=====================================================================
#######     PaKnPost Pro Configuration and Usage Notes        #######
=====================================================================

See INSTALL.txt for installation notes.
See FAQ.txt for frequently unasked questions.
See LICENSE.txt for licensing provisions

Steve Grasso steveg at nexus.iinet.net.au
20160621

Revision 1.15

Update from 1.14 includes bug fixes and security enhancements.
CREDIT for discovery of vulnerabilities and patching to 
Edvin Rustemagic and Grega Preseren with thanks.

=====================================================================
##########         Why was PaKnPost Pro written?           ##########
=====================================================================

To take the load off email servers which by default are being used by 
many people to send and store rediculously large files as attachments.

In the corporate world, the size of email attatchments is usually 
restricted to preserve bandwidth and email server file system resources. 
PaKnPost Pro presents an alternative way of sharing large files,
without losing the ability to restrict certain potentially malicious
file types or to scan files for potentially malicious code. PaKnPost Pro 
utilises HTTP to convey the files, and text email to notify file
recipients. PaKnPost Pro has inbuilt counter-measures designed to make it
difficult for people to abuse (unless administrators turn these 
counter-measures off).

=====================================================================
##########              Features at a Glance               ##########
=====================================================================

System Features
===============

- Automated cross-platform installer and manual FTP based installation options

- Full system documentation

- Written in Perl, with some JavaScript, so cross-platform compatible
Tested on Unix, Linux and Windows platforms

- Dynamically generated HTML User FAQ, reflecting Admin selected
configuration options

- Customisable CSS or HTML wrapper to control suite look-and-feel

- Unique randomised Holding Area directory names to protect shared files,
with 1 x 10 to the power of 23 different combinations (32 selected out of
52 upper and lowercase characters, in random order)

- May be used on an SSL enabled server for secure transmission of files

- Admin switchable extended error messages

- Automatic PaKnPosT Pro Plugin Installer

- Optional Contacts Directory of email addresses

- Optional LDAP Plugin to synchronise Contacts Directory with corporate email address books

User Features
=============

- Notification email sent to recipient(s), confirmation email sent to sender

- Sender may choose recipient(s) from a Contacts Directory

- Sender may elect to send notification email to one or many recipients

- Sender may include comments in the notification email

- Optional strong file encryption on the server

- Full aggregated statistics of files shared by the system, including
breakdown of total MB shared by file type


Administrative Features
=======================

- System configuration via password protected Web interface, or direct
edit of text configuration files

- Full usage log

- Admin defined username/password for Web configuration manager. Password
is encrypted

- Admin defined shared file retention period with automatic Holding Area
cleanup

- Admin definable limit on the number of notification emails sent to
multiple recipients to minimise spam

- Admin optional check of User entered email addresses for valid email 
servers

- Admin optional virus scanning of uploaded files

- Admin optional restriction of domains able to access PaKnPost Pro

- Admin optional restriction of networks or individual machines able to
access PaKnPost Pro

- Admin optional restriction of file-types

- Admin optional limit on uploaded file size

- Admin optional graphical validation code to minimise spam

- Admin optional set User defined username/password protection of Holding
Area to further protect shared file

- Admin definable file size limits for encrypting files

- Admin option to enable user selection of recipients from a Contacts Directory

- Admin option to enable user selection of cc addresses from a Contacts Directory

- Optional LDAP Plugin to allow Admin to synchronise the Contacts Directory with
a corporate email address book - available from http://www.paknpost.com

- Admin optional restriction of networks or individual machines able to
use the Contacts Directory

- Admin selectable notification email transmission method - either
directly via local 'sendmail' or through external Mail Transfer Agent relay

- Admin definable 'blacklist' of recipient usernames who may not receive
notification emails

- Admin definable 'blacklist' of recipient usernames who may not send
notification emails

=====================================================================
##########             Initial Configuration               ##########
=====================================================================

System configuration is read from pnp_config.pl. This may be edited
by hand, but it's probably safer to use the Web Configuration Manager.

Open the PaKnPost Pro Configuration Manager with a Web browser to configure 
it eg.
http://www.yourdomain.com/cgi-bin/pnp/configure.cgi

The initial username is admin with password initial
Change these IMMEDIATELY from the configuration manager to prevent 
unauthorised changes to your PaKnPost Pro installation

The first time the Configuration Manager is run, a default configuration 
profile will be loaded up. Change this as required and click "Save 
Configuration". This will generate a current profile, which will be 
loaded when the Configuration Manager is run on subsequent occasions.

To revert to the default configuration at any time, click "Revert to 
Default Configuration". CAUTION: This will DESTROY any current 
configuration settings you have.

=====================================================================
##########            Configuration Options                ##########
=====================================================================

=====================================================================
# Debug mode

This gives extended error messages
Default is OFF

=====================================================================
# Use Cascading Style Sheet wrapper

The look and feel of PaKnPosT Pro may be controlled from a Cascading 
Style Sheet or plain HTML wrapper.
Default is OFF (ie. plain HTML wrapper)

=====================================================================
# Title of the PaKnPost Pro installation

This is used in the HTML header for pages across PaKnPost Pro 

=====================================================================
# Organisation name

This is used in HTML pages eg. the FAQ

=====================================================================
# Organisation URL

This is the base URL of the PaKnPosT Pro server
NOTES :
1. If the PaKnPost Pro server is SSL enabled (ie. a secure server)
   make sure you use a https URL prefix, http otherwise.
2. Do NOT include a trailing slash.

eg. http://www.yourdomain.com

=====================================================================
# Fully Qualified Domain Name of the PaKnPost Pro web server

This is used to construct site URLs and to confirm that the Phase 2 
script has been called from the Phase 1 script on our machine,
and not from some other process on an external machine
eg. a nasty spammer's machine

eg. www.mydomain.com

=====================================================================
# File retention period

The number of days files will be retained for collection in the Holding Area

NOTE: This is used by the clear_efiles.sh script which is run from cron 
once daily to clear old shared files from the Holding Area

eg. 5

=====================================================================
# Notification Email address of the PaKnPost Pro Admin

This is rendered in plain text for use in the notification email message body

eg. admin@mydomain.com

=====================================================================
# Web Email address of the PaKnPost Pro Admin

This is ASCII Entity encoded before inclusion into PaKnPost Pro HTML pages.
This prevents evil spammers from screen-scraping the email address from  
PaKnPost Pro Web pages. It may be a different address from the Notification 
Email address

eg. admin@mydomain.com

=====================================================================
# Base location of images for PaKnPost Pro

This is the location of images used by the HTML header. It may be a URL or 
a relative local directory path, WITHOUT a trailing slash.

NOTE: If you enter a URL and the PaKnPost Pro server is SSL enabled (ie. a 
secure server) make sure you use a https URL prefix.

eg. 
1. http://www.mydomain.com/pnp/images
2. https://www.mydomain.com/pnp/images
2. ../html/pnp/images

=====================================================================
# The URL for the CSS wrapper stylesheet

If the PaKnPost Pro server is SSL enabled (ie. a secure server)
make sure you use a https URL prefix, http otherwise.

eg. http://www.yourdomain/pnp/css/default.css

=====================================================================
# HTML header for all PaKnPost Pro pages

This is the header used to prepare all the HTML pages for PaKnPost Pro

=====================================================================
# HTML footer for all PaKnPost Pro pages

This is the footer used to complete all the HTML pages for PaKnPost Pro

=====================================================================
# Limit Domains

When set to YES this prevents broadscale public use of PaKnPost Pro for 
file sharing by ensuring that the file shared is either To or From email
addresses in your domain only. Default is YES.

If you set Limit Domains to "Yes", you MUST complete a list of BOTH 
acceptable domains AND acceptable networks (EVEN IF you set Limit 
Networks to "No"). In this case, Network(s) should be internal LAN/WAN 
IP's (or if part, most significant network octets eg. 10.11. 192.168.0.)
each separated by a single space.

List of Acceptable Domain(s) should be Fully Qualified Domain Names,
each separated by a single space eg. 
mydomain.com yourdomain.co.uk anotherdomain.net

=====================================================================
# Limit Networks

When set to YES this limits use of PaKnPost Pro to people originating from 
particular network(s). Default is NO.

List of Acceptable Network(s) can be internal LAN/WAN IP's or selected 
external networks. If part IP's are used, nominate the most significant 
network octets eg. 10.11. 192.168.0.

List of Acceptable Network(s) should be IP's or part IP's each separated 
by a single space eg.
10.11. 192.168.0. 172.27.0.24

=====================================================================
# Limit Upload Size

When set to YES this limits the size of file allowed to be uploaded to 
the PaKnPost Pro server. Setting upload file size limits helps prevent the file 
system filling, and limits the effect of denial of service attacks.
Default is YES.

=====================================================================
# Upload Size Limit in MB

This is the upper file size limit in megabytes. Default is 50

eg. 5.5

=====================================================================
# Enable File Encryption Option

When set to YES this enables the user to elect to encrypt the shared 
file stored on the PaKnPost Pro server in its Holding Area. This helps prevent
leakage of sensitive information in the unlikely event that the file is 
inspected on the server or downloaded by an unauthorised third-party.

File encryption requires the CipherSaber.pm perl module - this is
installed by default with PaKnPosT, latest version available from CPAN:
http://search.cpan.org/~chromatic/Crypt-CipherSaber-0.61/lib/Crypt/CipherSaber.pm

According to the authors ( http://ciphersaber.gurus.com/ ) CipherSaber
"uses Ron Rivest's RC4 algorithm" which is "widely respected and used 
in a number of products, including SSL, the tool Web browsers use to 
secure credit card forms." As implemented in PaKnPost Pro, the CipherSaber 
key is a randomised 20 byte key, conforming to the author's advice: 
"For medium security (64 bit entropy), we recommend a user key 
with a minimum of 15 random letters...For high security, use 20 random 
letters".

WARNING: Files in the Holding Area are encrypted on the PaKnPost Pro server AFTER 
transmission from the sender's computer, and decrypted on the PaKnPost Pro
server BEFORE transmission to the recipient's computer. Unless an SSL enabled PaKnPost
Pro server is used, shared files will be sent UNENCRYPTED over the Internet
up to and down from the PaKnPost Pro server. In this case, after encryption,
files will be protected while it is in the PaKnPost Pro Holding Area, but not
in transmission. To take full advantage of the privacy afforded by the encryption
option, it is suggested that an SSL enabled PaKnPost Pro server be used.

Once decrypted files have been collected from the Holding Area, they should
be deleted by the recipient. If they are not, they will remain UNENCRYPTED in
the Holding Area until the automatic cleanup time has elapsed and they are
deleted.

LEGAL WARNING: Using CipherSaber to encrypt files may be illegal in your 
country. I am not a lawyer, so if you are in doubt you should seek legal 
advice. There is a survey of many country's cryptography laws at 
http://rechten.uvt.nl/koops/cryptolaw which may be of some use, but I can't 
verify its correctness.

=====================================================================
# Limit Size of File for Encryption

When set to YES the size of files allowed to be encrypted is limited.
This is useful, because there is a time overhead (affecting the user) 
and a computational overhead (affecting the server) in encrypting files.
Default is YES.

=====================================================================
# Encryption File Size Limit in MB

This is the upper file size limit in megabytes. Default is 20

eg. 5.5

=====================================================================
# CPU Speed for Estimating Encryption Time (MHz or BogoMIPS)

On a Linux platform, the best estimation is given using the BogoMIP CPU
speed indicator, although MHz can be used. Windows platform, use MHz

Linux: Read from /proc/cpuinfo, either automatically by the install script
or manually by browsing to http://www.yourdomain.com/cgi-bin/pnp/cpuinfo.cgi

Windows: Check CPU speed using the CHKCPU32.EXE utility available from
http://web.inter.nl.net/hcc/J.Steunebrink/chkcpu.htm. If this is available 
in %windir%\system32, browsing to http://www.yourdomain.com/cgi-bin/pnp/cpuinfo.cgi
will indicate the CPU speed in MHz

CPU speed is used in conjunction with previously benchmarked (*) average
encryption times for 1 MB, 5MB, 10MB and 20MB files using PII, two PIII 
and two P4 processors:

Speed: MHz	Time to Encrypt 1 byte: Seconds

334.081		0.000027656	(PII)
498.858		0.000020610	(PIII)
930.326		0.00000749	(PIII)
1495.178	0.00000664	(P4)
2400.160	0.00000424	(P4)

MHz predicts encryption time well for Pentium class Intel processors, but
not AMD. The arbitrary "BogoMIPS" CPU performance indicator gives better
predictive reults across processors, and is used by default:

Speed: BogoMIPS	Time to Encrypt 1 byte: Seconds

663.07		0.000027656	(PII)
996.14		0.000020610	(PIII)
1854.66		0.00000749	(PIII)
2981.88		0.00000664	(P4)
3591.37		0.0000036	(AMD Athlon 2200+)
4784.12		0.00000424	(P4)

Estimating the time to encrypt a given file is achieved using two perl
modules, Interpolate.pm and IntervalSearch.pm - these are installed by default
with PaKnPosT, latest versions available from CPAN:
http://search.cpan.org/~bzajac/Math-Interpolate-1.05/lib/Math/Interpolate.pm
http://search.cpan.org/~bzajac/Math-Interpolate-1.05/lib/Math/IntervalSearch.pm

(*) Benchmarking may be fine-tuned using the scripts in the benchmarking
directory and added to the samples used in select_.cgi to estimate encryption
time. Decryption time (estimated in fetch.cgi) is about  86.93% of the initial
time taken to encrypt a file.

=====================================================================
# Allow optional user-set username/password protection for uploaded files?

If this is set to YES users are given the option to enter a username
and password combination which must be used by recipients to download the
shared file.  This is an additional layer of protection for shared files, 
in case the randomised Holding Area URL becomes known to an unauthorised 
third party.

The username and password entered by the user should be communicated to the 
recipient(s) separately from the PaKnPost Pro notification email eg. by phone

NOTE: The username and password entered by the user is CASE SENSITIVE
and the recipient must enter the same username and password EXACTLY as
entered by the user, or the file will not be released.

=====================================================================
# Validate a graphical code to minimise automated SPAM?

If set to YES the Phase 2 script will not send the notification email 
unless an uppercase letter sequence displayed in a graphic is correctly
entered into the form. This is designed to prevent automatic processes
(typically used by spammers) using the form to generate bulk emails.

If set to YES, be sure to set a corresponding password

=====================================================================
# Password for Anti-SPAM validation

This is used to encrypt the required graphical validation code so it
can't be read from the HTML form

This should be any random string of 9 upper-case characters
eg. AKRNFHTEB

=====================================================================
# Check uploaded files for allowed file types?

If set to YES, uploaded files are restricted by file type. File type
is determined from both the file's extension and its MIME type.

If this is set to YES:

- The MIME file types perl module must be installed (it's installed 
by default with PaKnPosT). The latest version of MMagic.pm can be obtained from 
from CPAN if required:
http://search.cpan.org/~knok/File-MMagic-1.22/MMagic.pm

and 

- unzip must be installed. Get unzip from http://www.info-zip.org/pub/infozip/

=====================================================================
# Check uploaded files for viruses?

If set to YES, uploaded files will be checked for malicious content

This assumes clamscan anti-virus is installed
Linux: clamscan: part of Clam AntiVirus http://www.clamav.net/ 
http://clamav.elektrapro.com/
Windows: 
http://www.clamwin.com/

=====================================================================
# Location of clamscan antivirus

If clamscan is installed, this its location in the file system
eg. Linux /usr/bin/clamscan, Windows C:\\Program Files\\Clamwin\\bin\\clamscan

=====================================================================
# Directory path to the holding area

This is the full path to the HTML directory where uploaded files are held 
while awaiting collection.

eg.
Linux: 
1. /var/www/html/pnp/files/
2. /home/yourusername/public_html/pnp/files/
Windows (include the drive letter and all back-slashes should be double):
C:\\Program Files\\Apache Software Foundation\\Apache2.2\\htdocs\\pnp\\files\\

NOTES: 

1) The owner of this directory must be the same as the user that
   the web server runs as. Typically in the case of Apache on Red Hat, 
   the owner and group should be apache:apache on SuSE wwwrun:www
   on Debian www-data:www-data or if running out of user webspace, typically
   the owner should be the same as the username

2) Must INCLUDE a trailing slash after directory name

3) Windows Servers Only: Include the drive letter and all back-slashes should be double eg. 
C:\\Program Files\\Apache Software Foundation\\Apache2.2\\htdocs\\pnp\\files\\

4) Make sure the URL to the holding area references the correct directory

If you have access to cron on your system:

1) the clear_efiles.pl script needs to exist in
   the upload directory if it will be used to periodically clear
   files out of the holding area

2) clear_efiles.pl needs to be called once daily from cron
   by making a suitable crontab entry eg.
   Linux:
   0 23 * * * /usr/bin/perl /var/www/html/pnp/files/clear_efiles.pl > /dev/null 2>&1
   Windows:
   C:\usr\bin\perl C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\pnp\files\clear_efiles.pl

otherwise, you'll have to clear old files from the Holding Area periodically to 
prevent the file system filling up.

=====================================================================
# URL of the file holding area

This is the base URL of the file holding area which will be used to
publish the file's location in the notification email.

NOTE 1.: It must INCLUDE a trailing slash
NOTE 2.: If the PaKnPost Pro server is SSL enabled (ie. a secure server) 
make sure you use a https URL prefix.

eg. 
1. http://www.mydomain.com/pnp/files/
2. https://www.mydomain.com/pnp/files/
3. http://www.mydomain.com/~yourusername/pnp/files/

NOTE: Make sure this correctly references the Holding Area directory
      defined above

=====================================================================
# Base directory URL of the PaKnPost Pro cgi-bin directory

This is the CGI-BIN directory where the PaKnPost Pro files are. It is used to 
construct URL's which point to the PaKnPost Pro index, faq and stats scripts.

Make sure this is the same as was defined in the install script. 
It must be entered WITHOUT domain OR trailing slash

eg. 
1. cgi-bin/pnp
2. ~yourusername/cgi-bin/pnp

=====================================================================
# The name of the log file

This will be read by the stats.cgi script to give stats on PaKnPost Pro 
usage over time

=====================================================================
# Do you want to check for valid mail exchangers to weed out invalid email addresses?

If this is set to YES, dig is used to verify that the domain portion of any
given email address corresponds with a valid mail exchanger.

=====================================================================
# Outbound Email method 

You MUST choose one of OPTION 1 or OPTION 2

EMAIL OPTION 1
Use local 'sendmail' as an MTA?

If this is set to YES, sendmail (or its equivalent) will be used to send
the notification email directly from the server PaKnPost Pro is installed on.

NOTES: 
1) Mail generated by this method is often identified to other MTA's as coming from the
user id associated with the local web server eg. for Red Hat 9 this is apache@yourdomain.com
2) Windows: Assumes use of Bmail ( http://www.beyondlogic.org/solutions/cmdlinemail/cmdlinemail.htm )
in %windir%\system32 folder which passes email off to a local MTA (eg. Mercury Mail Transport System
http://www.pmail.com/ )

EMAIL OPTION 2
Use an SMTP relay server?

If this is set to YES, the notification email will be directed to a mail exchanger
for sending. It can be an IP or Fully Qualified Domain Name (and may even be the IP of the
local machine if the local machine is to be used as the relay)

NOTE: Any server selected here needs to be configured to accept mail for relay from this machine

=====================================================================
# Domain for email servers requiring a domain entry

If you've selected EMAIL OPTION 2, some email servers require that you provide a domain 
name for checking

eg. yourdomain.com

=====================================================================
# Do you wish to enable use of a Contacts Directory of internal email addresses?

A Contacts Directory may make it easier for file sharers to select a recipient's email address.
A file sharer may select a recipient from the Directory, or type a recipient email address into 
the form by hand, but not both. If an address is selected from the directory AND an email address 
has been typed in, the entry selected from the Directory will be the recipient address used.

WARNING: If the use of a Contacts Directory is enabled, it is STRONGLY recommended to RESTRICT 
the use of the Directory to networks that are INTERNAL to your organisation, or trusted, non-public
networks. If access is not restricted, it may be possible for malicious public users to copy the names 
and email addresses of people in your Contact Directory.

=====================================================================
# Do you wish to enable selection of cc addresses from Contacts Directory?

If this is set to YES, file sharers may select multiple Carbon Copy recipient addresses from the 
Contacts Directory. A file sharer may select Cc recipient(s) from the Directory, or type a Cc
recipient(s) list by hand, but not both. If addresses are selected from the Directory AND a list 
is typed in, the addresses selected from the Directory will be used.

WARNING: If the use of a Contacts Directory is enabled, it is STRONGLY recommended to RESTRICT
the use of the Directory to networks that are INTERNAL to your organisation, or trusted, non-public
networks. If access is not restricted, it may be possible for malicious public users to copy the names
and email addresses of people in your Contact Directory.

OPTIONAL: The Contacts Directory may be created or refreshed from a corporate Exchange address list
(or other LDAP address list) by using the PaKnPosT Pro LDAP Plugin. See www.paknpost.com for details.

=====================================================================
# Do you wish to limit the use of the email address Contacts Directory to certain networks?

When set to YES this limits access to the Contact Directory to people originating from
particular network(s). 

List of Acceptable Network(s) can be internal LAN/WAN IP's or selected
external networks. If part IP's are used, nominate the most significant
network octets eg. 10.11. 192.168.0.

List of Acceptable Network(s) should be IP's or part IP's each separated
by a single space eg.
10.11. 192.168.0. 172.27.0.24

NOTE: If the Contacts Directory is enabled, it is STRONGLY RECOMMENDED that Acceptable Networks
be restricted to networks INTERNAL to your organisation, or trusted, non-public networks. 

=====================================================================
# Dummy username for Confirmation emails

Most corporate spam filters will rightly filter any email to a recipient from
that recipient's email address. For this reason, PaKnPosT Pro uses a dummy
username as the originator of Confirmation emails.
This username should be allowed to pass through corporate spam filter rules.
It is STRONGLY recommended that this be changed from the default paknpost username

=====================================================================
# Set the maximum number of cc recipients to minimise SPAM

This is the maximum number of email addresses PaKnPost Pro will carbon copy
the notification email to.

=====================================================================
# Blacklisted outbound email recipient usernames 

These are email recipients you DON'T want notification email sent to
Part usernames are OK

List usernames separated by a single space
eg. All all postmaster admin

=====================================================================
# Blacklisted inbound email originators 

These are usernames of people who are NOT allowed to use PaKnPost Pro
# Part usernames are OK

List usernames separated by a single space
eg. luesr1 spammer dipstick 

=====================================================================
# Allowed File Extensions

These are the file extensions of files which will be accepted for upload.
The list is comprised of acceptable file extensions, in lowercase, 
WITHOUT a dot, and separated by a single space

eg.
ai avi dat doc dmg eps indd jpeg jpg lha log lzh mdb mde nrg pdf ppt ps psd qxd rtf sit tif tiff ttf txt vsd xls xtg zip

=====================================================================
# Allowed octet-stream MIME type File Extensions

These are the extensions of octet-stream MIME file types which ARE allowed. 
These extensions MUST also be in the Allowed File Extensions list above. 
The list is comprised of acceptable file extensions, in lowercase, 
WITHOUT a dot, and separated by a single space

eg.
|dmg indd iso lha lzh mdb mde nrg

=====================================================================
# Plugin Directory

This a randomised directory where PaKnPost Pro Plugins are managed from.
It is automatically generated and NOT admin configurable


=====================================================================
##########                     Usage                       ##########
=====================================================================

Direct users of PaKnPost Pro to open the page
http://www.mydomain.com/pnp or
http://www.mydomain.com/cgi-bin/pnp/index.cgi in a Web browser.

If you have a secure web server running, you may optionally direct 
users to https://www.mydomain.com/pnp so that transactions are 
encrypted.

Phase 1

Users are prompted to browse their local computer for file(s) they'd 
like to share. If file types are restricted, the user will see a list 
of acceptable filename extensions. Compressed archives are checked 
internally for acceptable file types. When the file is successfully 
uploaded, if virus checking is set, the file is scanned for potentially 
malicious content. 

Phase 2

Details of a successful upload are displayed and users are prompted 
for their name and email address, the email address(es) of 
people to be notified that there's a file to be collected and any 
comments they'd like to make. 

If graphical validation is set, the user must correctly enter the 
displayed graphical uppercase letter string in order to continue. 

If username/password is set, the user may optionally enter a username 
and password to further protect the shared file from unauthorised access.
If this option is available and the user does NOT enter a username and 
password, file retrieval is NOT restricted by any username/password.

If shared file encryption is set, the user is given the option to 
encrypt the file in its Holding Area. An indication of how long the 
encryption process will take is presented to the user.

When the user clicks the "Email Details Now" button, a notification email 
is sent to the nominated recipient(s) which contains the URL and instructions 
for collecting the shared file. A confirmation email is also sent to the user
as a receipt of the transaction.

See FAQ.txt for additional usage information.

=====================================================================