Global Settings g_auth

Table of Contents

g_auth_hide - Disable SMTP Authentication

Per default SMTP authentication is enabled. If a user matches this IP range/list they will NOT be shown the ESMTP extension for SMTP authentication. This will usually stop the mail client from prompting the user for authentication. We STRONGLY recommend you do NOT use this feature. It is much better to let users authenticate when sending email.

Syntax: g_auth_hide string

g_auth_norelay - Ignore SMTP auth for relaying purposes

This means relaying only occurs if g_relay_allow_ip matches

Syntax: g_auth_norelay bool

g_auth_path - Path to nwauth files

Needed for mirroring if using multiauth

Syntax: g_auth_path string

g_auth_skipgateway - Skip gateway rules if we get a proxy SMTP auth command

Skip gateway rules if we get a proxy SMTP auth command. This is not for general use. It can be used if you are using SurgeMail in front of another mail server with a wild card gateway to gateway all domains to a back end mail server. Then an authenticated user is a local user trying to send out so the gateway rules are ignored. (this is strongly not recommended)

Syntax: g_auth_skipgateway bool

g_authent_addip - Send ip address as third parameter to authent module

This setting has no further documentation currently available

Syntax: g_authent_addip bool

g_authent_allow_badascii - Allow ascii chars outside the range 32 < 127

By default ascii characters < 32 and >= 127 are blocked as invalid. If you require these characters set this to TRUE.

Syntax: g_authent_allow_badascii bool

g_authent_always - Always lookup user, so virtual domains can exist just in authent module

Always lookup user, so virtual domains can exist just in authent module. This allows you to support 10,000 domains on one system without a 'huge' ini file. Be careful to not create/remove real domains with the same name as existing domains that only exist in the authent database as the 'drop files/inboxes' will move when this occurs and existing mail will vanish.

Syntax: g_authent_always bool

g_authent_any - Restore buggy behaviour of looking up users in domains that don't exist

Previously surgemail would lookup a user even if the domain in question did not exist, if you need to restore this odd behaviour then you can use this setting...

Syntax: g_authent_any bool

g_authent_cachebad - Cache life of failed authent lookups

Set the life in seconds that the cached failed lookups can be used, default 60 seconds. Best left alone unless your server is being hit by thousands of failed lookups and your authent module is slow.

Syntax: g_authent_cachebad int

g_authent_cachelife - Cache life of successful authent lookups

Set the life in seconds that successful cached lookups can be used, default 2 hours. Best left alone.

Syntax: g_authent_cachelife int

g_authent_cachesize - Size of the authent cache

Set the size of the authent cache, default is 500 entries. Generally best left alone.

Syntax: g_authent_cachesize int

g_authent_case_sensitive - Make passwords case sensitive

By default surgemail avoids case sensitive passwords as they do little to increase security but causes endless frustration for users, but this is just an opinion and some people disagree so use this setting if you wish to have case sensitive passwords :-).

Syntax: g_authent_case_sensitive bool

g_authent_decrypt - Collect and store plain text passwords for migration in file pass.decrypted

This setting should only be used as part of a migration, it obviously exposes your customers passwords to risk!.

Syntax: g_authent_decrypt bool

g_authent_domain - Authent domain

If this is 'true', the virtual domain name is appended to the username before it is passed to the authent process. This lets the authent process deal with virtual domains. As a general rule, this should ALWAYS be true. 

Syntax: g_authent_domain bool

g_authent_encrypt_key - Encryption key config settings

Not for general use currently, used to partially obscure credit card info when stored in the authent module.

Syntax: g_authent_encrypt_key string

Days until we block logins if password is not changed. This setting will annoy your customers but not really achieve anything useful, it shouldn't be used in most situations

Syntax: g_authent_enforce int

g_authent_fwdfile - Use DMail forward files (deprecated - for backward compatibility only)

Allows old style DMail forward files to be read.

Syntax: g_authent_fwdfile bool

g_authent_info - Authent info

Defines a piece of information to store about the user in the user database (phone number, name, address etc). Each piece of information is given a name, a field, an access mode, a default and a type. The name defines what appears in the web management display. The field is what is sent to the authent_process. The access mode can be one of the following: user, domadmin, or admin, createonly, none. The default is what value is assigned upon creation of a new user. The type can be one of: date, readonly, encrypt or any custom string which you want to check for or match on the na_details.htm page with a template function like: ||ifequal||user_info_type||custom|| .. do things .. ||endif||

An access mode of 'admin' means that only the system admin can see the information, 'domadmin' means the sysadmin and any domain admin can see the information, 'user' means the user can see the information, 'createonly' means the user sets the information at creation time but cannot see it after that and 'none' ensures that no-one can see or modify the information (used for information that is handled by SurgeMail itself, either through the interface or otherwise)

e.g.
     g_authent_info      name="Phone Number" field="phone" access="user" default="" type=""

See here for a complete list of default settings.

Syntax: g_authent_info name=string field=string access=string default=string type=string

g_authent_info_grp - Fields to show to users in this group

Specifies the authent fields this user group is allowed to see and change. This applies only to the fields visible on the account properties page and the domain admin "Users" page it cannot be used to prevent access to fields which are managed by the web interface i.e. 'fwd'

Syntax: g_authent_info_grp group=string fields=string tag=string

g_authent_ip - Authent Lookup IP numbers via authent modules - enables relaying

If enabled each connecting IP address will be looked up in your user database as x.x.x.x@ip eg: "127.0.0.1@ip" and if the user is found then relaying is allowed and if 'send_limit="nn"' is defined then that will set the tarpit send limit for that user.

For per IP tarpit limits to work you need to define the g_tarpit_max and g_tarpit_max_remote settings. And g_tarpit_drop to make the limit effective.

Syntax: g_authent_ip bool

g_authent_last_login - Store users last login time in the database

This setting will cause the authent field 'last_login' to be updated when a user logs in. The field is set to a timestamp which is 'the number of seconds since midnight January 1, 1970'. This field is updated 'at most' once every 24 hours. Other features i.e. delete_user_after and disable_smtp_after will look for this field.

Syntax: g_authent_last_login bool

g_authent_logall - Turns on logging of authent requests

If enabled, authentication requests are logged in mail.log as "<day> <time> Authent[<action> <info>]".

Syntax: g_authent_logall bool

g_authent_lookup - Check if accounts exist using g_authent_pass too

This setting has no further documentation currently available

Syntax: g_authent_lookup bool

Use this at your own risk, it is provided for compatibility with dmail installations, but should be avoided if at all possible.

Syntax: g_authent_nodomain bool

g_authent_number - Authent number

The number of concurrent authent processes to run. If you are using a slow external authent module (e.g. sql) then it is probably worth running 3-4, there is no need to have more than 1 when using nwauth.exe. (Default = 1) 

Syntax: g_authent_number int

g_authent_pass - Authent process to check passwords with

This setting has no further documentation currently available

Syntax: g_authent_pass string

g_authent_prefix_sep - Authent Prefix Separator (deprecated - for backward compatibility only)

Prefix separator for prefix based separator. Only relevant if enabled on a per vdomain basis using the "prefix" setting.

Syntax: g_authent_prefix_sep string

g_authent_process - Authent process

The command line of a NetWin authentication module. You can use one of our standard modules for LDAP, ODBCAuth, MySQL etc or write your own. For more information on these modules see the authentication section of the manual .

This will typically be something like:
g_authent_process "E:\surgemail\nwauth.exe -path E:\surgemail"
or
g_authent_process "/usr/local/surgemail/nwauth -path /usr/local/surgemail"

Syntax: g_authent_process string

g_authent_reminders - Days till we remind user to change password

Days until we remind user to change password.

Syntax: g_authent_reminders int

g_authent_restart - Cycle auth modules every 1000 lookups

This is useful if there are resource allocation issues in the authentication module. Eg OBDCAuth

Syntax: g_authent_restart bool

g_authent_single - Allow local users with a single quote char in their name

This let's users exist who contain the single quote ' character. It is not supported with some authent modules though, nwauth does allow it.

Syntax: g_authent_single bool

g_authent_spaces - Allow spaces in passwords DO NOT USE

Not supported for most authent modules, requires nwauth 4.0r or later, If you have already got users with spaces in their passwords and you turn this setting on, they will no longer be able to login until they reset their passwords. Authent module must support slash encoding, for nwauth add -spaces to command line

Syntax: g_authent_spaces bool

g_authent_strip_domain - Strip domain for authent lookups

Use when your database expects one 'primary' domain to do lookups without a domain name then SurgeMail will strip that domain only from lookups. Typically this is only necessary with old DMail authent modules.

Syntax: g_authent_strip_domain string

g_authent_timeout - Timeout for authent response

Timeout for authent response, default 60 seconds.

Syntax: g_authent_timeout int

Was this article helpful?

Related Articles

Contents

Need Support?

Can't find the answer you're looking for?
Contact Support