Global settings g_bounce

  1. Home
  2. Knowledge Base
  3. Settings
  4. Global settings g_bounce


g_bad_login_allow – Number of consecutive bad logins for a user before blocking that user

Number of consecutive bad logins for a user before blocking that user.

Syntax: g_bad_login_allow int

g_bad_login_dumb – Give login failures even if known address

This disables the smart feature so this setting will probably catch real users 🙂

Syntax: g_bad_login_dumb bool

g_bad_login_ip_allow – Number of bad logins from an IP before blocking that IP

Number of bad logins from a single IP before blocking that IP.

Syntax: g_bad_login_ip_allow int

g_bad_login_ip_ignore – IP address(es) to allow any number of bad logins from

Use for webmail system or other local gateway to stop bad login counter from locking out all users.

Syntax: g_bad_login_ip_ignore string

g_bad_login_lockout – Lockout addresses permenantly – use if DOS attack

This can reduce load during DOS attack.

Syntax: g_bad_login_lockout bool

g_bad_login_mins – Minutes to block login for, if consecutive bad ones received

Minutes to block login for, if consecutive g_badlogin_allow or g_badlogin_ip_allow bad logins received=.

Syntax: g_bad_login_mins int

g_badfrom_badmx – Drop message if this MX

If mx host is one of these addresses then drop the message, it’s definitely spam (e.g. 127.*).

Syntax: g_badfrom_badmx string

g_badfrom_check – Check if ‘from’ envelope can be delivered to

If this is set to “true” then SurgeMail will connect back to the envelope ‘from’ address and check that the address is valid, a cache is used to improve performance, if it cannot connect then the message is bounced as probable spam. It’s nicer to use the following setting “g_badfrom_stamp” as well, then if SurgeMail cannot connect back or the user is invalid then a header is added to indicate this, and our SmiteSpam rules will use this to increase the spam weighting.

You can use g_spam_allow to exempt an IP from this check as well as g_badfrom_whitelist for a domain. Please note that by default SurgeMail uses a blank mail from to do its check.
MAIL FROM: <>
Some servers might reject this, though they shouldn’t because its a standard bounce, however if they do you can use g_badfrom_from to set a mail from address to be used for this check.

Syntax: g_badfrom_check bool

g_badfrom_from – Mail from account for g_badfrom_check

From to use when doing the g_badfrom_check check, not normally needed, if set must be set to valid account.

Syntax: g_badfrom_from string

g_badfrom_noip – Check envelope from domain exists and is a valid IP number

Check envelope from domain exists and is a valid ip number, if not bounce message.

Syntax: g_badfrom_noip bool

g_badfrom_noip_temp – Makes g_badfrom_noip return a temporary error instead of a 501 error

Use g_verify_mx_skip to bypass/whitelist ip addresses from this check

Syntax: g_badfrom_noip_temp bool

g_badfrom_stamp – If ‘g_badfrom_check’ is bad then stamp a header on the message

g_badfrom_check must also be set to true. If this is set to “true” then SurgeMail will connect back to the envelope ‘from’ address and check that the address is valid, a cache is used to improve performance, if it cannot connect then a header is added to indicate this, and our SmiteSpam rules will use this to increase the spam weighting.

Syntax: g_badfrom_stamp bool

g_badfrom_whitelist – Whitelist of domains to skip from checks

Whitelist of “from” address domains to skip g_badfrom_* checks.

eg.
g_badfrom_whitelist “specialdomain.com”

Syntax: g_badfrom_whitelist string

g_ban_blackhole – Leave connected but reject all recipients without looking them up

Leave connected but reject all recipients without looking them up. This is good of dealing with high volume spammers without wasting resources doing user lookups. 

Syntax: g_ban_blackhole bool

g_ban_from – Ban any matching MAIL FROM: envelope

Same as ‘ban_helo’ but applies to the from (return address) part of the mail envelope. This is NOT the same as the from/sender header in the message itself!!! This equates to the ‘Return-path:’ header that the mail server adds. 

Syntax: g_ban_from string

g_ban_helo – Ban any machine that gives a matching ‘helo’ string

This is a simple spam protection system to block known spam/problem users based on the ‘helo’ name they send to your system. This name is recorded in the ‘received’ header along with the IP address. This name is very easy to ‘fake’ so is not a high security level of protection, but it is simple for stopping stupid robots etc, that have gone insane.

Example: *junkmail.com 

Syntax: g_ban_helo string

g_ban_rcpt – Ban any matching RCPT TO: envelope

Same as ‘ban_helo’ but applies to the recipient part of the envelope (destination users) this is NOT the same as the ‘To:’ header in the message itself!!! This can sometimes be used to block really simple spamming programs that always send to the same invalid users. 

Syntax: g_ban_rcpt string


g_bounce_bind – Use a specific ip address for outgoing bounces

Some RBL sites blacklist machines for sending bounces, which is probably a good thing. But even with spf running your server may occasionally send a bounce to a forged address, and so you can use an alternate ip address for these bounces to avoid blacklisting your main mail server address. First you must assign the ip address to your network interface etc

Syntax: g_bounce_bind string

g_bounce_disable – Bounce Disable

Disable all bounces. This is particularly useful when under spam attack. This is for outgoing bounces it stops SurgeMail generating bounces it won’t affect incomming bounces from other servers.

example:
g_bounce_disable “true”

Syntax: g_bounce_disable bool

g_bounce_limit – Max size of bounce messages

Max size in bytes of message to send back as bounce message is truncated if necessary.

Syntax: g_bounce_limit int

g_bounce_nodrop – Enables locally generated bounces for non local users

This setting makes bounces occur normally, the reason bounces are normally dropped for non local users is that they are almost always spam bouncing off another server due to forwarding settings, and as such sending a bounce email will get your server black listed, so we decided it was best to drop them by default since they are rarely useful. Turn this setting on at your own risk :-). Instead use g_bounce_to to list domains that it is safe to bounce to.

Syntax: g_bounce_nodrop bool

g_bounce_paranoid – Prevent external bounces going through surgemail

This can help stop back scatter from another server going through your server to an external domain

Syntax: g_bounce_paranoid bool

g_bounce_redirect – Send all bounces to a local address

This can be used to avoid ‘back scatter’ which can get your server listed in various black listed sites. In general your server should not generate bounces so if you get lots you may find changing config settings can stop them. Note this only redirects bounces to non local recipients, so your users sending outgoing mail will still get their own bounce messages.

Syntax: g_bounce_redirect string

g_bounce_reject – Reject bounces by ip address from known dumb mail servers

Some mail servers (exchange) will accept email, then bounce it, this is now considered a ‘crime’ and will get your server black listed, so if you have surgemail running as a gateway for such servers you can tell it to reject any bounce that server is foolish enough to send you.

Syntax: g_bounce_reject string

g_bounce_safe – Only send bounces to local domains

This may result in lost messages, but can also avoid backscatter issues

Syntax: g_bounce_safe bool

g_bounce_some_stop – Disables locally generated bounces for partial message failure – NEVER use this!

This can decrease back scatter, but it has other bad effects, it can result in duplicate messasges arriving. Never never use this setting

Syntax: g_bounce_some_stop bool

g_bounce_suggest – Send bounces to postmaster if spf cannot be verified

This may help stop black listing for backscatter while still alerting the sending domain admin that one of their users emails to your server bounced, You can specify a template file suggest.eml if you don’t like the default message suggesting the postmaster add spf records for their domain

Syntax: g_bounce_suggest bool

g_bounce_to – Domains to treat as local and send bounces to

This setting makes bounces occur normally, the reason bounces are normally dropped for non local users is that they are almost always spam bouncing off another server due to forwarding settings, and as such sending a bounce email will get your server black listed, so we decided it was best to drop them by default since they are rarely useful. Turn this setting on at your own risk :-). Instead use g_bounce_to to list domains that it is safe to bounce to. e.g. *@a.com,*@b.com

Syntax: g_bounce_to string

g_bounce_to_recipient – Bounce suregewall failure to the recipient

This can help prevent message loss in rare cases where quota/size limits prevent a delivery from surgewall server to destination server.

Syntax: g_bounce_to_recipient bool



Was this article helpful?

Related Articles