of +searches displayed in the SelfService interface. =cut -Set($WebFallbackToInternalAuth , undef); +Set($DefaultSelfServiceSearchResultFormat, qq{ + '__id__/TITLE:#', + '__Subject__/TITLE:Subject', + Status, + Requestors, + Owner}); + +=item C<%FullTextSearch> -=item C<$WebExternalGecos> +Full text search (FTS) without database indexing is a very slow +operation, and is thus disabled by default. -C<$WebExternalGecos> means to match 'gecos' field as the user identity); -useful with mod_auth_pwcheck and IIS Integrated Windows logon. +Before setting C to 1, read F for +the full details of FTS on your particular database. + +It is possible to enable FTS without database indexing support, simply +by setting the C key to 1, while leaving C set to 0. +This is not generally suggested, as unindexed full-text searching can +cause severe performance problems. =cut -Set($WebExternalGecos , undef); +Set(%FullTextSearch, + Enable => 0, + Indexed => 0, +); + +=item C<$DontSearchFileAttachments> -=item C<$WebExternalAuto> +If C<$DontSearchFileAttachments> is set to 1, then uploaded files +(attachments with file names) are not searched during content +search. -C<$WebExternalAuto> will create users under the same name as REMOTE_USER -upon login, if it's missing in the Users table. +Note that if you use indexed FTS then named attachments are still +indexed by default regardless of this option. =cut -Set($WebExternalAuto , undef); +Set($DontSearchFileAttachments, undef); -=item C<$AutoCreate> +=item C<$OnlySearchActiveTicketsInSimpleSearch> -If C<$WebExternalAuto> is true, C<$AutoCreate> will be passed to User's -Create method. Use it to set defaults, such as creating -Unprivileged users with C<{ Privileged => 0 }> -( Must be a hashref of arguments ) +When query in simple search doesn't have status info, use this to only +search active ones. =cut -Set($AutoCreate, undef); +Set($OnlySearchActiveTicketsInSimpleSearch, 1); -=item C<$WebSessionClass> +=item C<$SearchResultsAutoRedirect> -C<$WebSessionClass> is the class you wish to use for managing Sessions. -It defaults to use your SQL database, but if you are using MySQL 3.x and -plans to use non-ascii Queue names, uncomment and add this line to -F will prevent session corruption. +When only one ticket is found in search, use this to redirect to the +ticket display page automatically. =cut -# Set($WebSessionClass , 'Apache::Session::File'); +Set($SearchResultsAutoRedirect, 0); -=item C<$AutoLogoff> +=back -By default, RT's user sessions persist until a user closes his or her -browser. With the C<$AutoLogoff> option you can setup session lifetime in -minutes. A user will be logged out if he or she doesn't send any requests -to RT for the defined time. -=cut -Set($AutoLogoff, 0); +=head2 Ticket display -=item C<$LogoutRefresh> +=over 4 -The number of seconds to wait after logout before sending the user to the -login page. By default, 1 second, though you may want to increase this if -you display additional information on the logout page. +=item C<$ShowMoreAboutPrivilegedUsers> + +This determines if the 'More about requestor' box on +Ticket/Display.html is shown for Privileged Users. =cut -Set($LogoutRefresh, 1); +Set($ShowMoreAboutPrivilegedUsers, 0); -=item C<$WebSecureCookies> +=item C<$MoreAboutRequestorTicketList> -By default, RT's session cookie isn't marked as "secure" Some web browsers -will treat secure cookies more carefully than non-secure ones, being careful -not to write them to disk, only send them over an SSL secured connection -and so on. To enable this behaviour, set C<$WebSecureCookies> to a true value. -NOTE: You probably don't want to turn this on _unless_ users are only connecting -via SSL encrypted HTTP connections. +This can be set to Active, Inactive, All or None. It controls what +ticket list will be displayed in the 'More about requestor' box on +Ticket/Display.html. This option can be controlled by users also. =cut -Set($WebSecureCookies, 0); +Set($MoreAboutRequestorTicketList, "Active"); -=item C<$WebFlushDbCacheEveryRequest> +=item C<$MoreAboutRequestorTicketListFormat> -By default, RT clears its database cache after every page view. -This ensures that you've always got the most current information -when working in a multi-process (mod_perl or FastCGI) Environment -Setting C<$WebFlushDbCacheEveryRequest> to '0' will turn this off, -which will speed RT up a bit, at the expense of a tiny bit of data -accuracy. +Control the appearance of the ticket lists in the 'More About Requestors' box. =cut -Set($WebFlushDbCacheEveryRequest, '1'); +Set($MoreAboutRequestorTicketListFormat, q{ + '__id__', + '__Owner__', + '__Subject__', + '__Status__', +}); + +=item C<$MoreAboutRequestorExtraInfo> -=item C<$MaxInlineBody> +By default, the 'More about requestor' box on Ticket/Display.html +shows the Requestor's name and ticket list. If you would like to see +extra information about the user, this expects a Format string of user +attributes. Please note that not all the attributes are supported in +this display because we're not building a table. -C<$MaxInlineBody> is the maximum attachment size that we want to see -inline when viewing a transaction. RT will inline any text if value -is undefined or 0. This option can be overridden by users in their -preferences. +Example: +C =cut -Set($MaxInlineBody, 12000); +Set($MoreAboutRequestorExtraInfo, ""); -=item C<$DefaultSummaryRows> +=item C<$MoreAboutRequestorGroupsLimit> -C<$DefaultSummaryRows> is default number of rows displayed in for search -results on the frontpage. +By default, the 'More about requestor' box on Ticket/Display.html +shows all the groups of the Requestor. Use this to limit the number +of groups; a value of undef removes the group display entirely. =cut -Set($DefaultSummaryRows, 10); +Set($MoreAboutRequestorGroupsLimit, 0); -=item C<$HomePageRefreshInterval> +=item C<$UseSideBySideLayout> -C<$HomePageRefreshInterval> is default number of seconds to refresh the RT -home page. Choose from [0, 120, 300, 600, 1200, 3600, 7200]. +Should the ticket create and update forms use a more space efficient +two column layout. This layout may not work in narrow browsers if you +set a MessageBoxWidth (below). =cut -Set($HomePageRefreshInterval, 0); +Set($UseSideBySideLayout, 1); -=item C<$SearchResultsRefreshInterval> +=item C<$EditCustomFieldsSingleColumn> -C<$SearchResultsRefreshInterval> is default number of seconds to refresh -search results in RT. Choose from [0, 120, 300, 600, 1200, 3600, 7200]. +When displaying a list of Ticket Custom Fields for editing, RT +defaults to a 2 column list. If you set this to 1, it will instead +display the Custom Fields in a single column. =cut -Set($SearchResultsRefreshInterval, 0); - -=item C<$ResolveDefaultUpdateType> +Set($EditCustomFieldsSingleColumn, 0); -Set the default Update Type when clicking the Resolve link in the Ticket -links tab. +=item C<$ShowUnreadMessageNotifications> - Comment Comments (Not sent to requestors) - Respond Reply to requestors +If set to 1, RT will prompt users when there are new, +unread messages on tickets they are viewing. =cut -Set($ResolveDefaultUpdateType, 'Comment'); +Set($ShowUnreadMessageNotifications, 0); -=item C<$SuppressAutoOpenOnUpdate> +=item C<$AutocompleteOwners> -When users click Comment or Reply on a new ticket in the web UI, the default -status for the ticket gets set to 'open' if the status is currently 'new'. -Setting this option to 1 will suppress that behavior and leave the default -status as 'new'. This option can be overridden by users in their preferences. +If set to 1, the owner drop-downs for ticket update/modify and the query +builder are replaced by text fields that autocomplete. This can +alleviate the sometimes huge owner list for installations where many +users have the OwnTicket right. -=cut - -Set($SuppressAutoOpenOnUpdate, 0); - -=item C<$OldestTransactionsFirst> +Autocompleter is automatically turned on if list contains more than +50 users, but penalty of executing potentially slow query is still paid. -By default, RT shows newest transactions at the bottom of the ticket -history page, if you want see them at the top set this to '0'. This -option can be overridden by users in their preferences. +Drop down doesn't show unprivileged users. If your setup allows unprivileged +to own ticket then you have to enable autocompleting. =cut -Set($OldestTransactionsFirst, '1'); +Set($AutocompleteOwners, 0); -=item C<$ShowTransactionImages> +=item C<$AutocompleteOwnersForSearch> -By default, RT shows images attached to incoming (and outgoing) ticket updates -inline. Set this variable to 0 if you'd like to disable that behaviour +If set to 1, the owner drop-downs for the query builder are always +replaced by text field that autocomplete and C<$AutocompleteOwners> +is ignored. Helpful when owners list is huge in the query builder. =cut -Set($ShowTransactionImages, 1); +Set($AutocompleteOwnersForSearch, 0); -=item C<$PlainTextPre> +=item C<$UserSearchFields> -Normally plaintext attachments are displayed as HTML with line -breaks preserved. This causes space- and tab-based formatting not -to be displayed correctly. By setting $PlainTextPre they'll be -displayed using 
 instead so such formatting works, but they'll
-use a monospaced font, no matter what the value of C<$PlainTextMono> is.
+Used by the User Autocompleter as well as the User Search.
+
+Specifies which fields of L to match against and how to match
+each field when autocompleting users.  Valid match methods are LIKE,
+STARTSWITH, ENDSWITH, =, and !=.  Valid search fields are the core User
+fields, as well as custom fields, which are specified as "CF.1234" or
+"CF.Name"
 
 =cut
 
-Set($PlainTextPre, 0);
+Set($UserSearchFields, {
+    EmailAddress => 'STARTSWITH',
+    Name         => 'STARTSWITH',
+    RealName     => 'LIKE',
+});
 
+=item C<$AllowUserAutocompleteForUnprivileged>
 
-=item C<$PlainTextMono> 
-To display plaintext attachments,
-Set C<$PlainTextMono> to 1 to use monospaced font and preserve
-formatting, but unlike PlainTextPre, the text will wrap to fit into the
-UI.
+Should unprivileged users (users of SelfService) be allowed to
+autocomplete users. Setting this option to 1 means unprivileged users
+will be able to search all your users.
 
 =cut
 
-Set($PlainTextMono, 0);
+Set($AllowUserAutocompleteForUnprivileged, 0);
 
-=item C<$ShowUnreadMessageNotifications>
+=item C<$TicketAutocompleteFields>
 
-By default, RT will prompt users when there are new, unread messages on
-tickets they are viewing.
+Specifies which fields of L to match against and how to match each
+field when autocompleting users.  Valid match methods are LIKE, STARTSWITH,
+ENDSWITH, C<=>, and C.
 
-Set C<$ShowUnreadMessageNotifications> to a false value to disable this feature.
+Not all Ticket fields are publically accessible and hence won't work for
+autocomplete unless you override their accessibility using a local overlay or a
+plugin.  Out of the box the following fields are public: id, Subject.
 
 =cut
 
-Set($ShowUnreadMessageNotifications, 1);
-
+Set( $TicketAutocompleteFields, {
+    id      => 'STARTSWITH',
+    Subject => 'LIKE',
+});
 
-=item C<$HomepageComponents>
+=item C<$DisplayTicketAfterQuickCreate>
 
-C<$HomepageComponents> is an arrayref of allowed components on a user's
-customized homepage ("RT at a glance").
+Enable this to redirect to the created ticket display page
+automatically when using QuickCreate.
 
 =cut
 
-Set($HomepageComponents, [qw(QuickCreate Quicksearch MyCalendar MyAdminQueues MySupportQueues MyReminders RefreshHomepage Dashboards)]);
-
-=item C<@MasonParameters>
+Set($DisplayTicketAfterQuickCreate, 0);
 
-C<@MasonParameters> is the list of parameters for the constructor of
-HTML::Mason's Apache or CGI Handler.  This is normally only useful
-for debugging, eg. profiling individual components with:
+=item C<$WikiImplicitLinks>
 
-    use MasonX::Profiler; # available on CPAN
-    Set(@MasonParameters, (preamble => 'my $p = MasonX::Profiler->new($m, $r);'));
+Support implicit links in WikiText custom fields?  Setting this to 1
+causes InterCapped or ALLCAPS words in WikiText fields to automatically
+become links to searches for those words.  If used on Articles, it links
+to the Article with that name.
 
 =cut
 
-Set(@MasonParameters, ());
+Set($WikiImplicitLinks, 0);
 
-=item C<$DefaultSearchResultFormat>
+=item C<$PreviewScripMessages>
 
-C<$DefaultSearchResultFormat> is the default format for RT search results
+Set C<$PreviewScripMessages> to 1 if the scrips preview on the ticket
+reply page should include the content of the messages to be sent.
 
 =cut
 
-Set ($DefaultSearchResultFormat, qq{
-   '__id__/TITLE:#',
-   '__Subject__/TITLE:Subject',
-   Customer,
-   Status,
-   QueueName,
-   OwnerName, 
-   Priority, 
-   '__NEWLINE__',
-   '',
-   '__Requestors__',
-   '__CustomerTags__',
-   '__CreatedRelative__',
-   '__ToldRelative__',
-   '__LastUpdatedRelative__',
-   '__TimeLeft__'});
+Set($PreviewScripMessages, 0);
 
-=item C<$DefaultSelfServiceSearchResultFormat>
+=item C<$SimplifiedRecipients>
 
-C<$DefaultSelfServiceSearchResultFormat> is the default format of searches displayed in the 
-SelfService interface.
+If C<$SimplifiedRecipients> is set, a simple list of who will receive
+B kind of mail will be shown on the ticket reply page, instead of a
+detailed breakdown by scrip.
 
 =cut
 
-Set($DefaultSelfServiceSearchResultFormat, qq{
-   '__id__/TITLE:#',
-   '__Subject__/TITLE:Subject',
-   Status,
-   Requestors,
-   OwnerName});
+Set($SimplifiedRecipients, 0);
 
-=item C<%AdminSearchResultFormat>
+=item C<$HideResolveActionsWithDependencies>
 
-In admin interface format strings similar to tickets search result
-formats are used. Use C<%AdminSearchResultFormat> to define format
-strings per RT class.
+If set to 1, this option will skip ticket menu actions which can't be
+completed successfully because of outstanding active Depends On tickets.
+
+By default, all ticket actions are displayed in the menu even if some of
+them can't be successful until all Depends On links are resolved or
+transitioned to another inactive status.
 
 =cut
 
-Set(%AdminSearchResultFormat,
-    Queues =>
-        q{'__id__/TITLE:#'}
-        .q{,'__Name__/TITLE:Name'}
-        .q{,__Description__,__Address__,__Priority__,__DefaultDueIn__,__Disabled__},
+Set($HideResolveActionsWithDependencies, 0);
 
-    Groups =>
-        q{'__id__/TITLE:#'}
-        .q{,'__Name__/TITLE:Name'}
-        .q{,'__Description__'},
+=back
 
-    Users =>
-        q{'__id__/TITLE:#'}
-        .q{,'__Name__/TITLE:Name'}
-        .q{,__RealName__, __EmailAddress__},
 
-    CustomFields =>
-        q{'__id__/TITLE:#'}
-        .q{,'__Name__/TITLE:Name'}
-        .q{,__AppliedTo__, __FriendlyType__, __FriendlyPattern__},
 
-    Scrips => 
-        q{'__id__/TITLE:#'}
-        .q{,'__Description__/TITLE:Description'}
-        .q{,__Stage__, __Condition__, __Action__, __Template__},
+=head2 Articles
 
-    Templates =>
-        q{'__id__/TITLE:#'}
-        .q{,'__Name__/TITLE:Name'}
-        .q{,'__Description__'},
-);
+=over 4
 
-=item C<$SuppressInlineTextFiles>
+=item C<$ArticleOnTicketCreate>
 
-If C<$SuppressInlineTextFiles> is set to a true value, then uploaded
-text files (text-type attachments with file names) are prevented
-from being displayed in-line when viewing a ticket's history.
+Set this to 1 to display the Articles interface on the Ticket Create
+page in addition to the Reply/Comment page.
 
 =cut
 
-Set($SuppressInlineTextFiles, undef);
+Set($ArticleOnTicketCreate, 0);
 
-=item C<$DontSearchFileAttachments>
+=item C<$HideArticleSearchOnReplyCreate>
 
-If C<$DontSearchFileAttachments> is set to a true value, then uploaded
-files (attachments with file names) are not searched during full-content
-ticket searches.
+Set this to 1 to hide the search and include boxes from the Article
+UI.  This assumes you have enabled Article Hotlist feature, otherwise
+you will have no access to Articles.
 
 =cut
 
-Set($DontSearchFileAttachments, undef);
+Set($HideArticleSearchOnReplyCreate, 0);
 
-=item C<%ChartFont>
+=back
 
-The L module (which RT uses for graphs) ships with a builtin font 
-that doesn't have full Unicode support. You can use a given TrueType font 
-for a specific language by setting %ChartFont to (language =E the 
-absolute path of a font) pairs. Your GD library must have support for
-TrueType fonts to use this option. If there is no entry for a language 
-in the hash then font with 'others' key is used.
 
-RT comes with two TrueType fonts covering most available languages.
 
-=cut
+=head2 Message box properties
 
-Set(
-    %ChartFont,
-    'zh-cn'  => "$RT::BasePath/share/fonts/DroidSansFallback.ttf",
-    'zh-tw'  => "$RT::BasePath/share/fonts/DroidSansFallback.ttf",
-    'ja'     => "$RT::BasePath/share/fonts/DroidSansFallback.ttf",
-    'others' => "$RT::BasePath/share/fonts/DroidSans.ttf",
-);
+=over 4
 
-=item C<$ChartsTimezonesInDB>
+=item C<$MessageBoxWidth>, C<$MessageBoxHeight>
+
+For message boxes, set the entry box width, height and what type of
+wrapping to use.  These options can be overridden by users in their
+preferences.
 
-RT stores dates using the UTC timezone in the DB, so charts grouped
-by dates and time are not representative. Set C<$ChartsTimezonesInDB>
-to a true value to enable timezone conversions using your DB's
-capabilities. You may need to do some work on the DB side to use this
-feature, read more in F.
+When the width is set to undef, no column count is specified and the
+message box will take up 100% of the available width.  Combining this
+with HARD messagebox wrapping (below) is not recommended, as it will
+lead to inconsistent width in transactions between browsers.
 
-At this time, this feature only applies to MySQL and PostgreSQL.
+These settings only apply to the non-RichText message box.  See below
+for Rich Text settings.
+
+=cut
+
+Set($MessageBoxWidth, undef);
+Set($MessageBoxHeight, 15);
+
+=item C<$MessageBoxRichText>
+
+Should "rich text" editing be enabled? This option lets your users
+send HTML email messages from the web interface.
+
+=cut
+
+Set($MessageBoxRichText, 1);
+
+=item C<$MessageBoxRichTextHeight>
+
+Height of rich text JavaScript enabled editing boxes (in pixels)
+
+=cut
+
+Set($MessageBoxRichTextHeight, 200);
+
+=item C<$MessageBoxIncludeSignature>
+
+Should your users' signatures (from their Preferences page) be
+included in Comments and Replies.
+
+=cut
+
+Set($MessageBoxIncludeSignature, 1);
+
+=item C<$MessageBoxIncludeSignatureOnComment>
+
+Should your users' signatures (from their Preferences page) be
+included in Comments. Setting this to 0 overrides
+C<$MessageBoxIncludeSignature>.
+
+=cut
+
+Set($MessageBoxIncludeSignatureOnComment, 1);
+
+=back
+
+
+=head2 Transaction display
+
+=over 4
+
+=item C<$OldestTransactionsFirst>
+
+By default, RT shows newest transactions at the bottom of the ticket
+history page, if you want see them at the top set this to 0.  This
+option can be overridden by users in their preferences.
+
+=cut
+
+Set($OldestTransactionsFirst, 1);
+
+=item C<$ShowHistory>
+
+This option controls how history is shown on the ticket display page.  It
+accepts one of three possible modes and is overrideable on a per-user
+preference level.  If you regularly deal with long tickets and don't care much
+about the history, you may wish to change this option to C.
+
+=over
+
+=item C (the default)
+
+When set to C, history is loaded via javascript after the rest of the
+page has been loaded.  This speeds up apparent page load times and generally
+provides a smoother experience.  You may notice slight delays before the ticket
+history appears on very long tickets.
+
+=item C
+
+When set to C, history is loaded on demand when a placeholder link is
+clicked.  This speeds up ticket display page loads and history is never loaded
+if not requested.
+
+=item C
+
+When set to C, history is loaded before showing the page.  This ensures
+history is always available immediately, but at the expense of longer page load
+times.  This behaviour was the default in RT 4.0.
+
+=back
+
+=cut
+
+Set($ShowHistory, 'delay');
+
+=item C<$ShowBccHeader>
+
+By default, RT hides from the web UI information about blind copies
+user sent on reply or comment.
+
+=cut
+
+Set($ShowBccHeader, 0);
+
+=item C<$TrustHTMLAttachments>
+
+If C is not defined, we will display them as
+text. This prevents malicious HTML and JavaScript from being sent in a
+request (although there is probably more to it than that)
+
+=cut
+
+Set($TrustHTMLAttachments, undef);
+
+=item C<$AlwaysDownloadAttachments>
+
+Always download attachments, regardless of content type. If set, this
+overrides C.
+
+=cut
+
+Set($AlwaysDownloadAttachments, undef);
+
+=item C<$PreferRichText>
+
+By default, RT shows rich text (HTML) messages if possible.  If
+C<$PreferRichText> is set to 0, RT will show plain text messages in
+preference to any rich text alternatives.
+
+As a security precaution, RT limits the HTML that is displayed to a
+known-good subset -- as allowing arbitrary HTML to be displayed exposes
+multiple vectors for XSS and phishing attacks.  If
+L is enabled, the original HTML is available for
+viewing via the "Download" link.
+
+If the optional L dependency is installed, RT will leverage
+this to allow a broader set of HTML through, including tables.
+
+=cut
+
+Set($PreferRichText, 1);
+
+=item C<$MaxInlineBody>
+
+C<$MaxInlineBody> is the maximum attachment size that we want to see
+inline when viewing a transaction.  RT will inline any text if the
+value is undefined or 0.  This option can be overridden by users in
+their preferences.
+
+=cut
+
+Set($MaxInlineBody, 12000);
+
+=item C<$ShowTransactionImages>
+
+By default, RT shows images attached to incoming (and outgoing) ticket
+updates inline. Set this variable to 0 if you'd like to disable that
+behavior.
+
+=cut
+
+Set($ShowTransactionImages, 1);
+
+=item C<$ShowRemoteImages>
+
+By default, RT doesn't show remote images attached to incoming (and outgoing)
+ticket updates inline.  Set this variable to 1 if you'd like to enable remote
+image display.  Showing remote images may allow spammers and other senders to
+track when messages are viewed and see referer information.
+
+Note that this setting is independent of L above.
+
+=cut
+
+Set($ShowRemoteImages, 0);
+
+=item C<$PlainTextMono>
+
+Normally plaintext attachments are displayed as HTML with line breaks
+preserved.  This causes space- and tab-based formatting not to be
+displayed correctly.  Set C<$PlainTextMono> to 1 to use a monospaced
+font and preserve formatting.
+
+=cut
+
+Set($PlainTextMono, 0);
+
+=item C<$SuppressInlineTextFiles>
+
+If C<$SuppressInlineTextFiles> is set to 1, then uploaded text files
+(text-type attachments with file names) are prevented from being
+displayed in-line when viewing a ticket's history.
 
 =cut
 
-Set( $ChartsTimezonesInDB, 0 );
+Set($SuppressInlineTextFiles, undef);
+
 
 =item C<@Active_MakeClicky>
 
@@ -1542,106 +1900,372 @@ provides two formats:
   link after the URL.
 
 * 'httpurl_overwrite': also detects URLs as 'httpurl' format, but
-  replace URL with link and *adds spaces* into text if it's longer
-  then 30 chars. This allow browser to wrap long URLs and avoid
-  horizontal scrolling.
+  replaces the URL with a link.  Enabled by default.
 
-See F for documentation on how to add your own.
+See F for documentation on how to add
+your own styles of link detection.
 
 =cut
 
-Set(@Active_MakeClicky, qw());
+Set(@Active_MakeClicky, qw(httpurl_overwrite));
 
-=item C<$DefaultQueue>
+=item C<$QuoteFolding>
 
-Use this to select the default queue name that will be used for creating new
-tickets. You may use either the queue's name or its ID. This only affects the
-queue selection boxes on the web interface.
+Quote folding is the hiding of old replies in transaction history.
+It defaults to on.  Set this to 0 to disable it.
 
 =cut
 
-#Set($DefaultQueue, 'General');
+Set($QuoteFolding, 1);
 
-=item C<$DefaultTimeUnitsToHours>
+=item C<$AllowLoginPasswordAutoComplete>
 
-Use this to set the default units for time entry to hours instead of minutes.
+Allow browsers to remember the user's password on login (in case the
+browser can do so, and has the appropriate setting enabled). Default
+is 0.
 
 =cut
 
-Set($DefaultTimeUnitsToHours, 0);
+Set($AllowLoginPasswordAutoComplete, 0);
 
-=item C<$SimpleSearchIncludeResolved>
+=back
 
-By default, the simple ticket search in the top bar excludes "resolved" tickets
-unless a status argument is specified.  Set this to a true value to include 
-them.
+
+=head1 Application logic
+
+=over 4
+
+=item C<$ParseNewMessageForTicketCcs>
+
+If C<$ParseNewMessageForTicketCcs> is set to 1, RT will attempt to
+divine Ticket 'Cc' watchers from the To and Cc lines of incoming
+messages that create new Tickets. This option does not apply to replies
+or comments on existing Tickets. Be forewarned that if you have I
+addresses which forward mail to RT automatically and you enable this
+option without modifying C<$RTAddressRegexp> below, you will get
+yourself into a heap of trouble.
 
 =cut
 
-Set($SimpleSearchIncludeResolved, 0);
+Set($ParseNewMessageForTicketCcs, undef);
+
+=item C<$UseTransactionBatch>
+
+Set C<$UseTransactionBatch> to 1 to execute transactions in batches,
+such that a resolve and comment (for example) would happen
+simultaneously, instead of as two transactions, unaware of each
+others' existence.
+
+=cut
+
+Set($UseTransactionBatch, 1);
+
+=item C<$StrictLinkACL>
+
+When this feature is enabled a user needs I rights on
+both tickets to link them together; otherwise, I rights
+on either of them is sufficient.
+
+=cut
+
+Set($StrictLinkACL, 1);
+
+=item C<$RedistributeAutoGeneratedMessages>
+
+Should RT redistribute correspondence that it identifies as machine
+generated?  A 1 will do so; setting this to 0 will cause no
+such messages to be redistributed.  You can also use 'privileged' (the
+default), which will redistribute only to privileged users. This helps
+to protect against malformed bounces and loops caused by auto-created
+requestors with bogus addresses.
+
+=cut
+
+Set($RedistributeAutoGeneratedMessages, "privileged");
+
+=item C<$ApprovalRejectionNotes>
+
+Should rejection notes from approvals be sent to the requestors?
+
+=cut
+
+Set($ApprovalRejectionNotes, 1);
+
+=item C<$ForceApprovalsView>
+
+Should approval tickets only be viewed and modified through the standard
+approval interface?  With this setting enabled (by default), any attempt to use
+the normal ticket display and modify page for approval tickets will be
+redirected.
+
+For example, with this option set to 1 and an approval ticket #123:
+
+    /Ticket/Display.html?id=123
+
+is redirected to
+
+    /Approval/Display.html?id=123
+
+With this option set to 0, the redirect won't happen.
 
 =back
 
-=head1 L (rt-server) Configuration
+=cut
+
+Set($ForceApprovalsView, 1);
+
+=head1 Extra security
+
+This is a list of extra security measures to enable that help keep your RT
+safe.  If you don't know what these mean, you should almost certainly leave the
+defaults alone.
 
 =over 4
 
-=item C<$StandaloneMinServers>, C<$StandaloneMaxServers>
+=item C<$DisallowExecuteCode>
 
-The absolute minimum and maximum number of servers that will be created to
-handle requests. Having multiple servers means that serving a slow page will
-affect other users less.
+If set to 1, the C right will be removed from
+all users, B the superuser.  This is intended for when RT is
+installed into a shared environment where even the superuser should not
+be allowed to run arbitrary Perl code on the server via scrips.
 
 =cut
 
-Set($StandaloneMinServers, 1);
-Set($StandaloneMaxServers, 1);
+Set($DisallowExecuteCode, 0);
 
-=item C<$StandaloneMinSpareServers>, C<$StandaloneMaxSpareServers>
+=item C<$Framebusting>
 
-These next two options can be used to scale up and down the number of servers
-to adjust to load. These two options will respect the C<$StandaloneMinServers
-> and C<$StandaloneMaxServers options>.
+If set to 0, framekiller javascript will be disabled and the
+X-Frame-Options: DENY header will be suppressed from all responses.
+This disables RT's clickjacking protection.
 
 =cut
 
-Set($StandaloneMinSpareServers, 0);
-Set($StandaloneMaxSpareServers, 0);
+Set($Framebusting, 1);
 
-=item C<$StandaloneMaxRequests>
+=item C<$RestrictReferrer>
 
-This sets the absolute maximum number of requests a single server will serve.
-Setting this would be useful if, for example, memory usage slowly crawls up
-every hit.
+If set to 0, the HTTP C (sic) header will not be
+checked to ensure that requests come from RT's own domain.  As RT allows
+for GET requests to alter state, disabling this opens RT up to
+cross-site request forgery (CSRF) attacks.
 
 =cut
 
-#Set($StandaloneMaxRequests, 50);
+Set($RestrictReferrer, 1);
 
-=item C<%NetServerOptions>
+=item C<$RestrictLoginReferrer>
 
-C<%NetServerOptions> is a hash of additional options to use for
-L. For example, you could set
-reverse_lookups to get the hostnames for all users with:
+If set to 0, RT will allow the user to log in from any link
+or request, merely by passing in C and C parameters; setting
+it to 1 forces all logins to come from the login box, so the
+user is aware that they are being logged in.  The default is off, for
+backwards compatability.
 
-C 1));>
+=cut
+
+Set($RestrictLoginReferrer, 0);
+
+=item C<@ReferrerWhitelist>
+
+This is a list of hostname:port combinations that RT will treat as being
+part of RT's domain. This is particularly useful if you access RT as
+multiple hostnames or have an external auth system that needs to
+redirect back to RT once authentication is complete.
+
+ Set(@ReferrerWhitelist, qw(www.example.com:443  www3.example.com:80));
+
+If the "RT has detected a possible cross-site request forgery" error is triggered
+by a host:port sent by your browser that you believe should be valid, you can copy
+the host:port from the error message into this list.
+
+Simple wildcards, similar to SSL certificates, are allowed.  For example:
+
+    *.example.com:80    # matches foo.example.com
+                        # but not example.com
+                        #      or foo.bar.example.com
+
+    www*.example.com:80 # matches www3.example.com
+                        #     and www-test.example.com
+                        #     and www.example.com
+
+=cut
+
+Set(@ReferrerWhitelist, qw());
+
+
+=item C<$BcryptCost>
+
+This sets the default cost parameter used for the C key
+derivation function.  Valid values range from 4 to 31, inclusive, with
+higher numbers denoting greater effort.
 
 =cut
 
-Set(%NetServerOptions, ());
+Set($BcryptCost, 10);
 
 =back
 
 
-=head1 UTF-8 Configuration
+
+=head1 Authorization and user configuration
+
+=over 4
+
+=item C<$WebRemoteUserAuth>
+
+If C<$WebRemoteUserAuth> is defined, RT will defer to the environment's
+REMOTE_USER variable, which should be set by the webserver's
+authentication layer.
+
+=cut
+
+Set($WebRemoteUserAuth, undef);
+
+=item C<$WebRemoteUserContinuous>
+
+If C<$WebRemoteUserContinuous> is defined, RT will check for the
+REMOTE_USER on each access.  If you would prefer this to only happen
+once (at initial login) set this to 0.  The default
+setting will help ensure that if your webserver's authentication layer
+deauthenticates a user, RT notices as soon as possible.
+
+=cut
+
+Set($WebRemoteUserContinuous, 1);
+
+=item C<$WebFallbackToRTLogin>
+
+If C<$WebFallbackToRTLogin> is defined, the user is allowed a
+chance of fallback to the login screen, even if REMOTE_USER failed.
+
+=cut
+
+Set($WebFallbackToRTLogin, undef);
+
+=item C<$WebRemoteUserGecos>
+
+C<$WebRemoteUserGecos> means to match 'gecos' field as the user
+identity; useful with C.
+
+=cut
+
+Set($WebRemoteUserGecos, undef);
+
+=item C<$WebRemoteUserAutocreate>
+
+C<$WebRemoteUserAutocreate> will create users under the same name as
+REMOTE_USER upon login, if they are missing from the Users table.
+
+=cut
+
+Set($WebRemoteUserAutocreate, undef);
+
+=item C<$UserAutocreateDefaultsOnLogin>
+
+If C<$WebRemoteUserAutocreate> is set to 1, C<$UserAutocreateDefaultsOnLogin>
+will be passed to L.  Use it to set defaults, such as
+creating unprivileged users with C<<{ Privileged => 0 }>>.  This must be
+a hashref.
+
+=cut
+
+Set($UserAutocreateDefaultsOnLogin, undef);
+
+=item C<$WebSessionClass>
+
+C<$WebSessionClass> is the class you wish to use for storing sessions.  On
+MySQL, Pg, and Oracle it defaults to using your database, in other cases
+sessions are stored in files using L. Other installed
+Apache::Session::* modules can be used to store sessions.
+
+    Set($WebSessionClass, "Apache::Session::File");
+
+=cut
+
+Set($WebSessionClass, undef);
+
+=item C<%WebSessionProperties>
+
+C<%WebSessionProperties> is the hash to configure class L
+in case custom class is used. By default it's empty and values are picked
+depending on the class. Make sure that it's empty if you're using DB as session
+backend.
+
+=cut
+
+Set( %WebSessionProperties );
+
+=item C<$AutoLogoff>
+
+By default, RT's user sessions persist until a user closes his or her
+browser. With the C<$AutoLogoff> option you can setup session lifetime
+in minutes. A user will be logged out if he or she doesn't send any
+requests to RT for the defined time.
+
+=cut
+
+Set($AutoLogoff, 0);
+
+=item C<$LogoutRefresh>
+
+The number of seconds to wait after logout before sending the user to
+the login page. By default, 1 second, though you may want to increase
+this if you display additional information on the logout page.
+
+=cut
+
+Set($LogoutRefresh, 1);
+
+=item C<$WebSecureCookies>
+
+By default, RT's session cookie isn't marked as "secure". Some web
+browsers will treat secure cookies more carefully than non-secure
+ones, being careful not to write them to disk, only sending them over
+an SSL secured connection, and so on. To enable this behavior, set
+C<$WebSecureCookies> to 1.  NOTE: You probably don't want to turn this
+on I users are only connecting via SSL encrypted HTTPS
+connections.
+
+=cut
+
+Set($WebSecureCookies, 0);
+
+=item C<$WebHttpOnlyCookies>
+
+Default RT's session cookie to not being directly accessible to
+javascript.  The content is still sent during regular and AJAX requests,
+and other cookies are unaffected, but the session-id is less
+programmatically accessible to javascript.  Turning this off should only
+be necessary in situations with odd client-side authentication
+requirements.
+
+=cut
+
+Set($WebHttpOnlyCookies, 1);
+
+=item C<$MinimumPasswordLength>
+
+C<$MinimumPasswordLength> defines the minimum length for user
+passwords. Setting it to 0 disables this check.
+
+=cut
+
+Set($MinimumPasswordLength, 5);
+
+=back
+
+
+=head1 Internationalization
 
 =over 4
 
 =item C<@LexiconLanguages>
 
-An array that contains languages supported by RT's internationalization
-interface.  Defaults to all *.po lexicons; setting it to C will make
-RT bilingual instead of multilingual, but will save some memory.
+An array that contains languages supported by RT's
+internationalization interface.  Defaults to all *.po lexicons;
+setting it to C will make RT bilingual instead of
+multilingual, but will save some memory.
 
 =cut
 
@@ -1650,8 +2274,10 @@ Set(@LexiconLanguages, qw(*));
 =item C<@EmailInputEncodings>
 
 An array that contains default encodings used to guess which charset
-an attachment uses if not specified.  Must be recognized by
-L.
+an attachment uses, if it does not specify one explicitly.  All
+options must be recognized by L.  The first element may
+also be '*', which enables encoding detection using
+L, if installed.
 
 =cut
 
@@ -1663,41 +2289,48 @@ The charset for localized email.  Must be recognized by Encode.
 
 =cut
 
-Set($EmailOutputEncoding, 'utf-8');
-
+Set($EmailOutputEncoding, "utf-8");
 
 =back
 
-=head1 Date Handling Configuration
+
+
+
+
+
+
+=head1 Date and time handling
 
 =over 4
 
 =item C<$DateTimeFormat>
 
-You can choose date and time format.  See "Output formatters"
-section in perldoc F for more options.  This option can
-be overridden by users in their preferences.
+You can choose date and time format.  See the "Output formatters"
+section in perldoc F for more options.  This option
+can be overridden by users in their preferences.
+
 Some examples:
 
-C
-C 'ISO', Seconds => 0 });>
-C
-C 'RFC2822', Seconds => 0, DayOfWeek => 0 });>
+C
+C "ISO", Seconds => 0 });>
+C
+C "RFC2822", Seconds => 0, DayOfWeek => 0 });>
 
 =cut
 
-Set($DateTimeFormat, 'DefaultFormat');
+Set($DateTimeFormat, "DefaultFormat");
 
 # Next two options are for Time::ParseDate
 
 =item C<$DateDayBeforeMonth>
 
-Set this to 1 if your local date convention looks like "dd/mm/yy" instead of
-"mm/dd/yy". Used only for parsing, not for displaying dates.
+Set this to 1 if your local date convention looks like "dd/mm/yy"
+instead of "mm/dd/yy". Used only for parsing, not for displaying
+dates.
 
 =cut
 
-Set($DateDayBeforeMonth , 1);
+Set($DateDayBeforeMonth, 1);
 
 =item C<$AmbiguousDayInPast>, C<$AmbiguousDayInFuture>
 
@@ -1706,175 +2339,745 @@ past value? For example, should a date of "Tuesday" default to mean
 the date for next Tuesday or last Tuesday? Should the date "March 1"
 default to the date for next March or last March?
 
-Set $ for the last date, or $<$AmbiguousDayInFuture> for the
-next date.
-
-The default is usually good.
+Set C<$AmbiguousDayInPast> for the last date, or
+C<$AmbiguousDayInFuture> for the next date; the default is usually
+correct.  If both are set, C<$AmbiguousDayInPast> takes precedence.
 
 =cut
 
 Set($AmbiguousDayInPast, 0);
 Set($AmbiguousDayInFuture, 0);
 
-=back
+=item C<$DefaultTimeUnitsToHours>
 
-=head1 Approval Configuration
+Use this to set the default units for time entry to hours instead of
+minutes.  Note that this only effects entry, not display.
 
-Configuration for the approval system
+=cut
 
-=over 4
+Set($DefaultTimeUnitsToHours, 0);
 
-=item C<$ApprovalRejectionNotes>
+=item C<$SimpleSearchIncludeResolved>
 
-Should rejection notes be sent to the requestors?  The default is true.
+By default, the simple ticket search in the top bar excludes "resolved" tickets
+unless a status argument is specified.  Set this to a true value to include 
+them.
 
 =cut
 
-Set($ApprovalRejectionNotes, 1);
+Set($SimpleSearchIncludeResolved, 0);
+
+=item C<$TimeInICal>
+
+By default, events in the iCal feed on the ticket search page
+contain only dates, making them all day calendar events. Set
+C<$TimeInICal> if you have start or due dates on tickets that
+have significant time values and you want those times to be
+included in the events in the iCal feed.
+
+This option can also be set as an individual user preference.
+
+=cut
 
+Set($TimeInICal, 0);
 
 =back
 
-=head1 Miscellaneous Configuration
+
+
+=head1 Cryptography
+
+A complete description of RT's cryptography capabilities can be found in
+L. At this moment, GnuPG (PGP) and SMIME security protocols are
+supported.
 
 =over 4
 
-=item C<@ActiveStatus>, C<@InactiveStatus>
+=item C<%Crypt>
 
-You can define new statuses and even reorder existing statuses here.
-WARNING. DO NOT DELETE ANY OF THE DEFAULT STATUSES. If you do, RT
-will break horribly. The statuses you add must be no longer than
-10 characters.
+The following options apply to all cryptography protocols.
 
-=cut
+By default, all enabled security protocols will analyze each incoming
+email. You may set C to a subset of this list, if some enabled
+protocols do not apply to incoming mail; however, this is usually
+unnecessary. Note that for any verification or decryption to occur for
+incoming mail, the C mail plugin must be added to
+L as specified in L.
 
-Set(@ActiveStatus, qw(new open stalled));
-Set(@InactiveStatus, qw(resolved rejected deleted));
+For outgoing emails, the first security protocol from the above list is
+used. Use the C option to set a security protocol that should
+be used in outgoing emails.  At this moment, only one protocol can be
+used to protect outgoing emails.
 
-=item C<$LinkTransactionsRun1Scrip>
+Set C to 1 if all incoming email must be
+properly encrypted.  All unencrypted emails will be rejected by RT.
 
-RT-3.4 backward compatibility setting. Add/Delete Link used to record one
-transaction and run one scrip. Set this value to 1 if you want
-only one of the link transactions to have scrips run.
+Set C to 0 if you don't want to reject
+emails encrypted for key RT doesn't have and can not decrypt.
 
-=cut
+Set C to 0 if you don't want to reject letters
+with incorrect data.
 
-Set($LinkTransactionsRun1Scrip, 0);
+If you want to allow people to encrypt attachments inside the DB then
+set C to 1.
 
-=item C<$StrictLinkACL>
+Set C to a hash with Encrypt and Sign keys to control
+whether dashboards should be encrypted and/or signed correspondingly.
+By default they are not encrypted or signed.
 
-When this feature is enabled a user needs I rights on both
-tickets to link them together, otherwise he can have rights on either of
-them.
+=back
 
 =cut
 
-Set($StrictLinkACL, 1);
+Set( %Crypt,
+    Incoming                  => undef, # ['GnuPG', 'SMIME']
+    Outgoing                  => undef, # 'SMIME'
 
-=item C<$PreviewScripMessages>
+    RejectOnUnencrypted       => 0,
+    RejectOnMissingPrivateKey => 1,
+    RejectOnBadData           => 1,
 
-Set C<$PreviewScripMessages> to 1 if the scrips preview on the ticket
-reply page should include the content of the messages to be sent.
+    AllowEncryptDataInDB      => 0,
+
+    Dashboards => {
+        Encrypt => 0,
+        Sign    => 0,
+    },
+);
+
+=head2 SMIME configuration
+
+A full description of the SMIME integration can be found in
+L.
+
+=over 4
+
+=item C<%SMIME>
+
+Set C to 0 or 1 to disable or enable SMIME for
+encrypting and signing messages.
+
+Set C to path to F executable.
+
+Set C to directory with key files.  Key and certificates should
+be stored in a PEM file in this directory named named, e.g.,
+F.
+
+Set C to either a PEM-formatted certificate of a single signing
+certificate authority, or a directory of such (including hash symlinks
+as created by the openssl tool C).  Only SMIME certificates
+signed by these certificate authorities will be treated as valid
+signatures.  If left unset (and C is unset, as it is
+by default), no signatures will be marked as valid!
+
+Set C to allow arbitrary SMIME certificates, no
+matter their signing entities.  Such mails will be marked as untrusted,
+but signed; C will be used to mark which mails are signed by
+trusted certificate authorities.  This configuration is generally
+insecure, as it allows the possibility of accepting forged mail signed
+by an untrusted certificate authority.
+
+Setting C also allows encryption to users with
+certificates created by untrusted CAs.
+
+Set C to a scalar (to use for all keys), an anonymous
+function, or a hash (to look up by address).  If the hash is used, the
+'' key is used as a default.
+
+See L for details.
+
+=back
 
 =cut
 
-Set($PreviewScripMessages, 0);
+Set( %SMIME,
+    Enable => @RT_SMIME@,
+    OpenSSL => 'openssl',
+    Keyring => q{@RT_VAR_PATH@/data/smime},
+    CAPath => undef,
+    AcceptUntrustedCAs => undef,
+    Passphrase => undef,
+);
 
-=item C<$UseTransactionBatch>
+=head2 GnuPG configuration
 
-Set C<$UseTransactionBatch> to 1 to execute transactions in batches,
-such that a resolve and comment (for example) would happen
-simultaneously, instead of as two transactions, unaware of each
-others' existence.
+A full description of the (somewhat extensive) GnuPG integration can
+be found by running the command `perldoc L` (or
+`perldoc lib/RT/Crypt/GnuPG.pm` from your RT install directory).
+
+=over 4
+
+=item C<%GnuPG>
+
+Set C to 0 or 1 to disable or enable GnuPG interfaces
+for encrypting and signing outgoing messages.
+
+Set C to the name or path of the gpg binary to use.
+
+Set C to a scalar (to use for all keys), an anonymous
+function, or a hash (to look up by address).  If the hash is used, the
+'' key is used as a default.
+
+Set C to 'inline' to use inline encryption and
+signatures instead of 'RFC' (GPG/MIME: RFC3156 and RFC1847) format.
 
 =cut
 
-Set($UseTransactionBatch, 1);
+Set(%GnuPG,
+    Enable                 => @RT_GPG@,
+    GnuPG                  => 'gpg',
+    Passphrase             => undef,
+    OutgoingMessagesFormat => "RFC", # Inline
+);
 
-=item C<@CustomFieldValuesSources>
+=item C<%GnuPGOptions>
 
-Set C<@CustomFieldValuesSources> to a list of class names which extend
-L.  This can be used to pull lists of
-custom field values from external sources at runtime.
+Options to pass to the GnuPG program.
+
+If you override this in your RT_SiteConfig, you should be sure to
+include a homedir setting.
+
+Note that options with '-' character MUST be quoted.
 
 =cut
 
-Set(@CustomFieldValuesSources, ('RT::CustomFieldValues::Queues'));
+Set(%GnuPGOptions,
+    homedir => q{@RT_VAR_PATH@/data/gpg},
 
-=item C<$CanonicalizeRedirectURLs>
+# URL of a keyserver
+#    keyserver => 'hkp://subkeys.pgp.net',
 
-Set C<$CanonicalizeRedirectURLs> to 1 to use $C when redirecting rather
-than the one we get from C<%ENV>.
+# enables the automatic retrieving of keys when verifying signatures
+#    'keyserver-options' => 'auto-key-retrieve',
+);
 
-If you use RT behind a reverse proxy, you almost certainly want to
-enable this option.
+=back
+
+
+
+=head1 Lifecycles
+
+=head2 Lifecycle definitions
+
+Each lifecycle is a list of possible statuses split into three logic
+sets: B, B and B. Each status in a
+lifecycle must be unique. (Statuses may not be repeated across sets.)
+Each set may have any number of statuses.
+
+For example:
+
+    default => {
+        initial  => ['new'],
+        active   => ['open', 'stalled'],
+        inactive => ['resolved', 'rejected', 'deleted'],
+        ...
+    },
+
+Status names can be from 1 to 64 ASCII characters.  Statuses are
+localized using RT's standard internationalization and localization
+system.
+
+=over 4
+
+=item initial
+
+You can define multiple B statuses for tickets in a given
+lifecycle.
+
+RT will automatically set its B date when you change a
+ticket's status from an B state to an B or
+B status.
+
+=item active
+
+B tickets are "currently in play" - they're things that are
+being worked on and not yet complete.
+
+=item inactive
+
+B tickets are typically in their "final resting state".
+
+While you're free to implement a workflow that ignores that
+description, typically once a ticket enters an inactive state, it will
+never again enter an active state.
+
+RT will automatically set the B date when a ticket's status
+is changed from an B or B status to an B
+status.
+
+B is still a special status and protected by the
+B right, unless you re-defined rights (read below). If
+you don't want to allow ticket deletion at any time simply don't
+include it in your lifecycle.
+
+=back
+
+Statuses in each set are ordered and listed in the UI in the defined
+order.
+
+Changes between statuses are constrained by transition rules, as
+described below.
+
+=head2 Default values
+
+In some cases a default value is used to display in UI or in API when
+value is not provided. You can configure defaults using the following
+syntax:
+
+    default => {
+        ...
+        defaults => {
+            on_create => 'new',
+            on_resolve => 'resolved',
+            ...
+        },
+    },
+
+The following defaults are used.
+
+=over 4
+
+=item on_create
+
+If you (or your code) doesn't specify a status when creating a ticket,
+RT will use the this status. See also L.
+
+=item on_merge
+
+When tickets are merged, the status of the ticket that was merged
+away is forced to this value.  It should be one of inactive statuses;
+'resolved' or its equivalent is most probably the best candidate.
+
+=item approved
+
+When an approval is accepted, the status of depending tickets will
+be changed to this value.
+
+=item denied
+
+When an approval is denied, the status of depending tickets will
+be changed to this value.
+
+=item reminder_on_open
+
+When a reminder is opened, the status will be changed to this value.
+
+=item reminder_on_resolve
+
+When a reminder is resolved, the status will be changed to this value.
+
+=back
+
+=head2 Transitions between statuses and UI actions
+
+A B is a change of status from A to B. You should define
+all possible transitions in each lifecycle using the following format:
+
+    default => {
+        ...
+        transitions => {
+            ''       => [qw(new open resolved)],
+            new      => [qw(open resolved rejected deleted)],
+            open     => [qw(stalled resolved rejected deleted)],
+            stalled  => [qw(open)],
+            resolved => [qw(open)],
+            rejected => [qw(open)],
+            deleted  => [qw(open)],
+        },
+        ...
+    },
+
+The order of items in the listing for each transition line affects
+the order they appear in the drop-down. If you change the config
+for 'open' state listing to:
+
+    open     => [qw(stalled rejected deleted resolved)],
+
+then the 'resolved' status will appear as the last item in the drop-down.
+
+=head3 Statuses available during ticket creation
+
+By default users can create tickets with a status of new,
+open, or resolved, but cannot create tickets with a status of
+rejected, stalled, or deleted. If you want to change the statuses
+available during creation, update the transition from '' (empty
+string), like in the example above.
+
+=head3 Protecting status changes with rights
+
+A transition or group of transitions can be protected by a specific
+right.  Additionally, you can name new right names, which will be added
+to the system to control that transition.  For example, if you wished to
+create a lesser right than ModifyTicket for rejecting tickets, you could
+write:
+
+    default => {
+        ...
+        rights => {
+            '* -> deleted'  => 'DeleteTicket',
+            '* -> rejected' => 'RejectTicket',
+            '* -> *'        => 'ModifyTicket',
+        },
+        ...
+    },
+
+This would create a new C right in the system which you
+could assign to whatever groups you choose.
+
+On the left hand side you can have the following variants:
+
+    ' -> '
+    '* -> '
+    ' -> *'
+    '* -> *'
+
+Valid transitions are listed in order of priority. If a user attempts
+to change a ticket's status from B to B then the lifecycle
+is checked for presence of an exact match, then for 'any to B',
+'B to any' and finally 'any to any'.
+
+If you don't define any rights, or there is no match for a transition,
+RT will use the B or B as appropriate.
+
+=head3 Labeling and defining actions
+
+For each transition you can define an action that will be shown in the
+UI; each action annotated with a label and an update type.
+
+Each action may provide a default update type, which can be
+B, B, or absent. For example, you may want your
+staff to write a reply to the end user when they change status from
+B to B, and thus set the update to B.  Neither
+B nor B are mandatory, and user may leave the
+message empty, regardless of the update type.
+
+This configuration can be used to accomplish what
+$ResolveDefaultUpdateType was used for in RT 3.8.
+
+Use the following format to define labels and actions of transitions:
+
+    default => {
+        ...
+        actions => [
+            'new -> open'     => { label => 'Open it', update => 'Respond' },
+            'new -> resolved' => { label => 'Resolve', update => 'Comment' },
+            'new -> rejected' => { label => 'Reject',  update => 'Respond' },
+            'new -> deleted'  => { label => 'Delete' },
+
+            'open -> stalled'  => { label => 'Stall',   update => 'Comment' },
+            'open -> resolved' => { label => 'Resolve', update => 'Comment' },
+            'open -> rejected' => { label => 'Reject',  update => 'Respond' },
+
+            'stalled -> open'  => { label => 'Open it' },
+            'resolved -> open' => { label => 'Re-open', update => 'Comment' },
+            'rejected -> open' => { label => 'Re-open', update => 'Comment' },
+            'deleted -> open'  => { label => 'Undelete' },
+        ],
+        ...
+    },
+
+In addition, you may define multiple actions for the same transition.
+Alternately, you may use '* -> x' to match more than one transition.
+For example:
+
+    default => {
+        ...
+        actions => [
+            ...
+            'new -> rejected' => { label => 'Reject', update => 'Respond' },
+            'new -> rejected' => { label => 'Quick Reject' },
+            ...
+            '* -> deleted' => { label => 'Delete' },
+            ...
+        ],
+        ...
+    },
+
+=head2 Moving tickets between queues with different lifecycles
+
+Unless there is an explicit mapping between statuses in two different
+lifecycles, you can not move tickets between queues with these
+lifecycles -- even if both use the exact same set of statuses.
+Such a mapping is defined as follows:
+
+    __maps__ => {
+        'from lifecycle -> to lifecycle' => {
+            'status in left lifecycle' => 'status in right lifecycle',
+            ...
+        },
+        ...
+    },
+
+=cut
+
+Set(%Lifecycles,
+    default => {
+        initial         => [qw(new)], # loc_qw
+        active          => [qw(open stalled)], # loc_qw
+        inactive        => [qw(resolved rejected deleted)], # loc_qw
+
+        defaults => {
+            on_create => 'new',
+            on_merge  => 'resolved',
+            approved  => 'open',
+            denied    => 'rejected',
+            reminder_on_open     => 'open',
+            reminder_on_resolve  => 'resolved',
+        },
+
+        transitions => {
+            ""       => [qw(new open resolved)],
+
+            # from   => [ to list ],
+            new      => [qw(    open stalled resolved rejected deleted)],
+            open     => [qw(new      stalled resolved rejected deleted)],
+            stalled  => [qw(new open         rejected resolved deleted)],
+            resolved => [qw(new open stalled          rejected deleted)],
+            rejected => [qw(new open stalled resolved          deleted)],
+            deleted  => [qw(new open stalled rejected resolved        )],
+        },
+        rights => {
+            '* -> deleted'  => 'DeleteTicket',
+            '* -> *'        => 'ModifyTicket',
+        },
+        actions => [
+            'new -> open'      => { label  => 'Open It', update => 'Respond' }, # loc{label}
+            'new -> resolved'  => { label  => 'Resolve', update => 'Comment' }, # loc{label}
+            'new -> rejected'  => { label  => 'Reject',  update => 'Respond' }, # loc{label}
+            'new -> deleted'   => { label  => 'Delete',                      }, # loc{label}
+            'open -> stalled'  => { label  => 'Stall',   update => 'Comment' }, # loc{label}
+            'open -> resolved' => { label  => 'Resolve', update => 'Comment' }, # loc{label}
+            'open -> rejected' => { label  => 'Reject',  update => 'Respond' }, # loc{label}
+            'stalled -> open'  => { label  => 'Open It',                     }, # loc{label}
+            'resolved -> open' => { label  => 'Re-open', update => 'Comment' }, # loc{label}
+            'rejected -> open' => { label  => 'Re-open', update => 'Comment' }, # loc{label}
+            'deleted -> open'  => { label  => 'Undelete',                    }, # loc{label}
+        ],
+    },
+# don't change lifecyle of the approvals, they are not capable to deal with
+# custom statuses
+    approvals => {
+        initial         => [ 'new' ],
+        active          => [ 'open', 'stalled' ],
+        inactive        => [ 'resolved', 'rejected', 'deleted' ],
+
+        defaults => {
+            on_create => 'new',
+            on_merge => 'resolved',
+            reminder_on_open     => 'open',
+            reminder_on_resolve  => 'resolved',
+        },
+
+        transitions => {
+            ''       => [qw(new open resolved)],
+
+            # from   => [ to list ],
+            new      => [qw(open stalled resolved rejected deleted)],
+            open     => [qw(new stalled resolved rejected deleted)],
+            stalled  => [qw(new open rejected resolved deleted)],
+            resolved => [qw(new open stalled rejected deleted)],
+            rejected => [qw(new open stalled resolved deleted)],
+            deleted  => [qw(new open stalled rejected resolved)],
+        },
+        rights => {
+            '* -> deleted'  => 'DeleteTicket',
+            '* -> rejected' => 'ModifyTicket',
+            '* -> *'        => 'ModifyTicket',
+        },
+        actions => [
+            'new -> open'      => { label  => 'Open It', update => 'Respond' }, # loc{label}
+            'new -> resolved'  => { label  => 'Resolve', update => 'Comment' }, # loc{label}
+            'new -> rejected'  => { label  => 'Reject',  update => 'Respond' }, # loc{label}
+            'new -> deleted'   => { label  => 'Delete',                      }, # loc{label}
+            'open -> stalled'  => { label  => 'Stall',   update => 'Comment' }, # loc{label}
+            'open -> resolved' => { label  => 'Resolve', update => 'Comment' }, # loc{label}
+            'open -> rejected' => { label  => 'Reject',  update => 'Respond' }, # loc{label}
+            'stalled -> open'  => { label  => 'Open It',                     }, # loc{label}
+            'resolved -> open' => { label  => 'Re-open', update => 'Comment' }, # loc{label}
+            'rejected -> open' => { label  => 'Re-open', update => 'Comment' }, # loc{label}
+            'deleted -> open'  => { label  => 'Undelete',                    }, # loc{label}
+        ],
+    },
+);
+
+
+
+
+
+=head1 Administrative interface
+
+=over 4
+
+=item C<$ShowRTPortal>
+
+RT can show administrators a feed of recent RT releases and other
+related announcements and information from Best Practical on the top
+level Admin page.  This feature helps you stay up to date on
+RT security announcements and version updates.
+
+RT provides this feature using an "iframe" on C
+which asks the administrator's browser to show an inline page from
+Best Practical's website.
+
+If you'd rather not make this feature available to your
+administrators, set C<$ShowRTPortal> to 0.
 
 =cut
 
-Set($CanonicalizeRedirectURLs, 0);
-=item C<$EnableReminders>
+Set($ShowRTPortal, 1);
+
+=item C<%AdminSearchResultFormat>
 
-Hide links/portlets related to Reminders by setting this to 0
+In the admin interface, format strings similar to tickets result
+formats are used. Use C<%AdminSearchResultFormat> to define the format
+strings used in the admin interface on a per-RT-class basis.
 
 =cut
 
-Set($EnableReminders,1);
+Set(%AdminSearchResultFormat,
+    Queues =>
+        q{'__id__/TITLE:#'}
+        .q{,'__Name__/TITLE:Name'}
+        .q{,__Description__,__Address__,__Priority__,__DefaultDueIn__,__Lifecycle__,__SubjectTag__,__Disabled__},
 
+    Groups =>
+        q{'__id__/TITLE:#'}
+        .q{,'__Name__/TITLE:Name'}
+        .q{,'__Description__',__Disabled__},
 
-=item C<@Plugins>
+    Users =>
+        q{'__id__/TITLE:#'}
+        .q{,'__Name__/TITLE:Name'}
+        .q{,__RealName__, __EmailAddress__,__Disabled__},
 
-Set C<@Plugins> to a list of external RT plugins that should be enabled (those
-plugins have to be previously downloaded and installed).
-Example:
+    CustomFields =>
+        q{'__id__/TITLE:#'}
+        .q{,'__Name__/TITLE:Name'}
+        .q{,__AddedTo__, __FriendlyType__, __FriendlyPattern__,__Disabled__},
+
+    Scrips =>
+        q{'__id__/TITLE:#'}
+        .q{,'__Description__/TITLE:Description'}
+        .q{,__Condition__, __Action__, __Template__, __Disabled__},
 
-C
+    Templates =>
+        q{'__id__/TITLE:#'}
+        .q{,'__Name__/TITLE:Name'}
+        .q{,'__Description__','__UsedBy__','__IsEmpty__'},
+    Classes =>
+        q{ '__id__/TITLE:#'}
+        .q{,'__Name__/TITLE:Name'}
+        .q{,__Description__,__Disabled__},
+);
+
+=item C<%AdminSearchResultRows>
+
+Use C<%AdminSearchResultRows> to define the search result rows in the admin
+interface on a per-RT-class basis.
 
 =cut
 
-Set(@Plugins, (qw(RTx::Calendar
-                  RT::Extension::MobileUI))); #RTx::Checklist ));
+Set(%AdminSearchResultRows,
+    Queues       => 50,
+    Groups       => 50,
+    Users        => 50,
+    CustomFields => 50,
+    Scrips       => 50,
+    Templates    => 50,
+    Classes      => 50,
+);
 
 =back
 
-=head1 Development Configuration
+
+
+
+=head1 Development options
 
 =over 4
 
 =item C<$DevelMode>
 
-RT comes with a "Development mode" setting. 
-This setting, as a convenience for developers, turns on 
-all sorts of development options that you most likely don't want in 
-production:
+RT comes with a "Development mode" setting.  This setting, as a
+convenience for developers, turns on several of development options
+that you most likely don't want in production:
+
+=over 4
 
-* Turns off Mason's 'static_source' directive. By default, you can't 
-  edit RT's web ui components on the fly and have RT magically pick up
-  your changes. (It's a big performance hit)
+=item *
 
- * More to come
+Disables CSS and JS minification and concatenation.  Both CSS and JS
+will be instead be served as a number of individual smaller files,
+unchanged from how they are stored on disk.
 
-=cut
+=item *
+
+Uses L to reload changed Perl modules on each
+request.
+
+=item *
+
+Turns off Mason's C directive; this causes Mason to
+reload template files which have been modified on disk.
+
+=item *
 
-Set($DevelMode, '@RT_DEVEL_MODE@');
+Turns on Mason's HTML C; this renders compilation errors
+to the browser, along with a full stack trace.  It is possible for
+stack traces to reveal sensitive information such as passwords or
+ticket content.
 
+=item *
+
+Turns off caching of callbacks; this enables additional callbacks to
+be added while the server is running.
 
 =back
 
-=head1 Deprecated Options
+=cut
+
+Set($DevelMode, 0);
 
-=over 4
 
-=item C<$AlwaysUseBase64>
+=item C<$RecordBaseClass>
 
-Encode blobs as base64 in DB (?)
+What abstract base class should RT use for its records. You should
+probably never change this.
 
-=item C<$TicketBaseURI>
+Valid values are C or
+C
 
-Base URI to tickets in this system; used when loading (?)
+=cut
+
+Set($RecordBaseClass, "DBIx::SearchBuilder::Record::Cachable");
 
-=item C<$UseCodeTickets>
 
-This option is exists for backwards compatibility.  Don't use it.
+=item C<@MasonParameters>
+
+C<@MasonParameters> is the list of parameters for the constructor of
+HTML::Mason's Apache or CGI Handler.  This is normally only useful for
+debugging, e.g. profiling individual components with:
+
+    use MasonX::Profiler; # available on CPAN
+    Set(@MasonParameters, (preamble => 'my $p = MasonX::Profiler->new($m, $r);'));
+
+=cut
+
+Set(@MasonParameters, ());
+
+=item C<$StatementLog>
+
+RT has rudimentary SQL statement logging support; simply set
+C<$StatementLog> to be the level that you wish SQL statements to be
+logged at.
+
+Enabling this option will also expose the SQL Queries page in the
+Admin -> Tools menu for SuperUsers.
+
+=cut
+
+Set($StatementLog, undef);
 
 =back