g_access_group
Access groups
Access rules defining groups of IP addresses with certain POP, IMAP and SMTP privileges. When a user is authenticated access is checked against group membership defined in the “mailaccess” field in the authentication database. See accounts for more information.
eg. this could allow you to charge webmail users for pop access privileges:
g_access_group group=paid_user access_pop=* access_imap=* access_smtp=*
g_access_group group=free_user access_pop=webmail.svr.ip access_imap=webmail.svr.ip access_smtp=webmail.svr.ip
with “Access type” set to “free_user” on accounts page or equivalently in nwauth authentication database:
marijn@mydomain.com:{ssha}tVANQo…:created=”1060034937″ mailaccess=”free_user” …
To prevent webmail access for some users you would do this:
g_access_group_default “normal”
g_access_group group=”normal” access_pop=”*” access_imap=*” access_smtp=”*”
g_access_group group=”nowebmail” access_pop=”*,!webmail.ip” access_imap=”*,!webmail.ip” access_smtp=”*”And put the users you want to limit in a group called ‘nowebmail’ e.g.
lookup fred@domain
+OK fred@domaing config 0 mailaccess=”nowebmail”
Syntax: g_access_group group=string access_pop=string access_imap=string access_smtp=string access_incoming=string
g_access_group_default
Access group defaults
Access group defaults for users with no access groups set. (must be used in conjunction with g_access_group)
Syntax: g_access_group_default string
g_access_webonly
Users in this group can only use web not imap or pop
This setting has no further documentation currently available
Syntax: g_access_webonly string
g_access_surgeweb
Apply g_access_group rules to surgeweb sessions based on client’s address
This setting has no further documentation currently available
Syntax: g_access_surgeweb bool
g_acctlog_sum_inactive
Summarise local accounts that have not logged in yet as not_loggedin_yet@domain.com
This setting has no further documentation currently available
Syntax: g_acctlog_sum_inactive bool
g_admin_readonly
System admins with readonly access to the management interface
This setting has no further documentation currently available
Syntax: g_admin_readonly string
g_admin_ip
Admin IP access
Mask of valid IP addresses for admin users (default *), this is a security setting you can use to restrict remote web admin access to trusted IP addresses. One is always allowed to use manage SurgeMail using 127.0.0.1 regardless of whether this is explicitly specified.
eg. To restrict to local network as per net mask
g_admin_ip “10.0.0.*,10.1.2.*”
Syntax: g_admin_ip string
g_admin_localhost
Allow localhost web admin without user/pass
Allows a localhost connection to access the web admin port without using the administrator username / password. This is good if you keep forgetting the admin password like I do.
Syntax: g_admin_localhost bool
g_admin_guesses
Number of guesses allowed for admin.
Syntax: g_admin_guesses “number”
This sets the number of guesses allowed for the admin username/password. Once this has been reached the ip is banned.
Syntax: g_admin_guesses int
g_alias_login_disable
Disable user login as alias
Stops the user login to pop or imap as the alias account
Syntax: g_alias_login_disable bool
g_apple_bug1
Apple bug allow content-length headers
This setting has no further documentation currently available
Syntax: g_apple_bug1 bool
g_apple_bug2
Apple bug2 don’t try and return bad if looping
This setting has no further documentation currently available
Syntax: g_apple_bug2 bool
g_archive
rchive-on-delete-off-disables-archive-and-instead-deletes-the-files-immediately" >
Purged monthly or by tellmail purge_deleted_users
Syntax: g_archive_on_delete_off bool
g_archive_tcpip
Rules for TCPIP archive process
Contact netwin for more details of this mechanism if you wish to use it.
Syntax: g_archive_tcpip to=string from=string path=string dom=string
g_archive_tcpip_host
Host to send archive data too
When using an archive server this defines the host that is running the archive server. Contact netwin if you need more info on this feature.
Syntax: g_archive_tcpip_host string
g_archive_bucketsize
Size for archive bucket files. Default is 1mb
Sets the size of the archive buckets used by the circular archives. If set too large then editing the buckets manually is awkward.
Syntax: g_archive_bucketsize int
g_archive_early
Apply all archive rules before content filtering is applied (obsolete)
This will apply the archive rules before content filtering is applied. This can be user to capture the source message if it is getting stored or bounced unnecessarily by any of the SurgeMail filters. The early flag on individual archive rules should be used instead of this setting.
Syntax: g_archive_early bool
g_archive_on_delete_off
Disables archive and instead deletes the files immediately
Purged monthly or by tellmail purge_deleted_users
Syntax: g_archive_on_delete_off bool
g_archive_on_delete_dir
Directory to archive user files to on delete
Directory to archive deleted users files to. Defaults to ‘archive_deleted’ in the SurgeMail installation folder.
Syntax: g_archive_on_delete_dir string
g_archive_files
Archive attachments to a directory
Each message to the named account will have it’s attachments removed and placed in the named directory. The path can contain the symbols $month$ $year$ $day$ $second$. The ‘second’ is only within this day. Together these variables can be used to ensure a unique path is used for each file if the names might conflict. Use g_redirect_cc to archive email going to an existing account because if you set ‘to’ equal to a real account then the real account will stop receiving messages!
Syntax: g_archive_files path=string to=string files=string
g_atrest_all
Auto encrypt all msgs when users next login
This setting has no further documentation currently available
Syntax: g_atrest_all bool
g_atrest_enable
At rest encryption. Unwise usually!
This setting has no further documentation currently available
Syntax: g_atrest_enable bool
g_atrest_crazy
No recovery admin password needed
This setting has no further documentation currently available
Syntax: g_atrest_crazy bool
g_atrest_api
Enabe api for enabling atrest encryption – not needed
This setting has no further documentation currently available
Syntax: g_atrest_api bool
g_attach_convert
Process matching attachments with specified command. Passed two files names
This setting has no further documentation currently available
Syntax: g_attach_convert to=string from=string subject=string files=string output=string command=str
g_atrn_server
On Demand Mail Relay settings to define user/pass for clients to fetch mail
This allows a client on a dynamic IP to connect and request mail for a specific domain after authenticating by using the ATRN command. Typically this is done on the special port 366
Syntax: g_atrn_server domain=string user=string pass=string
g_atrn_client
Define a rule for fetching email using ATRN protocol
This is the setting for clients to define to fetch mail from an upstream server. Typically this is done on the special port 366, to specify another port use host:port in the host setting. E.g. host=”smtp.upstream.com:25″
Syntax: g_atrn_client domain=string user=string pass=string host=string
g_atrn_port
Port to listen for ‘atrn’ (On Demand Relay) requests
See g_atrn_server for more details, the default is port 366, atrn is not obeyed on port 25
Syntax: g_atrn_port string
g_assume_created_epoch
If user has no ‘created’ field assume they were created an arbitrarily large time in the past
This setting effect the g_disable_smtp_after and g_delete_user_after settings which, by default, ignore users who have not logged in and have no created field.
Syntax: g_assume_created_epoch bool
g_backtrace_disable
Backtrace Disable
Disable backtrace information for unix systems.
Syntax: g_backtrace_disable bool
g_bad_login_mins
Minutes to block login for, if consecutive bad ones received
Minutes to block login for, if consecutive g_badlogin_allow or g_badlogin_ip_allow bad logins received=.
Syntax: g_bad_login_mins int
g_bad_login_allow
Number of consecutive bad logins for a user before blocking that user
Number of consecutive bad logins for a user before blocking that user.
Syntax: g_bad_login_allow int
g_bad_login_ip_allow
Number of bad logins from an IP before blocking that IP
Number of bad logins from a single IP before blocking that IP.
Syntax: g_bad_login_ip_allow int
g_bad_login_ip_ignore
IP address(es) to allow any number of bad logins from
Use for webmail system or other local gateway to stop bad login counter from locking out all users.
Syntax: g_bad_login_ip_ignore string
g_bad_login_dumb
Give login failures even if known address
This disables the smart feature so this setting will probably catch real users 🙂
Syntax: g_bad_login_dumb bool
g_bad_login_lockout
Lockout addresses permenantly – use if DOS attack
This can reduce load during DOS attack.
Syntax: g_bad_login_lockout bool
g_bank_url
URL to charge a credit card (experimental)
This allows automated monthly charging of users
Syntax: g_bank_url string
g_bank_user
Username for authenticated web request to banks system
See g_bank_url for details
Syntax: g_bank_user string
g_bank_pass
Password for authenticated web request to banks system
See g_bank_url for details
Syntax: g_bank_pass string
g_bank_ok
Find this in response, if found then charge was successful
See g_bank_url for details
Syntax: g_bank_ok string
g_bank_reason
This line is returned to user if it is found
See g_bank_url for details
Syntax: g_bank_reason string
g_bank_log
Log lines matching this in response.
See g_bank_url for details
Syntax: g_bank_log string
g_bank_debug
Log request to bank server
Use when trying to debug the g_bank_url post/response
Syntax: g_bank_debug bool
g_bank_group
Create price groups with descriptions
See g_bank_url for details
Syntax: g_bank_group group=string price=string desc=string
g_block_wild
Block wildcards in usernames
Block the ‘*’ wildcard character in usernames.
Syntax: g_block_wild bool
g_body_filter
Enable user email body filtering
Allows the user to configure filters which filter the body of incoming messages
Syntax: g_body_filter bool
g_broad_url
URL to this server
Customer specific feature
Syntax: g_broad_url string
g_broad_server
URL to BroadSoft server
Customer specific feature
Syntax: g_broad_server string
g_broad_user
BroadSoft user
Customer specific feature
Syntax: g_broad_user string
g_broad_pass
BroadSoft pass
Customer specific feature
Syntax: g_broad_pass string
g_broad_port
BroadSoft port
Customer specific feature
Syntax: g_broad_port string
g_broad_noadd
Disable buttons on message
Disables the added buttons for voice messages
Syntax: g_broad_noadd bool
g_bull_rule
Post bulletins to this domain
Senders must be authenticated user that matches the sender, domain can be blank to send to all domains, the to field is the address you will send posts to, typically something like: bulletins@your.domain.name
Syntax: g_bull_rule to=string domain=string sender=string
g_no_bull
Special accounts that should not get bulletins
This setting has no further documentation currently available
Syntax: g_no_bull string
g_calendar_version
CalDAV / SabreDAV calendaring configuration version number
This setting has no further documentation currently available
Syntax: g_calendar_version int
g_comment
Management notes and comments about the server
This is a dummy setting that lets you store information in the ini file that will survive setting changes from the web admin tool.
Syntax: g_comment date=string name=string comment=string
g_centipaid
see
Authentication server and port for CentiPaid.
Syntax: g_centipaid string
g_country_ip
Tag messages with country of origin
Downloads a ip to country database and then adds a header based on that to each message to show where it came from. This file iptocountry2.csv.enc should appear in your surgemail home directory after enabling this setting (restart surgemail too), if the file doesn’t appear you can download it via http://updates.netwinsite.com/updates/iptocountry2.csv.enc , tellmail aspam_update may trigger the download!
Syntax: g_country_ip bool
g_country_login
List of countries to allow logins from, 2 letter codes
Make sure g_country_ip is enabled
Be aware that country based rules are only 99% reliable as the database for converting ip addresses to countries is never perfect
Syntax: g_country_login string
g_country_allow
user@domain list to bypass country_login rule
This setting has no further documentation currently available
Syntax: g_country_allow string
g_country_allowip
Ip addresses to bypass country_login rule
This setting has no further documentation currently available
Syntax: g_country_allowip string
g_cpu_slow
Email warning if no cpu for this many seconds
Default is 10 seconds, helps detect system lockups and alert the manager
Syntax: g_cpu_slow int
g_create_apply
List of user groups to apply create_* settings for.
This setting allows you to apply create_* settings to domain admin accounts. Specify g_access_group names and domain admins in these groups will have create_* settings applied to them when adding users in the domain admin interface.
Syntax: g_create_apply string
g_create_apply_admin
Apply allow* rules to the administrator
Without this setting the admin can create usernames that contain any characters pretty much
Syntax: g_create_apply_admin bool
g_create_allow
List of characters allowed in usernames/passwords
Defaults to A-Za-z0-9\-_. meaning usernames/password may contain letters, numbers, -, _ and . and nothing else.
Syntax: g_create_allow string
g_create_cleanup
Cleanup existing data before adding a user
This causes a delete to be actioned for a user before/as they are created. This ensures the new user does not end up with any files, on any mailing lists, with any aliases etc from a previous user of the same name/address. If you delete users from the authent database directly i.e. not using the surgemail web admin or calling ‘tellmail delete_user’ then this setting will cleanup the users files when their address is re-used.
Syntax: g_create_cleanup bool
g_create_allow_pass
List of characters allowed in passwords
Settting overriding g_create_allow just for passwords.
Syntax: g_create_allow_pass string
g_create_strict
Whether to apply strict rules to usernames/passwords
Checking this causes surgemail to check passwords do not contain words longer than 4 characters from g_create_dictionary as well as requiring the password to be 6+ characters, and usernames/passwords to contain more than 1 character.
Syntax: g_create_strict bool
g_create_pass_digit
Require one digit and letter in a password
This setting has no further documentation currently available
Syntax: g_create_pass_digit bool
g_create_pass_recheck
Recheck passwords during login and warn user if g_hack_touser is true
This setting has no further documentation currently available
Syntax: g_create_pass_recheck bool
g_create_pass_recheck_text
Added to end of recheck email to give users a url to a help page
This setting has no further documentation currently available
Syntax: g_create_pass_recheck_text string
g_create_strict_admin
Enforce strict rules for admins too, set g_create_strict AS WELL!!
This setting has no further documentation currently available
Syntax: g_create_strict_admin bool
g_create_dictionary
File containing dictionary words to compare passwords to
Text file containing one word per line, passwords are compared to all words longer than 4 characters in this file, if a username or password contains a word in this file it is not allowed. Only takes effect if g_create_strict is checked.
Syntax: g_create_dictionary string
g_create_badnames
List of illegal usernames
Comma separated list of illegal usernames, may contain wild cards, if username contains part of a non-wild card or matches a wildcard it is disallowed.
Syntax: g_create_badnames string
g_create_record_ip
Causes surgemail to store ipnum in the authent database
This setting has no further documentation currently available
Syntax: g_create_record_ip bool
g_create_user_length
Limit the length of usernames
This is applied during user self creation. Set admin to true to restrict the domain and global admin also.
Syntax: g_create_user_length min=int max=int admin=bool
g_create_pass_length
Limit the length of user passwords
This is applied during user self creation and when users change passwords. Set admin to true to restrict the domain and global admin also.
Syntax: g_create_pass_length min=int max=int admin=bool
g_create_pass_slack
Slacken restrictions on trivial password creation
Useful sometimes for provisioning, allows username=password
Syntax: g_create_pass_slack bool
g_create_pass_mixed
Require mixed case passwords
Require mixed case passwords
Syntax: g_create_pass_mixed bool
g_create_pass_special
Require special character, e.g. !@#$%^&*(){}[];:?><.,
Require a special character
Syntax: g_create_pass_special bool
g_create_pass_notuser
Ban password containing username
Ban password if it conains the username
Syntax: g_create_pass_notuser bool
g_pass_force
Force user to reset password if admin changes it
Makes the user change the password on the next login to user.cgi or surgeweb
Syntax: g_pass_force bool
g_pass_twofactor
factor-life-session-life-in-minutes-dflt-4-hours" >
Allow users to enable two factor authentication.
Syntax: g_pass_twofactor_life int
g_pass_twofactor_life
Session life in minutes, dflt 4 hours
Allow users to enable two factor authentication.
Syntax: g_pass_twofactor_life int
g_pass_twofactor_merged
Require +code for imap/pop logins sometimes
Requires merged login.
Syntax: g_pass_twofactor_merged bool
g_recover_noquestions
Remove question based password recovery system
This setting has no further documentation currently available
Syntax: g_recover_noquestions bool
g_recover_reminder
Send users reminder email monthly until they set a recovery email address
This setting has no further documentation currently available
Syntax: g_recover_reminder bool
g_disable_smtp_after
Number of days an account can remain unread before delivery is disabled
DO NOT USE THIS SETTING IN A MIRROR/CLUSTER SETUP
Number of days an account can remain unread before delivery is disabled.
Syntax: g_disable_smtp_after int
g_disable_skip
Ip address of senders to accept email from even if user account is disabled due to g_disable_smtp_after
Useful to ensure delivery for important company notices
Syntax: g_disable_skip string
g_disable_exclude
Field and value that excludes an account from g_disable_smtp_after
If the authent response includes this field/value pair then the user account will not be disabled from receiving messages
Syntax: g_disable_exclude field=string value=string
Example: field=”noexpire” value=”true”
g_delete_user_after
Number of days an account can remain unread before it is deleted
Number of days an account can remain unread before it is deleted. This setting cannot be used on an authent_domain FALSE domain unless it has a prefix setting.
e.g.
DELETE_USER_AFTER “30”
Then issue the command:
tellmail expire_accounts
Then examine users_delete.rec to see it is a valid list of old accounts, then use:
tellmail delete_user FILE users_delete.rec
To actually delete the accounts.
Syntax: g_delete_user_after int
g_delete_user_mode
What to do when an account is unread
You can set this to “file” or “suspend”. “file” causes accounts to be written to the users_delete.rec file, which you can action by running “tellmail delete_user FILE” or “tellmail delete_user FILE users_delete.rec” (optionally specify the file). “suspend” causes accounts to be suspend, it does this by setting the field and value specified in the g_delete_user_suspend setting.
If this setting is blank the default is to use ‘file’ mode, accounts are NEVER deleted automatically except in the very oldest versions of surgemail (before version 3)
Syntax: g_delete_user_mode string
g_delete_user_suspend
If suspending an unread account set this field/value
Set the field and value to use when suspending an account due to g_delete_user_after and the g_delete_user_mode “suspend” settings.
Example: Disable accounts after 1 year
g_delete_user_after "365"
g_delete_user_mode "suspend"
g_delete_user_suspend field="mailstatus" value="closed"
Syntax: g_delete_user_suspend field=string value=string
g_delete_exclude
Field and value that excludes an account from g_delete_user_after
If the authent response includes this field/value pair then the user account will not expire
Syntax: g_delete_exclude field=string value=string
Example: field=”noexpire” value=”true”
g_diskio_abort
Shutdown if diskIO failure on queue files
Intended to make server die rather than to pretend to keep running when a major disk fault has occurred
Syntax: g_diskio_abort bool
g_disk_debug
Log slow disk access n
This setting has no further documentation currently available
Syntax: g_disk_debug bool
g_disk_warning
Give manager warning if disk % exceeded, default 95%
This setting has no further documentation currently available
Syntax: g_disk_warning string
g_dns_paranoid
Compare sender forward and reverse dns lookup and see if they match
Does a forward DNS lookup on the sender’s domain and matches this with a reverse lookup of the senders IP address. If these do not match the message is either bounced or stamped with the header “X-DNS-Paranoid: <explanation>”. Valid values for this field are “STAMP”,”RETRY” and “REJECT”.
STAMP = Add the X-DNS-Paranoid header if it fails
RETRY = Bounce the message with a 450 error. (so if the failure was temporary the sending server will retry)
REJECT = Bounce the message with a 550 error
Set g_dns_lookup_msg or g_dns_match_msg to define the reject/stamp strings respectively.
g_dns_match_msg
Message for stamp or bounce if forward and reverse lookup don’t match
The message given to the user when the forwar/reverse dns lookup doesn’t match
Syntax: g_dns_match_msg string
Example: “Sorry your ip address doesn’t translate into a name that translates into your ip address”
g_dns_noptr
Set to reject or retry, for ip addresses with no reverse dns entry (rdns)
If the ip number of a connecting user has no associated name in the reverse dns database then the connection is rejected or told to retry later.
Syntax: g_dns_noptr string
Example: “retry”
g_dns_noptr_skip
Skip RDNS for these ip addresses
This is an over-ride for local addresses which you trust.
Syntax: g_dns_noptr_skip string
Example: “retry”
g_dns_noptr_msg
Message for stamp or bounce if DNS lookup fails on ip address
See short description.
Syntax: g_dns_noptr_msg string
g_dns_nocache
Disables DNS cache for spf lookups (20 minute life)
This setting disables the small cache used for SPF lookups to improve performance.
Syntax: g_dns_nocache bool
g_dns_disk
Enables DNS disk cache
Not normally needed unless dns server is flakey…
Syntax: g_dns_disk bool
g_dns_cache_size
Set size of forward dns cache, default 7000
Best not to change this normally
Syntax: g_dns_cache_size int
g_dns_system
Use system code to do reverse lookups
If all channels hang in a state ‘lookup’ then turn this off so it will use the surgemail code for reverse dns lookups. This setting used to be g_dns_lookup and had the opposite meaning, we reversed it because the system dns code was faulty so often
Syntax: g_dns_system bool
g_dns_threaded
Enable threaded dns lookups
This setting has no further documentation currently available
Syntax: g_dns_threaded bool
g_dns_test_blank
Break dns lookups to test how it’s handled
This setting has no further documentation currently available
Syntax: g_dns_test_blank bool
g_dotstuff_fix
Convert the way mail is stored on disk from dotstuffed to non dot stuffed (beta)
In the dotstuffed format any attachments that have content (in encoded format) starting with a . get corrupted, as all single ‘.’ characters at the start of a line are converted to ‘..’. This is only very seldomly an issue as encoded text doesn’t usually have . characters. This feature can only be enabled and still need furhter production level testing to make sure there are no side effects… so if you play with it consider yourself adequately warned 🙂
Syntax: g_dotstuff_fix bool
g_domain_create_auto
Auto create domain if it doesn’t exist when creating a user
This setting has no further documentation currently available
Syntax: g_domain_create_auto bool
g_domain_create_route
Auto create route to mx mail server
This setting has no further documentation currently available
Syntax: g_domain_create_route bool
g_encrypt_disable
Disable encryption
Disable encryption mechanism
Syntax: g_encrypt_disable bool
g_encrypt_config
Encrypt some config settings (passwords)
This can be used if naked passwords in the config are a problem. This setting currently applies to g_gateway, and may apply to others in future. You must manually copy the file config.key from master to slave.
Syntax: g_encrypt_config bool
g_encrypt_path
Path to encrypted files, this is not supported when mirroring!
DO NOT USE
Syntax: g_encrypt_path string
g_encrypt_ssl_force
Require ssl on incoming encrypted messages
When a message is going to be encrypted this setting ensures it is sent from the user to the server via SSL
Syntax: g_encrypt_ssl_force bool
g_encrypt_ssl_noforce
Exceptions, e.g. surgeweb or localhost
When a message is going to be encrypted this setting ensures it is sent from the user to the server via SSL
Syntax: g_encrypt_ssl_noforce string
g_encrypt_expire
Days to keep encrypted messages, default 60
When a message is sent via encryption it is deleted after this many days
Syntax: g_encrypt_expire int
g_encrypt_inline
Use INLINE method by default
Sets the default encryption method when a rule does not apply
Syntax: g_encrypt_inline bool
g_encrypt_reply_plain
Send plain message for local replies
By default a reply to a local user is also encrypted this makes it not encrypt the reply as user should be reading the message via SSL so the data is secure anyway.
Syntax: g_encrypt_reply_plain bool
g_encrypt_pw_key
Central host password key
DO NOT USE
Syntax: g_encrypt_pw_key string
g_encrypt_pw_host
Central host for encryption password storage
DO NOT USE
Syntax: g_encrypt_pw_host string
g_encrypt_surgeweb_show
Show SurgeVault in SurgeWeb
Enables the display of surgevault encryption in the surgeweb interface (can be modified using encrypt_hide on surgeweb customisation page)
Syntax: g_encrypt_surgeweb_show bool
g_encrypt_max
Max encrypted per day server wide
Server wide limit to prevent abuse (or accidental over use)
Syntax: g_encrypt_max int
g_encrypt_none
Don’t encrypt if subject starts with this
Only significant if the setting to lock all messages is enabled.
Syntax: g_encrypt_none string
g_encrypt_noip
Don’t encrypt if from this ip range
Only significant if the setting to lock all messages is enabled.
Syntax: g_encrypt_noip string
g_encrypt_nofwd
Don’t encrypt forwarded
Known fault, this affects all recipeients, not generally good to use
Syntax: g_encrypt_nofwd bool
g_encrypt_nowater
Show this if no water mark defined yet
e.g. No watermark defined, please complete this form
Syntax: g_encrypt_nowater string
g_encrypt_limit
Max encrypted msgs per user per hour
Per user limit
Syntax: g_encrypt_limit int
g_encrypt_reset_safe
When users password is reset, delete all messages to them
This setting increases security and should be used if your server allows public account registrations.
Syntax: g_encrypt_reset_safe bool
g_encrypt_reset_user
Msg to person when they click on reset password button
The sender has been emailed a link they can use to reset your password
Syntax: g_encrypt_reset_user string
g_encrypt_reset_msg
Msg Body sent when password has been reset
Message body sent to end user when password is reset
Syntax: g_encrypt_reset_msg string
g_encrypt_reset_sender
Msg Body sent to sender when password reset requested
Message body sent to sender password reset is requested
Syntax: g_encrypt_reset_sender string
g_encrypt_rule
Matches will be encrypted when sent
If this rule matches then the message will be encrypted before it is sent to the user. method=server or inline, we recommend ‘server’ mode as it’s much simpler.
Syntax: g_encrypt_rule header=string contains=string from=string to=string noconfirm=bool method=string
g_encrypt_unlock
Unlock for these destinations. e.g. user@domain
Not for general use
Syntax: g_encrypt_unlock string
g_encrypt_reminders
Days before we send users a reminder to change passwords, not recommended
Not for general use, keywords (expire password reminder)
Syntax: g_encrypt_reminders int
g_encrypt_smart
Smart Encrypt Private Feature (not available)
Encrypt all messages except g_encrypt_unlock and surgeweb defined addresses – this feature not generally available till 9/March/2013, encrypt_smart per domain must also be turned on.
Syntax: g_encrypt_smart bool
g_encrypt_nodomain
Allow encryption for users without local domains
This lets you create accounts for domains that don’t exist, these users can then send encrypted messages.
Syntax: g_encrypt_nodomain bool
g_encrypt_nolate
Disable encryption on late forwarding
If default encrpting is enabled then you might need this setting to stop it for late forwarding.
Syntax: g_encrypt_nolate bool
g_encrypt_wall
Encrypt surgewall msgs
Normally surgewall skips encryption
Syntax: g_encrypt_wall bool
g_enotify_from
From address to use in email notification messages
This setting has no further documentation currently available
Syntax: g_enotify_from string
g_error_xlate
Change error messages
If wild card string matches smtp response code, then replace with ‘to’ response code, use %1 to replace the first wild card match etc…
Syntax: g_error_xlate was=string to=string
g_expire_trash
Expire any messages found in trash folders
Expires any messages more than 7 days old found in the ‘trash’ folder.
Syntax: g_expire_trash bool
g_expire_silent
Don’t send users emails telling them what was expired.
Some users get upset when they find messages have expired, this setting makes the expiration silent so the users don’t even notice. I think this is a bit nuts myself but some admins prefer it
Syntax: g_expire_silent bool
g_expire_every
Only expire spool once every ‘n’ days
Reduce load spent expiring old messages.
Syntax: g_expire_every int
g_expire_warning
Give warning ‘n’ days before deleting each file
This will help warn users before a file is actually deleted.
Syntax: g_expire_warning int
g_expire_onlyunread
For the inbox only expire message if they are unread
Useful if you only want to expire message the user never read
Syntax: g_expire_onlyunread bool
g_expire_all_rules
Scan all users for rule files (not needed usually)
Used if rule files added manually
Syntax: g_expire_all_rules bool
g_fallback
Fallback address
Default address for all local domains. If a local delivery is not to any valid user Emails will be delivered to this address. There is also a per domain default.
We want to stress that this is a dangerous setting, you use at your own peril.
Spammers will turn up to your server and test sending to accounts, they will just run through a dictionary of names, with a fallback setting you will be telling the spammer that all these accounts exist. The spammer will then deliver spam to these addresses in volumes that can cripple a server almost.
Syntax: g_fallback string
g_fast_time_off
Disable faster time function
This setting has no further documentation currently available
Syntax: g_fast_time_off bool
g_from_valid
Require an @ and dotted domain in all return addresses
This forces the sender to either give ‘no’ reply address or a valid one with an @ and a dotted domain
Syntax: g_from_valid bool
g_to_valid
Require an @ and dotted domain in all dest addresses
This forces all destination addresses to contain a domain name (breaks cron job emails on unix)
Syntax: g_to_valid bool
g_from_header
From header used in delivery bounces
From header used in delivery bounces.
Syntax: g_from_header string
g_from_must_exist
Require local from addresses to exist or reject mail
Can be useful in blocking dumb spam robots
Syntax: g_from_must_exist bool
g_from_rewrite
Rewrite from envelope for outgoing email, e.g. *@this.domain -> %1@another.domain
This lets you change the ‘from’ address from an internal domain name to a valid public domain name. The change is performed on the From envelope (return path), not the from header. And the chanage does not affect the return path written in local deliveries, only outgoing email. Mfilter rules can be used to rewrite the actual message headers.
Syntax: g_from_rewrite was=string to=string
g_from_rewrite_header
Rewrite the from header as well
Replaces the From: header in the mesage with the new address.
Syntax: g_from_rewrite_header bool
g_from_rewrite_sender
Rewrite the sender header as well
Replaces the Sender: header in the mesage with the new address.
Syntax: g_from_rewrite_sender bool
g_from_force
From address for all sent messages
Used when you want to make all messages use the same valid bounce address, reply-to header will contain original from if it doesn’t exist
Syntax: g_from_force string
g_from_list_too
Also enforce from rules from lists
Doesn’t allow lists to bypass forge rules
Syntax: g_from_list_too bool
g_forward_illegal
Prevents users setting forward rules to certain addresses
Syntax: g_forward_illegal to=”address” apply=”user type “
This setting allows you to specify some addresses as being illegal for certain users. This stops users setting up forwarding rules to these addresses. They can still send mail to these addresses manually with their email client. These rules _ONLY_ apply to non local domains.
Some examples:
If you want to stop your users setting up forward rules that redirect to aol.com.
g_forward_illegal to=”*@aol.com” apply=”user”
If you want to stop your users setting a forward to all domains except aol.com
g_forward_illegal to=”*,!*@aol.com” apply=”user”
Stop domain admins sending to aol.com
g_forward_illegal to=”*@aol.com” apply=”domadmin”
Stop admins sending to netwinsite.com
g_forward_illegal to=”*@netwinsite.com” apply=”admin”
Syntax: g_forward_illegal to=string apply=string
g_forward_attach
When late forwarding send as attachment to these domains
Useful with hotmail.com, aol.com etc so that forwarded messages are not mistaken for spam
Syntax: g_forward_attach string
g_forward_fixfrom
When late forwarding rewrite from/return path as local user
This prevents problems with spf/identity checking as the forwarded message is sent with valid from and return path
Syntax: g_forward_fixfrom bool
g_forward_oops
Internal testing setting, not for general use sorry
Testing setting, please do not use.
Syntax: g_forward_oops string
g_about_disable
Disable about web page
This setting has no further documentation currently available
Syntax: g_about_disable bool
g_admin_access
Allow / Restrict domain admin access to features based on
g_admin_access group=”wildcard” access=”list”
This setting matches the g_access_group the admin is in to the wildcard specified and applies the specified access list to that domain admin, giving / restricting thier access to certain features. The list may include any of the following:
| Value | Result |
|---|---|
| alias | Access to domain users “Alias” page and features. |
| aspam | Access to the “ASpam” page and features. |
| blog | Access to the “Blogs” page and features. |
| bulletins | Access to the “Bulletins” page and features. |
| centipaid | Access to domain users “Centipaid” page and features. |
| enotify | Access to domain users “Email Notification” page and features. |
| exceptions | Access to domain users “Exceptions” page. |
| friends | Access to domain users “Friends” pages, and system. |
| fwd | Access to domain users “Forwarding” features, forwarding, auto-responder. |
| fwdonly | Access to domain users “Forwarding” features, forwarding |
| lists | Access to the “Lists” page and features. |
| log | Access to domain users “Log” page. |
| mailbox | Access to domain users “Mailbox” page, view mailbox, setup rules. |
| sms | Access to domain users “Sms” page. |
| spam | Access to domain users “Spam” page, and SmiteSpam and Aspam processing of messages. |
| spampriv | Access to domain users “Spam” pages’ spam private feature |
| spf | Access to domain users “Spf” page and features. |
| usage | Access to the “Usage” button, which shows a domain users usage. |
| users | Access to the “Users” page and features. |
| redirect | Access to the “Redirect” page and settings. |
| redirect_cc | Access to the “Redirect CC” page and settings. |
In addition you can prefix any of the above with ! to deny access. There are two other special case values, “all” and “none” which mean exactly what they say, access to “all” or “none” of the features.
Example:
g_admin_access group=”simple” access=”all,!users,!reports”
The above setting gives admins in the ‘simple’ group access to all the features except the users and reports features.
Syntax: g_admin_access group=string access=string
g_admin_access_default
Default features granted to domain admins
This setting is a default access list for all domain admins on the server, it is specified in the same maner as the g_admin_access settings ‘access’ parameter. eg:
g_user_access_default “all,!users,!reports”
Syntax: g_admin_access_default string
g_allow_bodyless
Allow bodyless email
This will allow bodyless email to be accepted. These are usually spam. In particular Norton Antivirus in autoprotect mode closes the POP link which makes it appear that SurgeMail has terminated the connection when a bodyless email is encountered.
Syntax: g_allow_bodyless bool
g_allow_user_authent_field_get
A space separated list of authent process fields that users are allowed to view for themself using the POP xauthent_field_get command
This provides limited access to the user database for applications like webmail and surgeplus.
Syntax: g_allow_user_authent_field_get string
g_allow_user_authent_field_set
A space separated list of authent process fields that users are allowed to set for themself using the POP xauthent_field_set command
This provides limited access to the user database for applications like webmail and surgeplus.
Syntax: g_allow_user_authent_field_set string
g_allow_passzip_to
A list of addresses to allow unmonitorable archive messages to be sent to
These may of course contain viruses as they cannot be scanned, but some people still need to be able to accept such files.
Syntax: g_allow_passzip_to string
g_allow_passzip_from
A list of addresses to allow unmonitorable archive messages to be sent from
These may of course contain viruses as they cannot be scanned, but some people still need to be able to accept such files.
Syntax: g_allow_passzip_from string
g_aspam_headers
Add aspam information messages to messages.
Adds informational aspam headers to all messages.
Syntax: g_aspam_headers bool
g_aspam_need_ip
Require good matches to match external ip address
This prevents poluted bad messages in aspam_good causing spam to bypass the filters, but reduces effectiveness of the notspam address.
Syntax: g_aspam_need_ip bool
g_authent_always
Always lookup user, so virtual domains can exist just in authent module
Always lookup user, so virtual domains can exist just in authent module. This allows you to support 10,000 domains on one system without a ‘huge’ ini file. Be careful to not create/remove real domains with the same name as existing domains that only exist in the authent database as the ‘drop files/inboxes’ will move when this occurs and existing mail will vanish.
Syntax: g_authent_always bool
g_authent_any
Restore buggy behaviour of looking up users in domains that don’t exist
Previously surgemail would lookup a user even if the domain in question did not exist, if you need to restore this odd behaviour then you can use this setting…
Syntax: g_authent_any bool
g_authent_allow_badascii
Allow ascii chars outside the range 32 < 127
By default ascii characters < 32 and >= 127 are blocked as invalid. If you require these characters set this to TRUE.
Syntax: g_authent_allow_badascii bool
g_authent_case_sensitive
Make passwords case sensitive
By default surgemail avoids case sensitive passwords as they do little to increase security but causes endless frustration for users, but this is just an opinion and some people disagree so use this setting if you wish to have case sensitive passwords :-).
Syntax: g_authent_case_sensitive bool
g_authent_decrypt
Collect and store plain text passwords for migration in file pass.decrypted
This setting should only be used as part of a migration, it obviously exposes your customers passwords to risk!.
Syntax: g_authent_decrypt bool
g_authent_prefix_sep
Authent Prefix Separator (deprecated – for backward compatibility only)
Prefix separator for prefix based separator. Only relevant if enabled on a per vdomain basis using the “prefix” setting.
Syntax: g_authent_prefix_sep string
g_authent_process
Authent process
The command line of a NetWin authentication module. You can use one of our standard modules for LDAP, ODBCAuth, MySQL etc or write your own. For more information on these modules see the authentication section of the manual .
This will typically be something like:
g_authent_process “E:\surgemail\nwauth.exe -path E:\surgemail”
or
g_authent_process “/usr/local/surgemail/nwauth -path /usr/local/surgemail”
Syntax: g_authent_process string
g_authent_pass
Authent process to check passwords with
This setting has no further documentation currently available
Syntax: g_authent_pass string
g_authent_lookup
Check if accounts exist using g_authent_pass too
This setting has no further documentation currently available
Syntax: g_authent_lookup bool
g_authent_cachelife
Cache life of successful authent lookups
Set the life in seconds that successful cached lookups can be used, default 2 hours. Best left alone.
Syntax: g_authent_cachelife int
g_authent_cachebad
Cache life of failed authent lookups
Set the life in seconds that the cached failed lookups can be used, default 60 seconds. Best left alone unless your server is being hit by thousands of failed lookups and your authent module is slow.
Syntax: g_authent_cachebad int
g_authent_cachesize
Size of the authent cache
Set the size of the authent cache, default is 500 entries. Generally best left alone.
Syntax: g_authent_cachesize int
g_authent_domain
Authent domain
If this is ‘true’, the virtual domain name is appended to the username before it is passed to the authent process. This lets the authent process deal with virtual domains. As a general rule, this should ALWAYS be true.
Syntax: g_authent_domain bool
g_authent_nodomain
If true dont add @virtual.domain.name to external user lookups (NOT RECOMMENDED)
Use this at your own risk, it is provided for compatibility with dmail installations, but should be avoided if at all possible.
Syntax: g_authent_nodomain bool
g_authent_encrypt_key
Encryption key config settings
Not for general use currently, used to partially obscure credit card info when stored in the authent module.
Syntax: g_authent_encrypt_key string
g_authent_number
Authent number
The number of concurrent authent processes to run. If you are using a slow external authent module (e.g. sql) then it is probably worth running 3-4, there is no need to have more than 1 when using nwauth.exe. (Default = 1)
Syntax: g_authent_number int
g_authent_info
Authent info
Defines a piece of information to store about the user in the user database (phone number, name, address etc). Each piece of information is given a name, a field, an access mode, a default and a type. The name defines what appears in the web management display. The field is what is sent to the authent_process. The access mode can be one of the following: user, domadmin, or admin, createonly, none. The default is what value is assigned upon creation of a new user. The type can be one of: date, readonly, encrypt or any custom string which you want to check for or match on the na_details.htm page with a template function like: ||ifequal||user_info_type||custom|| .. do things .. ||endif||
An access mode of ‘admin’ means that only the system admin can see the information, ‘domadmin’ means the sysadmin and any domain admin can see the information, ‘user’ means the user can see the information, ‘createonly’ means the user sets the information at creation time but cannot see it after that and ‘none’ ensures that no-one can see or modify the information (used for information that is handled by SurgeMail itself, either through the interface or otherwise)
e.g.
g_authent_info name="Phone Number" field="phone" access="user" default="" type=""
See here for a complete list of default settings.
Syntax: g_authent_info name=string field=string access=string default=string type=string
g_authent_info_grp
Fields to show to users in this group
Specifies the authent fields this user group is allowed to see and change. This applies only to the fields visible on the account properties page and the domain admin “Users” page it cannot be used to prevent access to fields which are managed by the web interface i.e. ‘fwd’
Syntax: g_authent_info_grp group=string fields=string tag=string
g_authent_addip
Send ip address as third parameter to authent module
This setting has no further documentation currently available
Syntax: g_authent_addip bool
g_authent_ip
Authent Lookup IP numbers via authent modules – enables relaying
If enabled each connecting IP address will be looked up in your user database as x.x.x.x@ip eg: “127.0.0.1@ip” and if the user is found then relaying is allowed and if ‘send_limit=”nn”‘ is defined then that will set the tarpit send limit for that user.
For per IP tarpit limits to work you need to define the g_tarpit_max and g_tarpit_max_remote settings. And g_tarpit_drop to make the limit effective.
Syntax: g_authent_ip bool
g_authent_single
Allow local users with a single quote char in their name
This let’s users exist who contain the single quote ‘ character. It is not supported with some authent modules though, nwauth does allow it.
Syntax: g_authent_single bool
g_authent_spaces
Allow spaces in passwords DO NOT USE
Not supported for most authent modules, requires nwauth 4.0r or later, If you have already got users with spaces in their passwords and you turn this setting on, they will no longer be able to login until they reset their passwords. Authent module must support slash encoding, for nwauth add -spaces to command line
Syntax: g_authent_spaces bool
g_authent_strip_domain
Strip domain for authent lookups
Use when your database expects one ‘primary’ domain to do lookups without a domain name then SurgeMail will strip that domain only from lookups. Typically this is only necessary with old DMail authent modules.
Syntax: g_authent_strip_domain string
g_authent_restart
Cycle auth modules every 1000 lookups
This is useful if there are resource allocation issues in the authentication module. Eg OBDCAuth
Syntax: g_authent_restart bool
g_authent_logall
Turns on logging of authent requests
If enabled, authentication requests are logged in mail.log as “<day> <time> Authent[<action> <info>]”.
Syntax: g_authent_logall bool
g_authent_fwdfile
Use DMail forward files (deprecated – for backward compatibility only)
Allows old style DMail forward files to be read.
Syntax: g_authent_fwdfile bool
g_authent_timeout
Timeout for authent response
Timeout for authent response, default 60 seconds.
Syntax: g_authent_timeout int
g_authent_last_login
Store users last login time in the database
This setting will cause the authent field ‘last_login’ to be updated when a user logs in. The field is set to a timestamp which is ‘the number of seconds since midnight January 1, 1970’. This field is updated ‘at most’ once every 24 hours. Other features i.e. delete_user_after and disable_smtp_after will look for this field.
Syntax: g_authent_last_login bool
g_authent_reminders
Days till we remind user to change password
Days until we remind user to change password.
Syntax: g_authent_reminders int
g_authent_require
Days till we require user to change password
This is the one to use, only requires change in surgeweb, expire password
Syntax: g_authent_require int
g_authent_enforce
Days till we prevent user from logging in, NOT RECOMMENDED
Days until we block logins if password is not changed. This setting will annoy your customers but not really achieve anything useful, it shouldn’t be used in most situations
Syntax: g_authent_enforce int
g_auth_hide
Disable SMTP Authentication
Per default SMTP authentication is enabled. If a user matches this IP range/list they will NOT be shown the ESMTP extension for SMTP authentication. This will usually stop the mail client from prompting the user for authentication. We STRONGLY recommend you do NOT use this feature. It is much better to let users authenticate when sending email.
Syntax: g_auth_hide string
g_auth_norelay
orelay-webok-allow-surgeweb-sessions-anyway" >
This means relaying only occurs if g_relay_allow_ip matches
Syntax: g_auth_norelay_webok bool
g_auth_norelay_webok
Allow surgeweb sessions anyway.
This means relaying only occurs if g_relay_allow_ip matches
Syntax: g_auth_norelay_webok bool
g_auth_skipgateway
Skip gateway rules if we get a proxy SMTP auth command
Skip gateway rules if we get a proxy SMTP auth command. This is not for general use. It can be used if you are using SurgeMail in front of another mail server with a wild card gateway to gateway all domains to a back end mail server. Then an authenticated user is a local user trying to send out so the gateway rules are ignored. (this is strongly not recommended)
Syntax: g_auth_skipgateway bool
g_auth_path
Path to nwauth files
Needed for mirroring if using multiauth
Syntax: g_auth_path string
g_autologin_pop
Enables WebMail Autologin using POP when on another server
Webmail needs the ability to automatically login to SurgeMail to changes passwords etc. This setting will do this via an extension to the pop protocol allowing WebMail to autologin whilst running on another server. (Normally this is done using a temporary file)
Syntax: g_autologin_pop bool
g_autologin_file
File to use to share auto login information on NFS based cluster
This allows webmail to autologin when using an nfs based cluster and a load sharing device.
Syntax: g_autologin_file string
g_autologin_imap_disable
Disable IMAP based autologins
IMAP autologins allow autologin to surgeweb.
Syntax: g_autologin_imap_disable bool
g_badfrom_noip
Check envelope from domain exists and is a valid IP number
Check envelope from domain exists and is a valid ip number, if not bounce message.
Syntax: g_badfrom_noip bool
g_badfrom_noip_temp
Makes g_badfrom_noip return a temporary error instead of a 501 error
Use g_verify_mx_skip to bypass/whitelist ip addresses from this check
Syntax: g_badfrom_noip_temp bool
g_badfrom_check
Check if ‘from’ envelope can be delivered to
If this is set to “true” then SurgeMail will connect back to the envelope ‘from’ address and check that the address is valid, a cache is used to improve performance, if it cannot connect then the message is bounced as probable spam. It’s nicer to use the following setting “g_badfrom_stamp” as well, then if SurgeMail cannot connect back or the user is invalid then a header is added to indicate this, and our SmiteSpam rules will use this to increase the spam weighting.
You can use g_spam_allow to exempt an IP from this check as well as g_badfrom_whitelist for a domain. Please note that by default SurgeMail uses a blank mail from to do its check.
MAIL FROM: <>
Some servers might reject this, though they shouldn’t because its a standard bounce, however if they do you can use g_badfrom_from to set a mail from address to be used for this check.
Syntax: g_badfrom_check bool
g_badfrom_stamp
If ‘g_badfrom_check’ is bad then stamp a header on the message
g_badfrom_check must also be set to true. If this is set to “true” then SurgeMail will connect back to the envelope ‘from’ address and check that the address is valid, a cache is used to improve performance, if it cannot connect then a header is added to indicate this, and our SmiteSpam rules will use this to increase the spam weighting.
Syntax: g_badfrom_stamp bool
g_badfrom_badmx
Drop message if this MX
If mx host is one of these addresses then drop the message, it’s definitely spam (e.g. 127.*).
Syntax: g_badfrom_badmx string
g_badfrom_from
Mail from account for g_badfrom_check
From to use when doing the g_badfrom_check check, not normally needed, if set must be set to valid account.
Syntax: g_badfrom_from string
g_badfrom_whitelist
Whitelist of domains to skip from checks
Whitelist of “from” address domains to skip g_badfrom_* checks.
eg.
g_badfrom_whitelist “specialdomain.com”
Syntax: g_badfrom_whitelist string
g_ban_helo
Ban any machine that gives a matching ‘helo’ string
This is a simple spam protection system to block known spam/problem users based on the ‘helo’ name they send to your system. This name is recorded in the ‘received’ header along with the IP address. This name is very easy to ‘fake’ so is not a high security level of protection, but it is simple for stopping stupid robots etc, that have gone insane.
Example: *junkmail.com
Syntax: g_ban_helo string
g_ban_from
Ban any matching MAIL FROM: envelope
Same as ‘ban_helo’ but applies to the from (return address) part of the mail envelope. This is NOT the same as the from/sender header in the message itself!!! This equates to the ‘Return-path:’ header that the mail server adds.
Syntax: g_ban_from string
g_ban_rcpt
Ban any matching RCPT TO: envelope
Same as ‘ban_helo’ but applies to the recipient part of the envelope (destination users) this is NOT the same as the ‘To:’ header in the message itself!!! This can sometimes be used to block really simple spamming programs that always send to the same invalid users.
Syntax: g_ban_rcpt string
g_ban_blackhole
Leave connected but reject all recipients without looking them up
Leave connected but reject all recipients without looking them up. This is good of dealing with high volume spammers without wasting resources doing user lookups.
Syntax: g_ban_blackhole bool
g_bind_byfromip
Bind outgoing SMTP connections to the specified IP based on the sender IP
This setting has no further documentation currently available
Syntax: g_bind_byfromip fromip=string bindip=string
g_bind_to
Bind outgoing SMTP if to address matches
This setting has no further documentation currently available
Syntax: g_bind_to string
g_bind_to_ip
The address to bind to
This setting has no further documentation currently available
Syntax: g_bind_to_ip string
g_bind_to_name
The name to use in the ehlo
This setting has no further documentation currently available
Syntax: g_bind_to_name string
g_bind_out
Bind outgoing smtp connections to IP
Bind outgoing smtp connections to this IP number.
Syntax: g_bind_out string
g_bind_from
Bind outgoing SMTP connections based on ‘from’ envelope
Bind outgoing SMTP connections based on the IP of the virtual domain in ‘from’ envelope. This is only useful if you are using IP based virtual domains.
Syntax: g_bind_from bool
g_bind_incoming
Bind outgoing SMTP connections based on incoming ip address
So if the incomnig mail came in on interface address 1.2.3.4 then that same address is used to send the email
Syntax: g_bind_incoming bool
g_bind_in_always
Bind on incoming in preference to g_bind_from
So if the incomnig mail came in on interface address 1.2.3.4 then that same address is used to send the email
Syntax: g_bind_in_always bool
g_bind_authent_default
Bind to default if authenticated
So authenticated users get the default binding not g_bind_byfromip
Syntax: g_bind_authent_default bool
g_black_above
Level for spam detection for g_black_count
Level for spam detection for blacklisting IP number e.g. 7.
Syntax: g_black_above int
g_black_count
Blacklist sender IP based on spam sent
Number of spam in a row before IP blacklisted for 30 minutes eg: 30 (default = disabled)
Syntax: g_black_count int
g_black_to
Blacklist sender IP based on catch addresses
Blacklist senders IP address for 30 minutes if they deliver to these spam catch email addresses.
eg. g_black_to “smith@mydomain.com,catcher@myotherdomain.com”
Syntax: g_black_to string
g_black_isspam
Blacklist ip address for any spam training event
This setting has no further documentation currently available
Syntax: g_black_isspam bool
g_black_nbad
Blacklist ip address if this many bad recipients in a row (e.g. 8)
There is no default. The ip is blacklisted for the time specified by G_MAX_BAD_IP_TIME or one day. Whitelist with G_BLACK_WHITE for ip address or from matches. This limit is related to a single connection, not all errors from an ip over time.
Syntax: g_black_nbad int
g_black_white
Whitelist to prevent blacklisting, e.g. 1.2.3.*,mail*.aol.com
This setting has no further documentation currently available
Syntax: g_black_white string
g_blogs_enable
Surgemail blogs
Allow users to create blogs
Syntax: g_blogs_enable bool
g_blogs_maximum_image_width
Default maximum image width
Images larger than this that are posted to blogs are scaled down, default is 390, per blog setting can overide this.
Syntax: g_blogs_maximum_image_width int
g_blogs_maximum_image_size
Default maximum image size
Images larger than this (in largest dimension) that are posted to blogs are scaled down, default is 390, per blog setting can overide this.
Syntax: g_blogs_maximum_image_size int
g_blogs_maximum_items_in_top_page
Maximum number of items on the top blog page
Maximum number of post bodies to appear on a blog top page, default is 10
Syntax: g_blogs_maximum_items_in_top_page int
g_blogs_max_per_user
Maximum number of blogs per user
Maximum number of blogs per user, default is 5
Syntax: g_blogs_max_per_user int
g_blogs_default_template
Default template set that is used by newly created blogs
This setting can have a value of the name of any directory in the SurgeMail blogtpl directory
Syntax: g_blogs_default_template string
g_blogs_use_sub_domains
Make blogs accessible at http://blog_name.domain/
If you’re DNS entry supports it, turn on this setting to make blogs accessible at http://blog_name.blogs.domain/ instead of http://domain/blogs/blog_name
Syntax: g_blogs_use_sub_domains bool
g_blogs_sub_domain_prefix
Prefix to use instead of blogs. for blog subdomains. use ! to have no prefix.
Experimental feature do not use
Syntax: g_blogs_sub_domain_prefix string
g_blogs_not_unique
Allow the same blog name in multiple domains
If set you can create different blogs with the same name in different virtual domains, this is not recommended.
Syntax: g_blogs_not_unique bool
g_blogs_not_global
Only allows access to a blog onthe domain it is defined on
Only allows access to a blog on the domain it is defined on, this is not recommended. (probably want to use g_blogs_not_unique, g_blogs_domonly too)
Syntax: g_blogs_not_global bool
g_blogs_no_suffix
Shortens URL, url_blogs must be defined for each domain
This shortens http://a.com/blog/juggling to http:/a.com/juggling, but does require that you define a specific name for the blogs in the domain based url_blogs setting
Syntax: g_blogs_no_suffix bool
g_blogs_ping
Sites to ping on each post
Host and path to ping on each blog post. eg: host=rpc.weblog.com path=/RPC2
Syntax: g_blogs_ping host=string path=string
g_blogs_domonly
Only list blogs in a users domain
By default all blogs in all domains are listed/shown to the user. This setting causes it to only list blogs in the users domain.
Syntax: g_blogs_domonly bool
g_blogs_image_optional
Allow users to specify if image verification is required for comments
By default image verification is now required, this prevents spammers from abusing the many ‘test’ blogs set up by your users.
Syntax: g_blogs_image_optional bool
g_blogs_allow_links
Allow users to post comments that contain urls
Due to widespread abuse of blogs this is not recommended.
Syntax: g_blogs_allow_links bool
g_blogs_cleanup_links
Delete existing posts that contain urls
This setting will help cleanup existing spam postings to your users blogs.
Syntax: g_blogs_cleanup_links bool
g_blogs_comment_rev
Show blog comments newest first
Helps if there are lots of comments, this is a global setting not per blog..
Syntax: g_blogs_comment_rev bool
g_blogs_https
Use https for blog urls
This setting has no further documentation currently available
Syntax: g_blogs_https bool
g_bomb_max
Max messages to a single address per hour
Simple system to prevent intentional or more likely, accidental mail loops or mail bombs where thousands of Emails are sent to a single user. A setting in the range of 100-1000 is generally good depending on your sensitivity to incorrectly blocking real mail. We suggest 1000 is a good setting if you are unsure.
This counts the messages from a single IP address to a single recipient. If a single IP sends more than this many messages to any single recipient then they will be tarpitted (slowed down and rejected).
Use spam_allow ip.address.list to over-ride the limit for known local systems that might exceed this limit (unlikely anything will).
Syntax: g_bomb_max int
g_bomb_max_from
Max msgs from a single email address/hour
Max msgs from a single email address/hour.
Syntax: g_bomb_max_from int
g_bomb_white
don’t apply bomb_max limit if to address matches
Useful for robots etc that expect high volume
Syntax: g_bomb_white string
g_bounce_disable
Bounce Disable
Disable all bounces. This is particularly useful when under spam attack. This is for outgoing bounces it stops SurgeMail generating bounces it won’t affect incomming bounces from other servers.
example:
g_bounce_disable “true”
Syntax: g_bounce_disable bool
g_bounce_redirect
Send all bounces to a local address
This can be used to avoid ‘back scatter’ which can get your server listed in various black listed sites. In general your server should not generate bounces so if you get lots you may find changing config settings can stop them. Note this only redirects bounces to non local recipients, so your users sending outgoing mail will still get their own bounce messages.
Syntax: g_bounce_redirect string
g_bounce_reject
Reject bounces by ip address from known dumb mail servers
Some mail servers (exchange) will accept email, then bounce it, this is now considered a ‘crime’ and will get your server black listed, so if you have surgemail running as a gateway for such servers you can tell it to reject any bounce that server is foolish enough to send you.
Syntax: g_bounce_reject string
g_bounce_limit
Max size of bounce messages
Max size in bytes of message to send back as bounce message is truncated if necessary.
Syntax: g_bounce_limit int
g_bounce_some_stop
Disables locally generated bounces for partial message failure – NEVER use this!
This can decrease back scatter, but it has other bad effects, it can result in duplicate messasges arriving. Never never use this setting
Syntax: g_bounce_some_stop bool
g_bounce_nodrop
Enables locally generated bounces for non local users
This setting makes bounces occur normally, the reason bounces are normally dropped for non local users is that they are almost always spam bouncing off another server due to forwarding settings, and as such sending a bounce email will get your server black listed, so we decided it was best to drop them by default since they are rarely useful. Turn this setting on at your own risk :-). Instead use g_bounce_to to list domains that it is safe to bounce to.
Syntax: g_bounce_nodrop bool
g_bounce_to
Domains to treat as local and send bounces to
This setting makes bounces occur normally, the reason bounces are normally dropped for non local users is that they are almost always spam bouncing off another server due to forwarding settings, and as such sending a bounce email will get your server black listed, so we decided it was best to drop them by default since they are rarely useful. Turn this setting on at your own risk :-). Instead use g_bounce_to to list domains that it is safe to bounce to. e.g. *@a.com,*@b.com
Syntax: g_bounce_to string
g_warning_to
Addresses to treat as local and send warning bounces to
This may cause back scatter to use with caution
Syntax: g_warning_to string
g_bounce_to_recipient
Bounce suregewall failure to the recipient
This can help prevent message loss in rare cases where quota/size limits prevent a delivery from surgewall server to destination server.
Syntax: g_bounce_to_recipient bool
g_bounce_bind
Use a specific ip address for outgoing bounces
Some RBL sites blacklist machines for sending bounces, which is probably a good thing. But even with spf running your server may occasionally send a bounce to a forged address, and so you can use an alternate ip address for these bounces to avoid blacklisting your main mail server address. First you must assign the ip address to your network interface etc
Syntax: g_bounce_bind string
g_bounce_suggest
Send bounces to postmaster if spf cannot be verified
This may help stop black listing for backscatter while still alerting the sending domain admin that one of their users emails to your server bounced, You can specify a template file suggest.eml if you don’t like the default message suggesting the postmaster add spf records for their domain
Syntax: g_bounce_suggest bool
g_bounce_paranoid
Prevent external bounces going through surgemail
This can help stop back scatter from another server going through your server to an external domain
Syntax: g_bounce_paranoid bool
g_bounce_safe
Only send bounces to local domains
This may result in lost messages, but can also avoid backscatter issues
Syntax: g_bounce_safe bool
g_block_files
Block certain attachments
Allow you to block any mail with certain files attached.
g_block_files “*.exe,*.cmd,*.com”
Syntax: g_block_files string
g_block_skip
From or To address to bypass g_block_files
Some users will need to send various attachments, these users are excempt to the g_block_files rule
Syntax: g_block_skip string
g_block_longok
If true allow long file names (more than 180 char)
By default files names over this length are ALWAYS blocked if g_block_files is used, in rare situations these are not just viruses attempting to get around the filter.
Syntax: g_block_longok bool
g_breakin_enable
Stop multiple ip logins for one account in a few seconds
When a hacker guesses a password on your system they will often send outgoing spam to your server from multiple ip addresses, Surgemail detects this and emails the administrator when it occurs, use g_breakin_white to enable specific users who need to do this (this is very unusual though)
Syntax: g_breakin_enable bool
g_breakin_short
Match on 1.2.3.* for ip addresses, helps with google sending
When a hacker guesses a password on your system they will often send outgoing spam to your server from multiple ip addresses, Surgemail detects this and emails the administrator when it occurs, use g_breakin_white to enable specific users who need to do this (this is very unusual though)
Syntax: g_breakin_short bool
g_breakin_white
Email addresses that can send concurrently from mulltiple ips (use * to allow everyone)
When a hacker guesses a password on your system they will often send outgoing spam to your server from multiple ip addresses, Surgemail detects this and emails the administrator when it occurs, use this setting to enable specific users who need to do this (this is very unusual though), it also accepts wild cards, e.g. * if you wish to disable teh feature. A list is given as “user@domin,user2@domain2”
Syntax: g_breakin_white string
g_breakin_n
Number of different ip’s that trigger a lockout, default is 8
Only lower numbers are valid.
Syntax: g_breakin_n int
g_breakin_window
Window in seconds, default is 300
The window in which the multiple logins are counted
Syntax: g_breakin_window string
g_byname_old
Enable old slow domain lookup functions
This setting should not be needed.
Syntax: g_byname_old bool
g_convert_percent
Convert % signs top @ in recipient addresses
Some Spam tests send mail user%spamdomain.com@localdomain.com to see if a server is an open relay. If a default address is set up for the local domain this will be delivered to this local address and the test assumes the mail server is an open relay. This setting prevents this.
Syntax: g_convert_percent bool
g_crash_normal
Crash without catching exceptions
Crash without catching signals 10,11. In particular this will generate correct core files on FreeBSD systems.
Syntax: g_crash_normal bool
g_crash_simple
Crash simpler for solaris to avoid deadlock situation
This setting has no further documentation currently available
Syntax: g_crash_simple bool
g_crash_nomini
Crash without minidump on windows
This setting has no further documentation currently available
Syntax: g_crash_nomini bool
g_cid_skip_to
Skip CID score, good for lawyers etc
Some users will trigger CID matches due to the nature of their business (accountants/lawyers) for these people you may want to list them here. CID is content matching, usually scams which often use legal language.
Syntax: g_cid_skip_to string
g_mailstatus_message
Error message to give when mailstatus is set to specified state
This allows you to specify the error message given to the user when they are set to certain states, you may use other authent fields in the message, for example:
g_mailstatus_message state=”payup” message=”Payment is due $full_name$, please pay here: http://your.site/path/file.htm”
Syntax: g_mailstatus_message state=string message=string
g_manager_username
Global domain managers username (for web based domain administration)
Specifies the local users which have manager rights for all domains. These users can login to the user self management interface and will recieve special domain manager options. This setting works slightly different to the domain level ‘manager_username’ setting in that if you specify an account without the @domain part i.e. ‘admin’ it gives all admin users in all domains domain rights over all domains.
Syntax: g_manager_username string
g_mirror_host
Mirror host
This unique SurgeMail feature allows you to setup two identical mail servers across a local or widearea network. The waiting mail messages & folders etc are duplicated continuously between the two systems, so users can use either system. If either system fails for any hardware reason the other acts as an instant on line replacement without any interruption to the user. In addition when the faulty system is replaced the two automatically re-synchronize.
See this page for Mirror overview
Syntax: g_mirror_host string
g_mirror_nossl
Disable SSL for mirror protocol connection
This is best turned off unless your servers are talking over a wide area untrusted network.
Syntax: g_mirror_nossl bool
g_mirror_nwauth
Mirror NWAuth data files (deprecated – for backward compatibility only)
This setting is no longer used (as of SurgeMail 1.7d), the g_mirror_mode setting is used instead to decide whether do mirror the NWAuth database.
Syntax: g_mirror_nwauth bool
g_mirror_nwauth_always
Mirror nwauth database files
Set this if you’re using multiauth to run nwauth and you want those files mirrored. Requires you to add -isslave2 to multiauth.ini nwauth command line. Requires the nwauth files to be located in the surgemail root/install directory.
Syntax: g_mirror_nwauth_always bool
g_mirror_mode
Master / slave mirror system
Certain actions may only be run on the mirror master system (such as expire processing) or are different in behaviour between the master and slave (such as NWAuth mirrorring and dlist mirorring). This setting must be set to MASTER on one system and SLAVE on the other system for correct operation. (Note basic mirrorring of delivered mail will happen if this setting is the same on both systems it is just some of the special mirrorring functionality that this is required for)
Syntax: g_mirror_mode string
g_mirror_secret
Mirror secret shared password
This password is required to prevent the mirroring mechanisms being abused. We recommend a random string of letters at least 10 characters long. e.g. “urcajfielsjfs”
Syntax: g_mirror_secret string
g_mirror_prune_age
Mirror minimum age for items to be pruned during sync_prune
Mirror minimum age for items to be pruned during sync_prune, default 14 days.
Syntax: g_mirror_prune_age int
g_mirror_threads
Max threads we can use during resync_fast, default 6
During resync fast four threads are used, this is usually sufficient, more may overload your system and result in failures, if your system is not under load you could set it as high as eight, but this would only be sensible if your disk array has more than 4 drives in it!
Syntax: g_mirror_threads int
g_mirror_live
Mirror: Send incoming messages immediately
Enables a faster mirroring mechanism, strongly recomended, this setting will be the default in a future release
Syntax: g_mirror_live bool
g_mirror_live_max
Limit size of mirror_live default 60k
This prevents smtp delays when mirroring over a slowish link. The default is 60k
Syntax: g_mirror_live_max int
g_mirror_nsend
Sending threads to use, default 8
Sending threads for normal queue
Syntax: g_mirror_nsend int
g_mirror_config
Mirror surgemail.ini
Syntax: g_mirror_config “true/false”
You put this on both machines and it will attempt to mirror the surgemail.ini. There will be some settings that you do not wish to mirror and these can be exempted by using:
g_mirror_config_except “setting,setting,setting”
Some settings are not mirrored by default these are: g_mirror_host, g_mirror_nwauth*, g_mirror_mode, g_authent_path, g_dlist_path, g_log_path, g_record_path, g_home, g_authent_process, g_mfilter_file, g_webmail_work, g_work, g_virus_cmd, g_atrn_port, g_imap_port, g_imap_secure_port, g_ldap_port, g_manager_port, g_manager_secure_port, g_monitor_port, g_pop_port, g_pop_secure_port, g_ppd_port, g_smtp_port, g_smtp_secure_port, g_webmail_port, g_webmail_secure_port, g_surgeplus_port, g_surgeplus_secure_port, g_surgeplus_web_port, g_bind_out, g_virus_avast, dmail_drop_path, dmail_bin_path, web_path, webmail_work
(it is possible we will update this list over time)
* g_mirror_nwauth is obsolete don’t use it.
Syntax: g_mirror_config bool
g_mirror_config_except
Mirror surgemail.ini
Syntax: g_mirror_config “setting,setting,setting”
This will tell the server not to import the specified settings from the other mirror.
Example:
g_mirror_except “g_spam_allow”
This will tell the server not to change this setting. This only affects the machine its on, if the other server does not have this set, it will continue to mirror the setting. This setting accepts wildcards. This setting accepts a special case value “address” that will prevent mirroring of existing domain ip addresses, allowing different ips on each mirror machine. There are a number of settings which are not mirrored by default these are specified above in g_mirror_config.
In addition the mailbox_path setting is not mirrored, unless, the existing setting is a sub directory of the g_mailbox_path and the new setting is a sub directory of the g_mailbox_path from the other server, in which case the mailbox_path is set to the same sub directory using the existing g_mailbox_path setting eg.
[recieving server]
g_mailbox_path “c:\surgemail\mbox”
mailbox_path “c:\surgemail\mbox\domain”
[sending server]
g_mailbox_path “d:\surgemail\mbox”
mailbox_path “c:\surgemail\mbox\domain_moved_here”
[result on recieving server]
g_mailbox_path “c:\surgemail\mbox”
mailbox_path “c:\surgemail\mbox\domain_moved_here”
Syntax: g_mirror_config_except string
g_mirror_trash
Normally on a resync the trash folder is ignored.
This can be useful when you want to compare results so you want everything even if it’s a bit pointless
Syntax: g_mirror_trash bool
g_mirror_debug
Log more info to mirror log.
Helps when tracking down fault with nwauth or mirroring, never leave turned on as it can lead to mutex crashing
Syntax: g_mirror_debug bool
g_mirror_debug3
NEVER USE, MAKES MIRROR FAIL.
Helps when tracking down fault with nwauth or mirroring, never leave turned on as it can lead to mutex crashing
Syntax: g_mirror_debug3 bool
g_mirror_repair
Run resync_prune once per month, only set on master, TURN OFF DURING FAILURES
This setting runs a nighly resync to keep the cluster in sync. Maybe be resource intensive on a large system! This should always be disabled during a failure as it could cause messages loss when the master is re connected.
Syntax: g_mirror_repair bool
g_mirror_email
Email manager list of fixes sent
This is a debug setting to spot issues with mirroring, it emails the manager a log of the files that were resynced, set G_MIRROR_PRUNE_AGE 1 as well to cut down on false positives.
Syntax: g_mirror_email bool
g_mirror_max
Max items in one folder to mirror, default 160k currently
This setting has no further documentation currently available
Syntax: g_mirror_max int
g_mirror_lock
Lock master during slave bursts
This setting has no further documentation currently available
Syntax: g_mirror_lock bool
g_mirror_others
BETA Other hosts, for 3,4 host mirrors,(DO NOT USE)
This setting has no further documentation currently available
Syntax: g_mirror_others string
g_mirror_resync_inbox
BETA Resync inbox for active users once a day
This setting has no further documentation currently available
Syntax: g_mirror_resync_inbox bool
g_mtasts
Enable MTA-STS ssl/tls rules
Use DNS entries to discover if receiving server should have a signed SSL certificate
Syntax: g_mtasts bool
g_mtasts_white
Domains to ignore MTA-STS rules
Whitelist for destination domains we should just send to anyway
Syntax: g_mtasts_white string
g_mtasts_report
Alert manager on MTASTS failures
Most failures will be due to something other than real hackers, so this alert helps you resolve issues, and add whitelist rules g_mtasts_white settings for problem domains
Syntax: g_mtasts_report bool
g_callhome_disable
Disable misc features that reference netwinsite
Useful if you are paranoid about information 🙂
Syntax: g_callhome_disable bool
g_con_peruser
Connection limit per user for imap/pop. Set above 20
This setting has no further documentation currently available
Syntax: g_con_peruser int
g_con_peruser_except
Exception users to g_con_peruser, include domain name
This setting has no further documentation currently available
Syntax: g_con_peruser_except string
g_con_perip
Connections per IP
Maximum number of connections allowed per IP address. Primarily this is used to prevent simple denial of service attacks where one user could otherwise use up all the channels your system can support and then do nothing with them.
Syntax: g_con_perip int
g_con_gateway
Connection limit per ip also applies to gateways
This setting has no further documentation currently available
Syntax: g_con_gateway int
g_con_perip_except
Connections per IP exception
IP list of exception addresses to g_con_perip.
Syntax: g_con_perip_except string
g_con_persubnet
Maximum concurrent connections per subnet
Maximum number of concurrent connections per subnet. This limits concurrent connections from a sub net, great for automatically stopping professional spammers who use multiple addresses. A typical setting might be 20. Subnet is /24.
Syntax: g_con_persubnet int
g_date_add_utc
Add UTC if date header is missing it
Add timezone if date header is missing one
Syntax: g_date_add_utc bool
g_dbabble_smtp_port
DBabble SMTP port (do not manually change this setting – it should be set from the DBabble section of the web admin interface only)
This setting specifies the port that DBabble listens on. DBabble looks at surgemail.ini and if it sees this setting, overrides it’s own setting with this value. When you save changes to this setting from within the SurgeMail DBabble admin interface, SurgeMail automatically sets appropriate values for the g_redirect_iflocal and g_gateway settings.
Syntax: g_dbabble_smtp_port int
g_dbabble_smtp_prefix
DBabble SMTP prefix (do not manually change this setting – it should be set from the DBabble section of the web admin interface only)
This setting is used in conjunction with the dbabble_smtp_port setting to forward all mail with the specified prefix on to DBabble.
Syntax: g_dbabble_smtp_prefix string
g_dbabble_links
Add web links to DBabble from other web interfaces (and vice versa)
This causes links to appear in the DBabble interface to switch to using WebMail (and SurgePlus if you have the g_surgeplus_links setting on).
Syntax: g_dbabble_links bool
g_debug_block
For catching bugs in block file processsing
For catching bugs in block file processsing.
Syntax: g_debug_block bool
g_debug_crt
Some CRT debugging on windows, do not use
This setting has no further documentation currently available
Syntax: g_debug_crt bool
g_debug_ini
Debugging, don’t use this
This is a temp setting used for testing
Syntax: g_debug_ini bool
g_debug_vanished
Name of file to check for, if file vanishes, crash
This is for tracking a particular bug, not for general use
Syntax: g_debug_vanished string
g_debug_free
Check free memory isn’t corrupted – slows performance slightly
This is for tracking a particular bug, not for general use
Syntax: g_debug_free bool
g_debug_imap
Log imap folder renames and deletes in kmsg.log
This is for tracking a particular bug or user error 🙂
Syntax: g_debug_imap bool
g_debug_ncpy
Debug ncpy function
This makes ncpy clear the entire destination buffer to increase the chance of a crash if the buffer length is wrong
Syntax: g_debug_ncpy bool
g_debug_timing
Record dfopen timing, tellmail dfopen_stats
This makes ncpy clear the entire destination buffer to increase the chance of a crash if the buffer length is wrong
Syntax: g_debug_timing bool
g_debug_image
Save image thumbnail files to find bug
This setting has no further documentation currently available
Syntax: g_debug_image bool
g_debug_body
Save msg body during processing
This setting has no further documentation currently available
Syntax: g_debug_body bool
g_debug_check
Use more dmalloc debugging, some performance impact. Also set g_debug_free
This setting has no further documentation currently available
Syntax: g_debug_check bool
g_demo
Demo mode lock unsafe admin features
This setting has no further documentation currently available
Syntax: g_demo bool
g_demo_to
Demo mode valid external destinations
This setting has no further documentation currently available
Syntax: g_demo_to string
g_deny
can clutter log
This setting has no further documentation currently available
Syntax: g_deny_log bool
g_deny_country
Block email from some countries, use 2 digit code not the full name, see IpToCountry.csv, turn on g_country_ip!
Block countries, examine the file IpToCountry.csv for the abbreviations, g_country_ip must be set true, and issue tellmail aspam_update
Syntax: g_deny_country string
g_deny_smtp
Deny SMTP based on IP address
Block users from some IP ranges connecting to SMTP only.
Syntax: g_deny_smtp string
g_deny_login
Block users from some ip ranges logging in
This setting has no further documentation currently available
Syntax: g_deny_login string
g_deny_msg
Deny message
Message to give to users who are disconnected due to the above ‘deny’ setting.
Syntax: g_deny_msg string
g_deny_log
Log g_deny rejections to msg.log – can clutter log
This setting has no further documentation currently available
Syntax: g_deny_log bool
g_download
Fetch an http file and do an ini reload
Can be used with g_include to have settings fetched from a central location, the file is fetched once an hour.
Syntax: g_download url=string user=string pass=string local=string
g_domainkeys_check
Check incoming DomainKeys signatures (obsolete turn off)
See domainkeys.htm
Syntax: g_domainkeys_check bool
g_domainkeys_sign
Sign outgoing messages (obsolete, turn off)
To turn off domainkeys for some domains see the per domain setting, domainkeys_disable. See domainkeys.htm for more info.
Syntax: g_domainkeys_sign bool
g_domainkeys_selector
Policy name for your server (used creating dns entry for domainkeys)
This defines the dns entry name for your policy record and public key entry in your dns. See domainkeys.htm for details
Syntax: g_domainkeys_selector string
g_domainkeys_only
Domains to sign for outgoing email
Normally all local domains are signed, but if this setting exists then it is used instead so you must list local domains as well as non local ones you want to sign messages for. G_domainkeys_sign must also be set to true!
Syntax: g_domainkeys_only string
g_domainkeys_headers
List which headers to sign
This will help get the message through gateways without breaking the signature, try a single header, e.g. from
Syntax: g_domainkeys_headers string
g_dkim_check
DKIM Check incoming DKIM signatures
See domainkeys.htm
Syntax: g_dkim_check bool
g_dkim_sign
DKIM Sign outgoing messages
To turn off dkim for some domains see the per domain setting, dkim_disable. See domainkeys.htm for more info.
Syntax: g_dkim_sign bool
g_dkim_selector
DKIM Policy name for your server (used creating dns entry for dkim)
This defines the dns entry name for your policy record and public key entry in your dns. See domainkeys.htm for details
Syntax: g_dkim_selector string
g_dkim_only
DKIM Domains to sign for outgoing email (default is all)
Normally all local domains are signed, but if this setting exists then it is used instead so you must list local domains as well as non local ones you want to sign messages for. G_dkim_sign must also be set to true! Never set to *
Syntax: g_dkim_only string
g_dkim_exclude
DKIM Domains to not sign for outgoing email
This can be used to exclude some domains
Syntax: g_dkim_exclude string
g_dkim_headers
DKIM List which headers to sign (blank=default, and is usually best)
This will help get the message through gateways without breaking the signature, try a single header, e.g. from
Syntax: g_dkim_headers string
g_dkim_skip
DKIM Destination Domains to not sign
This is useful if the destination server is faulty with it’s dkim processing
Syntax: g_dkim_skip string
g_dkim_nogateway
Don’t sign if gateway rule used
Useful to avoid double signing incoming messages
Syntax: g_dkim_nogateway bool
g_dkim_alt_domains
Use selector ‘alt_name’ for these domains
Use if you need to use a different selector when forwarding for a domain (so you can define a different dkim private key)
Syntax: g_dkim_alt_domains string
g_dkim_alt_name
Name of selector to use
Use if you need to use a different selector when forwarding for a domain (so you can define a different dkim private key)
Syntax: g_dkim_alt_name string
g_dkim_return
Sign if ‘return path’ matches g_dkim_only
Useful when you want to act as a signing gateway
Syntax: g_dkim_return bool
g_domain_templates
Check for domain specific templates
This setting has no further documentation currently available
Syntax: g_domain_templates bool
g_dlist_nostart
Disable dlist
If set disable (do not attempt to start) dlist for DMail compatibility mode..
Syntax: g_dlist_nostart bool
g_dlist_nolocal
Remove add local button from mailing lists
Prevents address havesting etc by users – strongly recommended on public servers, not necessary on small or private servers
Syntax: g_dlist_nolocal bool
g_dlist_path
Path for dlist
DList Path normally defaults to $g_home/dlist.
Syntax: g_dlist_path string
g_dlist_one
Only allow one recipient if message is to a mailing list
This setting has no further documentation currently available
Syntax: g_dlist_one bool
g_dmail_filter
Run DMail compatible filter files (deprecated – for backward compatibility only)
Run DMail compatible filter files. Mfilter rule files should be used instead.
Syntax: g_dmail_filter string
g_dns_blank_fail
NEVER USE! Bounce email if dns response blank rather than retry
This setting has no further documentation currently available
Syntax: g_dns_blank_fail bool
g_dns_host
DNS host(s) for MX lookups
This setting can normally be left blank as the mail server will find your system DNS settings. However, you can specify one or more DNS servers for the mail server to use instead to lookup names.
DNS lookups are cached to disk so SurgeMail will generally continue to work even if your dns server is temporarily unavailable.
Test your dns server with this command. If working it should return two ip addresses for that domain.
tellmail dns_test "netwinsite.com"
Prior to SurgeMail 2.0h dns lookups were done using tcp instead of udp, they are now down with UDP unless the response exceeds UDP packet size (as per RFC).
NOTE: All dns servers listed in this setting must be fully recursive, a non recursive dns server will create many dns lookup failures!
Syntax: g_dns_host string
g_dns_nlookup
Concurrent MX lookups
Concurrent DNS lookups to send to DNS server (Default=20) (not used after version 2.0h)
Syntax: g_dns_nlookup int
g_dns_require
Require reverse DNS names match
Require MAIL FROM header to match the reverse dns lookup based of the sender based on the sender’s IP.
eg. from=*@hotmail.com hosts=*hotmail.com
Syntax: g_dns_paranoid string
g_dns_translate
If mx response is x.x.x.x translate to y.y.y.y:port
Useful for translating ip numbers inside a local intranet and doing other fancy routing of various sorts.
Syntax: g_dns_translate from=string to=string
g_dsn_loggedin
Enable DSN (Delivery Status Notification) for trusted senders.
Safer alternative to real DSN as it only applies to local users. This guesses if the user is trusted based on previous logins
Syntax: g_dsn_loggedin bool
g_dsn_enable
Enable DSN (Delivery Status Notification) esmtp extension.
Not recommended. Delivery Status Notification is used by spammers to find addresses to spam to.
Syntax: g_dsn_enable bool
g_dsn_nofinal
Try not to show real final recepients but just original recipients
This setting helps hide internal addresses in bounce messages (after forwarding etc). Not recommended.
Syntax: g_dsn_nofinal bool
g_domain_separator
Separator characters for virtual POP
For POP logins where your virtual domain is NOT distinguished by IP address users can login with ‘user@domain’ or user/domain.name etc and the mail server will pickup the domain name correctly. By default only ‘user@domain.name’ is accepted unless this setting is used which can be useful for brain dead mail clients which don’t allow the user to specify ‘user@domain.name’ as the username eg:
g_domain_separator “/”
Syntax: g_domain_separator string
g_domain_list_max
Maximum number of domains to list at once
Maximum number of domains to list at once in the admin user interface.
Syntax: g_domain_list_max int
g_domain_default
Default domain when POP/IMAP user does not specify one
This is probably not what you think it is, generally the ‘first’ domain in surgemail.ini is used in this situation, but in some instances, when using domuser.dat for example to translate users back to virtual domains, you will want the default domain to be a ‘generic’ made up domain that doesn’t really exist.
For example lets say you have users fred@a.com, bob@b.com, then in domusers.dat you have
fred@a.com fred@a.com
bob@b.com bob@b.com
bob@xxx bob@b.com
fred@xxx fred@a.com
And the result is that users who login to pop as bob or fred, will be correctly mapped to the correct virtual domain user even though the actual domain is different in those two cases.
Clear as mud I expect?
Syntax: g_domain_default string
g_domuser_file
Domain users to thousands of virtual domains easily
Specifies a file which contains lines that translate an email address to the username that should be looked up in the database. This file can contain a domain name not previously specified in surgemail.ini allowing you to create unique sub-domain addresses. eg:
g_domuser_file “c:\surgemail\domuser.dat”
Example entries…
*@domain.com postmaster@domain.com
userA@domain.com userB@domain.com
firstname@lastname.domain.com firstname@lastname.domain.com
Syntax: g_domuser_file string
g_dotlock_minutes
NFS lock waits
Minutes to wait for nfs lock file, default 20 minutes.
Syntax: g_dotlock_minutes int
g_drop_use_len
Use the content-len header for drop file processing
For use on Solaris when using sendmail for incoming mail delivery.
Syntax: g_drop_use_len bool
g_encrypt_prefix
Prefix for encrypted messages must match encrypt rule so replies are encrypted
This setting has no further documentation currently available
Syntax: g_encrypt_prefix string
g_ehlo_simple
Ip addresses to give simple ehlo respone to
This is a debugging setting, do not use.
Syntax: g_ehlo_simple string
g_ehlo_8bitmime
Enable 8bit mime in ehlo response (not recommended)
This is probably a bad idea, it is best to reject 8bit mime and stop people sending it as the destination server may not support it
Syntax: g_ehlo_8bitmime bool
g_ehlo_log
Log ehlo/bind to msg*.rec logs
This setting has no further documentation currently available
Syntax: g_ehlo_log bool
g_event_url
Send msg events to a url
The parameters sent include, (given url)&mode=xx&mid=xx&from=x&to=xx&qnum=xx
Syntax: g_event_url string
g_event_list
Events wanted by url
e.g. New,Sent,Bounced,Later,Failed,Stored,Dropped,Rejected
Syntax: g_event_list string
g_emailreg_enable
Enable whitelist http://www.emailreg.org register to use
Be aware that this setting will not work until you register on their server and tell them the ip address of your server/dns to permit lookups. They charge $20 to verify your domain and this will help to get your email delivered more reliably
Syntax: g_emailreg_enable bool
g_external_warn
Tag external messages from non friends
This tags any external email with a warning
Syntax: g_external_warn bool
g_external_all
Tag messages from friends too
This tags any external email with a warning
Syntax: g_external_all bool
g_external_msg
Msg to insert at the top of external mails
This tags any external email with a warning
Syntax: g_external_msg string
g_external_style
css style for the warning
Used to set the color/font etc…
Syntax: g_external_style string
g_external_spam
Tag messages in spam folder too
Tags most msgs placed in the spam folder too.
Syntax: g_external_spam bool
g_external_white
Disable for return path matches
This setting has no further documentation currently available
Syntax: g_external_white string
g_external_only
Enable only these destionations
e.g. *@xyz.com,*@fred.com
Syntax: g_external_only string
g_external_white_to
Disable for these recipients
People who don’t need warning.
Syntax: g_external_white_to string
g_external_ip_disable
Do not add X-External-IP header
Removes external ip address from headers.
Syntax: g_external_ip_disable bool
g_fallback_relay_if_exists
Use FALLBACK_RELAY if not logged in but user exists (OLD_POPHOST_CREATEUSER_DISABLE)
This can be used to relay users where you have a user database that can be checked on the front end system directly (odbcauth, tcpauth, etc)
Syntax: g_fallback_relay_if_exists bool
g_feat_testing
Testing setting do not use
Used to test alternate spam filter weigtings
Syntax: g_feat_testing bool
g_filter_pipe
Filter pipe allowing external message processing
This allows external applications to filter and modify incoming messages. Example: Integration with Spam Assassin (on UNIX) could be achieved as follows:
g_filter_pipe “/usr/local/bin/spamassassin -P”
it expects a normal unix ‘filter’ so, read the message on ‘stdin’ and write the identical (or modified) message to ‘stdout’.
The input will be ‘crlf’ terminated and so should the output file.
That’s all you can do with this mechanism, if you want to bounce the message or flag it as spam you ‘add’ a header and then use something in surgemail to detect and act on the header you’ve added (mfilter)
Syntax: g_filter_pipe string
g_filter_pipe_skip
Skip filter if ip matches this
Set this for local servers that don’t need filtering, e.g. mailing list servers, local trusted robots.
Syntax: g_filter_pipe_skip string
g_filter_pipe_noauth
Skip for auth users
Skip for authenticated users
Syntax: g_filter_pipe_noauth bool
g_filter_pipe_headers
Re-read headers after pipe finishes
Needed if you want headers to be seen by later surgemail processing
Syntax: g_filter_pipe_headers bool
g_filter_max
Max size of messages to send through the filter pipe
Messages over this size (in bytes) are skipped. default = no limit
Syntax: g_filter_max int
g_filter_n
Number of filters to run simultaneously
Default is 20, when this limit is reached the incoming thread waits a few seconds then skips the filter if necessary, this is intended to prevent a log jam/melt down effect.
Syntax: g_filter_n int
g_filter_timeout
Filter pipe timeout
Filter timeout (g_filter_pipe) in seconds, default is 360.
Syntax: g_filter_timeout int
g_fix_crcrlf
Fix email messages containing crcrlf for line termination
This is best not used, it’s best to fix the faulty email application, results are not gauranteed.
Syntax: g_fix_crcrlf bool
g_fix_imap_lf
During IMAP import fix email messages containing lf
This is best not used, it’s best to fix the faulty email server, results are not gauranteed.
Syntax: g_fix_imap_lf bool
g_friends_spf
Refine friends matching using spf/dmarc when possible
This setting has no further documentation currently available
Syntax: g_friends_spf bool
g_friends_only
Friends system
An anti-spam feature which screens incoming mail to ensure it comes from a human. For incoming mail from unknown addresses a message is sent to this person requesting them to reply to confirm they are human and the original message will be delivered. See this page for more details.
Syntax: g_friends_only bool
g_friends_bounce_rej
Reject blank return path as friends failures
This setting has no further documentation currently available
Syntax: g_friends_bounce_rej bool
g_friends_bounce_friend
Allow exception rules to bounce a mesesage from a friend
This setting has no further documentation currently available
Syntax: g_friends_bounce_friend bool
g_friends_cleanup
Cleanup/repair large friend.lst files
This setting has no further documentation currently available
Syntax: g_friends_cleanup bool
g_friends_daemon_ok
Accept emails from any mailer deamon
This setting has no further documentation currently available
Syntax: g_friends_daemon_ok bool
g_friends_name
What to call the friends system
This specifies what to call the friends system when referring to it on web pages and in email to our users, you can call it whatever you like
Syntax: g_friends_name string
g_friends_pending_name
The imap name of the friends_pending (and spam store) quarantine folder – should match surgeweb imap_spam_folder – default is ‘Friends Pending’
This shouldn’t be changed unless this feature has not been used before as it will confuse your users. Any matching folder the user has of the same name will become invisible. So at least make it something other than simply Spam!!
Syntax: g_friends_pending_name string
g_friends_silent
Disable friends responses to users
This setting is to simply disable the confirm emails, not generally recommended as this makes friends a bit pointless.
Syntax: g_friends_silent bool
g_friends_silent_level
If spam score above this then don’t send friends message
Not generally recommended.
Syntax: g_friends_silent_level int
g_friends_ignore
List of addresses considered friends for all users on the system
List of addresses considered friends for all users on the system eg: the system manager email address
Syntax: g_friends_ignore string
g_friends_skip_ip
List of ip addresses considered friends for all users on the system
This setting has no further documentation currently available
Syntax: g_friends_skip_ip string
g_friends_confirm_subject
String to use as the subject of a friends confirmation email
String to use as the subject of a friends confirmation email. Defaults to: “Please reply to ||confirm|| message and allow delivery”. This value must contain the text ||confirm||, this text is replaced by the unique message id that allows SurgeMail to find the message to release eg. confirm(1150419513.1880_1180.domain). It is also advisable to place the ||confirm|| near the start of the string as some clients will truncate long subjects and any truncation of the ||confirm|| value will result in failure to release the message.
Syntax: g_friends_confirm_subject string
g_friends_default_mode
Default friends mode, smite (recommended) silent, or list
Valid settings are kids,disabled,smite,silent,list. Recommended silent or smite, in silent mode no challenge email is sent, in smite mode a challenge email is sent if the score is exceeded.
Syntax: g_friends_default_mode string
g_friends_default_autoadd
Default auto addition when sending (recommended)
This setting has no further documentation currently available
Syntax: g_friends_default_autoadd bool
g_friends_msg
Message used for friends bounce.
e.g. Delivery pending, to deliver you must send an email to
Syntax: g_friends_msg string
g_friends_msg_link
Message used for friends link bounce.
e.g. Note: Delivery will ONLY occur if you click on this link
Syntax: g_friends_msg_link string
g_friends_latest_headers
Friends system re-read message headers
Causes friends to re-read message headers, allowing rules based on headers added during delivery
Syntax: g_friends_latest_headers bool
g_friends_lang_auto
Set users language settings automatically based on observed emails from friends
This setting improves spam handling
Syntax: g_friends_lang_auto bool
g_friends_pending_keep
Time to keep friend pending messages
How long to store users friends pending messages before deleting them (days)
Syntax: g_friends_pending_keep int
g_friends_pending_max
Max items in pending before deleting them
The default is 10000 Items
Syntax: g_friends_pending_max int
g_friends_pending_vanish
Enable auto-vanish of pending messages on confirmation bounce
When a bounce for a confirmation message is received we vanish it, this setting will also delete the original message.
Syntax: g_friends_pending_vanish bool
g_friends_at_rcpt
Whether to check users friends list at rcpt stage
This setting is automatically added/removed by the web admin when global friends defaults are configured. It allows us to check friends at rcpt stage without paying a disk access cost for non-friends users.
Syntax: g_friends_at_rcpt bool
g_friends_allow_spf
Allow all email through as if it was a friend during temporary allow
The user click on a button to disable friends for a few hours, during this time all messages will get treated as a friend and thus bypass SPF too.
Syntax: g_friends_allow_spf bool
g_friends_spf_fail_bounce
Bounce SPF failures, do not send friends confirmations (Not recommended)
The default behaviour is to only send confirmations if SPF checks pass, if they fail friends checking is skipped, no confirmation request is sent and the email is not blocked by friends.
Syntax: g_friends_spf_fail_bounce bool
g_friends_check_spf
Disable friends bounces if SPF headers missing/failed to avoid backscatter.
If the incoming message may be forged it will bounce messages using an smtp error code to deny delivery but it will allow any real sender to bypass this. This settings is good if spamcop block your domain for sending friends challenges as it cuts down on the number of such messages. This avoids backscatter
Syntax: g_friends_check_spf bool
g_friends_safer
Make friends always avoid back scatter.
By using a rejection during the incoming message instead of sending an email back scatter is completely avoided.
Syntax: g_friends_safer bool
g_friends_always
Always use friends list.
This enables the “Add all outgoing email addresses to list” feature and always checks incoming messages against the friends list so that SurgeMail can correctly tag or filter it.
Syntax: g_friends_always bool
g_friends_add_trusted
Add to friends list when if sender is trusted
This is useful if senders are not using smtp auth but you still want friends to be added, typically used with surgewall…
Syntax: g_friends_add_trusted bool
g_friends_global_add
Add to a global friends list if ip matches and sender doesn’t match authenticated user
Used when you wish to whitelist outgoing addresses even though the sender/reply address does not match the authenticated user (e.g. messages sent via exchange)
Syntax: g_friends_global_add string
g_friends_global_exclude
Addresses not to auto add, e.g. *@paypal.com
This is good for avoiding meaningless entries or obvious entries that people might send email to by mistake
Syntax: g_friends_global_exclude string
g_friends_confirm_debug
Log sucessful friends confirmation responses
This enables us to examine suspect replies to friends confirmations for indications that they were sent by spammers or mail robots.
Syntax: g_friends_confirm_debug bool
g_friends_rotate
Rotate user level log file, default 30k
Set log size, the log is also rotated when a friends report email is sent (if configured)
Syntax: g_friends_rotate int
g_friends_long
In friends web release addresses use a longer url
Uses an older style link
Syntax: g_friends_long bool
g_friends_ignore_trusted
If from trusted ip still apply friends
Useful when you have a gateway that is sending to surgemail
Syntax: g_friends_ignore_trusted bool
g_friends_url
Specify default global url for friends release http://domain.name:port
Normally the default will work.
Syntax: g_friends_url string
g_friends_testurl
Test g_friends_url and status_url and url_host work externally
Reports to manager if any fail
Syntax: g_friends_testurl bool
g_friends_autodom
Auto whitelist friends based on domain/ip
This means a friend or trained message will whitelist the entire domain/ip address combination until contradicted for all users
Syntax: g_friends_autodom bool
g_speech_cmd
Command to convert sound file to text (append .txt to filename)
This setting has no further documentation currently available
Syntax: g_speech_cmd string
g_speech_from
Only attempt conversion if from this email address
This setting has no further documentation currently available
Syntax: g_speech_from string
g_speech_size
Default 10mb, will not convert larger files
This setting has no further documentation currently available
Syntax: g_speech_size int
Example: 10mb
g_status_url
Specify default global url for status messages
Normally the default will work.
Syntax: g_status_url string
g_status_view_html
Obsolete setting
Setting is no longer used.
Syntax: g_status_view_html bool
g_status_login
Require login for spam status actions
This setting has no further documentation currently available
Syntax: g_status_login bool
g_friends_byemail
Use old email based friends rejections
This restores the old beahviour, you would normally only use this if your mail server was unaccessable via http as email based rejections are not as easy to use or as reliable as web based human confirmations
Syntax: g_friends_byemail bool
g_friends_bounce_second
Bounce the next time the user sends a message if waiting for confirm still
This can make it clearer that email is not getting through to the destination
Syntax: g_friends_bounce_second bool
g_friends_old_status_email
Use older status email & processing
Use status.eml instead of status_html.eml
Syntax: g_friends_old_status_email bool
g_friends_obey_spf
If SPF failed then no friends match allowed for local domains
If spf failed then don’t allow a friends match
Syntax: g_friends_obey_spf bool
g_friends_local_match
If from!=returnpath and one is local, then block friends match
This setting has no further documentation currently available
Syntax: g_friends_local_match bool
g_friends_spam_score
Default level to quaranteen message in spam folder (Recommended 8 or 10)
This sets the default when no friends.ini file exists, a level of 8 will give best all round results, a level of 10 will stop less spam but avoid false positives.
Syntax: g_friends_spam_score int
g_friends_status_sort
Sort friends status messages with low scores at the top
This setting has no further documentation currently available
Syntax: g_friends_status_sort bool
g_friends_release_wash
Clean any subject marking (ie stars) when releasing/allowing
This setting has no further documentation currently available
Syntax: g_friends_release_wash bool
g_friends_warnonce
Give bounce on only the first message
This used to be the default, but it meant people thought delivery was occurring!
Syntax: g_friends_warnonce bool
g_friends_debug1
NEVER USE, only for NetWin testing
This makes surgemail always send an email bounce rather than a safe reject, only intended for testing bounce messages
Syntax: g_friends_debug1 bool
g_footer_file
Footer file
Footer file which is appended to all plain text mail messages.
Syntax: g_footer_file string
g_footer_html
Footer file (HTML mail)
Footer file which is appended to all HTML mail messages.
Syntax: g_footer_html string
g_footer_send
Footer file (outbound only)
Plain text footer file which is appended to all outbound mail messages only.
Syntax: g_footer_send string
g_footer_sendonly
Enable outbound footer
Add g_footer_send to all messages when sending to non local users.
Syntax: g_footer_sendonly bool
g_footer_auth
Only add footer for authenticated local users
This essentially adds the footers to ‘outgoing’ email… if the user is a member of the group nofooter then the footer is also skipped.
Syntax: g_footer_auth bool
g_footer_skip
Skip footers for these users
This skips the footer for matching users (e.g. cell phones etc)
Syntax: g_footer_skip string
g_footer_trusted
Only add footers if sender is trusted
This prevents the footer from being added for a message that pretends to come from your domain.
Syntax: g_footer_trusted bool
g_footer_notfound
Only add footer if footer is not in message already
This works by examining the message contents to try and find part of the footer.
Syntax: g_footer_notfound bool
g_footer_skipfound
Only add footer if this text is not already in the message, requires g_footer_notfound
This can be used to make the footer optional
Syntax: g_footer_skipfound string
g_from_bl
Domain Based Blacklist Zones, lookups FROM domain in dns
The ‘from’ domain is checked against the specified RBL which must be a special ‘FROM’ based rbl which lists spammers by from address. Most spammers fake from addresses so this is a fairly marginally useful method.
Syntax: g_from_bl name=string stamp=string
g_from_bounce
Bounce if from is probably faked
Bounce if from address is probably faked.
This check is activated for any mail with a local domain in the from address but not using SMTP authentcation, relay allow IP address or spam allow IP address.
Syntax: g_from_bounce bool
g_from_body_bounce
Reject if local from header address is probably faked
Checks if the sender is authenticated or from an address that can relay, if not then the message is bounced if it claims to be from a local domain. One of the settings to prevent forgery
Syntax: g_from_body_bounce bool
g_from_stamp
Stamp if from is probably faked
Stamp message with “X-Verify-Failed:” header if from address is probably faked.
eg: X-Verify-Failed: <user@mydomain.com> From mydomain.com is local but user not authenticated or from g_relay_allow_ip
This check is activated based on the same conditions as g_from_bounce.
Syntax: g_from_stamp bool
g_from_timeout
Timeout on g_badfrom_* checks
Timeout in seconds of g_badfrom_* checks. Default = 60 seconds. If this timeout is reached the g_badfrom check will be classed as having failed.
Syntax: g_from_timeout int
g_from_check
Check from matches valid local domain
Check from domains match valid local domains if user is authenticated, or g_from_allow.Should be used with g_from_bounce “true” which basically forces them to authenticate and then makes this setting work properly.
Syntax: g_from_check bool
g_from_noforge
If envelope or from is local domain then the other must be too
This can prevent many common forms of forgery, this will bounce some real email, so probably better to use the noforgeme setting instead. One of the settings to prevent forgery
Syntax: g_from_noforge bool
g_from_noforge_some
If from matches this then from/envelope must match
Prevent forgeries of important local addresses, e.g. *support*
Syntax: g_from_noforge_some string
g_from_noforgeme
If to==from then from and env from must match
This can prevent many common forms of forgery, this is safer than the noforge setting above, and generally almost as effective. One of the settings to prevent forgery
Syntax: g_from_noforgeme bool
g_from_noforgename
If from contains two addresses the domains must match
Prevents forgery where the descriptive name is a fake email address that doesn’t match the real address
Syntax: g_from_noforgename bool
g_from_nofriend
If forge setting would bounce message then allow message but don’t allow friend match
This setting modifies the g_from_noforgeme behaviour so it doesn’t block the message but does prevent a friend match occurring
Syntax: g_from_nofriend bool
g_notlocal
Add ALERT to message subject if domain is local but origin is external
This setting has no further documentation currently available
Syntax: g_notlocal bool
g_notlocal_message
ALERT text to add to suspect messages that appear to be from a local domain
This setting has no further documentation currently available
Syntax: g_notlocal_message string
g_from_allow
-allow-ip-ip-addresses-to-bypass-local-from-check" >
This setting has no further documentation currently available
Syntax: g_from_allow_ip string
g_from_allow_ip
IP addresses to bypass local from check
This setting has no further documentation currently available
Syntax: g_from_allow_ip string
g_from_allow_to
destination user to bypass local from check
This setting has no further documentation currently available
Syntax: g_from_allow_to string
g_from_exact
Check from matches authenticated user
Check from matches authenticated user. If user is not authenticated the setting is skipped.
Should be used with g_from_bounce “true” which basically forces them to authenticate and then makes this setting work properly.
Syntax: g_from_exact bool
g_from_relay
If not authenticated and g_relay_allow_ip matched then block if not local domain or whitelisted
This one helps prevent a local virus sending out spam. It basically says non authenticated users who can relay due to a g_relay_allow_ip rule must send from one of your domains or use smtp authentication or be in a white list. Note this test is performed on the message envelope not the body. We recommend insisting on smtp authentication to reduce your risk of this type of problem.
Syntax: g_from_relay bool
g_from_relay_white
White list of domains for g_from_relay setting
This is domains that can be used as a ‘from’ address for non authenticated users, in addition to local domains
Syntax: g_from_relay_white string
g_from_domain
Default domain for from envelope
Fixes the ‘from’ envelope if the email client failed to specify a domain name, this doesn’t fix the from header currently but we may change that in future!
Syntax: g_from_domain string
g_gateway
Gateway messages to a particular domain (Or smarthost)
Used to gateway messages to another local mail server. Typically this other server is inside a fire wall so it’s local IP address is not known by the DNS server. You specify the domain and IP address to send messages to and this server is treated as ‘local’ rather than remote in terms of open relay restrictions. eg: nonauthenticated users are able to send in mail. Open relay restrictions do not apply to messages sent to this domain because they are considered as if they were local users and not ‘relaying’.
This setting has the fields domain(required), to(required), user(optional), pass(optional), relay=true/false(optional),check=true/false (optional)
Normally “domain” and “to” are the only fields that need to be filled in. eg. To relay mail from anyone to user accounts in the domain somedomain.com to the host 1.2.3.4.
g_gateway domain=”somedomain.com” to=”1.2.3.4″
user=”username” pass=”password”
If SMTP authentication is required on the destination server the user and pass fields need to be completed.check=true
The check=true setting tells surgemail to actually connect to the server and check that recipients exist before accepting an incoming email for that user, this is STRONGLY recommended, as it stops the server having to bounce thousands of messages when spammers send to invalid addresses on your server. If SurgeMail cannot connect it will assume the user does exist so nothing is bounced except when the connection is successful.
Classic smarthost setting
This is where you want to send all outgoing email to another server, that may require authentication, note that we don’t use relay=”true” as that would make the server an open relay.
g_gateway domain=”*” to=”isp.mail.server” user=”user@isp.server” pass=”xxx”
relay=”true” (warning, usually not needed or wise, this can make your server into an open relay for spammers to abuse!)
As a safety measure to prevent accidental openrelays, SurgeMail will not relay for non authenticated users or trusted users (users that are allowed to relay due to relaying settings eg g_relay_allow_ip) if the domain is “*”. This can be overridden by placing “true” in the “relay” field. eg: To relay all mail for all users to host 1.2.3.4:
g_gateway domain=”*” to=”1.2.3.4″ relay=”false”
It is possible to use domain=”c:\domains.txt” where domains.txt is a file listing the domains to be gatewayed, this should only be done for one gateway rule, and is only worth doing if you have thousands of domains to gateway.
local=”true”
Requires that the destination addresses exist in the local account database.
g_gateway_open
Allows an open relay setting in g_gateway
This lets you set g_gateway domain=* and relay=true, this makes your server an open relay so is never a good idea!
Syntax: g_gateway_open bool
g_gateway_allow
Known hosts that act as incoming SMTP or surgewall servers for us
Some spam prevention mechanisms which use the ip address of the incoming system must be disabled for incoming SMTP servers/surgewall/firewall boxes so that stupid limits don’t block all the incoming messages from your backup mx server etc. Settings this affects: g_tarpit_max, g_tarpit_max_remote, g_con_perip, RBL checks,
Syntax: g_gateway_allow string
g_gateway_auth
Send SMTP auth requests to another host
Send SMTP auth requests to another host.
Syntax: g_gateway_auth string
g_gateway_always
Always send to gateway even if local domain exists
Always send to gateway even if local domain exists. Not sure why you would want to use this setting other than to temporarily send mail on to another server whilst keeping the local domain and accounts intact and untouced.
Syntax: g_gateway_always bool
g_gateway_data
Gateway at the data stage
To allow bounces to be handled cleanly gateway messages before responding to the data comman so bounces can go direct without being generated and creating back scatter.
Syntax: g_gateway_data bool
g_gateway_ifnot
Send mail to gateway in preference to local delivery unless IP matches
The use of g_gateway_ifnot will deliver mail to the g_gateway rule in preference to local delivery unless the IP number matches. This would typically be used to pass mail through an external SMTP server for certain or all domains for scanning purposes etc.
Syntax: g_gateway_ifnot string
g_gateway_ignorewild_ip
Ignore * gateway rules if from ip matches (allows outbound email scanning using gateway * to external scanner)
This setting has no further documentation currently available
Syntax: g_gateway_ignorewild_ip string
g_gateway_helo
Header that must exist in incoming bounces (g_send_helo) or bounces are dropped
An incoming filter can discard the majority of incoming bounces by using this setting to figure out if a bounce is valid without having to do a user lookup first! Usually this would be the setting g_send_helo from your ‘outgoing’ mail server, this setting can be a list of host names.
Syntax: g_gateway_helo string
g_gateway_orcpt
Writes an original receipt header when forwarding a message, this may disclose multiple recipients, cc/bcc etc use only for tracking faults
This writes a header X-Rcpt-Original: …, when forwarding a message to another server, good for tracking problems. This may disclose multiple hidden recipients, it should not be used normally
Syntax: g_gateway_orcpt bool
g_gateway_from
Pass ‘from’ header thru during gatewawy check
In some cases to verify an email address the correct ‘from’ must be passed through, normally this is a bad idea as it will cause spf failures, but it is sometimes necessary
Syntax: g_gateway_from bool
g_gateway_mx
If specified IP address is found in mx record for destination then allow relay (not recommended)
This can be useful if you have thousands of servers using your machine for mx backup and you want to allow them simply because the mx records exist, it’s much better to use g_gateway or g_relay settings instead as this saves lookups and makes the results entirely more predictable 🙂
Syntax: g_gateway_mx string
g_gateway_shuffle
Round robbin shuffle of to ip addresses for gateway rules
Use if you wish to spread outgoing load evenly to multiple outgoing servers.
Syntax: g_gateway_shuffle bool
g_group_field
Group Field from authentication database
Based upon a match on an arbitrary field in the authentication database a user can be defined as being part of an access_group. All fields (field, value, group) are required. eg: To add the user to the access_group “paid_user” if the field “mystatus” has the value “fullaccess”:
g_group_field field=”mystatus” value=”fullaccess” group=”paid_user”
Syntax: g_group_field field=string value=string group=string
g_gzip_disable
Disable gzip web compression
This setting has no further documentation currently available
Syntax: g_gzip_disable bool
g_hack_detect_disable
Stop admin emails when users login with a weak password
Useful if you must have weak passwords for some reason
Syntax: g_hack_detect_disable bool
g_hack_touser
Send warnings about hacking directly to users
Send warnings directly to users
Syntax: g_hack_touser bool
g_hack_url
Url for users to change password
Url to your server for users to change password, if not given the user.cgi url will be generated
Syntax: g_hack_url string
g_hack_msg
Message to send to users with a weak password
Message to send to users with a weak password
Syntax: g_hack_msg string
g_hack_report
Address to send weak password reports to
This setting has no further documentation currently available
Syntax: g_hack_report string
g_hack_noemail
Disable weak password reports
This setting has no further documentation currently available
Syntax: g_hack_noemail bool
g_hacker_max
Login guesses for one ip address before we lockout the ip address
Stops hackers from guessing passwords every day until they find one, use tellmail unlock ip.number to unlock, or whitelist it…
Syntax: g_hacker_max int
g_hacker_whitelist
Ip addresses to avoid guessing issues
Whitelist for gateways or other systems that you expect multiple failed logins from (e.g. webmail host)
Syntax: g_hacker_whitelist string
g_hacker_poison
Poison accounts. Instantly blacklist ip address e.g. root@*
If user tries to login with this account then their ip address is blocked from further logins. Give full domain name or wild card, e.g. root@your.domain,staff@*
Syntax: g_hacker_poison string
g_hacker_weak
If user tries weak password, lockout ip address
If someone is ‘guessing’ weak passwords their ip address will be locked out
Syntax: g_hacker_weak bool
g_hacker_password
If hacker attempts to login with account name as password, then blacklist ip
Good for stopping robots guessing accounts
Syntax: g_hacker_password bool
g_hacker_passwords
Failed logins that use these passwords will lockout the ip address
List commonly guessed passwords, e.g. 12345678
Syntax: g_hacker_passwords string
g_hacker_alert
Email manager if address is locked out
This setting has no further documentation currently available
Syntax: g_hacker_alert bool
g_hacker_fwd
Email manager if user sets fowarding rule
Useful to identify a spammer trying to set a bounce address to pickup incoming email
Syntax: g_hacker_fwd bool
g_hacker_days
Days to keep ipaddress locked out, default 7
This setting has no further documentation currently available
Syntax: g_hacker_days int
g_hacker_more
Be more restrictive, don’t allow /24 netblocks based on loginip
This setting has no further documentation currently available
Syntax: g_hacker_more bool
g_header_out
Header to add to outgoing posts
Mail header to add to outgoing mailing list posts.
Syntax: g_header_out string
g_help_local
Make all help references to the local help files
This setting has no further documentation currently available
Syntax: g_help_local bool
g_help_url
Link to another website for help instead of surgemail.com
This setting has no further documentation currently available
Syntax: g_help_url string
g_helo_optional
Make the SMTP Helo optional
Helo is optional for SMTP protocol (not recommended).
Syntax: g_helo_optional bool
g_home
Root directory of the mail server
This setting controls where the mail server runs including the many sub directories it creates below this directory for work files and log files for each domain. Not something you should generally change.
Syntax: g_home string
g_honeypot_key
Key for HTTP RBL service www.projecthoneypot.org – not recommended
Do not share your key you can get a key for free from this web site. By defining this setting you will enable honeypot lookups, which in turn will block web imap pop and smtp authentication connections from listed sites, it does not block normal incoming email, but does reduce the permitted guess count to ‘1’. You can whitelist an ip address using g_spam_allow or g_hacker_whitelist, this setting will tend to cause false positives which will stop users logging in, we don’t recommend you use this setting currently.
Syntax: g_honeypot_key string
g_honeypot_rbl
RBL name to lookup, typically dnsbl.httpbl.org
This is the name of the rbl database we are going to query
Syntax: g_honeypot_rbl string
g_host_redirect
Redirection based on host for surgeweb’s https_required redirection
This setting has no further documentation currently available
Syntax: g_host_redirect from=string to=string
g_http_proxy
Proxy web server for fetching files via HTTP
Proxy web server for fetching files if direct access fails. (mainly for updates to the spam prevention rules from netwinsite.com and for downloading the latest version of the SurgePlus Windows client to make available to your users.)
Syntax: g_http_proxy string
g_http_11
Use http 1.1 requests to netwinsite (do not use)
Experimental setting do not use
Syntax: g_http_11 bool
g_ipv6_enable
Enable IPV6 networking only use if you have an IPV6 address for some reason
Enable IPV6 networking, Best avoided unless your mail server is in ipv6 address space.
Syntax: g_ipv6_enable bool
g_ipv6_notrim
Prevent automatic conversion of ::ffff:x.x.x.x to x.x.x.x
Disables the automatic conversion of addresses to ipv4 format strings on linux
Syntax: g_ipv6_notrim bool
g_imap_acl
Enable ACL (shared folders) in imap
This setting allows folders to be shared between users. See the domain setting ‘imap_public’. Requires surgemail 3.9d or later! For this to work you will need an imap client that supports ACL’s to create and map shared folders (.e.g. thunderbird)
Syntax: g_imap_acl bool
g_imap_auto_create
Create folders matching this list in response to ‘select’ commands
Some imap clients assume certain folders exist, this setting can be used to let surgemail auto create such folders when the imap client requests some action involving the folder
Syntax: g_imap_auto_create string
g_imap_auto_subscribe
Auto subscribe folders for users
This setting has no further documentation currently available
Syntax: g_imap_auto_subscribe bool
g_imap_blacklist
Test if imap users are in rbl’s and email admin
This lets you find any of your users who’s ip address has been blacklisted, at most it will email once a day, any additional entries are logged in mail.err log file (search for ‘blacklist’)
Syntax: g_imap_blacklist bool
g_imap_cram_enable
Enable CRAM-MD5 authentication (requires nwauth 4.0h or greater)
Please note that CRAM-MD5 does have security implications, specifically it means that the local users password must be stored in a semi reversable state in the authent database. Also you must be using the new version of the NWAuth module.
Syntax: g_imap_cram_enable bool
g_imap_capa
Where to get the CAPABILITY value from
When you have suffix based domains and you’re using SurgeWall the CAPABILITY request comes before the domain of the user is known. As such SurgeMail cannot determine whether to send the real servers CAPABILITY or it’s own. This setting will choose the default behaviour, valid values are: Local, . By default SurgeMail defaults to the behaviour of the primary domain, if it’s surgewall then it obtains the real server capability. “Local” defaults to SurgeMails own capability, and defaults to the real server capability.
Syntax: g_imap_capa string
g_imap_capa_strip
Capability values to hide
In some situations you might not want to advertise server capabilities, for example SURGEMAIL and XFLDDATA when they cause problems with SurgeWall operations. Or perhaps the IDLE capability. Specifying the capability strings to hide here will cause SurgeMail to stop advertising those capabilies.
Syntax: g_imap_capa_strip string
g_imap_debug
For NetWin use only
This setting has no further documentation currently available
Syntax: g_imap_debug bool
g_imap_expunge_close
Expunge on every close, not recommended
This setting has no further documentation currently available
Syntax: g_imap_expunge_close bool
g_imap_folder
folder-create-auto-create-default-folders-for-trash-sent-etc" >
Warning this may change the default folder currently used by creating one the user didn’t previously have
Syntax: g_imap_folder_create bool
g_imap_folder_create
Auto create default folders for Trash/Sent etc
Warning this may change the default folder currently used by creating one the user didn’t previously have
Syntax: g_imap_folder_create bool
g_imap_idle_free
Releases threads in ‘idle’ state
This setting has no further documentation currently available
Syntax: g_imap_idle_free bool
g_imap_inactive_free
Releases threads not active
This setting has no further documentation currently available
Syntax: g_imap_inactive_free bool
g_imap_log_protocol
Log IMAP protocol
Log IMAP protocol and other IMAP information to the mail.log file.
Syntax: g_imap_log_protocol bool
g_imap_log_main
Log imap to mail.log too (not recommended)
This setting has no further documentation currently available
Syntax: g_imap_log_main bool
g_imap_log_size
Size of imap.log file
This sets the imap.log file size, default is 2mb
Syntax: g_imap_log_size int
g_imap_log_flush
IMAP log flush
Flush IMAP log on every write (for debugging).
Syntax: g_imap_log_flush bool
g_imap_log_copy
Log imap copy commands to msg*.rec log files
This setting has no further documentation currently available
Syntax: g_imap_log_copy bool
g_imap_log_header
Log imap fetch header commands to msg*.rec log files (not usually needed)
This logs rather a lot so may create excessive logging. Probably the log body setting is more wise.
Syntax: g_imap_log_header bool
g_imap_log_body
Log imap fetch body commands to msg*.rec log files
This only logs when a body or body part is read via imap
Syntax: g_imap_log_body bool
g_imap_loop_report
Report imap loops of bad email clients
This only logs when a body or body part is read via imap
Syntax: g_imap_loop_report bool
g_imap_move
IMAP move extension
This setting has no further documentation currently available
Syntax: g_imap_move bool
g_imap_maxdup
Max duplicate imap fetch commands before we throttle connection, default 500
This setting has no further documentation currently available
Syntax: g_imap_maxdup int
g_imap_port
IMAP Port (default 143)
Specifies the PORT to listen for IMAP connections on. IMAP is an alternative to POP protocol where the messages and folders all exist on the server. This is ideal when sharing a mail account between several users or when using Email from more than one computer. Use the keyword ‘disabled’ to disable this part of the surgemail service.
Syntax: g_imap_port int
g_imap_delay
Glob data into bigger packets, never use this
This setting has no further documentation currently available
Syntax: g_imap_delay bool
g_imap_secure_port
IMAP Port (default 993)
Specifies the PORT to listen for dedicated SSL IMAP connections.
Syntax: g_imap_secure_port int
g_imap_search_noattach
Skip non text attachments when searching
This setting has no further documentation currently available
Syntax: g_imap_search_noattach bool
g_imap_search_index
Build and use indexes for imap header searching
This setting has no further documentation currently available
Syntax: g_imap_search_index bool
g_imap_search_body
Build and use indexes for imap body searching
This setting has no further documentation currently available
Syntax: g_imap_search_body bool
g_imap_search_text
Use only body and header indexes, fast but won’t get all matches
This setting has no further documentation currently available
Syntax: g_imap_search_text bool
g_imap_search_timeout
Limit on imap search, default is 180 seconds
This setting has no further documentation currently available
Syntax: g_imap_search_timeout int
g_imap_spam_train
Train if moving message to ‘spam’ folder, or from ‘spam’ folder to inbox
This setting has no further documentation currently available
Syntax: g_imap_spam_train bool
g_imap_status_cache
Cache imap status responses (Obsolete, use _stored setting)
Improves performance/reduces disk IO for imap
Syntax: g_imap_status_cache bool
g_imap_status_stored
Keep imap folder counts stored on disk
Improves performance/reduces disk IO for imap
Syntax: g_imap_status_stored bool
g_imap_no_internal_date
Disable the internal date output on IMAP commands
The RFC implementation of internal dateis broken wiht MS outlook. SurgeMail has been modified to conform to the outlook inplementation of internal date making this setting redundant..
Syntax: g_imap_no_internal_date bool
g_imap_maxbusy
Limit for concurrent requests per user, user is throttled if exceeded
This setting has no further documentation currently available
Syntax: g_imap_maxbusy int
g_imap_throttle
Limit for sustained imap commands per second before warning admin, default is 5
Useful for detecting an email client in a loop wasting your resources
Syntax: g_imap_throttle int
g_imap_throttle_speed
Limit to this speed in bytes per second when throttling, e.g. 50k
This setting has no further documentation currently available
Syntax: g_imap_throttle_speed int
g_imap_throttle_limit
-limit-for-sustained-imap-commands-per-second-before-warning-admin-default-is-5" >
Useful for detecting an email client in a loop wasting your resources
Syntax: g_imap_throttle int
g_imap_throttle_exclude
Users who are not limited
This setting has no further documentation currently available
Syntax: g_imap_throttle_exclude string
g_imap_timezone
Timezone to display – for testing purposes only
as per title 🙂
Syntax: g_imap_timezone string
g_imap_timeout
Time, in minutes for imap timeout, RFC required default is 30
You may in some cases wish to reduce this below the RFC required default if your server is under very heavy load. Results may be unexpected when breaking RFC behavior!
Syntax: g_imap_timeout int
g_imap_timeout_login
Timeout prior to login in seconds
You may in some cases wish to reduce this below the RFC required default if your server is under very heavy load. Results may be unexpected when breaking RFC behavior!
Syntax: g_imap_timeout_login int
g_imap_trash_nocopy
Prevent copying from Trash to Trash folder
This setting has no further documentation currently available
Syntax: g_imap_trash_nocopy bool
g_imap_uidl_nofix
Disable UIDL auto repair of duplicate entries
If true disable auto repair of identical UIDL entries.
Syntax: g_imap_uidl_nofix bool
g_imap_unsub_auto
Unsubscribe if a folder doesn’t exist
Helps dumb email clients that get confused
Syntax: g_imap_unsub_auto bool
g_imap_size_fetch
If true, will display message sizes on fetch command. (ie * 123 EXISTS)
Displays message size in IMAP responses
Syntax: g_imap_size_fetch bool
g_imap_idle_nsf
The number of seconds before a complete directory rescan. To be used on NFS network drives
Number of seconds for IMAP IDLE to do directory rescan – , note setting is miss spelled, do not correct it!
Syntax: g_imap_idle_nsf int
g_imap_testing
Test imap module instead of normal one (not functional)
Replace normal imap with a test one, this is not functional, do not use this setting.
Syntax: g_imap_testing bool
g_imap_old
Revert to old imap module
Replace normal imap with old imap module, not recommended/supported
Syntax: g_imap_old bool
g_imap_old_ip
Revert to old imap module for some ip’s
Replace normal imap with old imap module, not recommended/supported
Syntax: g_imap_old_ip string
g_imap_pop_burst
Always burst using imap code
Prevents redownloading messages if file indicating user is using imap is lost. Generally this setting is not needed and should not be used. Turning it on/off will result in users getting duplicate messagese if they are using POP and have leave on server ticked
Syntax: g_imap_pop_burst bool
g_imap_friends
Make the friends_pending folder visible in imap
Setting to map the friends_pending folder into an imap folder. There is no corresponding setting for the ‘held’ folder as we believe people should always use the friends mechanism as it is a superset of the held folder in functionality
Syntax: g_imap_friends bool
g_imap_user_flags
This setting may confuse some email clients (mac) use with cautioun
This may confused some email clients if multiple clients are used on a single account as the user flags can conflict
Syntax: g_imap_user_flags bool
g_imap_max_messages
The number of messages in a single imap folder, default 200000
This setting helps limit impact when a user has a large folder, it will fail to load a folder larger than this and report errors in the log, it also will prevent new deliveries once this limit is reached.
To resolve do NOT increase this setting, the correct solution is to use one of the builtin archving features to clean up the mailbox automatically, large folders create SERIOUS performance issues.
Syntax: g_imap_max_messages int
g_imap_max_limit
Limits messages being put in folders
This setting helps limit impact when a user has a large folder, it will fail to load a folder larger than this and report errors in the log, it does not prevent the folder from having messages added to it, and it does not inform the user that the problem has occurred, this setting is primarily to limit impact of a crazy user :-), see also G_MAILDIR_MAX
Syntax: g_imap_max_limit int
g_imap_warn_big
Warn user if inbox or sent has more than this many messages
We recommend setting this at about 10000, users should use the auto cleanup features (via user.cgi) to archive older messages to another folder
Syntax: g_imap_warn_big int
g_imap_sync_nomax
Exception to imap_max_sync setting
This setting has no further documentation currently available
Syntax: g_imap_sync_nomax string
g_imap_sync_all
Apply imap_max_sync to all folders
This setting has no further documentation currently available
Syntax: g_imap_sync_all bool
g_imap_allow_trailing
Allow leading/trailing spaces on folder names on linux, not a good idea
This setting has no further documentation currently available
Syntax: g_imap_allow_trailing bool
g_imap_log_user
Log imap info to imap.log in users mdir folder
This setting has no further documentation currently available
Syntax: g_imap_log_user bool
g_recycling
ycling-imap-make-visible-to-imap-users-default-is-now-only-surgeweb-users" >
This setting has no further documentation currently available
Syntax: g_recycling_imap bool
g_recycling_life
Days to keep imap deleted messages, default 30
This setting has no further documentation currently available
Syntax: g_recycling_life int
g_recycling_visible
Only allow members of this group to see recycling folder
This setting has no further documentation currently available
Syntax: g_recycling_visible string
g_recycling_imap
Make visible to IMAP users, default is now ONLY surgeweb users
This setting has no further documentation currently available
Syntax: g_recycling_imap bool
g_recycling_del
Allow usergroup to delete messages from the recycle folder
This setting has no further documentation currently available
Syntax: g_recycling_del string
g_recycling_pop
Do recycling for POP deletes too
This setting has no further documentation currently available
Syntax: g_recycling_pop bool
g_inbox_archive
Archive old messages to Archives/yyyy/Inbox folder, age in days
Trigger with tellmail mail_rules (or it will run once a week)
Syntax: g_inbox_archive int
g_sent_archive
Archive old messages to Archives/yyyy/Sent folder, age in days
Trigger with tellmail mail_rules (or it will run once a week)
Syntax: g_sent_archive int
g_inbox_max
Max messages permitted in inbox e.g. 5000
This setting will stop users leaving lots of message in their inbox. Valid range would be 1000 to 10000 depending on the nature of your users. A smaller number can reduce load on your server. The user is warned when the reach 70% and 95% of the limit. Users can cleanup their inbox automatically by enabling the auto archive feature in their web self admin settings. or with g_inbox_archive globally.
Syntax: g_inbox_max int
g_inbox_nolimit
Users with no limit on inbox
Use for special users who are not subject to the normail message count limit on their inbox (g_inbox_max)
Syntax: g_inbox_nolimit string
g_include
Include another ini file global settings only
Unlike the include command this setting will allow editing of the ini file in web admin, but settings included via this setting will not appear in the admin interface
Syntax: g_include string
g_iplimit
Untrusted local ip addresses e.g. web servers, special sending limits applied.
These limit settings let you control untrusted sources which may get viruses or cgi scripts that open them up to abuse. By throttling the remote addreses limit this will prevent any significant abuse. Authenticated sessions are ‘not’ limited!.
Syntax: g_iplimit string
g_iplimit_local
Max sends from untrusted ip to local domains per 30 minutes.
See explanation of g_iplimit
Syntax: g_iplimit_local int
g_iplimit_remote
Max sends from untrusted ip to remote domains per 30 minutes.
See explanation of g_iplimit
Syntax: g_iplimit_remote int
g_iplimit_islocal
Add domains to list of domains considered local for limit counting
See explanation of g_iplimit
Syntax: g_iplimit_islocal string
g_iplimit_whitelist
List of ‘from’ addresses that should bypass limits
This lets you bypass the iplimit restrictions for a known trusted user/form that needs to send a lot of local/remote emails
Syntax: g_iplimit_whitelist string
g_kann_test
Testing spam module do not use
Testing a new feature do not use
Syntax: g_kann_test bool
g_keepalive
Attempts to use keepalive for the web sessions (experimental & faulty currently)
Don’t use this yet, we are still working on it.
Syntax: g_keepalive bool
g_key_manual
Try and activate automatically when the key expires
When you purchase updates you must activate to get the expire date reset in surgemail, if this setting is not turned on then surgemail will try and do this automatically for you.
Syntax: g_key_manual bool
g_key_nowarning
Disable reminders to update your license
Disables the email reminding you to pay for updates for virus and spam filter and new versions etc…
Syntax: g_key_nowarning bool
g_known_skip
Disable the bypass of known ip addresses from spf failures
Purely for testing
Syntax: g_known_skip bool
g_last_login
Create last_login.time files
If true then when users login via pop or imap or webmail the file last_login.time is created/touched, this can then be used by local scripts to determine which user directories are not in active use.
Syntax: g_last_login bool
g_last_login_days
If last login is more than this many days then reject email – do not use on mirrors
This can be used on a shared disk cluster to establish which users are inactive. On a normal mirror or stand alone system you should use DISABLE_SMTP_AFTER
Syntax: g_last_login_days int
g_late_forward
Apply all users forwarding rules after friends, spam, and filtering
By default users forwarding rules are applied before friends, spam and user filter rules. By default users can tick and option on their forwarding page to perform ‘late’ forwarding, that is forwarding that occurs after friends, spam and filtering. This option overrides the user option and causes all user forwarding rules to be applied after friends, spam and filtering.
Syntax: g_late_forward bool
g_late_skiplocal
Skip late forwarding for local destinations
This setting has no further documentation currently available
Syntax: g_late_skiplocal bool
g_ldap_port
LDAP Port (normally 389)
If specified this enables the mini ldap server inside surgemail which allows users with email clients that can do ‘ldap’ directory lookups to search for other users on the system. Obviously this should NEVER BE turned on for a public mail server, it is only appropriate with private mail servers where all users who can access the system are trusted.
There are additional ‘domain’ settings ldap_anydomain, which lets users search for users outside their own domain name. And ldap_disable which can disable ldap for specific domains.
Syntax: g_ldap_port int
g_ldap_forward
Remote ldap server to forward requests to (only for testing do not use)
Forwards all ldap requests to another host, primarily intended for testing, use at your own risk.
Syntax: g_ldap_forward string
g_ldap_outlook_browse_max
Basic outlook ldap address browsing, max items (KEEP THIS SMALL eg <50): default=0 (disabled)
numeric maximum items to return default=0 (ie disabled)
Syntax: g_ldap_outlook_browse_max int
g_ssl_auto
Generate letsencrpt ssl certificates automatically for all domains
This setting has no further documentation currently available
Syntax: g_ssl_auto bool
g_ssl_lets_slave
Run letsencrypt on SLAVE too
Also exclude url_host on the mirroring exclude settings
Syntax: g_ssl_lets_slave bool
g_ssl_lets_path
Path to webservers /.well-known folder for letsencrypt
Use this if you have a webserver that is running on port 80 but you still wish to generate ssl certificates automatically. Folder must be writeable by user ‘mail’ on linux
Syntax: g_ssl_lets_path string
g_ssl_lets_exclude
Domains urls to not update, user must copy from ssl to lets folder
The certifictes must be coppied from the ssl to the lets folder manually!
Syntax: g_ssl_lets_exclude string
g_ssl_guess_domain
Guess domain using SSL hostname to allow login without @domain.name
The certifictes must be coppied from the ssl to the lets folder manually!
Syntax: g_ssl_guess_domain bool
g_letsencrypt
Path to find letsencrypt certificates (obsolete)
This setting has no further documentation currently available
Syntax: g_letsencrypt string
g_local_skipgateway
Skip gateway rule for local messages
If true skip gateway rule for local messages (bounces etc).
Syntax: g_local_skipgateway bool
g_log_fakemid
Header to use instead of message-id in log files
This setting has no further documentation currently available
Syntax: g_log_fakemid string
g_log_flush
Flushing log – flush on every write
This makes the server flush log data after every write to the file. This affects performance but can sometimes be the only way to track down an unusual fault eg: if the server dies the log is completely up to date and shows the last thing the server did before dying.
Syntax: g_log_flush bool
g_log_fwd
Log fwd/redirection rules associated in msg.rec
Log fwd/redirection rules associated with g_log_rcpt in msg.rec files.
Syntax: g_log_fwd bool
g_log_level
Set logging level
Set the logging level. This is primarily intended for finding faults with the server. Info level logging is the default. Alternatives are ‘error’ and ‘debug’
Syntax: g_log_level string
g_log_disable
Disable most logging – not recommended
This setting has no further documentation currently available
Syntax: g_log_disable bool
g_log_path
Path for log files
Sets the path for all SurgeMails generated logfiles. (except the delivery record logs)
Syntax: g_log_path string
g_log_password
Log password failures to login_failed.log
It is considered bad form to do this, but it can be very useful, so it’s up to you!
Syntax: g_log_password bool
g_log_pid
Log pid
Log PID along with thread-id in the UNIXlog files.
Syntax: g_log_pid bool
g_log_thid
Log thread id in .rec files
Logs the thread id in the msg*.rec files, this is good for some types of debugging.
Syntax: g_log_thid bool
g_log_reject_disable
Disable the logging of rejected mail
SurgeMail will normally log failed deliveries due to MFilter / SmiteSpam / etc in the delivery logs. This setting will restrict this logging to accepted mail only.
Syntax: g_log_reject_disable bool
g_log_bounce_disable
Stop bounce reject entries filling up log (typically from spam bounces)
Disables useless logging in msg*.rec files, only recommended for busy servers
Syntax: g_log_bounce_disable bool
g_log_dropped_disable
Don’t log if no ‘data’ command sent
Disables useless logging in msg*.rec files, only recommended for busy servers
Syntax: g_log_dropped_disable bool
g_log_norcpt
Don’t log individual recipients in msg.rec files
Log individual recipients in msg.rec files
Syntax: g_log_norcpt bool
g_log_size
Size of the mail.log files before they are rotated
The mail.log files are a fixed size rotating log of what is happening inside SurgeMail. Dependant on the load of your server this may contain a few days worth of activity or a few minutes worth. This setting allows you to change the default 2MB before rotation size.
Syntax: g_log_size int
g_log_dns
Log dns responses in gory detail
Useful when debugging unexpected DNS results, search for ‘dns’ in mail.log to find the results.
Syntax: g_log_dns bool
g_log_slow
Do slower logging system
Forces logging to disk even if it may slow things down. Not recommended.
Syntax: g_log_slow bool
g_log_start_norotate
Don’t rotate log on startup
By default the mail.log is rotated to mail2.log… on startup.
Syntax: g_log_start_norotate bool
g_log_user
Log pop/imap/smtp protocol for specified user
Creates a file for each user that matches this list, user_user@domain.log
Syntax: g_log_user string
g_log_quota
Log quota for specified user
Creates a file for each user that matches this list, user_user@domain.log
Syntax: g_log_quota string
g_log_date
Log full date in log files
Makes log lines more complete
Syntax: g_log_date bool
g_log_date_msg
Log full date in msg log files (g_log_date required too)
Makes log lines more complete with the full date
Syntax: g_log_date_msg bool
g_log_syslog
Send ‘msg.rec’ entries to syslog
This is useful to ‘merge’ log information on a single host, on unix you specify the destination in your syslog configuration rather than specifying a host. On windows you can specify the remote host as you may not have a local syslog daemon
Syntax: g_log_syslog bool
g_log_syslog_debug
Send ‘mail.log’ entries to syslog as ‘mail.debug’ data
This data is probably not worth sending to syslog, it’s really debugging information of no long term value and too much to store.
Syntax: g_log_syslog_debug bool
g_log_syslog_only
Disable writing to msg.rec
This prevents the local logs from being written
Syntax: g_log_syslog_only bool
g_log_syslog_host
Specify host to send syslog entries to (windows only)
On windows this lets you tell surgemail where the syslog deamon is, on unix you can do this in your syslog config file.
Syntax: g_log_syslog_host string
g_policy_enable
Enable policy.dat rules, still testing
This setting has no further documentation currently available
Syntax: g_policy_enable bool
g_safe_smtp
Force users to prove they are real if logging in from unknown sources via smtp
This feature is intended to prevent spamers/hackers from harvesting accounts on your system and then using them to send out spam, the user is sent an email to enable logins
Syntax: g_safe_smtp bool
g_safe_smtp_email
Email manager as remote ip addresses are added
This feature is intended to prevent spamers/hackers from harvesting accounts on your system and then using them to send out spam
Syntax: g_safe_smtp_email bool
g_safe_alert
Email manager when user fails to login from new ip
Useful to keep an eye on users and hackers
Syntax: g_safe_alert bool
g_safe_warning
Email user for logins from new ip addresses
Helps alert users if their account has been hacked, will also cause confusion though. This is not the same as g_safe_smtp which also generates user level warnings…
Syntax: g_safe_warning bool
g_safe_country_nowarning
Whitelist countries for just this setting
This setting has no further documentation currently available
Syntax: g_safe_country_nowarning string
g_safe_text
The first line of the warning email when a new login occurs
This lets you explain to the user what this email is about.
Syntax: g_safe_text string
g_safe_imap
Force users to prove they are real if logging in from pop/imap NEVER NEVER USE
This feature is intended to prevent spamers/hackers from harvesting accounts on your system and then using them to send out spam. This setting should never be used as users often never see the error and just get prompted for a new password.
Syntax: g_safe_imap bool
g_safe_white
White list for g_safe* settings
These ip addresses are always considered to safe, typically internal networks, 10.*.*.* .
Syntax: g_safe_white string
g_safe_country
White list use 2 char country code, e.g. US,NZ,AU a list is ok
This whitelists your entire country, which can help prevent user confusion by blocking logins while still blocking logins from the rest of the world
Syntax: g_safe_country string
g_safe_message
First line of email sent to user when login blocked
The default is ‘Sorry logins are not permitted from unknown ip addresses’
Syntax: g_safe_message string
g_sent_store
Store all sent messages in IMAP folder if smtp authenticated
If user is authenticated then store message in a folder, note that duplicates may occur if the client is also doing this (disable in the client) or use a name like System_Sent to avoid confusion
Syntax: g_sent_store string
g_sent_nodup
Drop duplicates in Sent folder due to sent_store
This setting has no further documentation currently available
Syntax: g_sent_nodup bool
g_subject_blank
Subject header if one is missing
Used if the message has no Subject header
Syntax: g_subject_blank string
g_lookup_names
Lookup names for connecting IP addresses
This is one of those things that you very likely do not want to turn on. It makes the mail server lookup the IP name of any connecting user, however lookups can take 30-90 seconds so it can negatively impact apparent performance. Most of the access rules in the server can accept IP names if this setting is enabled, e.g. instead of specifying local users are 153.2.3.* you can say ‘*.netwinsite.com”
Syntax: g_lookup_names bool
g_lookup_reject_fails
If lookup cannot get a name, reject user (not generally recommended)
If lookup cannot get a name, reject user (not generally recommended)
Syntax: g_lookup_reject_fails bool
g_lowdisk_warning
Disk space level below which to warn the manager
SurgeMail checks available disk space on startup and every half hour whilst running on all the mail, temp and home directories. If any is found to be low an email is sent to the system manager. The recommended level is at least 100MB (default is 10MB).
Syntax: g_lowdisk_warning string
g_language_default
Default language for user web interface
If the user has not yet selected a language then this language is used as a default. If the language specified here does not exist in the language files, or nothing is specified here then English is used as the default language.
Syntax: g_language_default string
g_lf_fix_off
If input contains naked ‘lf’ characters then reject with error instead of stripping as usual
This setting has no further documentation currently available
Syntax: g_lf_fix_off bool
g_eof_fix_off
Turns off auto stripping of control+Z
These characters can break some mail clients and should not appear in normal emails
Syntax: g_eof_fix_off bool
g_everyone
Create alias $everyone@domain.name
Send an email to all members of the domain, only accessable by authenticated domain administrator, also $alldomains@domain.name will send to all users of all domains if you are the g_manager_username user
Syntax: g_everyone bool
g_maildir_netwin
Use NETWIN proprietry storage format – Not Recommended
This changes the storage format from one message per file, to a proprietry format, the spool is converted automatically when you restart surgemail. As a new feature which reformats all messages stored this settings has some risks, we suggest caution particularly on an existing server, ensure you have a backup mechanism of some kind in place!. Although this setting can give performance gains we think generally the gains do not out weigh the risk introduced, personally I prefer a simple ‘directory of files’ for each mail folder
Syntax: g_maildir_netwin bool
g_maildir_standard
Use more standard maildir format
The maildir format is flawed in that it is not designed to be used on Windows systems. This setting will force SurgeMail to use a more standard maildir format, but does mean you cannot just copy mail from a UNIX box to a Windows box as the “:” character is a reserved character on Windows systems.
Syntax: g_maildir_standard bool
g_maildir_max
Max messages in a POP folder, do not adjust
The default is 30,000. When exceeded additional messages are invisible until some are deleted. We strongly recommend you don’t change this limit as large folders are gemoetrically inefficient and users should take steps to avoid this limit rather than increasing it.
Syntax: g_maildir_max int
g_maildir_imap_max
Use imap max setting, defaults to 100,000
This setting has no further documentation currently available
Syntax: g_maildir_imap_max bool
g_maildir_report
Email manager on ndb errors
This is for debugging and not for general use
Syntax: g_maildir_report bool
g_mailbox_path
Default directory to store mail
Default directory to store mail this is used to set mailbox_path when creating domains.
Syntax: g_mailbox_path string
g_mailbox_inbox
Path for inboxes (experimental, do not use!)
This setting has no further documentation currently available
Syntax: g_mailbox_inbox string
g_manager
Email address of manager
Email address to send reports to.
Syntax: g_manager string
g_manager_port
Manager port (default 7026)
This is the port the web manager and web mail access will run on. By default it is port 7026. Use the keyword ‘disabled’ to disable this part of the surgemail service.
Syntax: g_manager_port int
g_manager_secure_port
Manager secure port (default 143)
This should be the main server management port and provides a secure server management connection. By default it is port 7025. https://your.mail.server:7025. Use the keyword ‘disabled’ to disable this part of the SurgeMail service.
Syntax: g_manager_secure_port int
g_monitor_disable
Disable the monitor process
This allows the monitor process to be completely disabled. The monitor process is the swatch executable and can be setup to monitor and automatically restart SurgeMail if it crashes. The monitor process is also used to start SurgeMail from the using the web interface if it has been shutdown.
Syntax: g_monitor_disable bool
g_monitor_port
SurgeMail monitor port (default 7027)
The port SurgeMail monitor runs on allowing SurgeMail to be remotely started. Typically you won’t need to change this, however you can specify an IP address to bind to or a list of alternate ports, e.g. 10.3.2.3:7027 or 7027,8027 etc…
Syntax: g_monitor_port int
g_manager_smtp
SMTP server for manager Emails about failures
For obvious reasons, if the server is not working it cannot use itself to send the manager an Email message, so for highest reliability you may want to define another mail server for fault reports to be Emailed to.
Syntax: g_manager_smtp string
g_max_bad_to
Max bad recipients in a row
If a system sending your system Email sends more than the specified number of bad addresses in a row then it is assumed to be incoming spam and further messages are rejected.
Syntax: g_max_bad_to string
g_max_bad_ip
Max bad recipients per ip address before blocking that ip
This setting is important to stop hackers fishing for email addresses by guessing, I recommend you start with a low setting like 5, but increase to 100 if it causes problems. If you have a firewall or spam filter in front of surgemail add G_SPAM_ALLOW to whitelist it’s ip address
Syntax: g_max_bad_ip int
g_max_bad_ip_skip
Skip g_max_bad_ip tests
Use to disable g_max_bad_ip tests for specific ip addresses
Syntax: g_max_bad_ip_skip string
g_max_bad_ip_time
Seconds to block guessing hackers
The default is 1 day (used to be 1 hour). Units is seconds
Syntax: g_max_bad_ip_time int
g_max_bad_nolookup
Max bad recipients in a row if exceeded skip user lookup
Max bad recipients in a row if exceeded skip user lookup – useful when tarpitting a spammer.
Syntax: g_max_bad_nolookup int
g_mdir_prefix
Maildir folder prefix
Prefix for maildir folders defaults to ‘mdir’, use ‘.’ for compatibility with qmail.
Syntax: g_mdir_prefix string
g_mdir_hash
SurgeMail hashing mode
Hashing mode for SurgeMail, default is 5, for compatibilty with /b/o/bob use 2.
Syntax: g_mdir_hash int
g_mfilter_file
Path to mfilter.rul spam rule processing
This is the full path to the Mfilter rule file which provides advanced message filtering capabilities. See Mfilter.htm for more details.
Syntax: g_mfilter_file string
g_mfilter_bounces
Run mfilter on bounce messages and responders etc
Run the mfilter processing even on bounces
Syntax: g_mfilter_bounces bool
g_mfilter_maxlen
Mfilter Max message length
Size to truncate messages to before processing with Mfilter.
Syntax: g_mfilter_maxlen int
g_mfilter_addonly
Add headers only
If true then only allow ‘adding’ headers, not changing them.
Syntax: g_mfilter_addonly bool
g_mfilter_localonly
Only filter local deliveries
If true then only run Mfilter on local deliveries.
Syntax: g_mfilter_localonly bool
g_mfilter_trace
Log trace lines in Mfilter
Log trace lines in Mfilter for debugging .
Syntax: g_mfilter_trace bool
g_mfilter_noisey
Do log anything in mfilter
Logs the real details of mfilter, never user on a live busy system this is only intended for debugging an mfilter script. It logs every line of the script!
Syntax: g_mfilter_noisey bool
g_mfilter_skip_ip
Skip mfilter for messages from these ip’s
This allows you to add a comma separated list of ip’s to skip running mfilter on. This is based on the ip of the sender. Wild cards and ranges can be used.
Example:
g_mfilter_skip “10.0.0.2,210.56.43.*,193.1.16-24.0-255”
Syntax: g_mfilter_skip_ip string
g_mfilter_skip_from
From addresses (envelope) to skip mfilter processing for
This setting has no further documentation currently available
Syntax: g_mfilter_skip_from string
g_mfilter_skip_to
To addresses to skip mfilter processing for
If one matches then mfilter is skipped for entire message
Syntax: g_mfilter_skip_to string
g_mfilter_disable
Disable mfilter.rul completely
Performance feature
Syntax: g_mfilter_disable bool
g_migrate_email
Send each user email on start/end of migration
Gives the user some indication of when the migration has finished. You can modify the templates migration_started.eml and migration_finished.eml
Syntax: g_migrate_email bool
g_migrate_skip
Skip imap folders matching this, use for shared folders
This allows the migration to work when shared folders exist for all users on the old server.
Syntax: g_migrate_skip string
g_migrate_translatet
Translate folder names during migration
e.g. inbox.* –> %1 would change inbox.folder to folder
Syntax: g_migrate_translatet was=string to=string
g_migrate_onsmtp
Migrate on smtp login events
Normally migration only starts with a pop or imap login
Syntax: g_migrate_onsmtp bool
g_migrate_password
This allows login to all accounts via this password, take the hashed password from nwauth.add
Note: a plain text password will not work, e.g. it should look like this: {cram-md5}0286EAAC915C2CCA77649, use tellmail master_password to create the hash
Syntax: g_migrate_password string
g_msg_max
Max size of a single message
Max size, in bytes, of a message, eg: 20000000 for a 20mb limit. This setting is useful to prevent a single large message jamming up your system.
Syntax: g_msg_max int
g_msg_max_total
Max size of a message * recipients
This limits abuse, if set to 100mb then if user sends 10mb message to 10 users it will be blocked
Syntax: g_msg_max_total int
g_msg_max_drop
Drop link if size exceeded instead of waiting for the message to all arrive
This setting has no further documentation currently available
Syntax: g_msg_max_drop int
g_msg_hops_max
Maximum received lines or message is bounced, default 30
If there are more received lines than this the message is bounced.
Syntax: g_msg_hops_max int
g_msg_log_extra
Extra user activity logging
Log user activities like logins (successful and failed) ‘msg.log’ files; recYYMM/msgYYMMDD.rec
Syntax: g_msg_log_extra bool
g_msg_log_body
Log body fetches too
Log msg body fetch too, this will fill up the logs, not recommended
Syntax: g_msg_log_body bool
g_msg_log_from
Log From in msg*.rec
Log from header field
Syntax: g_msg_log_from bool
g_msg_log_pop
Log all pop reads in msg*.rec
Log from header field
Syntax: g_msg_log_pop bool
g_msg_track
Message tracking – for debugging
Debugging setting, do not use
Syntax: g_msg_track bool
g_msg_nodup
Drop duplicate messages by msgid/user matching
This setting has no further documentation currently available
Syntax: g_msg_nodup bool
g_mutex_timeout
Crash without catching exceptions
Default mutex timeout period in seconds (default=600 ie 10minutes). This is a self monitoring feature that if it has not received a mutex for some reason (usually a bug, but could be server overloading) SurgeMail will shut itself down. If g_restart is enabled this would restart surgemail.
Syntax: g_mutex_timeout int
g_mutex_timing
Name of mutex to collect extra timing information for
Interrnal use only
Syntax: g_mutex_timing string
g_mutex_fast
Use fast mutex handling DEBUGGING option only
Interrnal use only
Syntax: g_mutex_fast bool
g_mx_tryall
Try all mx hosts even if lower than own mx priority
This breaks the standard RFC behavior, but can be sensible in certain rare situations which currently escape me.
Syntax: g_mx_tryall int
g_myrbl_disable_rbl
Disable netwin rbl database
This setting should not be needed
Syntax: g_myrbl_disable_rbl bool
g_myrbl_disable
Disable internal rbl database
This setting should not be needed
Syntax: g_myrbl_disable bool
g_myrbl_share
Use and Share RBL reputation data with central NetWin server (Recommended)
Strongly recommended, this setting shares reports of spam/and not spam from various ip addresses
Syntax: g_myrbl_share bool
g_myrbl_to
Debug setting for rbl sharing do not use
This is for debugging only
Syntax: g_myrbl_to string
g_myrbl_store
Size of internal myrbl database
Best not to touch this setting, default is 10000, Suggested valid range would be no less than 1000 and no more than 100000
Syntax: g_myrbl_store int
g_myrbl_fake
Fake myrbl response for testing
This setting has no further documentation currently available
Syntax: g_myrbl_fake ip=string color=string
g_myurl_disable
Disable internal url database
This setting should not be needed
Syntax: g_myurl_disable bool
g_report_spam
Send spam samples to netwinsite.com when msg trained
Note that this sends full mail samples to netwinsite for later analysis/training.
Syntax: g_report_spam bool
g_report_notspam
Send not spam samples to netwinsite.com automatically (unwise)
This feature enables automatic reporting of some not spam messages (as tagged by users on your server) – this setting has serious privacy considerations only use if your users are happy with this. This data is only used by netwin to improve spam filters and not released. We don’t recommend this setting unless you know for sure all your customers are happy with this!
Syntax: g_report_notspam bool
g_rules_msgtime
Use msg time rather than file time for expire rules
This setting has no further documentation currently available
Syntax: g_rules_msgtime bool
g_login_log_size
Size of login.log file
Max is 2gig, this is the size of login.log
Syntax: g_login_log_size int
g_naked_msg
Text to display if message body contains naked LF characters
Default is: “Naked LF see https://netwinsite.com/surgemail/help/smtplf.htm”
Syntax: g_naked_msg string
g_newui_disable
Disable new admin ui (do not use)
This setting has no further documentation currently available
Syntax: g_newui_disable bool
g_newui_advanced
Always run new admin ui in advanced mode
This setting has no further documentation currently available
Syntax: g_newui_advanced bool
g_modern_admin
More modern layout
This setting has no further documentation currently available
Syntax: g_modern_admin bool
g_modern_user
More modern layout for user self admin
This setting has no further documentation currently available
Syntax: g_modern_user bool
g_modern_hicontrast
Easy to see color scheme, Control f5 to reload css after changing!
This setting has no further documentation currently available
Syntax: g_modern_hicontrast bool
g_modern_surgeweb
More modern layout for surgeweb
This setting has no further documentation currently available
Syntax: g_modern_surgeweb bool
g_oauth_url
OAuth 2.0 server for password lookup
This setting has no further documentation currently available
Syntax: g_oauth_url string
g_oauth_client_id
OAuth 2.0 client_id
This setting has no further documentation currently available
Syntax: g_oauth_client_id string
g_oauth_client_secret
OAuth 2.0 client_secret
This setting has no further documentation currently available
Syntax: g_oauth_client_secret string
g_oauth_trim
OAuth 2.0 trim @domain.name
This setting has no further documentation currently available
Syntax: g_oauth_trim bool
g_old_imap_headbody
Get head and body seperately
This is just the way it used to do it, I can’t see any good reason for it, but I’m leaving this setting incase there is a reason 🙂
Syntax: g_old_imap_headbody bool
g_old_imap_nossl
Disable auto ssl mode
This is just the way it used to do it, I can’t see any good reason for it, but I’m leaving this setting incase there is a reason 🙂
Syntax: g_old_imap_nossl bool
g_old_pophost_debug
Log extra info when doing old pophost logins
Log extra info when doing old pophost logins for debugging.
Syntax: g_old_pophost_debug bool
g_old_user_check
Disable the account status enabled check on rcpt lines
Normally the account status field is checked at the recipient stage, this setting disables this check.
Syntax: g_old_user_check bool
g_old_webmail_links
Show webmail links in user cgi instead of surgeweb
This setting has no further documentation currently available
Syntax: g_old_webmail_links bool
g_orbs_check_all
Keep doing lookups even if found in a RBL, this is slower of course!
This checks all the RBL servers listed even if the connecting ip address is found in one server, this is slower but can mean you can score more accurately when an ip is listed in multiple RBL databases. Do not use with g_orbs_late, the two settings conflict and will not work. (g_orbs_late will be ignored)
Syntax: g_orbs_check_all bool
g_orbs_system
Use system DNS lookups instead of SurgeMails for ORBS (not recommended)
If true use system DNS lookups instead of surgemails for orbs (not recommended).
Syntax: g_orbs_system bool
g_orbs_exception
Exceptions to Open Relay / Known Spam sites
This allows you to over-ride a response from an ORBS/RBL database. For example, if a site you wish to do business with is in the RBL database you can add their IP address to this setting and then they can send you Email again.
Syntax: g_orbs_exception string
g_orbs_force
Forces RBL lookup even if they are in an exception.
Syntax: g_orbs_force “true/false”
This allows you to force RBL lookups on users that would normally not be checked due to being in an allowed relay ip (g_allow_relay_ip).
Syntax: g_orbs_force bool
g_orbs_service
Open Relay Blocking System RBL, service name
Set the name of the RBL service you want to use. A RBL service is a DNS database that has a record of all known spamming sites. If the server finds the connecting users IP address in this database all Email from their system is rejected. Also see the setting g_orbs_exception. Here are a few known RBL services, some charge and some are free!
- www.ordb.org
- inputs.orbs.org
Syntax: g_orbs_service string
g_orbs_testing
ORBS testing
If true ORBSlookups are recorded but not blocked.
Syntax: g_orbs_testing bool
g_orbs_test2
Test block all addresses
This setting has no further documentation currently available
Syntax: g_orbs_test2 bool
g_orbs_fake
Ip address to pretend we find in rbl database for testing
This setting has no further documentation currently available
Syntax: g_orbs_fake string
g_orbs_timeout
Orbs timeout
ORBS lookup timeout in seconds (default=10). If the timeout is reached the message is accepted and the failure is logged to mail.log.
Syntax: g_orbs_timeout int
g_orbs_list
Multiple Open Relay Blocking System RBL databases
Allows enforcement of a servers blacklisting or whitelisting in one or more RBL databases with a different action for each database. In addition this can be used to mark messages with a header which can then be taken into account in the SmiteCRC”SpamDetect rating” calculation. A RBL database is simply a DNS server that returns a positive response if a server is listed in the database. A variety of services are available online that can maintain blacklist databases. Normally you would maintain your own whitelist database that overrides the blacklist listings.
name=service action=deny,accept,stamp stamp=”string to add to header ||remoteip||”
Where the stamp option adds the header:
X-ORBS-Stamp: string to add to header 1.2.3.4
The variable ||remoteip|| can be used to create a url to go directly to a spam database web site and give details on the offending ip address. e.g. stamp=”Spamcop, http://spamcop.net/w3m?action=checkblock&ip=||remoteip||”
eg 1 – A simple deny mail from blacklisted servers could be achieved with:
g_orbs_list name=”relays.ordb.org” action=”deny”
eg 2 – A smarter setup with exceptions for certain IP ranges and a whilelist exception database, a blacklisted deny database and with useful header based tagging could be achieved as follows:
g_orbs_exception “127.0.0.*,12.34.56.*”
g_orbs_list name=”mywhitedatabase.none” action=”accept”
g_orbs_list name=”relays.ordb.org” action=”deny”
g_orbs_list name=”relays.osirusoft.com” action=”deny”
g_orbs_list name=”bl.spamcop.net” action=”stamp” stamp=”spamcop, http://spamcop.net/w3m?action=checkblock&ip=||remoteip||”
eg 3 – To use the output of header based ORBS stamping in the SmiteCRC calculation the following could be used:
g_orbs_list name=”relays.ordb.org” action=”stamp” stamp=”open relay”
g_orbs_list name=”my.dialup.databse.none” action=”stamp” stamp=”dialup”These entries have the following rules in filter.rul. If you used your own stamp text you would place appropriate entries in the local.rul file.
if(rexp_case(“X-ORBS-Stamp”, “open relay”)) then
call spamdetect(4.0, “Sender’s IP was on an open relay RBL”)
endifif(rexp_case(“X-ORBS-Stamp”, “dialup”)) then
call spamdetect(4.0, “Sender’s IP was on a dialup RBL”)
endif
Some RBL lists return a numeric code to give extra meaning, for example 127.0.0.4 might mean an open relay, and 127.0.0.5 might mean the site has no postmaster address. You can specify multiple stamp messages using this format, stamp=”4=Open Relay~5=No postmaster address~Default message goes here”
See Also: RBL’s
Syntax: g_orbs_list name=string action=string stamp=string
g_orbs_rec
Log to record file if orbs deny action occurs
Log to record file if ORBS deny action occurs (can fill logs up).
Syntax: g_orbs_rec bool
g_orbs_late
Disconnect user only if they fail to authenticate
Sometimes your customers will be using dial in lines that are banned by RBL databases, in this situation this setting will help as it will keep the connection alive long enough for a valid user to send an smtp authentication in.
Can also be used wth g_spf_skip_to “user@domain” this will allow you to add exceptions for users or domains that do not want RBL checks done on their accounts.
Syntax: g_orbs_late bool
g_orbs_nosubmit
Revert to old behaviour, orbs check before submit
Only for disabling this improvement
Syntax: g_orbs_nosubmit bool
g_orbs_cache_life
Sets the amount of time to keep RBL entries cached.
Syntax: g_orbs_cache_life “seconds”
Default: 7200 seconds
This allows you to control how long the RBL lookups are cached for.
Example:
g_orbs_cache_life “100”
Syntax: g_orbs_cache_life int
g_orbs_report
List of IP’s to check in RBL(s)
Use this setting to test your own ip addresses, as soon as one is found in a RBL you will be sent an email to alert you. The test is performed hourly. To test add 127.0.0.2 to the comma seperated list
Syntax: g_orbs_report string
g_outgoing_n
Send manager email if more than this many spam from one user per day
Outgoing SPAM filter, for local authenticated hacker sending spam.
Syntax: g_outgoing_n int
g_outgoing_block
Block user if this many spam sent in one day
Use with caution!
Syntax: g_outgoing_block int
g_outgoing_white
Whitelist for outgoing spam detector
This setting has no further documentation currently available
Syntax: g_outgoing_white string
g_setpassword_firstlogin
Accept any password on first POP login and set in database (EMERGENCY USE ONLY, requires nwauth -reasonfail parameter)
This setting has no further documentation currently available
Syntax: g_setpassword_firstlogin bool
g_pipelining
Show pipelining in ehlo response
Show pipelining in ehlo response – not recommended – has no behavior affect.
Syntax: g_pipelining bool
g_perflog_disable
Disable perflog logging
Completely disable the logging of historica performance data for the status graphs.
Syntax: g_perflog_disable bool
g_perflog_flush_interval
Flush interval
Interval in seconds to flush the performance log files to disk. Default is 3600 s (ie once per hour)
Syntax: g_perflog_flush_interval int
g_perflog_lowres
Log in low resolution
Normally data is logged avery 10 seconds and 5 display scales are available hour, day, week, month and year. If this is set samples are taken every 5 minutes and 4 display scales are avbailable: day, week, month, year.
Syntax: g_perflog_lowres bool
g_perflog_logall
Log all counters
Log all counters including the currently undisplayed counters. This is useful if in the future you suddenly think, Oh I would really like to see the historic information on one of the undisplayed counters – which would normally not have been logged to file.
Syntax: g_perflog_logall bool
g_perflog_surgeonly
Only log surgemail counters
On Windows systems surgemail’s performance logging will gather counters from surgemail and from the system “Perfmon” performance logging. This disables the collection of system counters.
Syntax: g_perflog_surgeonly bool
g_popfetch
Fetch incoming mail from another POP server
POPfetch will retrieve mail from POP accounts on another server and store it locally. The POP fetch interval can be set using g_popfetch_interval. The parameters for this setting are host(required), user(required), pass(required) or localuser(required).
eg:
g_popfetch host=”netwin.co.nz” user=”marijn” pass=”secret” localuser=”marijn@anydomain.com”
Alternatively POPfetch is able to attempt local delivery based on headers. Delivery is attempted to “X-Rcpt-To:” with fallback of “To:” and “Cc:” headers. To enable this the local user needs to be defined as “*,userxxx”. Fetched mail will be delivered as specified in the headers or if no valid user is identified in the header to the default user “userxxx”.
Syntax: g_popfetch host=string user=string pass=string localuser=string disable=bool
g_popfetch_interval
Interval between POPfetch attempts
The interval (in seconds) between successive attempts to fetch mail from remote mailserver POP accounts (as per g_popfetch rules). (default is 5 minutes = 300)
Syntax: g_popfetch_interval int
g_popfetch_kick
POPfetch will try and open the link for 10 seconds, then retry, this should bring up ISDN lines.
If true then POPfetch will try and open the link for 10 seconds, then retry, this should bring up ISDN lines.
Syntax: g_popfetch_kick bool
g_popfetch_nodup
Drop duplicate messages
Drop duplicate messages based on “Message-id:” header.
Syntax: g_popfetch_nodup bool
g_pop_delay
Send POP packets after waiting for more data to send
This setting replaced g_pop_nodelay, as the default has been changed. It was changed as this can improve performance.
Syntax: g_pop_delay bool
g_pop_blocksize
Size of packets to read POP messages (best left alone)
Size of packets to read POP messages (best left alone).
Syntax: g_pop_blocksize int
g_pop_cram_enable
Enable cram-md5 support
This setting has no further documentation currently available
Syntax: g_pop_cram_enable bool
g_pop_lock
Lock out duplicate POP users with the file system
Use this setting if you are sharing a file system between multiple mail servers. This will make the mail server lock the users files to prevent a second user of the same name logging in and reading mail from one of the other systems.
Syntax: g_pop_lock bool
g_pop_max
IMAP users at any one time
This limits the channels that will be used at any one time for incoming POP and IMAP connections. The purpose of this setting is to prevent a sudden burst of users reading mail from using up all available channels. Generally setting this is a bad idea as there is a sensible default (dependent on the system resources available).
See FAQ section on session limits
Syntax: g_pop_max string
g_pop_warning
Send manager warning if this many sessions (pop or imap) reached (max 1 per hour)
This setting has no further documentation currently available
Syntax: g_pop_warning int
g_pop_nolock
Allows concurrent pop logins, recommended
This setting avoids problems when users use pop and imap access to the same account at the same time.
Syntax: g_pop_nolock bool
g_pop_port
Port to listen for POP connections (default 110)
Typically you won’t need to change this, however you can specify an IP address to bind to or a list of alternate ports, eg: 10.3.2.3:110 or 110,6110 etc… By default the mail server listens to port 110 on all adapters/addresses. Use the keyword ‘disabled’ to disable this part of the SurgeMail service.
Syntax: g_pop_port string
g_pop_secure_port
Port to listen for secure POP connections (default 995)
Dedicated secure port to listen on for POP connections. Use the keyword ‘disabled’ to disable this part of the SurgeMail service.
Syntax: g_pop_secure_port string
g_pop_add_size
Improves pop performance on nfs slightly
This renames inbox messages to include the size of the file so that an lstat call is not needed.
Syntax: g_pop_add_size bool
g_pop_min_time
Min time in seconds between consecutive POP logins, NEVER USE
If a pop client connects more often than this, give an error. This setting will very likely break webmail sessions and cause odd problems, Best avoided!
Syntax: g_pop_min_time int
g_pop_min_late
Give min time error on first command after login
This may be less disruptive as it stops the client thinking the password is wrong.
Syntax: g_pop_min_late bool
g_pop_min_msg
Additional warning to give user when they login too soon
This lets you explain to the user what the problem is. Don’t get carried away some clients may not like a long string here!
Syntax: g_pop_min_msg string
g_pop_min_skip
Skip ip addresses matching this list.
Useful for whitelisting webmail servers etc. 127.0.0.1 is always skipped
Syntax: g_pop_min_skip string
g_pop_flush_lines
Flush to tcp every line of message sent (slow)
Too debug faulty network/client pop issues, not for general use, this may slow performance significantly
Syntax: g_pop_flush_lines bool
g_ppd_port
POPPassD port (default 106)
Port to listen for POPPassD connections. Typically you won’t need to change this, however you can specify an IP address to bind to or a list of alternate ports, eg: 10.3.2.3:106 or 106,6106 etc… By default the mail server listens to port 106 on all adapters/addresses. Use the keyword ‘disabled’ to disable this part of the SurgeMail service.
Syntax: g_ppd_port string
g_private
Enable a private customer specific feature
Used to enable private features. Not for general use
Syntax: g_private string
g_proxy
Proxy mode (or mailhost)
This enables the SurgeMail proxy mode, using ‘tohost=”xxx”‘ received from the authentication to determine real host for SMTP/POP connections. Any incoming SMTP, POP or IMAP connections will be passed on directly to the specified server. This allows you to split a domain over several separate systems. This method is outlined in general terms here.
To setup a proxy server system with 4 machines (2 proxy, 2 backend) use the following steps, lets assume your hosts are PROXY1, PROXY2, SERVER1, SERVER2
1) Set on the proxy servers in surgemail.ini g_proxy “true”
On the back end server use g_pop_nolock “true” (to avoid timing issues)
On the back end server set g_tohost_local “server1” (or server2) so it knows it’s own name.
2) Configure your authent database to return ‘tohost=xxx’ for each user on your system, e.g. in nwauth
nwauth set testuser1@test.com test tohost="SERVER1" set testuser2@test.com test tohost="SERVER2" lookup testuser1@test.com +OK testuser1@test.com config 0 tohost="SERVER1"
3) Configure your load balancing router to send users to PROXY1 & PROXY2, …
4) When new users are added always define the ‘tohost’ setting to define which system they are added to as load increases you can add more backend or frontend servers as needed.
This is very similar to the ‘mailhost’ setting some systems use in LDAPAuth to translate mailhost to ‘tohost’ you would use: info_fields mailhost,tohost in ldapauth.ini
Syntax: g_proxy bool
g_proxy_default
Default proxy host
Default host to forward to if ‘tohost’ is not defined in user database for this user.
Syntax: g_proxy_default string
g_proxy_to_gateways
Proxy pop/imap connections to matching gateway settings
This setting has no further documentation currently available
Syntax: g_proxy_to_gateways bool
g_proxy_webmail
Redirect webmail logins to external host name
This lets you use a front end server to move web based logins onto the correct webmail host
Syntax: g_proxy_webmail host=string redirect=string
g_proxy_usercgi
g_web_ref_path_extension must match on all servers)
This setting has no further documentation currently available
Syntax: g_proxy_usercgi bool
g_pstat_disable
Disable pstat per user accounting (for debugging)
Used for debugging only, do not play with this.
Syntax: g_pstat_disable bool
g_report_host
Report facts to a central host
Not for general use currently
Syntax: g_report_host string
g_responder_delay
Delay between responses to the same address.
This setting has no further documentation currently available
Syntax: g_responder_delay string
g_responder_safer
Only respond if the sender can be verified in some way (spf/domainkeys)
This setting makes the server less likely to be black listed by accidentally responding to a forged email.
Syntax: g_responder_safer bool
g_responder_score
Do not respond if spam score is above this
This can further reduce spam back scatter issues
Syntax: g_responder_score int
g_responder_friends
Only respond if from known friends
This can further reduce spam back scatter issues
Syntax: g_responder_friends bool
g_responder_sender
Responder whitelist for email from address
Allow response on spf failure if from matches thsi wildcard
Syntax: g_responder_sender string
g_responder_source
Responder whitelist for from ip name or number
Allow response on spf failure if from matches thsi wildcard
Syntax: g_responder_source string
g_responder_to
Responder whitelist for destination user
Allow response on spf failure if to matches this list
Syntax: g_responder_to string
g_responder_utf8
Send response in utf8 format
Alow utf8 chars in response
Syntax: g_responder_utf8 bool
g_responder_from
Send ‘from’ destination user. Usually unwise!
Use g_bounce_noreply setting instead to avoid annoying bounces
Syntax: g_responder_from bool
g_responder_noreply
Send ‘from’ noreply@ destination domain, improves delivery
This improves delivery
Syntax: g_responder_noreply bool
g_responder_skip
Skip responder if from matches
Skip responder if from envenlope matches this list/wild card
Syntax: g_responder_skip string
g_route
Wildcard route mail to specified server
Route messages matching particular wildcard “from address” and wildcard “to address” to specified server. This is not a gatweay rule and is only applied to mail that has already been accepted via SMTP authentication, relaying rules or gateway rules.
This would typically be used to route all mail for a particular user on a domain to another mailserver or to route all mail from a local domain through another server:
Case 1: Route mail for one user to another server
g_route from=”*@*” to=”user@localdomain.com” dest=”1.2.3.4″ user=”” pass=””
Case 2: Route all mail from local domain through other server
g_route from=”*@localdomain.com” to=”*” dest=”1.2.3.4″ user=”” pass=””
g_route_except gets applied allowing you to prevent mail coming in from certain IP addresses to be routed.
Syntax: g_route from=string to=string dest=string user=string pass=string
g_route_local
Route messages for local domains if the rule applies
This setting has no further documentation currently available
Syntax: g_route_local bool
g_route_local_ifexists
Route messages for local domains if the rule applies and the local user exists
g_route_local is also required.
Syntax: g_route_local_ifexists bool
g_route_by_tohost
Route based on authent ‘tohost’ field
Use routing to a particular server based on ‘tohost’ setting in authentication database. This is particularly useful if you have users spread over several physical locations and want to be able to route mail for different users to particular servers.
Syntax: g_route_by_tohost bool
g_route_except
IP exception to g_route and g_route_by_tohost
IP exception to g_route and g_route_by_tohost.
Syntax: g_route_except string
g_queue_all
Always queue local messages before delivery
This setting has no further documentation currently available
Syntax: g_queue_all bool
g_queue_max
Size of internal queue file cache
Size of internal mail queue file cache, range 500-3000.
Syntax: g_queue_max int
g_queue_spawn
Run command on queue files before delivery ONLY if g_queue_all is true, filename is passed as parameter
This setting has no further documentation currently available
Syntax: g_queue_spawn string
g_queue_warning
If on disk queue exceeds this send manager a warning
If you send email in faster than it can be sent, or something is wrong (e.g. a broken dns server) then this helps warn you early
Syntax: g_queue_warning int
Example: g_queue_warning “10000”
g_queue_limit
If on disk queue exceeds this block incoming mail
If you send email in faster than it can be sent, the queue grows forever until the server fails due to huge directories or insufficient disk space, this setting stops the incoming messages so you are alerted to the problem before it becomes critical. Note that this stops all incoming mail, including local deliveries. This is the number of items
Syntax: g_queue_limit int
Example: g_queue_limit “100000”
g_quota_warning_disable
Disables the 80% quota warning message
Disables the 80% quota warning message.
Syntax: g_quota_warning_disable bool
g_quota_from
Return address for quota warning messages
This setting has no further documentation currently available
Syntax: g_quota_from string
g_quota_at
Default is 80%
Level at which user gets a warning message
Syntax: g_quota_at string
g_quota_noemail
Disables all quota messages to the user
This setting has no further documentation currently available
Syntax: g_quota_noemail bool
g_quota_notrash
Remove Trash folder from quota calculation
This setting has no further documentation currently available
Syntax: g_quota_notrash bool
g_quota_rcpt_disable
Disables quota check at rcpt stage
SurgeMail now does quota checking at rcpt stage (Quota checking used to be done after data arrived) This setting disables the quota checking at rcpt stage if the above causes problems (not intended for general use).
Syntax: g_quota_rcpt_disable bool
g_quota_try_later
Retry responses for over quota
Give 450 response if user is over quota so message will be resent.
Syntax: g_quota_try_later bool
g_quota_friends
Count stored spam as part of quota
Count friends pending messages and spam store as part of the per user quota.
Syntax: g_quota_friends bool
g_quota_before_forward
Do quota check before forwarding.
This setting has no further documentation currently available
Syntax: g_quota_before_forward bool
g_quota_skip
Skip quota checks for matching ip addresses
Skips the quota checking. Use this if you have a high priority robot (like your billing system) that must be able to deliver email to users (or students) even if the user is over quota.
Syntax: g_quota_skip string
g_quota
-quota-default-default-quota" >
This setting has no further documentation currently available
Syntax: g_quota_default string
g_quota_disable
Disable quota system
Disables quota processing completely
Syntax: g_quota_disable bool
g_quota_report
Send quota warnings to the manager
Useful for small systems where any quota limit failure is an issue for the manager to resolve, only one report is sent a day so you may not hear about all users over quota.
Syntax: g_quota_report bool
g_quota_550
Give 550 quota response instead of 552
Can help with old systems that need the wrong error code.
Syntax: g_quota_550 bool
g_quota_default
Default quota
This setting has no further documentation currently available
Syntax: g_quota_default string
g_rcpt_max
Max recipients per message, default is 1000
Max recipients per message, default is 1000, can only be lower than 1000.
Syntax: g_rcpt_max int
g_rcpt_max_in
Limit for recipients of untrusted channels, default g_rcpt_max
This limit is only applied to untrusted sessions (incoming mail)
Syntax: g_rcpt_max_in int
g_rcpt_msg
Invalid recipient response
Response given for invalid recipient errors message is prefixed by email address..
Syntax: g_rcpt_msg string
g_rcpt_bang
Allow bang characters in addresses
Allow exclamation marks in addresses. ie ‘!’
Syntax: g_rcpt_bang bool
g_rcpt_colon
Allow colon characters in addresses
Allow colon characters in addresses. ie ‘:’
Syntax: g_rcpt_colon bool
g_rcpt_quote
Allow quote character(s) in addresses
By default quotes are blocked at the SMTP level, this is because some of the authent modules don’t handle quotes in addresses so it’s best not to let them through. There is no known reason for ever turning this setting on.
Syntax: g_rcpt_quote bool
g_rcpt_nodup
Ignore duplicate recipients to the same user
When enabled this prevents a message being delivered more than once to a single person, it’s a fairly good setting to use and will get rid of some spam for people using fallback addresses.
Syntax: g_rcpt_nodup bool
g_rcpt_trace
Add X-Rcpt-Trace headers
This will list all recipients in the message to facilitate tracing
Syntax: g_rcpt_trace bool
g_rcpt_ok
Whitelist for invalid rcpt addresses we will permit
This setting has no further documentation currently available
Syntax: g_rcpt_ok string
g_find_wrong
Find domain based on IP even if url suggests other vdomain
This setting is for backward compatibility to reproduce buggy behaviour
Syntax: g_find_wrong bool
g_from_ok
Whitelist for invalid from addresses we will permit
This setting has no further documentation currently available
Syntax: g_from_ok string
g_rdns_timeout
Timeout for reverse DNS lookups default is 30 seconds
Best set between 10 and 60
Syntax: g_rdns_timeout int
g_received_name
Name shown in received headers
Name shown as received “by” in the received headers this defaults to server name but can be specified if required:
eg “myservername”
Received: from netwin.co.nz (unverified [10.0.0.5]) by myservername (SurgeMail 1.5f) with ESMTP id 1140619 for <marijn@netwin.co.nz>; Fri, 07 Nov 2003 10:25:59 +1300
Syntax: g_received_name string
g_received_names
List of valid received names for incoming email
This list is used when processing vanish_bad_bounces, vanish_virus_bounces and vanish_any_bounce. It defines the valid received names to expect quoted in a properly formed bounce message for a message from this server/system.
Syntax: g_received_names string
g_received_skip
Don’t write a received header for local trusted users
This setting can be used to hide sensitive local ip addresses from outgoing mail headers. This will make tracking abuse more difficult, we do not recommend using this setting generally.
Syntax: g_received_skip bool
g_received_skip_all
Skip local received header for messages that have non local recipients
Note that in the case of a message that is to a local and remote recipeient, it will skip the headers for both, even though the desire is to skip them for the remote recipient only. This not quite right, ideally one should skip this for outgoing only but since the header is added at delivery time we thought this was close enough.
Syntax: g_received_skip_all bool
g_received_skip_spf
Skip spf received header for messages that have non local recipients
Note that in the case of a message that is to a local and remote recipeient, it will skip the headers for both, even though the desire is to skip them for the remote recipient only. This not quite right, ideally one should skip this for outgoing only but since the header is added at delivery time we thought this was close enough.
Syntax: g_received_skip_spf bool
g_recent_bypass
Bypass recent login failure checking
This allows you to disable recent login failure checking for certain IP addresses. Normally there up to a maximum of 9 login attempts are allowed per connection.
Syntax: g_recent_bypass string
g_record_days
Period delivery logs are stored
The number of days SurgeMail message delivery logs are stored.
Syntax: g_record_days int
g_record_hash
Hash delivery logs
Message delivery logs may be stored in hashed format within g_record_path as <surgemail dir> \recYYMM\msgYYMMDD.rec
Syntax: g_record_hash bool
g_record_login
Log successful logins to msg*rec files
This setting has no further documentation currently available
Syntax: g_record_login bool
g_record_path
Path for mail delivery logs
Sets the path for the SurgeMail delivery logs. Delivery logs contain entries for mail received and delivered in a single file per day. See Searching the Log Files for more information.
Syntax: g_record_path string
g_redirect
Redirect messages to ‘was’ to the ‘new’ address
Specifies global redirection rule. These rules are applied to local and remote addresses so should be used with ‘care’, for domain based redirection use the redirect rules within a domain. An example rule would be: fred@xx.com –> bob@yy.com or *@xx.com –> joe@xx.com
Wild cards can be used and replaced, e.g.
g_redirect was=”*@gadget.net” to=”%1@gadget.com”
g_redirect was=”*@*.gadget.com” to=”%1-%2@gadget.com”
Would make
bob@gadget.net –> bob@gadget.com
fred@cool.gadget.com –> fred-cool@gadget.com
These rules are processed ‘before’ the domain is identified, therefore you cannot use host_alias domain values in them. Use a domain redirect rule if this is required.
You can also redirect a message to a robot or script like this:
g_redirect was=”auto@mydomain.com” to=”|/usr/local/myrobot.sh”
Your script can read the environment variables:
MAILFROM
RCPTTO
MSGSIZE
And must read the message on ‘stdin’, the message will be terminated with “crlf.crlf”
Your script can then process the message and if it want’s to respond must use smtp to send a response back etc…
Your script will run as the user ‘mail’ so if that user does not have access to the script file or work files then it will fail
Syntax: g_redirect was=string to=string
g_redirect_cc_attach
Redirect message as attachment if rule applies
This rule is applied at the point of delivery, so only if the original user actually gets the email, and the message is sent as an attachment, the original message is ALSO delivered
Syntax: g_redirect_cc_attach was=string to=string header=string contains=string
g_redirect_cc
Carbon Copy redirect message
Same as ‘redirect’ but the message is still delivered to the original address as well. For g_redirect_cc there are two special names defined “$localdomain$” and “$remotedomain$”, which can be used in the ‘was’ paramater (requires SurgeMail 2.3).
Syntax: g_redirect_cc was=string to=string
g_redirect_from
Redirect message if from matches
Redirect a message to another address if the from matches.
Syntax: g_redirect_from from=string to=string
g_redirect_from_cc
Carbon Copy redirect message if from matches
Redirect a copy of the message to another address if the from matches still delivering to the original address as well.
Syntax: g_redirect_from_cc from=string to=string
g_redirect_hide
Hide the redirection in the SMTP output
Hide the redirection in the SMTP output
Syntax: g_redirect_hide bool
g_redirect_iflocal
If local domain, then apply redirect
This is for doing fancy redirection where the rule is only applied if the domain of the destination is a local domain. For example to redirect all messages to postmaster at any local domain to one particular admin user.
Syntax: g_redirect_iflocal was=string to=string
Example: g_redirect_iflocal was=”postmaster@*” to=”john@main.domain”
g_redirect_ses
If message is not local then apply redirect
Send all outgoing email to this address instead, useful for redirecting email to a robot (like amazon ses service), this is called for each outgoing message, once for each recipient
Syntax: g_redirect_ses from=string was=string to=string
Example: g_redirect_ses was=”*” to=”john@external.domain”
g_redirect_ignore_errors
Accept email even if redirected addresses fail
We consider this to be faulty behaviour as it will lead to emails vanishing with no bounce, use entirely at your own risk.
Syntax: g_redirect_ignore_errors bool
g_redirect_noautocreate_rules
Don’t create redirection rules for domains automatically
This will stop SurgeMail creating redirection rules for new domains such as postmaster,abuse and support
Syntax: g_redirect_noautocreate_rules bool
g_redirect_newmid
Generate new MID on redirection
This can help avoid loops.
Syntax: g_redirect_newmid bool
g_relay_allow_ip
Allow relaying from these users
List the IP ranges of local users that you will allow to send ‘OUTGOING’ Email without using SMTP authentication, e.g. “127.0.0.1,10.0.*”. In the past, mail servers used to permit this from any IP address, but since this was abused by ‘spammers’ all modern mail servers only allow this from known local IP addresses. Remote users should use ‘smtp authentication’ or login via POP protocol before sending Email, then SurgeMail will trust them. Do NOT set this to ‘*’ If you do your system will be blocked as it will be assumed that spammers are using your system even if they are not!!!
Syntax: g_relay_allow_ip string
g_relay_allow_from
Allow relaying for known from addresses
This setting allows users to send outgoing Email if their envelope ‘from’ address is a known local address. This is a very bad idea in general as spammers can do this too. So in general don’t use this setting except as a lesser of two evils. It will be detected by some open relay checking systems and your site can then end up listed as an open relay. If this happens your Emails will be rejected by other peoples systems. e.g.
g_relay_allow_from "*@my.domain,*@second.domain,fred@third.domain"
Syntax: g_relay_allow_from string
g_relay_dom_and_ip
Relay based on domain and IP
Allow relaying if the domain in the from envelope and IP address both match.
Syntax: g_relay_dom_and_ip domain=string ip=string
g_relay_window
Allow relaying after valid POP login
This sets the time after a valid POP login that you will allow a user on the same IP to send outgoing mail. In general it is safe to set this setting large and it can allow people using old mail clients (that do not know how to do SMTP authentication) to still send through your server without making your server an open relay.
Syntax: g_relay_window int
g_relay_window_from
Requires pop authed user is in from header of sent message
This must be used with g_relay_window, the matching is ‘simplistic’ and matches on the ‘from envelope’ but will stop most simple forms of abuse.
Syntax: g_relay_window_from bool
g_relay_to
Relay to this domain from anyone
This setting allows mail from anyone to be relayed to the specified domain. The relaying is unconditional.
Syntax: g_relay_to string
g_relay_to_user
Relay to specific user from anyone
This setting has no further documentation currently available
Syntax: g_relay_to_user string
g_relay_process
Relay process, e.g. testip.exe $WHOIP, return 1 to allow relaying, 0=deny
Allows you to run an external program to lookup an ip address and decide if it is one of your users who should be allowed to relay. This can be used when your users login via some type of shared system so the ip ranges are not known but you do have a way of checking if a user of yours is ‘currently’ connected on an ip address
Syntax: g_relay_process string
Example: g_relay_process “c:/surgemail/testip.exe $WHOIP”
g_relay_ifnot
Accept locally only if not from this ip
This lets you send all email to ‘mx’ destination, even if the account is local, unless it is coming from a known ip address range.
Syntax: g_relay_ifnot string
g_relay_message
Message to display to users who try to relay
Text string displayed to users who try and relay.
Default (blank) is: “Relaying blocked, read new mail, add <sender.ip> to forwarding or enable smtp authentication in your mail client”
Syntax: g_relay_message string
g_relay_nolocal
Do not automatically relay for 127.0.0.1
This setting has no further documentation currently available
Syntax: g_relay_nolocal bool
g_rename_files
Files to apply virus renaming to
Only takes effect if g_virus_rename is checked. Default is: “*.exe,*.pif,*.bat,*.com,*.cmd,*.jav,*.vbs,*.scr,*.wsh”
Syntax: g_rename_files string
g_rename_content
Wild card list of mime types to rename, e.g. application*zip*
This setting has no further documentation currently available
Syntax: g_rename_content string
g_restart
Auto restart server
If turned on Swatch (a spawned second process) checks every 30 seconds to see if the server is still running. If it isn’t running but it’s pid file still exists (so if it died) this second process restarts the missing server and sends the manager account an Email reporting the fault.
For this to work on NT you need to set Dr Watson NOT to show visual notification of faults:
This sets Dr Watson to be the default debugger) c:/> drwtsn32 /i This brings up the Dr Watson settings, un-tick "Visual Notification" c:/> drwtsn32
Generally this setting is not needed and could be left off, but if an odd problem should develop, this setting can give you peace of mind for a few days while you wait for a problem resolution from NetWin.
Syntax: g_restart bool
g_restart_vmsize
Restart server if vmsize exceeds this (in mb), e.g. 1000
This setting has no further documentation currently available
Syntax: g_restart_vmsize int
g_restart_malloc
Restart server if malloc exceeds this (in mb), e.g. 1000
This setting has no further documentation currently available
Syntax: g_restart_malloc int
g_restart_kill
Allow swatch to kill surgemail if not responding – beta
This setting has no further documentation currently available
Syntax: g_restart_kill bool
g_retry_limit
Max hours to keep trying to deliver messages
Every hour the mail server will attempt to deliver any messages that fail for a reason that may be a temporary fault (for example the destination mail server doesn’t respond). This setting limits how long these retries continue for. The default is 48 hours (2 days).
Syntax: g_retry_limit int
g_retry_bounces
Max hours to keep trying to bounce messages
Max hours to keep trying to deliver a bounce the default is 48hrs
Syntax: g_retry_bounces int
g_retry_dns
Hours to keep trying if dns response suggested invalid domain name, default 0
By default, if the DNS server says a domain doesn’t exist, the message is immediately bounced so the sending user can take action. In some rare cases this will occur with a valid domain name because the actual DNS of the domain you are sending to is temporarily down. In this situation making SurgeMail retry for 1 hour can prevent these false bounces. I don’t recommend this setting as mostly the DNS response and cache etc is very very reliable because SurgeMail keeps a local cache of DNS lookups that worked on disk. So for a failure like this to occur it must be the first time the server has EVER looked up the domain, so the odds are extremely remote. Delaying a useful response to the user for 1 hour just for this remote chance is not wise in my opinion.
Syntax: g_retry_dns int
Example: g_retry_dns “1”
g_retry_warn
Send user a warning if first send fails
I like this setting myself but it can confuse users as the first send attempt will often fail and the user will mis read the bounce and think it’s failed completely. It does mean when a message is urgent the user gets told right away, instead of 2 days later, that there is a problem sending the message so for a business it’s a nice setting to enable.
Syntax: g_retry_warn bool
g_retry_unwarn
Send user sent on confirmation if warning sent
This complements the warning setting, so the user can see the message did eventually go through and after how long…
Syntax: g_retry_unwarn bool
g_retry_warn_n
Send user a warning if nth send fails
Similar to the above setting but this one reduces the false warnings as messasges often fail on the first attempt
Syntax: g_retry_warn_n int
g_retry_minutes
Time between attempted retries
Time in minutes that SurgeMail will try and resend a message that has failed to be delivered.
(default = 60 minutes).
Syntax: g_retry_minutes int
g_retry_rule
Retry rules overriding g_retry_limit
Rules that allow you to specify the retry_limit in hours on a per destination domain basis.
Example:
g_retry_rule domain=”test.com” hours=”48″
That will make it keep retrying to send to the domain test.com for 48 hours.
Syntax: g_retry_rule domain=string hours=string
g_retry_from
Time to keep messages from these domains
This setting has no further documentation currently available
Syntax: g_retry_from domain=string hours=string
g_legal_archive_enable
Enable legal archive
This setting has no further documentation currently available
Syntax: g_legal_archive_enable bool
g_legal_archive_local
Store files locally only
This setting has no further documentation currently available
Syntax: g_legal_archive_local bool
g_legal_archive_spam
Store files even if identified as spam (OBSOLETE)
Messages are always stored now regardless of spam score
Syntax: g_legal_archive_spam bool
g_legal_archive_add
Users must belong to this group to get their email archived
This setting has no further documentation currently available
Syntax: g_legal_archive_add string
g_legal_archive_show
Users must belong to ‘archive_show’ group to see their own archive
This setting has no further documentation currently available
Syntax: g_legal_archive_show bool
g_legal_archive_bucket
bucket for for net service
This setting has no further documentation currently available
Syntax: g_legal_archive_bucket string
g_legal_archive_path
Local path for archive indexes
This setting has no further documentation currently available
Syntax: g_legal_archive_path string
g_legal_archive_hostid
Unique integer for this host 1-9 use if sharing mail spool
This setting has no further documentation currently available
Syntax: g_legal_archive_hostid int
g_legal_archive_encrypt_key
Key for encrypting the data, you MUST never loose this
This setting has no further documentation currently available
Syntax: g_legal_archive_encrypt_key string
g_legal_archive_keep
Days to keep legal archive, units=days unless you specify years or months, default 5 years
This setting has no further documentation currently available
Syntax: g_legal_archive_keep int
g_legal_archive_accesskey
Amazon s3 awsaccesskeyid
This setting has no further documentation currently available
Syntax: g_legal_archive_accesskey string
g_legal_archive_secretkey
Amazon s3 awssecretkey
This setting has no further documentation currently available
Syntax: g_legal_archive_secretkey string
g_legal_archive_only
Drop all messages after archiving them!
This setting has no further documentation currently available
Syntax: g_legal_archive_only bool
g_legal_archive_nofail
Don’t bounce messages if archvie fails
This setting has no further documentation currently available
Syntax: g_legal_archive_nofail bool
g_sabre_version
SabreDAV version (DO NOT CHANGE, for debugging only)
This setting has no further documentation currently available
Syntax: g_sabre_version string
g_sample_get
Sample account to check if deliveries work
The idea is to create several accounts on various public mail servers. Then send a test message using a mailing list or g_redirect rule to these test accounts, then use the command tellmail sample_get CODE DELETE to check if the messages have arrived. The first paramter of tellmail sample_get is a code it expects to find in the message headers (or subject) and the second paramter should be the keyword ‘delete’ if you want it to delete the sample messages.
Syntax: g_sample_get host=string user=string pass=string
g_sample_show
Headers to show from sample messages
Typicall you will list headers that are added by spam filters
Syntax: g_sample_show string
g_scan_cmd
Run command on message, and return integer
Run command on message, and return integer, see g_scan_action.
Syntax: g_scan_cmd string
g_scan_cmd_skip
Skip for matching ip addresses
This setting has no further documentation currently available
Syntax: g_scan_cmd_skip string
g_scan_cmd_testing
Don’t reject, (for testing)
This setting has no further documentation currently available
Syntax: g_scan_cmd_testing bool
g_scan_cmd_failok
Don’t reject if script fails
This setting has no further documentation currently available
Syntax: g_scan_cmd_failok bool
g_scan_action
Converts return value from g_scan_cmd to action on email
Converts return value from g_scan_cmd, action=drop,accept,bounce.
Syntax: g_scan_action code=int action=string reason=string
g_send_first_retry
Minutes for first retry, default is 16 minutes, do not adjust!
It’s best not to change this generally, if you set it too low then grey listing may fail, if you set it higher then email is delayed.
Syntax: g_send_first_retry int
g_send_helo
Domain to use for all outgoing SMTP helo commands
Fully qualified domain to use for all outgoing SMTP helo commands.
Syntax: g_send_helo string
g_send_helo_from
Use the sending domain for the helo command
If the senders domain name (in return path envelope) is a valid local domain, then it is used in the ‘helo’ command.
Not generally recommended. The correct use of the helo is to identify the sending machine, not the domain, so although this makes the headers look pretty it doesn’t make them more correct in my opinion.
Syntax: g_send_helo_from bool
g_send_helo_in
Lookup dns name of incoming ip connection on local interface
So this is the local ip name it looks up not the remote ip address name.
Syntax: g_send_helo_in bool
g_send_backoff
Backoff slow hosts
Seconds to leave slow responding host alone (default 900).
Syntax: g_send_backoff int
g_send_lines
Send single line packets
Send messages in single line packets, slow! (for debugging)
Syntax: g_send_lines bool
g_send_nopoll
Use sleep loop instead of poll (debugging only)
This is to try and find an elusive fault on some systems sending large emails, not for general use
Syntax: g_send_nopoll bool
g_send_lowpriority
Ip address of bulk sending servers
This limits the impact from mailing lists that would otherwise clogg the server and prevent normal individual emails going through quickly, typically set to *bounce@* to lower mailing list priority
Syntax: g_send_lowpriority string
g_send_max
Max concurrent sending sessions
Maximum concurrent outgoing SMTP connections . You should not have to change this. The default is 100.
Syntax: g_send_max int
g_send_max_perchan
Msgs to send on one open channel
This may help delivery if a server is incorrectly identifying your server as a spam source. A value of 1-5 would be reasonable
Syntax: g_send_max_perchan int
g_send_max_perdom
Max concurrent sending sessions to a single domain
Maximum concurrent outgoing SMTP connections to a single domain. The default is 2. This can be set higher and the default used to be 6 however there are a few servers out there that don’t like more than 2 channels being opened to them.
Syntax: g_send_max_perdom int
g_send_max_rcpt
How many rcpt’s to send per message when sending
Default is unlimited, Setting this to a small value like 10 may help some mail servers.
Syntax: g_send_max_rcpt int
g_send_nolimit
Don’t apply g_max_perdom limit when sending to this domain
Use this on incomng mx severs for the local domain so it can use lots of channels to send the data through.
Syntax: g_send_nolimit string
g_send_nosize
Don’t send size with from envelope
Revert to old style sending, no known reason for doing this
Syntax: g_send_nosize bool
g_send_no_domain
Message to show when domain points to us but can’t find user or domain
Most useful when using g_authent_always, as this error will be shown to local users when sending to local users that don’t exist.
Syntax: g_send_no_domain string
g_send_onpopfetch
Only send outgoing while doing a POPfetch
Only send outgoing while doing a POPfetch (For dialup use).
Syntax: g_send_onpopfetch bool
g_send_retry_550
Retry on 550 responses (general failure)
Might be useful to stop messages bouncing when destination server is temporarily rejecting everything
Syntax: g_send_retry_550 bool
g_send_retry_552
Retry on 552 responses (typically quota exceeded)
Some faulty hosts return a 552 error when a user is over quota, this means that by the RFC SurgeMail must not try again to deliver the message. However this is clearly not a permanent error and so it’s often wise to retry in this situation, This setting makes SurgeMail attempt retries when faced with this odd response.
Syntax: g_send_retry_552 bool
g_send_rewrite
Rewrite envelope recipient at send stage, does not change destination server
This rewrites the recipient envelope, you can use wild cards, e.g. *@this.domain %1@another.domain, to rewrite ‘from’ addresses use g_from_rewrite
Syntax: g_send_rewrite was=string to=string
g_send_noskipslow
Don’t skip slow hosts
Normally surgemail remembers hosts that are slow to open, fail and doesn’t retry for 60 minutes.
Syntax: g_send_noskipslow bool
g_send_speed
max outbound bandwidth
Bytes per second to limit each outgoing channel to. eg: 10k
Syntax: g_send_speed int
g_send_conspeed
Outgoing connections per second per destination, default is 4
This helps prevent surgemail exceed tarpit throttles common in unix mail servers, adjust at your own risk. This won’t generally limit outgoing email speed so you don’t need to touch it. A value of ‘1’ means surgemail can make one connection each second.
Syntax: g_send_conspeed int
g_send_delay
Wait this many seconds after sending each item.
This is a simple throttle to limit sending speed to any single domain, a value of 2 seconds is probably reasonable. In general you would also set G_SEND_MAX_PERDOM to 1.
Syntax: g_send_delay int
g_send_timeout
Send timeout
Timeout, in seconds when sending mail, default is 540 (9 minutes)
Syntax: g_send_timeout int
g_send_tolimit
Limit speed to send to one or more domains.
Some large providers will assume you are a spammer if you send too many messagse in an hour. If you have a large mailing list it’s easy to break these limits, in which case some rules like this can prevent this problem.
Syntax: g_send_tolimit domain=string perhour=int
Example: g_send_tolimit domain=”hotmail.com,*hotmail.com” perhour=”60″
g_send_open_timeout
SMTP link open timeout
Timeout, in seconds when opening an SMTP link.
Syntax: g_send_open_timeout int
g_send_body_noretry
Don’t try and resend if failure during body send
By default SurgeMail retries to send messages if the tcp connection is lost during the body send part of sending an email message. In rare situations this may cause problems, for example while sending a large file if the receiving software is faulty and is dieing rather than responding with ‘don’t try again’ error code. This behaviour was reversed before version 2.0h (e.g. it never retried)
Syntax: g_send_body_noretry bool
g_send_body_end_retry
Try again if connection fails after entire body sent
This setting will tend to result in ‘duplicate’ messages being received, so should not be used, but strictly speaking it is valid to retry in this situation, the trouble is the receiving mail server ‘may’ have a real copy of the message so may deliver it even though the connection was dropped.
Syntax: g_send_body_end_retry bool
g_send_body_once
Don’t try 3 times if failure occurs sending body
This setting disables the new feature where the server tries harder to deliver a message even if it ‘might’ result in duplicates being delivered.
Syntax: g_send_body_once bool
g_send_bug1
Fail while sending messages
Debugging feature.
Syntax: g_send_bug1 bool
g_send_sslheader
Add x-encrypted header when sending via ssl
This setting has no further documentation currently available
Syntax: g_send_sslheader bool
g_send_strip
Headers to strip when sending
This setting has no further documentation currently available
Syntax: g_send_strip string
g_send_store_disable
Disable sendstore smtp extenstion
This setting disables the ability to save the message to the sent folder as part of the smtp command (only used by SurgeAlert)
Syntax: g_send_store_disable bool
g_server_name
Wildcard “SERVER_NAME” translation for domain identification
The vdomain a user connects on is normally identified automatically for “user account self management” and for “webmail”. In the event that the domain name is not the same as the host name (eg hostname = mail.domain.com, domainname = domain.com) the WebMail web server can automatically translate the SERVER_NAME variable.
This setting specifies a wild card list of URLs ‘URL’ with associated translated host name for “SERVER_NAME”. If the URL matches then SERVER_NAME is set to the second part of this setting ‘name’. eg: to host the domains domain.com and mail.domain.com on host mail.domain.com:
g_server_name url=”*.domain.com” name=”domain.com”
Note: If your server name is not the same as your domain name also check the per domain setting URL_host.
Syntax: g_server_name url=string name=string
g_server_stamp
Replaces SurgeMail and version string in “Received” headers
Replaces SurgeMail and version string in Received headers of process mail
Syntax: g_server_stamp string
g_sf_disable
Smart Filter Disable
This setting has no further documentation currently available
Syntax: g_sf_disable bool
g_sf_obey_users
Obey user submissions about non spam, usually not a good idea
This setting has no further documentation currently available
Syntax: g_sf_obey_users bool
g_sf_ignore_users
Ignore user submissions just use automatic samples (obsolete)
This setting has no further documentation currently available
Syntax: g_sf_ignore_users bool
g_sf_generate
Build local smart filter
Creates feature_gen.dat from sf_mfilter.txt (instead of using feature_gen.net downloaded from netwinsite.com). This requires your server to have a reasonable sample of spam in the train… folders, this is collected automatically over a few days.
Syntax: g_sf_generate bool
g_sf_nnet
Use Neural Network (Experimental, ONLY FOR TESTING)
Experimental setting
Syntax: g_sf_nnet bool
g_sf_binary
Use Binary Network
Binary tree for scoring – this mechanism scores based on finding the sample or samples with the closes matching features, and counting how many are spam/not spam. This method is the best choice (currently)
Syntax: g_sf_binary bool
g_sf_list
Use list mechanism for scoring
A new mechanism to score more rationally based on the known data.
Syntax: g_sf_list bool
g_sf_nosanity
Disables improved g_sf_binary with sanity checks
This smoothes out the nonsense a bit if g_sf_binary over-reacts to training or small samples
Syntax: g_sf_nosanity bool
g_sf_sanity2
Enables improved sanity scoring
This second sanity check improves scores over 8 to be a bit more useful.
Syntax: g_sf_sanity2 bool
g_sf_sanity_test
Experimental setting never use
Test another spam scoring method
Syntax: g_sf_sanity_test bool
g_sf_saneonly
Sane score only
Experimental setting
Syntax: g_sf_saneonly bool
g_sf_test2
Testing
Experimental setting
Syntax: g_sf_test2 bool
g_sf_rules
Use manual rules to improve scoring
Use additional manual rules
Syntax: g_sf_rules bool
g_sf_limit
Limit range of self training
This setting has no further documentation currently available
Syntax: g_sf_limit bool
g_share_home
Allow sharing of home directory
This allows sharing of the home directory in the unlikely situation that you might want to run separate surgemail processes. eg one process to cope with SMTP and another to cope with POP access.
Syntax: g_share_home bool
g_share_mail
Allow sharing of mail directory
Set true if mail area is shared (by nfs or other mechanism)
Syntax: g_share_mail bool
g_share_quota
Do quota on disk (e.g. when using nfs shared spool)
Normally SurgeMail keeps track of quota for all users in memory, this is efficient, but means if your are using a shared mail spool the quota figures are completely wrong, so use this setting to make surgemail keep track of quota’s on disk, it increases disk load a bit of course but not too much.
Syntax: g_share_quota bool
g_shutdown_slow
Delay shutdown
Add 20 second delay to shutdown for testing purposes only.
Syntax: g_shutdown_slow bool
g_slow_welcome
Delay the welcome message
Add 20 second delay to welcome message for testing purposes only.
Syntax: g_slow_welcome bool
g_sms_gateway
Address and port of your SMS gateway
This is the ip and port of an ’email to sms gateway’. The gateway should accept SMTP messages on this port and convert the email into an sms message then deliver to the phone number in the ‘to’ address. SMSGate is our ’email to sms gateway’ and is FREE with SurgeMail. Setting user_sms to “true” for a domain allows users to specify a phone number (or email address) and rules for when to notify them.
Syntax: g_sms_gateway string
g_sms_gateway_force
Force sms notifications to go to g_sms_gateway
If a user sets their sms number to an email address, perhaps to make use of an existing gateway, then surgemail will send the message to the domain in that address. If you set this you can force the email to go to g_sms_gateway. NOTE: It is possible to configure SMSGate with ‘send_mode smtp’, ‘recv_mode none’ and no GSM modem. In this setup it simply reformats messages passing them on to the configured smtp_outserver for delivery as email messages.
Syntax: g_sms_gateway_force bool
g_sms_gateway_msgbytes
Maximum amount of message to send to g_sms_gatway (bytes)
Defines the maximum number of bytes of ‘body’ text to send to the g_sms_gateway. All headers are sent, then the defined number of bytes of ‘body’ text. Defaults to 160. May be set larger than the default if you have a lot of html messages or multipart html and text messages. Should not be set too large as there is no point sending binary attachments and the like to an sms gateway.
Syntax: g_sms_gateway_msgbytes int
g_sms_gateway_subjbytes
Maximum length of subject in sms message
Defines the maximum number of bytes of ‘subject’ text to send to the g_sms_gateway.
Syntax: g_sms_gateway_subjbytes int
g_sms_forward
Specifies IP’s which are allowed to forward to SMS gateways
Normally sms gateways are restricted to authenticated users (SMTP authentication) this allows you to specify IP’s which can send without authentication. For example you may want your dlist server to send SMS, in which case you might add 127.0.0.1 to this setting.
Syntax: g_sms_forward string
g_smite_all
Add smite headers to all messages passing through server
Normally SmiteSpam headers are only added for locally delivered messages. This setting to all messages passing through this server.
Syntax: g_smite_all bool
g_smite_gateway
Add smite headers to gatewayed messages
Normally SmiteSpam headers are only added for locally delivered messages. This setting adds the headers for gatewayed messages too. This also adds headers to messages that are redirected by forward rules as well.
Syntax: g_smite_gateway bool
g_smite_level
Smite level to discard message
If SmiteSpam gives a message a “smite score” above this, throw it awayl. This setting is best never used. If used it should be set to ‘1 or 2’. A value of 1 = “has been reported”, 2 = “has been reported multiple times”. If smite match score is above this drop message. This is applied when the user downloads the email not at delivery time. What you probably want is ‘g_spam_bounce’ described elsewhere on this page.
Syntax: g_smite_level int
g_smite_skip
Skip smitecrc processing for messages from these domains
This will skip running SmiteCRC for messages whose from address matches these domains. This is the mail from envelope header NOT the from header in the message (you can check the return path header in the message to check what you need to add for this setting).
Note this is a wildcard field so to match any mail claiming to be from safedomain.com you would have to set:
g_smite_skip “*@safedomain.com”
Syntax: g_smite_skip string
g_smite_skip_from
Skip spam scanner if from header/env matches this wild card
This setting has no further documentation currently available
Syntax: g_smite_skip_from string
g_smite_skip_to
o>
Skip smite scanner if to matches this wild card to <address>.
Syntax: g_smite_skip_to string
g_smite_skip_only
Skip spam scanner if to matches this wild card and no other recipients that ‘don’t’ match…
This setting has no further documentation currently available
Syntax: g_smite_skip_only string
g_smite_skip_ip
Skip smite based on sender IP
Skip smite scanner if sender IP matches this wild card list.
Syntax: g_smite_skip_ip string
g_smite_skip_auth
Skip spam scanner if user logged in
Skips spam checks and spam header generation for any authenticated local user.
Syntax: g_smite_skip_auth bool
g_smite_skip_relay
Skip spam scanner if ip can relay
Skips spam checks and spam header generation for any local user.
Syntax: g_smite_skip_relay bool
g_smite_tag
Tag message if in SmiteSpam database
If set to true will tag messages already in the SmiteSpam database. A value of 1 = “has been reported”, 2 = “has been reported multiple times”.
Syntax: g_smite_tag bool
g_smtp_allow_invalid
Allow messages with invalid headers
This setting has no further documentation currently available
Syntax: g_smtp_allow_invalid bool
g_smtp_auth_debug
Auth Debug (do not use)
This setting has no further documentation currently available
Syntax: g_smtp_auth_debug bool
g_smtp_bounce_nslow
Number of handles to use for doing slow rejections of smtp connections
If external servers are over loading your server so much that it ends up in a cpu loop rejecting connections then increaseing this might help. But beware your system must not run out of file handles so don’t set it too large, The default is 100
Syntax: g_smtp_bounce_nslow int
g_smtp_cmd_timeout
SMTP command timeout
Seconds to wait after getting a message for next command (workaround for sendmail bug)
Syntax: g_smtp_cmd_timeout int
g_smtp_data_timeout
SMTP data timeout
Seconds to wait for SMTP data input.
Syntax: g_smtp_data_timeout int
g_smtp_data_bug
Fail on incoming emails for debugging
This setting has no further documentation currently available
Syntax: g_smtp_data_bug bool
g_smtp_delay_stamp
Stamp message if sender doesn’t wait for welcome
If true then if any smtp commands arrive before the ‘helo’ greeting is sent then a header is added to messages which will result in a higher spam score.
Syntax: g_smtp_delay_stamp bool
g_smtp_delay
Seconds to wait before responding to rcpts, 1-20, this reduces load on bulk senders
Only applies if more than 2 connections from the same ip address, so it only throttles bulk senders not people
Syntax: g_smtp_delay int
g_smtp_welcome_delay
delays welcome message
Syntax: g_smtp_welcome_delay “seconds”
This delays the welcome message sent by SurgeMail to a connecting server. If the server sends data to SurgeMail during this waiting time SurgeMail will drop their connection. The theory is that any well behaved server will wait for prompts and check them, but a lot of spamming software never takes any notice of prompts/responses and sends blindly. We believe a value of 1-3 seconds is ideal. You can also exempt ip’s from this setting by using g_spam_allow “ip”. Settings too high will cause real mail to be lost.
Examples:
g_smtp_welcome_delay “3”
g_spam_allow “127.0.0.1”
So above, delay giving the welcome message for 3 seconds, anyone that sends data in that 3 seconds will be dropped, but anything connecting from 127.0.0.1 will be able to send immediately (you should make sure webmail is exempt).
Syntax: g_smtp_welcome_delay int
g_smtp_log_protocol
Log SMTP protocol
If enabled, the SMTP protocol is logged to the mail.log file as “smtp: In” and “smtp: Out” entries.
Syntax: g_smtp_log_protocol bool
g_smtp_log_size
Size of smtp.log file
This sets the smtp.log file size, default is 2mb
Syntax: g_smtp_log_size int
g_smtp_max
Max total incoming SMTP connections
This limits the channels that will be used at any one time for incoming SMTP connections. The purpose of this setting is to prevent a sudden burst of spam from using up all available channels. Generally you do not need to change this. (Default = 250). Use the related setting g_smtp_max_reason to over-write the detailed error if you don’t want spammers to know what your limits are set to.
Syntax: g_smtp_max int
g_smtp_warning
Send manager warning if this many sessions reached (max 1 per hour)
This setting has no further documentation currently available
Syntax: g_smtp_warning int
g_smtp_max_reason
Reason to give to user if g_smtp_max is exceeded
This is most useful when the host in question is being used for the wrong purpose (incoming when it’s intended for outgoing etc), or simply to advise the user of a potential solution
Syntax: g_smtp_max_reason string
g_smtp_max_nolimit
IP based exceptions to g_smtp_max
This lets you specify IP based exceptions to g_smtp_max, so if you need a certain IP to open up many connections you would add that IP here.
eg. g_smtp_max_nolimit “10.0.0.50”
Syntax: g_smtp_max_nolimit string
g_smtp_maxbad
Max bad SMTP commands
The maximum number of bad commands accepted per session before SurgeMail will drop the connection.
Example: g_smtp_maxbad “10”
Syntax: g_smtp_maxbad int
g_smtp_port
p:port>
This allows SurgeMail to listen on a specified port and IP, you can add multiple IPs if you wish to listen on more than one and multiple ports also.
eg:
g_smtp_port “1.1.1.1:25, 2.2.2.2:1025”
g_smtp_portauth
SMTP ports which require smtp authentication, typically 587
It is recommended (by some) that users send email to port 587, and it requires smtp authentication, and port 25 be blocked from client ip addresses to prevent viruses etc using email servers. Be sure to add ,587 to the g_smtp_port setting too!
Syntax: g_smtp_portauth string
g_smtp_portforce
Block logins for ports not listed in g_smtp_portauth
Use this to prevent local users logging into port 25, this also stops many spammers abusing your system as they will try and send on port 25
Syntax: g_smtp_portforce bool
g_smtp_secure_port
Port to listen for secure SMTP connections (default 465)
Port to listen on for dedicated SSL SMTP connections.
Syntax: g_smtp_secure_port int
g_smtp_vrfy_msg
VRFY response
Change Response to VRFY, e.g. 252 Not telling.
Syntax: g_smtp_vrfy_msg string
g_smtp_vrfy_allow
Allow vrfy from these addresses, not recommended
This setting is rarely a good idea, vrfy is best left disabled
Syntax: g_smtp_vrfy_allow string
g_smtp_etrn_auth
etrn if authenticatd
Only do etrn processing if user is authenticated.
Syntax: g_smtp_etrn_auth bool
g_smtp_help_disable
disable smtp help command
Disable SMTP help command (minor security percaution).
Syntax: g_smtp_help_disable bool
g_smtp_plain_hide
Hide ‘plain’ from the ehlo response
This is to keep stupid scanners happy, for security you should disable non SSL logins, disabling plain is pointless and annoying.
Syntax: g_smtp_plain_hide bool
g_smtp_cram_enable
Enable CRAM-MD5 authentication (requires nwauth 4.0h or greater) – Not Recommended
Please note that CRAM-MD5 does have security implications, specifically it means that the local users password must be stored in a semi reversable state in the authent database. Also you must be using the new version of the NWAuth module. Also Cram-md5 cannot be used with Migration from an old server (since by definiton the old password is never sent)
Syntax: g_smtp_cram_enable bool
g_smtp_no_brackets
Allow from/rcpt without angle brackets
Some faulty mail clients forget to put the brackets <> around the recipient, this setting allows such faulty behavior. Not generally recommended.
Syntax: g_smtp_no_brackets bool
g_smtp_big
Slow down incoming SMTP reads to get bigger packets (experimental)
This setting tries to prevent thrashing by making the server slow down the speed it reads data in an attempt to get larger packets. This seemed to have no affect when I tested it, but play with it if you want, It is only intended to be useful when you have hundreds of incoming connections all very slowly sending in data, and the server is short of CPU.
Syntax: g_smtp_big bool
g_smtp_fast_bounce
Reject bad connections immediately
Normally SurgeMail waits 1-10 seconds before rejecting a bad connection (rbl/limits,…), this reduces cpu usage and prevents some DOS attacks, this setting disables this behaviour.
Syntax: g_smtp_fast_bounce bool
g_smtp_fix_nohead
Accept messages with no headers and try and cope
This setting tries to cope if the message contains no headers at all, it is not recommended of course but may be needed on occasion for bad scripts
Syntax: g_smtp_fix_nohead bool
g_smtp_thread
Use seperate thread for incoming SMTP connections
This makes the server run a seperate thread just to process incoming smtp connections, this can help on a busy system to stop a huge load of smtp connections clogging up the pop/imap connection processing, it is rarely needed.
Syntax: g_smtp_thread bool
g_smtp_auth_off
Disable SMTP AUTH from unknown ip addresses (NOT RECOMMENDED)
This prevents a hacker sending out spam by cracking a users account details, users must login from an address specified in g_smtp_auth_ip or g_relay_allow_ip, NEVER USE THIS!
Syntax: g_smtp_auth_off bool
g_smtp_auth_ip
Ip Addresses to accept smtp authentication from
This prevents a hacker sending out spam by cracking a users account details, users must login from an address specified in g_smtp_auth_ip or g_relay_allow_ip
Syntax: g_smtp_auth_ip string
g_smtp_noauth
Limit SMTP to just these addresses (not generally useful)
Mail sent from other IP addresses is only accepted if user is authenticated. Typically used if your server is behind a firewall of some kind and should only allow incoming email from a particular IP address. Users will be able to send as from any IP address if they use smtp authentication. This setting is only useful if your incoming email always comes through a gateway or filter, it’s not a normally useful setting
Syntax: g_smtp_noauth string
g_smtp_noauthm
Limit SMTP to just these addresses (not generally useful)
Mail sent from other IP addresses is only accepted if user is authenticated. Typically used if your server is behind a firewall of some kind and should only allow incoming email from a particular IP address. Users will be able to send as from any IP address if they use smtp authentication.
Syntax: g_smtp_noauthm string
g_smtp_noauth_msg
Message given when sender is told to use authentication because of g_smtp_noauth
Message sent to sender when they try and send to the server but are required to authenticate because of g_smtp_noauth
Syntax: g_smtp_noauth_msg string
g_smtp_noclear
Disable smtp buffer clear after starttls command
Testing feature.
Syntax: g_smtp_noclear bool
g_spam_allow
IP wild card of sites to exempt from spam limits
Typically use this to allow known mailing list servers that use your system to send messages in without being tarpitted. e.g. “127.0.0.1,local.ip.number”. This same setting is an exception to the other spam rules.
Syntax: g_spam_allow string
g_spam_allow_disable
Disable allow bounce messages
Normally when SurgeMail detects an SPF failure it will give the sending an opportunity to send an email to a special address, If the sender does this then their IP address is permitted in future, this saves a lot of hassle generally, in rare situations you may not want this system, this setting will just simply bounce the message instead.
Syntax: g_spam_allow_disable bool
g_spam_allow_rbl
Give unblock message to RBL bounces too
This setting extends the ‘allow’ email system used by SPF to the RBL style of failures. This makes it much safer to use RBL lists is block mode instead of stamping mode. You really must have g_spam_block enabled for this setting to work, otherwise the ‘allow’ mechanism lets everything through so this becomes pointless 🙂
Syntax: g_spam_allow_rbl bool
g_spam_allow_rdns
Trust ip name for spam checking, not recommended
Spammers can trivially forge a reverse dns name, so it’s very unwise to use it for bypassing spam checking except for rare/local domain names that spammers won’t know to use
Syntax: g_spam_allow_rdns bool
g_spam_allow_msg
Template for unblock messages, use ||reason|| and ||allow|| and maybe a url
This lets you tailor the ‘allow’ bounce message given to incoming messages that fail the SPF checks. ||reason|| becomes the reason for the failure and ||allow|| is either the allow email to send to, or a link to use (if using g_spf_byweb “TRUE”).
Syntax: g_spam_allow_msg string
Example: g_spam_allow_msg “||reason||, to fix send an email to ||allow|| then resend original email.”
g_spam_block_msg
Template for spf blocked message if allow is disabled
This error is given for SPF failures when the allow system is disabled. You are probably looking for the setting g_spam_allow_msg, as it is the one that is normally used when a user is ‘blocked’ by spf.
Syntax: g_spam_block_msg string
g_spam_allow_known
Unblock IP address if we have received messages from it for 3 days (so it’s not a transient spammer)
This setting makes the SPF strict settings much softer, basically it says any IP address we’ve known about for 3 days, is considered safe. This will still stop most spammers, particularly when used in combination with RBL lists which will block the ‘repeat’ offenders.
Syntax: g_spam_allow_known bool
g_spam_allow_recent
Exempt recent POP from spam limits
Skip spam rules if recent POP IP number (see g_relay_window).
Syntax: g_spam_allow_recent bool
g_spam_autotrain
Autotrain “good” filter
Auto train spam filter good messages based on first 1,000 outgoing emails.
Syntax: g_spam_autotrain bool
g_spam_block
-block-msg-template-for-spf-blocked-message-if-allow-is-disabled" >
This error is given for SPF failures when the allow system is disabled. You are probably looking for the setting g_spam_allow_msg, as it is the one that is normally used when a user is ‘blocked’ by spf.
Syntax: g_spam_block_msg string
g_spam_block_gateway
Block spam gatewayed messages too
Use this setting on incoming mail servers or servers that relay to servers that implement SPF. Without this SPF blocking will not work as the back end server cannot perform the SPF checks/blocking.
Syntax: g_spam_block_gateway bool
g_spam_check_auth
Enable spam rules for authenticated users
Normally authenticated users are exempt from spam rules when sending mail. This enables all spam checking rules for authenticated users.
Syntax: g_spam_check_auth bool
g_spam_content_disable
Disable aspam_content.txt rules
The file aspam_content.txt is fetched from netwinsite and used to identify certain common spam messages based on content. Each line in the file gives a list of words or phrases, if most of the words are found, then the rule matches. You can add your own rules to aspam_content_local.txt. In a message that matches a rule you will see in the spamdetect header, Content: cid=NNN cid=NNN, you can then match the NNN with the unique id of each rule in aspam_content.txt
Syntax: g_spam_content_disable bool
g_spam_body
Add SpamDetect header in body
If spamdetect score is above this, add spamdetect header at top of message body (in addition to the header). This allows mail clients that are not able to filter mail based on headers to filter out spam email. This can be set on a per user basis too. A value of 3 or 4 would be reasonable. The only real reason for this setting is some common mail clients are unable to scan non standard headers so cannot automatically file spam in a folder unless this is used. My recommendation is for such users to use the web interface to set actions individually.
Syntax: g_spam_body int
g_spam_body_url
Text part of info to add to body, usually a url to your site
On this page you should explain to your users why this tag was added to their message, and how they can adjust their spam settings etc.
Syntax: g_spam_body_url string
g_spam_body_more
Add more info to spam body (ip address, ptr address, reply to and bounce address)
This can help the user decide if the message really is spam
Syntax: g_spam_body_more bool
g_spam_folders
Train on any message dropped into the relevant folders
This allows a user to create two folders ‘-Train Is Spam-‘ and ‘-Train Not Spam-‘ and then run the aspam training mechanism by dropping messages into those folders, items are expired ffrom train is spam folder after 30 days if G_EXPIRE_TRASH is TRUE
Syntax: g_spam_folders bool
g_spam_folders_show
List the special folders for all users
Without this setting the user must create the folder name correctly for training to work from imap folders
Syntax: g_spam_folders_show bool
g_spam_flag
Add X-SPAM-FLAG: Yes header if smite score is above this level
Some filters and servers like to see this header, a good value for this might be 7. Valid range would be 1-15, with 1 marking almost everything as spam, and 15 marking almost nothing.
Syntax: g_spam_flag int
g_spam_from_blacklist
Fetch list of bad domains to reject email from – not recommended
This feature fetches the file http://www.sa-blacklist.stearns.org/sa-blacklist/sa-blacklist.current and then uses it efficiently to block senders, it is a huge file (26mb). Not currently recommended, we don’t think the hit rate of this filter method is high enough to be useful. url used is http://www.sa-blacklist.stearns.org/sa-blacklist/sa-blacklist.current
Syntax: g_spam_from_blacklist string
g_spam_grey
OBSOLETE DO NOT USE, Enable old greylisting for spf mechanism
The grey listing mechanism relies on the principle that spammers are not using real mail servers but using dumb robots that won’t ‘retry’. So if all incoming messages are asked to ‘retry’ then the spam will not be received but the non spam will get in eventually. This does create a delay on all incoming mail, and may stop some stupid mail servers from successfully delivering. I would tend not to use this setting myself.
Syntax: g_spam_grey bool
g_spam_grey_classc
Apply grey listing to x.x.x.*
In theory this broadens slightly what grey listing will accept.
Syntax: g_spam_grey_classc bool
g_spam_grey_dflt
Enable greylisting for spf default accept events (not recommended)
If a message is going to be accepted due to the spf default rule (so there was no real spf record), then this comes into play. If the message is not from a trusted person, or a domain that we have previously checked using grey listings. Then the message is bounced. If the sender then tries again to send the same message (from/to pair) within a few hours, but not within 1 minute, then that ip address is marked as ‘good’ and future messages from them are accepted. This setting will result in some real email bouncing but slightly reduce spam, we no longer recommend this setting.
Syntax: g_spam_grey_dflt bool
g_spam_grey_dflt_bad
Enable greylisting instead of allow in some cases (recommended for block or strict)
This setting enables grey listing for spf default failure events only, and only if it’s the first message from that ip address if more arrive before the grey listing succeeds then allow bounces are sent instead
Syntax: g_spam_grey_dflt_bad bool
g_spam_grey_verify
Skip grey listing if host was not listening
Skips the grey listing if the host didn’t resond to the g_smtp_verify probe for g_spam_grey_dflt_bad
Syntax: g_spam_grey_verify bool
g_spam_grey_size
Size of grey listing table, default is 3000
On busy servers set this to a larger figure, e.g. 9000 so it can remember more grey listing events
Syntax: g_spam_grey_size int
g_spam_grey_bounce
Bounce if message was allowed due to grey listing, and spam score is above this, default 8 (was 4)
Since messages which are allowed in due to grey listing generally can’t accept friends bounces (as the sender is unverified) it’s important to bounce them with an allow message instead if they look like spam
Syntax: g_spam_grey_bounce string
g_spam_grey_window
Window to block bad messages, typically 60 seconds
This prevents a fast retry by a stupid robot, some robots now wait 5-6 minutes but some mail servers may retry that fast too 🙂
Syntax: g_spam_grey_window int
g_spam_grey_nofive
Skip 5-6 minute black window for these domains
Use this for domains that retry at 5 minute intervals, e.g. (*@cs.com,*@xyz.com), this skips a test used to detect a particularly virrulent spammer who uses a robot that retries at exactly 5 minute intervals
Syntax: g_spam_grey_nofive string
g_spam_grey_nseen
Number of messages from an unknown host, default is 6
When a host is unknown if it sends more than this many messages before the grey listing resend occurs then it’s considered to be a spammer.
Syntax: g_spam_grey_nseen int
g_spam_grey_nohard
Avoid hard spf bounces always try and do a grey list instead
This avoids the hard bounce you would normally get for failed real spf records.
Syntax: g_spam_grey_nohard bool
g_spam_nolang
Don’t add header with a guess at body language
This adds a header which makes a best guess at the contents of the message, it should not be assumed to be 100 percent reliable! Also note that empty messages or messages containing only images may be classified as ‘Unknown (English)’
Syntax: g_spam_nolang bool
g_spam_phrase
Enable auto spam phrase filter
Enables a Bayesian word and phrase filter to enhance spam filtering. The filter auto trains based on the train folders each night
Syntax: g_spam_phrase bool
g_spam_probe_enable
Probe suspect urls to find spammers – can cause RBL
This setting searches email messagse from dodgy/unknown sources for urls, then looks at the page those urls refer to to see if those pages in turn point to a listed SURBL. Only domains matching a specific list of rules are scanned so there is almost no risk of this feature clicking on a page that might do something bad.
Syntax: g_spam_probe_enable bool
g_spam_probe_unknown
Probe any unknown url (dangerous)
This setting increases the remote chance of probing a web page that might have some action (like a confirmation signup request, unsubscribe etc…), in practice there are a bunch of tests we perform so it would be most unusual for this problem to occur but it’s safer not to use this option.
Syntax: g_spam_probe_unknown bool
g_spam_probe_more
Probe even if email is from a known ip address
Generally not advised
Syntax: g_spam_probe_more bool
g_spam_probe_friends
Probe even if email is from a friend
Generally not advised
Syntax: g_spam_probe_friends bool
g_spam_probe_whois
Do whois lookups on web pages found in probe
Some spammers register new domains each day, this probe checks the whois data to find if the new web site is owned by a known spammer
Syntax: g_spam_probe_whois bool
g_spam_subject
Modify message subject line based on spam rating
If spamdetect score is above this add spam rating Spam:**** to subject.
Syntax: g_spam_subject int
g_spam_subject_dom
Destination domains to tag subject for
Note that g_spam_subject_gateway and G_SMITE_GATEWAY or G_SMITE_ALL must also be set to true for this to work. If this setting is blank then all gatewayed domains would get tagged. Tagging won’t occur if the message is not sent through a g_gateway rule or redirect rule
Syntax: g_spam_subject_dom string
g_spam_subject_gateway
Modify message subject lime based on spam rating for gatewayed messages
If true then spam_subject setting applies to gatewayed messages too
Syntax: g_spam_subject_gateway bool
g_spam_subject_word
Allow arbitrary modification of message subject line
This is a string that is prefixed to the subject of incoming mail caught by g_spam_subject. You can use ||score|| and ||stars|| which will contain the actual spam rating. Good examples might be: “[SPAM]” or “SPAM(||score||), “
Syntax: g_spam_subject_word string
g_spam_userconfig
Enable per user spam settings
Allow users to opt in / out of specific anti spam features. If this is enabled this will add a “Spam” button on the users account self management pages.
The most useful antispam feature is that user’s mail that is suspected spam, can be stored on the server so that these messages do not need to be downloaded to your normail email client over what could well be a low bandwidth connection.
Syntax: g_spam_userconfig bool
g_spam_user_max
Max messages for authenticated users
Max messages an authenticated user can send per 30 minutes, eg: 5000
Syntax: g_spam_user_max int
g_spam_user_warn
Alert user when they send this many messages in one day, .8 to alert at 80% of max
This setting has no further documentation currently available
Syntax: g_spam_user_warn string
g_spam_user_warn_msg
Message when user approaches send limit
This setting has no further documentation currently available
Syntax: g_spam_user_warn_msg string
g_spam_user_badto
Max bad recipients from authenticated user per 30 minutes, e.g. 50
Whitelist using G_SPAM_USER_SKIP, limits bad recipients for an authenticated user, if exceeded then sending is paused for 30 minutes. A value of 50 might be reasonable as normal users would never exceed that. A value as low as 10 might be workable. Whitelist accounts using: G_SPAM_USER_SKIP. An email is sent to the manager account when this limit is hit
Syntax: g_spam_user_badto int
g_spam_from_max
Max outgoing messages per ipaddress/return path pair, 30 minutes, e.g. 5000
This limit is useful where a local machine is sending on behalf of many users without authentication and you want to limit potential abuse
Syntax: g_spam_from_max int
g_spam_user_skip
Users to skip g_spam_user_max limit for
Set this for special known users who send lots of email
Syntax: g_spam_user_skip string
g_spam_bounce
Bounce local delivery based on spamdetect score
If spamdetect score (number of ‘*’s) is above this, bounce message if local delivery. 14 is a reasonable value, never set below 10.
Syntax: g_spam_bounce int
g_spam_bounce_store
If true store rejected spam in Spam_Rejected folder
This setting enables rejected spam to be saved in the spam_rejected folder, this makes it safe to use the spam rejection level again.
Syntax: g_spam_bounce_store bool
g_spam_bounce_text
Error text when message is bounced due to g_spam_bounce setting
As per description. Default is: “554 Failure Message looks like spam, sorry not wanted here q=311”, where q is the message queue id.
Syntax: g_spam_bounce_text string
g_spam_bounce_all
Bounce local and remote delivery based on spamdetect score
If spamdetect score (number of ‘*’s) is above this, bounce message, this applies to all messages regardless of user settings. e.g. 7 or 8 would be reasonable, 3 would be very strict, and less than 3 would certainly bounce real emails. I recommend you don’t set this below 5. This rule is applied as soon as the message is submitted, user spam settings do not override it.
Syntax: g_spam_bounce_all int
g_spam_bounce_trusted
If spamdetect score is above this, bounce message if trusted (spam_allow or authenticated)
Normally trusted users (spam_allow or smtp authenticated users) are never bounced due to spam content, this setting forces those users to also be checked for spam content.
Syntax: g_spam_bounce_trusted int
g_spam_cmd
Command line spam checker, use $FILE$ in cmd parameters
This allows you to run a simple external spam filter the return value is added as a header, X-SpamCmd: r=N, Is Spam/Not Spam, use local.rul file to translate this return value to a spam score. e.g. G_SPAM_CMD “snfrv2r3.exe xnk05x5vmipeaof7 $FILE$” if used with http://www.armresearch.com/message-sniffer/. If the program returns 0 then the words Not Spam are added, if the value is non zero then Is Spam is added, this makes filtering rules easier to add to local.rul, see http://netwinsite.com/surgemail/help/spam.htm#external
Syntax: g_spam_cmd string
g_spam_cmd_if
If internal spam rating is below this number, then run external filter
This allows you to only scan messages with an external filter if the message is not obviously spam
Syntax: g_spam_cmd_if int
g_spam_cmd_skip
If internal spam rating is below this number, then skip external filter
This allows whitelisting to work
Syntax: g_spam_cmd_skip int
g_spam_cmd_reject
If external filter returns number larger than this reject
Filters based on return code of external spam filter program
Syntax: g_spam_cmd_reject int
g_spam_vanish
Vanish local delivery based on spamdetect score
If spamdetect score (number of ‘*’s) is above this, vanish message if local delivery. eg: 12 would be reasonable.
Syntax: g_spam_vanish int
g_spam_vanish_all
Vanish local and remote delivery based on spamdetect score
If spamdetect score (number of ‘*’s) is above this, drop message, applies to all messages regardless of user settings. e.g. 14. This rule is applied as soon as the message is submitted, user spam settings do not override it.
Syntax: g_spam_vanish_all int
g_spam_info_hide
Remove x-spamdetect-info header line
Removes the x-spamdetect-info header line.
Syntax: g_spam_info_hide bool
g_spam_info
m-info-hide-remove-x-spamdetect-info-header-line" >
Removes the x-spamdetect-info header line.
Syntax: g_spam_info_hide bool
g_spam_internal
Enable internal Aspam spam processing system
Enable new ‘internal’ spam processing system, note this disables SmiteCRC too!
Syntax: g_spam_internal bool
g_spam_noupdate
Disable aspam updates
Disable fetch of aspam filter rules etc from netwinsite.
Syntax: g_spam_noupdate bool
g_spam_notrain
Disable isspam and notspam addresses
Disable isspam and notspam addresses for user training.
Syntax: g_spam_notrain bool
g_spam_isspam_kind
Allow isspam from recent pop, gateway to etc
Allow ASPAM training messages to (isspam) from any trusted source (e.g. any source that would be allowed to relay/send outgoing email). This setting is recommended.
Syntax: g_spam_isspam_kind bool
g_spam_isspam_ignore
Don’t block messages from ip addresses recorded as a spam source
This bounces all email from an address recorded as a spam source until it is recorded as a ‘notspam’ source, the blocking message allows the sender to bypass the block.
Syntax: g_spam_isspam_ignore bool
g_spam_aspam
Aspam rating
Scale for Aspam default is 1.0. Valid range is zero to two.
The aspam matching based on it’s database of known spam and non spam produces a score in the range -5 –> 5. Tthe g_spam_aspam setting lets you ‘scale’ this score to increase/decrease the importance of the aspam rating. The result is then applied (added to) the spamdetect header.
Syntax: g_spam_aspam string
g_spam_poly
Scale for poly word matching
Scale for poly word matching, default is 0.1, Valid range is zero to two, Use 1.0 to enable.
Syntax: g_spam_poly string
g_spam_poly_disable
Disable poly code.
Disables the poly statistical scoring feature which is part of Aspam. Poly tries to analyze the frequency of word combinations in spam and not spam to identify if a message is likely to be spam or not. We don’t consider the poly system to be very useful, it has two faults, it’s behaviour is not ‘understandable’ and it is ‘content based’, SPF is a much superior system!
Syntax: g_spam_poly_disable bool
g_spam_private
Enable private email addresses for users to avoid spam
Note: The user will define these settings, after turning on this global setting the user can use the Web Self administration interface, press the ‘Spam’ button and the private email address is defined on that page.
This setting adds the ability for each user to create a private email address to bypass SPF/ Spam filters. The user would then typically increase the spam settings for their non private account to ‘friends mode’ and enable SPF. So only known friends will be able to contact them via the old address.
This allows the user to live ‘spam free’ without the risk of blocking email from real people.
The user must be careful with their new private address, it should only be used with humans, when entering an address in a web form or mailing list a special variant should be used e.g. user–from-WEBDOMAINNAME@users.domain
The user defines their private address, in the form user–PRIVATE@domain.com, e.g. if the users public address is joe@cool.com, and the user defines a private extension of “juggle” then the private address would be:
joe–juggle@cool.com
Email addressed to joe–juggle@cool.com is delivered without SPF or SPAM filtering / tagging.
In addition the user can enable ‘from’ matching which must look like this: username–KEYWORD-STRING@cool.com, the user specifies a keyword e.g. “match”. Then anything addressed to the user in this form:
joe–match-STRING@cool.com
Will only be delivered if ‘STRING’ is found in the ‘from’ envelope address, otherwise it will bounce. So when entering an email address in a web page called “toys.com” the user would enter:
joe–match-toys@cool.com
Any — extension that is not recognized will return a bounce suggesting they remove the extension and try again.
Syntax: g_spam_private bool
g_spam_alias_any
User aliase string e.g. “++” if defined then strip suffix from emails – not advised!
This allows each user an infinite number of aliases of the form user+extension@domain.name, this can cause problems so only enable with caution. Usually set to “++” but can be set to a single plus, but this will break any email address that contains a plus so not normally recommended. If used avoid defining it as a single character at least!
Syntax: g_spam_alias_any string
g_spam_url
Scale for url word matching
Scale for URL word matching, default is 0.3, Valid range is zero to two (recommend 1.0)
Syntax: g_spam_url string
g_spam_catcher
Spam catcher addresses
Addresses on web pages that shouldn’t get any email (robot bait), only for use with Aspam.
Any email going to the specified address will be sent to the isspam address for processing and the message will also be dropped. If the message has multiple rctp’s and some are valid users, but one matches the catcher address, it is not delivered to anyone. If you need to enter a lot of spam catcher addresses then the best way is to just setup a single spam catcher address and then use g_redirect to redirect other addresses to the spam catcher address.
eg
g_spam_catcher “johnsmith@mydomain.com”
Syntax: g_spam_catcher string
g_spam_char
Character to use instead of ‘*’ for smitespam headers (best left alone if possible)
Changing this will cause no end of problems, so only do this when initially installing SurgeMail
Syntax: g_spam_char string
g_spam_notspam
Spam collection address
Address that non authenticated users can send non spam to.
Example: g_spam_notspam “notspam@domain.com”
Syntax: g_spam_notspam string
g_spam_hold_keep
Spam hold timeout
How many days to store users spam hold messages before deleting them.
Default is 14 days.
eg. g_spam_hold “14”
Syntax: g_spam_hold_keep int
g_spam_hold_hide
Hide spam hold settings for end users and other held2pend user.cgi tweaks
This setting has no further documentation currently available
Syntax: g_spam_hold_hide bool
g_spam_header_trust_ip
List of IP addresses from which to trust/accept existing X-SpamDetect headers in emails
Use this setting to specify the filter machines which perform spam scanning for this machine. Use this on the filter machine, to specify itself so that mailing list messages do not get scanning/tagged twice. Ensure your users are sending messages via the filter machine.
Syntax: g_spam_header_trust_ip string
g_spam_share
Use and share some spam/aspam information with central server (netwin) experimental
This setting enables some features which let surgemail share information about spam and non spamming ip addresses with a central netwin server.
Syntax: g_spam_share bool
g_spam_status_hour
Process all spam status messages at this time (disk io intensive)
Normally the spam status emails are sent in response to incoming messages at undefined times, this allows all spam status emails to be sent at a predefined time.
Syntax: g_spam_status_hour int
g_spam_status_monthly
Send monthly spam status even if no messages pending
This is good to make sure all users know about their spam settings and how to change them.
Syntax: g_spam_status_monthly bool
g_spam_phishing
Download list of known phishing addresses and block outgoing email to them
Use this to stop your users resonding via email to a known phishing address. See http://code.google.com/p/anti-phishing-email-reply/
Syntax: g_spam_phishing bool
g_spam_phishing_ok
Allow to these addresses even if phishing database blocks them
Use this to stop your users resonding via email to a known phishing address. See http://code.google.com/p/anti-phishing-email-reply/
Syntax: g_spam_phishing_ok string
g_spam_nobounce
Remove old user held/vanish but after 5.2 will allow bounce
This removes the old spam settings that should never be used. In version 5 this disabled hold/vanish/bounce, now it only disables hold/vanish but allows ‘bounce’, the bounce behaviour has been made considerably safer by tuning the spam filter and changing the actual bounce to allow the sender to bypass via captcha
Syntax: g_spam_nobounce bool
g_spam_black_auto
Auto blacklist for user when isspam pressed
Changes blacklist handling to only place in spam folder (not auto reject) and to automatically blacklist when isspam button pressed
Syntax: g_spam_black_auto bool
g_spam_black_tospam
Put blacklist matches in spam folder
Place in spam rather than bouncing hard.
Syntax: g_spam_black_tospam bool
g_spam_allbad
Auto blacklist from/ip/to combinations
Makes blacklisting automatic
Syntax: g_spam_allbad bool
g_spamdetect_some
Only show spamdetect header for bad scores
This setting has no further documentation currently available
Syntax: g_spamdetect_some bool
g_spawn_log
If true the spawns are logged to lib_spawn.log
Useful for finding obscure problems with spawned modules of various kinds, webmail, nwauth, virus checkers etc.
Syntax: g_spawn_log bool
g_spf_mode
Sender Permitted From
See https://netwinsite.com/spf.htm for details.
Syntax: g_spf_mode string
g_spf_nocache
Disable SPF cache
There is a small cache used for SPF results, This setting disables it.
Syntax: g_spf_nocache bool
g_spf_rewrite
Rewrite ‘from’ envelope in redirected mail (SRS)
When messages are redircted/forwarded to another server from you server, the ‘from’ address of the existing message envelope will no longer obey SPF rules as it will be coming from your server rather then the original server. So to fix this enable this rewrite setting and then the from envelope is rewritten to point to your system using a short life token. The ‘from’ header of the message is not modified.
Syntax: g_spf_rewrite bool
g_spf_rewrite_relay
Rewrite even if from ip is a host to relay for
In some cases you will want SRS rewriting for relay hosts, In which case you should turn this on.
Syntax: g_spf_rewrite_relay bool
g_spf_rewrite_gateway
Rewrite even if gateway rule applies
In some cases you will want SRS rewriting for relay hosts, In which case you should turn this on.
Syntax: g_spf_rewrite_gateway bool
g_spf_norewrite
Exceptions to rewrite rule, e.g. *@my.domain,bob@this.domain
Where you allow users to send through your server you may want to stop rewriting for their domains so that their from address is not munged. Local domains are automatically excempt from ‘rewriting’. Specify *@domain.name not just domain.name
Syntax: g_spf_norewrite string
g_spf_dns_timeout
Seconds to wait for dns lookups for spf, best not to change
Generally a ten or twenty second timeout is reasonable. Adjusting the default is probably not necessary.
Syntax: g_spf_dns_timeout int
g_spf_timeout
Seconds to wait for all spf lookups to finish, default 48 seconds
Best not to change
Syntax: g_spf_timeout int
g_spf_domain
Domain for SPF rewrite and allow messages (defaults to first domain on server)
When SurgeMail relays/forwards a message the ‘from’ address is rewritten (g_spf_rewrite should be true). The new address is ‘from’ your domain and this setting tells surgemail which local domain to use for these from addresses.
Syntax: g_spf_domain string
g_spf_user_domain
Make allow bounces use destination user domain name
This can be useful if you need to ensure emails bounce with an address that is similar to the destination
Syntax: g_spf_user_domain bool
g_spf_very_strict
(strict only) Only give ‘allow’ option for default spf rule failures not real ones
In this mode real SPF failures are hard failures, but if there is no SPF record for a domain then the friendly ‘allow’ system is used to let the user send mail with only mild difficulty.
Syntax: g_spf_very_strict bool
g_spf_debug_log
Enable spf.log file
By default this log is not generated as it’s not usually needed.
Syntax: g_spf_debug_log bool
g_spf_default
(strict only) Default spf record if none found default ‘mx/16 a ptr:%{d2} -all’
The example shown isn’t entirely true, we adjust the ‘d2’ depending on the domain, so it’s usually unwise to change this.
Syntax: g_spf_default string
g_spf_default_noblock
(strict only) Only stamp headers if default spf record fails when no real spf header
This setting makes blocking occur only for REAL spf records, not for the default one applied to domains that have no SPF record defined.
Syntax: g_spf_default_noblock bool
g_spf_skip
Skip spf checks for these ip addresses, e.g. other mx hosts
List the ip addresses of your other MX servers so SPF checks wont fail when a message comes in via an mx host instead of directly. The SPF checking must therefore be done on all the MX servers.
Syntax: g_spf_skip string
g_spf_skip_from
Skip based on from, e.g. noreply@*paypal.com,…, Also skips RBL
Good for skipping SPF checking if a domain is in some way incompatible with SPF checking
Syntax: g_spf_skip_from string
g_spf_skip_to
Skips SPF checks based on rcpt address and RBL checks.
Syntax: g_spf_skip_to “user@domain.com”
This setting can be used to skip spf checks based on the rcpt address, if used with g_orbs_late “true” then it can also be used to skip rbl checks if the rcpt matches this setting.
Syntax: g_spf_skip_to string
g_spf_rev_skip
Skip SPF checks if reverse ip name matches in this list, e.g. *.yahoo.com
Where you identify a domain that does not support SPF and is often used in a manner which breaks SPF default rules this setting can safely allow the problem domain. This setting is probably not needed now most large mail systems are using SPF.
Syntax: g_spf_rev_skip string
g_spf_share
List of hosts to share allow ips with. Must all have same srs.secret file
List your other incoming mail servers (which must be running surgemail). This lets SurgeMail share the list of known IP addresses which have sent ‘allow’ emails. You must copy your srs.secret file across all of the servers in question so they can verify each other correctly.
Syntax: g_spf_share string
g_spf_header
Use g_verify_mx_skip and apply to resulting ip
If the sending host matches g_verify_mx_skip, then spf tests are performed on the first received header not listed in that setting. Only stamping is possible though since this indicates a front end gateway and a reject would cause a ‘bounce’ which would not be safe
Syntax: g_spf_header bool
g_spf_baddns_skip
If spf dns failure then allow message through (instead of giving retry error)
This setting is not normally needed as lookups generate retry failures so the sending server tries again and the dns failure (which is usually temporary) won’t occur the second time. Normally on a DNS failure SPF should give a ‘retry’ message, this is because spammers often have faulty DNS servers so that SPF checks always fail for their domain, so letting the message through will let some spam into your system. But in some situations the normal behavior might loose you real email so then using this setting at least until your dns problems are resolved might be wise.
Syntax: g_spf_baddns_skip bool
g_spf_nogrey
Skip SPF grey listing for these domains (require allow response)
This toughens spf for the domains in question, requiring that they really pass an ‘allow’ test rather than simply a grey listing test. Good for commonly forged domains which do normally obey spf.
Syntax: g_spf_nogrey string
g_spf_noallow
ignore friends
This toughens spf for critical domains (banks etc) where you don’t want any forged messages leaking through. This setting over-rides the users spf/friends settings for these domains (so should be used with some caution)
Syntax: g_spf_noallow string
g_spf_nofriend
Ignore friends for spf
This toughens spf so friends matches don’t bypass it
Syntax: g_spf_nofriend bool
g_spf_enforce
List of wildcard/domains to enforce spf for, e.g. paypal.com,*bank*
This enforces spf for domain that must be trusted.
Syntax: g_spf_enforce string
g_spf_enforce_real
Enforce spf for domains with strong spf entries
Enforces spf if the domains spf record ends with -all
Syntax: g_spf_enforce_real bool
g_spf_enforce_auto
Enforce spf for commonly forged domains paypal.com,*bank*
If enabled this will enforce spf for some common domains that get forged.
Syntax: g_spf_enforce_auto bool
g_spf_required
Require an spf entry for these domains
Used to make select domains add spf to talk to you
Syntax: g_spf_required string
g_spf_enforce_local
If spf fails and it’s a local domain then skip grey listing and bounce
This settings stops spammers who fake your own email domains, but it may upset users who are not authenticating or are using their own mail servers, so you will have to expect a few minor issues like that when you turn this on. This setting over-rides the ‘users’ spf and friends settings for local domains. (was miss documented as give allow message)
Syntax: g_spf_enforce_local bool
g_spflog_enable
Enable this if this server is a frontend for a SurgeMail server users log into.
Enable this if this server is a frontend for a SurgeMail server users log into.
Syntax: g_spflog_enable bool
g_spflog_domains
Specify which domains should get spflog entries sent to them.
If some of your backend servers are not surgemail then this setting will be needed to turn off the spflog messages to the non surgemail servers
Syntax: g_spflog_domains string
g_spf_byemail
Perform allow bounce confirmation via email.
This gives an email to the sender in the allow bounce message instead of aa url.
Syntax: g_spf_byemail bool
g_spf_web_url
Specify full url for spf byweb commands http://domain.name:port
Normally the default will work.
Syntax: g_spf_web_url string
g_spool_path
Allows SurgeMail to scan a directory for messages to send.
Syntax: g_spool_path “directory of spool”
SurgeMail will scan this directory every few seconds and check for any messages in this directory if found SurgeMail will then send them the messages (must end in the extension .msg). The format of the messages is as follows (without the quotes).
filename: test.msg
“
To: you@domain.com
From: blah@domain.com
Subject: blah blah
This is a test
“
Syntax: g_spool_path string
g_ssl_allow
IP Wild card of connections to allow to use SSL
This setting controls which connecting IP numbers are permitted to use SSL on POP and IMAP. They will see TLS in the protocol extension command (ETRN for SMTPor CAPA for POP). Typically, to enable SSL you set this to “*” after getting a certificate. If you don’t have a valid certificate then turning this on can cause problems as mail clients will try to use SSL and fail.
Syntax: g_ssl_allow string
g_ssl_allow_imap
IP Wild card list to allow SSL encryption from for imap
This setting controls which connecting IP numbers are permitted to use SSL on IMAP.
Syntax: g_ssl_allow_imap string
g_ssl_allow_fix
Disable incoming ssl on ssl failure from an ip
This setting has no further documentation currently available
Syntax: g_ssl_allow_fix bool
g_ssl_disable
isable-renegotiation-disable-ssl-renegotiation" >
GEnerally this shouldn’t be used unless you have to keep some paranoid security scan happy
Syntax: g_ssl_disable_renegotiation bool
g_ssl_disable_web
Disable protocols for web only
This setting has no further documentation currently available
Syntax: g_ssl_disable_web string
g_ssl_disable_port25
Prevent ssl on port 25
May help virus fire walls to detect viruses, that’s the theory anyway…
Syntax: g_ssl_disable_port25 bool
g_ssl_disable_des
Disable DES ciphers, breaks outlook on XP
This setting has no further documentation currently available
Syntax: g_ssl_disable_des bool
g_ssl_test_fail
Break ssl to test auto downgrade
Break ssl for outgoing sends
Syntax: g_ssl_test_fail bool
g_ssl_require
equire-smtp-if-ip-matches-then-require-ssl-for-incoming-smtp-message" >
This setting has no further documentation currently available
Syntax: g_ssl_require_smtp string
g_ssl_require_in
Local domains that must only receive SSL messages
This setting has no further documentation currently available
Syntax: g_ssl_require_in string
g_ssl_require_smtp
If IP matches then require SSL for incoming SMTP message
This setting has no further documentation currently available
Syntax: g_ssl_require_smtp string
g_ssl_require_imap
IP Wild card of connections to require to use SSL for IMAP
This forces all matching IP addresses to use SSL for IMAP connections.
Syntax: g_ssl_require_imap string
g_ssl_require_login
IP wildcard of connections fur users needing to use SSL
This setting forces all matching IP addresses to use SSL for any action that requires a user login. eg: POP, IMAP and SMTP authentication but not plain SMTP. So this is ideal if you want all users to use SSL but still want email to come in from non SSL SMTP servers.
Syntax: g_ssl_require_login string
g_ssl_require_out
Other machines we only send to using SSL
This forces all matching IP addresses to use SSL for SMTP outgoing connections. Typically you would use this for outgoing connections to increase security.
Syntax: g_ssl_require_out string
g_ssl_require_web
Require https for most web features (excluding blogs file sharing and surgeplus)
This setting has no further documentation currently available
Syntax: g_ssl_require_web bool
g_ssl_retry_seconds
Second to try and establish ssl connection, default is 5
Best not to change generally
Syntax: g_ssl_retry_seconds int
g_ssl_try_out
Try and start ssl mode to these hosts
If the hosts match then SurgeMail tries to start SSL security on the SMTP session. Note that this may cause failures if the link is dropped by the receiving server.
Syntax: g_ssl_try_out string
g_ssl_try_not
Skip ssl for these hosts
If the hosts match then SurgeMail Does not try ssl even if g_ssl_try_out matches.
Syntax: g_ssl_try_not string
g_ssl_try_from
Try and start ssl mode if from this user, e.g. *@xyz.com
Must also match the g_ssl_try_out rule, this lets you only do ssl when the email is ‘from’ certain domains/users
Syntax: g_ssl_try_from string
g_ssl_per_domain
Create/use an SSL certificate for each domain
SurgeMail can be set to use a single SSL certificate for the server or individual certificates on a per domain basis.
SurgeMail will create private key / certificate pairs if required on startup. Alternatively these can be created using the ‘SSL Config’ link on the global settings page. These can be replaced with your own trusted signed certificates using the web admin interface or by placing the appropriate private key and certificate pem files in the following location: <surgemail>/ssl for a single certificate for the whole server and under <surgemail>/ssl/<vdomain> for per vdomain certificates.
Some mail clients and web browsers will complain if the certificate domain does not match the domain they are connecting to.
Changing g_ssl_per_domain will require surgemail to be restarted to take affect. Changes to certificates using the web admin interface now take affect immediately.
Syntax: g_ssl_per_domain bool
g_ssl_ciphers
List permitted ciphers
This can be used to enhance security, not recommended but is useful if you are trying to pass a security audit of some kind. A value of MEDIUM:HIGH is probably what you want to set it to. It is case sensitive. If your list exceeds 800 bytes use g_ssl_ciphers_add for the second half
Syntax: g_ssl_ciphers string
g_ssl_ciphers_web
List permitted ciphers for web
This list is for web connections only, restart surgemail after changing
Syntax: g_ssl_ciphers_web string
g_ssl_ciphers_add
More permitted ciphers (added to g_ssl_ciphers)
This can be used to enhance security, not recommended but is useful if you are trying to pass a security audit of some kind. A value of MEDIUM:HIGH is probably what you want to set it to. It is case sensitive.
Syntax: g_ssl_ciphers_add string
g_ssl_disable_tlsv1
Obsolte, Disable tls 1.0, not recommended
Use g_ssl_disable and g_ssl_disable_web instead
Syntax: g_ssl_disable_tlsv1 bool
g_ssl_disable_tlsv1_1
Obsolte, Disable tls 1.1 support, not recommended
Use g_ssl_disable and g_ssl_disable_web instead
Syntax: g_ssl_disable_tlsv1_1 bool
g_ssl_disable_tlsv1_2
Obsolte, Disable tls 1.2 support, not recommended
Use g_ssl_disable and g_ssl_disable_web instead
Syntax: g_ssl_disable_tlsv1_2 bool
g_ssl_disable_sslv2
Obsolte, Disable ssl 2.0 support for enhanced security
Disables one of the older ssl protocols which slightly increases security and decreases compatibility with older clients. Use g_ssl_disable and g_ssl_disable_web instead
Syntax: g_ssl_disable_sslv2 bool
g_ssl_disable_sslv3
Obsolte, Disable ssl 3.0 support for enhanced security
Disables one of the ssl protocols which slightly increases security. Use g_ssl_disable and g_ssl_disable_web instead
Syntax: g_ssl_disable_sslv3 bool
g_ssl_sha1_sign
Obsolete, sha256 is now always used
This will probably be made the default in the near future
Syntax: g_ssl_sha1_sign bool
g_ssl_disable_renegotiation
Disable SSL renegotiation.
GEnerally this shouldn’t be used unless you have to keep some paranoid security scan happy
Syntax: g_ssl_disable_renegotiation bool
g_ssl_honor
Honor server cipher order
Maybe useful to force certain types of security/encryption
Syntax: g_ssl_honor bool
g_ssl_perfect
Apply good SSL settings, best to remove g_ssl_ciphers setting too
Just an easy way of setting the ciphers etc for perfect forward secrecy
Syntax: g_ssl_perfect bool
g_ssl_fips
Enable FIPS mode crash if not available (DO NOT USE)
For future use
Syntax: g_ssl_fips bool
g_ssl_dmalloc
Enable dmalloc tracking in ssl
This setting has no further documentation currently available
Syntax: g_ssl_dmalloc bool
g_ssl_warn
Send users weekly reminder if they keep using non SSL logins
This setting has no further documentation currently available
Syntax: g_ssl_warn bool
g_ssl_warn_ignore
Don’t give warnings if user is from this trusted host
This setting has no further documentation currently available
Syntax: g_ssl_warn_ignore string
g_ssl_warn_text
Last line of email warning sent to user if SSL not used
This setting has no further documentation currently available
Syntax: g_ssl_warn_text string
g_sstat_disable
Disable netwin statistics gathering.
We use this to keep track of which features customers use/like
Syntax: g_sstat_disable bool
g_stack
For testing only, NEVER SET THIS
Never set this, it can make the server unstable
Syntax: g_stack int
g_stack_imap
For testing only, NEVER SET THIS
Never set this, it can make the server unstable
Syntax: g_stack_imap int
g_startup_delay
Startup delay
Seconds to wait before accepting inbound connections when starting SurgeMail .
Syntax: g_startup_delay int
g_store_dropped
Store upto 5000 bad bounces in the dropped directory
This is useful to check if vanish_bad_bounces is working correctly
Syntax: g_store_dropped bool
g_header_strip
Strip listed headers from incoming messages
Useful for stripping headers that you don’t trust or don’t want for some reason
Syntax: g_header_strip string
g_surgewall_split
Split up surgewall messages, one per recipient
Split up incoming messages so subject tagging should work
Syntax: g_surgewall_split bool
g_surgewall_redirect
Allow redirect/responder for surgewall
Allows redirect/responder settings to work for surgewall
Syntax: g_surgewall_redirect bool
g_surgewall_ignore_error
Deliver even if some rule sais bounce
This setting should never be used we think…
Syntax: g_surgewall_ignore_error bool
g_surgeblog
Specialize SurgeMail as a Blog server
This setting causes SurgeMail’s interface to specialize itself for the purposes of being a Blog server.
Syntax: g_surgeblog bool
g_surbl
SURBL Spam URI Realtime Blocklists
This looks up each url found in each mail message and checks it against the SURBL database of your choice, the multi database can be used. See http://www.surbl.org/, adds headers of the form: X-Surbl: stamp urlfound nameofsurbl. PLEASE NOTE: Access to surbl is only provided freely in some conditions, larger ISP’s may need to purchase a feed, see http://www.surbl.org/usage-policy
Syntax: g_surbl name=string stamp=string
Example: g_surbl name=”multi.surbl.org” stamp=”sc.surbl.org,ws.surbl.org,phishing,ob.surbl.org,ab.surbl.org,jp”
g_surbl_reject
Reject email with SURBL hits
This can reduce spam on your server by completely rejecting all email containing surbl web links…
Syntax: g_surbl_reject bool
g_surbl_whois
Also check whois info on suspect urls – not for busy servers!
This setting searches whois information and compares what it finds to a list of known persistent spammers who register new domains regularly – if a match is found a surbl header is added. The whois servers don’t like getting heavy load so don’t use this setting if your server is very busy. A cache is used to minimize the load.
Syntax: g_surbl_whois bool
g_surbl_skip
URL’s to allow even if listed in surbl
Sometimes you will want to whitelist a url that is listed in one or more surbl databases, use this setting to do that.
Syntax: g_surbl_skip string
g_surbl_skip_ip
Skip SURBL check if sender is from listed ip
Sometimes you will want to whitelist an ip from SURBL checks. Use this setting to do this.
Syntax: g_surbl_skip_ip string
g_surbl_from
Also check the return path
Adds return path domain/from check in the surbl database, use with Spamhaus DBL
Syntax: g_surbl_from bool
g_vipre_enable
Enable vipre scanner on windows
Enable the vipre scanner module
Syntax: g_vipre_enable bool
g_notag_notascii
Don’t add x-notascii: charset to any non ascii message
This can be used by user exception rules for users that don’t expect any foreign language messages
Syntax: g_notag_notascii bool
g_notag_url_forgery
Don’t add x-UrlForgery when a ref urls seem to not match
Many scam’s will use legit urls with aref links to their own site, this tries to tag such messages which can then be scored as spam via aspam_mfilter.rul
Syntax: g_notag_url_forgery bool
g_tarpit_blackhole
Reject email one recipient at a time to make spammers go away
If tarpit_blackhole is true then if it was going to drop the connection to that user. Instead it will keep it and let the user talk and try and send messages, but will reject all recipients, it only does this for a max of 200 channels, any more are dropped.
Syntax: g_tarpit_blackhole bool
g_tarpit_badrcpt
Delay rejection of bad recipients
Delay rejection of bad recipients (in seconds, default 4s).
Syntax: g_tarpit_badrcpt int
g_tarpit_drop
Max recipients per hour from one IP
Drop link and ban for 1 hour if g_tarpit_max or g_max_bad_to has been exceeded.
Syntax: g_tarpit_drop bool
g_tarpit_retry
Send retry error, 450 if tarpit limits exceeded
This setting has no further documentation currently available
Syntax: g_tarpit_retry bool
g_tarpit_max
Max number of local recipients per hour from one IP
If this limit is exceeded, the offending client is “tarpitted”. This means the mail server starts pretending to go slowly. This is better than simply closing the connection as that will not stop the sending system from trying to reconnect rapidly or send to other systems rapidly, but tarpitting jams the sending system and limits the damage they can do to you and others. Cool huh?
Unlike G_BOMB_MAX, the g_tarpit_max setting counts the total of all recipients to all addresses from this IP address.
A setting of about 200-10,000 is probably good but be careful with mailing lists it will break them. Use an exclusion for IP addresses of known mailing lists or set the limit higher than known mailing lists, eg: 2,000 is probably a good setting just to avoid disasters without disrupting many real users.
Use spam_allow ip.address.list to over-ride the limit for known systems (eg: mailing list servers) that would be exceed the limit.
Syntax: g_tarpit_max int
g_tarpit_max_remote
Max remote recipients from one IP
The maximum number of remote recipients before slowing down.
Syntax: g_tarpit_max_remote int
g_tarpit_skip
Skip tarpit limit for these destination users or domains, e.g. *@xyz.com
This setting has no further documentation currently available
Syntax: g_tarpit_skip string
g_tarpit_skip_from
Skip tarpit limit for messages from these users e.g. *@xyz.com
This setting has no further documentation currently available
Syntax: g_tarpit_skip_from string
g_tarpit_hacker
Slow DOS attacks in some situations
This setting has no further documentation currently available
Syntax: g_tarpit_hacker bool
g_tellmail_ip
Tellmail IP restriction
Restrict remote tellmail commands to these IP addresses.
Syntax: g_tellmail_ip string
g_tcp_read_timeout
Timeout in ‘seconds’ on POP connections (do not adjust)
Timeout in ‘seconds’ on POP connections, do not adjust. (default 600).
Syntax: g_tcp_read_timeout int
g_tcp_que_len
Length of listen queue for incoming connections
Default is 25 or 200 on windows, to reduce non paged pool on windows reduce to 20
Syntax: g_tcp_que_len int
g_tcp_proxy_ip
Enable TCP proxy protocol for specific address
Enables the tcp proxy protocol on new connections for this address for pop,imap,smtp.
Syntax: g_tcp_proxy_ip string
g_tcp_bf_size
Set tcpip snd/rcv buffer sizes, best left blank
This setting has no further documentation currently available
Syntax: g_tcp_bf_size int
g_cookie_secure
Set all cookies to secure mode on https connections
This setting has no further documentation currently available
Syntax: g_cookie_secure bool
g_token_secure
Use secure flag for surgeweb, stops http access to token, so requires https to work
This setting has no further documentation currently available
Syntax: g_token_secure bool
g_token_httponly
Use httponly flag, stop scripts using token, may break attachments
This setting has no further documentation currently available
Syntax: g_token_httponly bool
g_thread_max
Total maximum number of threads allowed
Total maximum number of threads allowed on this system. This should not normally be changed. If you do increase it start small, eg: 400 is a safe number on most systems. Generally if you need to increase it more than that then you have a performance problem that needs fixing and increasing it more is unlikely to be a good idea. On Linux if your thread_max setting is above 500 then you must modify surgemail_start.sh to increase the handle limit from 1024 to 2048 (at least twice the g_thread_max value). If you get crashes with ‘handle_limit’ recorded in the logs then it’s likely that your operating system handle limit is too small for your g_thread_max setting. On Solaris you will need the 64 bit build of SurgeMail to increase this limit as the Solaris 32 bit ‘c’ libraries are limited to 256 file handles (I kid you not
See FAQ section on session limits
Syntax: g_thread_max int
g_thread_pool
Keep all threads in a common pool
This setting has no further documentation currently available
Syntax: g_thread_pool bool
g_thread_spinlock
Spin more before sleeping when waiting for mutex
This setting has no further documentation currently available
Syntax: g_thread_spinlock bool
g_thread_smooth
Throttle thread creation as max hit to reduce peaks
This setting has no further documentation currently available
Syntax: g_thread_smooth bool
g_timezone
Timezone text
Text to be placed in the timezone part of the date string. e.g. +1200 NZT
Syntax: g_timezone string
g_timezone_force
Hours offset to local time, e.g. 5 (best left blank)
This setting has no further documentation currently available
Syntax: g_timezone_force string
g_timeout_try_later
If timeout while waiting for message to arrive tell other end to retry
This ‘may’ cause faulty servers to endlessly retry a message. But should be ok. Normally this sort of timeout is very rare but can be caused by faulty virus scanner so retrying won’t always help
Syntax: g_timeout_try_later bool
g_tohost_local
Tohost entries to deliver locally
Authentication database tohost name entry to deliver locally. This setting only applies if g_proxy or g_route_by_tohost is enabled. This is useful to allow the configuration of multisite systems using g_route_tohost with a single shared authentication database.
Syntax: g_tohost_local string
g_toscan_path
Path used for mime parts for virus scanner
The default is the toscan directory under the home path, using this setting can help sometimes if permissions are a problem
Syntax: g_toscan_path string
g_train_store
Number of messages to store in each spam training directory (1000-5000)
We recommend about 10000 – dont get carried away, more is not necessarily better!
Syntax: g_train_store int
g_url_alias
Allows translation from one URL to another
Allows translation from one URL or beginning of a URL to another. eg:
g_url_alias from=”/cgi-bin/” to=”/scripts/”
will cause the URL http://localhost:7025/cgi-bin/fred.cgi to reference the same file as http://localhost:7025/scripts/fred.cgi would have, the fred.cgi in the SurgeMail ‘scripts’ directory. The domain url_alias settings are checked before these, the first matching rule is used, settings are checked in the order specified.
Syntax: g_url_alias from=string to=string ports=string
g_url_redirect
Sends http 301 redirect to tell browser resource has moved
Typical usage to move users from http to https automatically, e.g. g_url_redirect from=”http://*/surgeweb” to=”https://%1:7443/surgeweb” ports=”80,7080″
Or you may wish to change the default page to webmail, e.g.
g_url_redirect from=”/” to=”/surgeweb” ports=”443,80″
Syntax: g_url_redirect from=string to=string ports=string
g_url_enable
Enables widearea url database
Syntax: g_url_enable <true/false>
If set then SurgeMail fetches the url database and updates from netwinsite.com every few hours. Messages which contain matches will get a header X-SpamUrl:… which will be used in the spam score. Once enabled you will contribute to Netwin’s central server and also download from their once every couple of days.
Additions to your isspam/notspam training addresses are also sent to netwinsite.com (just the url’s for white list/blacklist)
Syntax: g_url_enable bool
g_url_master
Not for general use
Used by netwin to manage the master server. Sorry this doesn’t allow you to run your own master.
Should be left blank
Syntax: g_url_master bool
g_url_master_to
Not for general use
Not for general use. Used by netwin for testing.
Syntax: g_url_master_to string
g_url_host_noscan
Disable the scan for url_host settings matching the domain in an incoming web request
SurgeMail uses g_server_name and url_host settings to determine the default domain to select for web requests, this setting stops it using the url_host settings (which may be slow on systems with a large number of domains)
Syntax: g_url_host_noscan bool
g_user_alias_file
User aliases configuration file
This setting specifies the configuration file for user aliases. This file is in the following format:
domain alias_domain,access[,access]…
where domain is the domain name eg: email.com, alias_domain is the domain in which aliases can be created, and access specifies who is allowed to create these aliases, it can have one of the following values:
| user | Users can create these aliases. |
| domadmin | Domain administrators can create these aliases. |
| admin | The Administrator can create these aliases. |
| private | Same as domadmin,admin. The Administrator and the Domain administrators can create these aliases. |
| public | Same as user,domadmin,admin. Everyone can create these aliases. |
Example alias.dat file:
email.com *.email.com,public email.com sport.email.com,public internal.email.com email.com,private internal.email.com internal.email.com,admin
Syntax: g_user_alias_file string
g_user_alias
Number of aliases accounts can create
This setting specifies the maximum number of account aliases an account (optionally in specified group) can create. The format of these aliases is specified in the file specified by the g_user_alias_file setting. eg.
g_user_alias quota=”10″ group=””
g_user_alias quota=”20″ group=”grp1″
g_user_alias quota=”30″ group=”grp2″
Syntax: g_user_alias group=string quota=int
g_user_blogs
Number of blogs accounts can create
Specifies blog limit based on user group.
Syntax: g_user_blogs group=string quota=int
Example: g_user_blogs group=premium quota=15
g_user_domainlist
Show domains list on user pages
This setting decides who will see the drop-down list of domains on the user check, add, login, and management pages. It has three possible values: user, domadmin and admin. A value of ‘user’ allows everyone to see the list, ‘domadmin’ allows domain admins and the admin to see the list, and ‘admin’ allows only the admin to see the domains list.
Syntax: g_user_domainlist string
g_user_virus_scan
Allow users to enable / disable virus scanner for themselves
This setting adds a tickbox to the Spam page in user self administration that allows the user to enable and disable the virus scanner for them selves.
Syntax: g_user_virus_scan bool
g_user_access
Allow / Restrict user access to features based on
g_user_access group=”wildcard” access=”list”
This setting matches the g_access_group the user is in to the wildcard specified and applies the specified list to that user, giving / restricting thier access to certain features. The list may include any of the following:
| Value | Result |
|---|---|
| alias | Access to the “Alias” page and features. |
| blog | Access to the “Blogs” page and features. |
| centipaid | Access to the “Centipaid” page and features. |
| delete | Access to the “Delete” button, which deletes the email account. |
| enotify | Access to the “Email Notification” page and features. |
| exceptions | Access to the “Exceptions” page. |
| filter | Access to filtering of messages. (g_filter_pipe, g_mfilter_file, g_dmail_filter) |
| friends | Access to the “Friends” pages, and system. |
| fwd | Access to the “Forwarding” features, forwarding, auto-responder. |
| fwdonly | Access to the “Forwarding” features. Without this only the auto responder is shown on the forwarding page |
| lists | Access to the “Lists” page and features. |
| log | Access to the “Log” page. |
| mailbox | Access to the “Mailbox” page, view mailbox, setup rules. |
| main | Access to the “Main” page containing user details. |
| pass | Access to the “Password” features, change password, password retrieval. |
| sms | Access to the “Sms” page. |
| spam | Access to the “Spam” page, and SmiteSpam and Aspam processing of messages. |
| spampriv | Access to the “Spam” pages’ spam private feature |
| spf | Access to the “Spf” page and features. |
| surgeplus | Able to connect to SurgeMail using the SurgePlus client. |
| virus | Access to virus scanning of messages. (g_virus_cmd, g_virus_filter, g_virus_avast, g_scan_cmd) |
| webmail | Access to the “WebMail” button which logs the user into WebMail. |
In addition you can prefix any of the above with ! to deny access. There are two other special case values, “all” and “none” which mean exactly what they say, access to “all” or “none” of the features.
Example:
g_user_access group=”simple” access=”all,!spam,!virus”
The above setting gives users in the ‘simple’ group access to all the features except spam and virus features.
Syntax: g_user_access group=string access=string
g_user_access_default
Default user features granted to users
This setting is a default access list for all users on the server, it is specified in the same maner as the g_user_access settings ‘access’ parameter. eg:
g_user_access_default “all,!spam,!virus”
Syntax: g_user_access_default string
g_user_access_from
When sending use from for useraccess rules
When sending a message the user access rules which are applied can be based on the ‘from’ header, this is not secure but is sometimes useful.
Syntax: g_user_access_from bool
g_user_access_webonly
Means user_access rules only stop web interface not actual spam checking etc
This setting has no further documentation currently available
Syntax: g_user_access_webonly bool
g_user_cookies
Enable browser cookies for user self management
Enable browser cookies for user self management.
Syntax: g_user_cookies bool
g_user_delete
Let users delete themselves
Enables the user delete button in the user self management page, assuming the use access rules also allow it
Syntax: g_user_delete bool
g_user_filter_early
Process user ex
g_user_friends_domain_log_disable
Disable domain level friend.log file
By default a friend.log file is written to each domain mailbox_path. This file is a collection of all users friends.log entries that rotates when it reaches 2mb in size.
Syntax: g_user_friends_domain_log_disable bool
g_user_friends_log_disable
Disable user level friend.log file
By default a friend.log file and 1 rotation is written for each user. Each log should only be approx 10k in size.
Syntax: g_user_friends_log_disable bool
g_user_utoken_days
Length of time a user self management login token is valid
Length of time a user self management login token is valid for. Length of time a user self management cookie is valid for. After this time period the login token will stop allowing the user access and they will need to login again.
Syntax: g_user_utoken_days int
g_user_utoken_expire
Length of time a user self management login token is valid for
This setting has no further documentation currently available
Syntax: g_user_utoken_expire int
g_user_mail_view
Whether an admin/manager can view/display users inbox mail
This setting enables the ‘view’ links on the users mailbox page. These links will show the content of the users email. They also log the access to the users log file, identifying the IP from which the admin viewed the message.
Syntax: g_user_mail_view bool
g_user_hide_security
Hide user level security.log access
This setting has no further documentation currently available
Syntax: g_user_hide_security bool
g_user_disable
Filename listing users to disable
This setting has no further documentation currently available
Syntax: g_user_disable string
g_user_report
Daily,Weekly,Monthly, emailed to managers of each domain
This setting has no further documentation currently available
Syntax: g_user_report string
g_admin_utoken_expire
Length of time a web admin session is valid for
This setting has no further documentation currently available
Syntax: g_admin_utoken_expire int
g_domadmin_utoken_expire
Length of time a domain admin login token is valid for in seconds
Default unit is seconds. You can specify units e.g. 3 minutes, 10 hours etc…
Syntax: g_domadmin_utoken_expire int
g_uidl_big
Use random uidl if uidl not found
This can avoid uid collisions if uidl files are lost mysteriously
Syntax: g_uidl_big bool
g_user_utoken_idle
Length of time a user self management login token may remain idle for
This setting has no further documentation currently available
Syntax: g_user_utoken_idle int
g_admin_utoken_idle
Length of time a web admin session may remain idle for
This setting has no further documentation currently available
Syntax: g_admin_utoken_idle int
g_domadmin_utoken_idle
Length of time a domain admin login token may remain idle for
This setting has no further documentation currently available
Syntax: g_domadmin_utoken_idle int
g_user_pipe
Local delivery filter pipe
Pipe run on file just before delivery to user, $USER$ available on command line. This allows the message to be modified (also see g_filter_pipe).
Syntax: g_user_pipe string
g_user_mfilter
Local delivery Mfilter rules
Mfilter rules to run late in the delivery process after the email messages have become “user specirfic”, In particular this allows filtering based on the output of g_user_pipe.
Syntax: g_user_mfilter string
g_user_receive_rule
Define valid source addresses for users in a group
This setting has no further documentation currently available
Syntax: g_user_receive_rule group=string from=string
g_user_sms_quota
SMS quota
Number of SMS messages accounts can send.
Syntax: g_user_sms_quota group=string initial=int period=string
g_user_status_send
Number of days after which to send user status messages (0 = never)
When the user enables friends then this setting will send them a regular report on what is pending and what filter rules have done. User Spam report.
Syntax: g_user_status_send int
g_user_status_from
Send status with return address of the user
Adding a return address can assist with delivery in some situations
Syntax: g_user_status_from bool
g_user_status_fromhdr
Send status with return address of this
Adding a return address can assist with delivery in some situations
Syntax: g_user_status_fromhdr string
g_user_send_rule
Define valid recipient addresses for users in a group (requires SMTP AUTH)
This rule allows you to define which domains users in the specified group can send email to.
g_user_send_rule group=”wildcard” to=”number”
If ‘group’ is set to ‘*’ then it applies to users who are not in a group (see g_access_group), and/or whose group does not match another g_user_send_rule setting. The ‘to’ field contains a wildcard list of allowed email addresses.
Syntax: g_user_send_max group=string max=int
g_user_send_warning
Warn manager if any user sends more than this many messages per day, e.g. 5000
This setting is useful to detect a spammer sending out bulk email from your system, this setting only applies to authenticated users, so someone who has figured out the password of one of your users (or a virus on their computer) or a registered user of some sort. If g_user_send_ip is defined then warnings will also be sent if an ip address exceeds this limit.
Syntax: g_user_send_warning int
g_user_send_ip
Block any ip that sends more than this many emails per day
This does not apply to g_user_send_white addresses. This will also enable counting of sends for users using g_relay_window. Whitelist ip addresses with g_user_send_white setting. This limit is ‘per day’
Syntax: g_user_send_ip int
g_user_send_white
No limit for these ip addresses/users
This is a white list for the ip and user send limits.
Syntax: g_user_send_white string
g_user_send_all
Apply all g_user_send_rules that match
This setting has no further documentation currently available
Syntax: g_user_send_all bool
g_user_list_quota
Number of mailing lists users can create
g_user_list_quota group=”” quota=”100″
This setting configures the number of mailing lists a user can create on this server. The group field is optional, specifying none effects all users globally, otherwise it matches this against the users access group. See also user_list_quota which can set quota per domain. Also the list_quota authent field can set quota per user.
Syntax: g_user_list_quota group=string quota=int
g_unique_name
A unique name for this server
This name is used in place of the machine hostname in message filenames and thus friends confirmation message subjects
Syntax: g_unique_name string
g_utf8_case_insensitive
Use case insensitive compare for surgeweb and imap searches
This setting has no further documentation currently available
Syntax: g_utf8_case_insensitive bool
g_vanish_bad_bounces
Vanish suspected spam bounces
Vanish suspected spam bounces (requires g_received_name).
Syntax: g_vanish_bad_bounces bool
g_vanish_virus_bounces
Vanish suspected virus bounces (requires g_received_name)
This setting gets rid of most of those stupid virus bounces you get from emails you haven’t sent. It works by checking incoming virus bounces for the received header that must exist if it was sent with your mail server. If the header is not found, the message is dropped. Recomended.
Syntax: g_vanish_virus_bounces bool
g_vanish_any_bounce
Vanish all bounces, requires g_vanish_bad_bounces
This setting will vanish spam pretending to be a bounce, it is possible it will vanish a real but badly formed bounce (badly formed as it contains no indication that it came from this server). Note: You MUST have g_vanish_bad_bounces true as well!
Syntax: g_vanish_any_bounce bool
g_vanish_relay
Vanish bad bounces before relaying email too
Requires g_vanish_bad_bounces too, and g_received_name must be set to something other than the email domain, e.g. bounces.your.domain
Syntax: g_vanish_relay bool
g_verify_smtp2
Verify we can talk back to the SMTP port on incoming ip address
This setting has no further documentation currently available
Syntax: g_verify_smtp2 bool
g_verify_timeout
Seconds to wait for SMTP response, default is 10 seconds
As the verification of incoming addresses is done while the message is arriving at the ‘data’ stage, it is critical that it not take more than 30-60 seconds or the sending server will give up and the message will be lost. Generally this setting should not be changed.
Syntax: g_verify_timeout int
g_verify_mx
Verify sender IP by MX
Verify MX records contain senders IP address (also see g_verify_mx_skip).
Syntax: g_verify_mx bool
g_verify_mx_skip
Skip verify sender IP by MX
Use to define incoming mail gateway IPs so the MX verify doesn’t fail on them.
Syntax: g_verify_mx_skip string
g_verify_helo
Verify helo name translates to same network as sending system.
Syntax: g_verify_helo “true/false”
It will skip this check for any trusted connection (smtp authenticated, or any ip it would allow to forward)
It adds this header:
X-Verify-Helo
It simply takes the helo name, and turns it into a number a.b.c.d, then it checks that the connection is coming from ‘a.b.*.*’
if it isn’t it adds a header saying as much.
Syntax: g_verify_helo bool
g_verify_image_hard
Use extra difficult human verification image (used in blogs)
This setting has no further documentation currently available
Syntax: g_verify_image_hard bool
g_virus_scanner_list
List of files to be virus scanned *.exe,*.bat,etc…
Use this to over-ride the default
Syntax: g_virus_scanner_list string
g_virus_simple
Enable internal simple virus scanner
This scanner simply blocks dangerous attachments, it’s fast, and effective.
Syntax: g_virus_simple bool
g_virus_simple_list
List of dangerous file extensions, *.exe,*.bat,etc…
Use this setting to replace the default list
Syntax: g_virus_simple_list string
g_virus_simple_skip
Skip simple check for from/to addresses
This setting has no further documentation currently available
Syntax: g_virus_simple_skip string
g_virus_simple_skipauth
Skip simple virus if user sending is authenticated local user
This setting has no further documentation currently available
Syntax: g_virus_simple_skipauth bool
g_virus_simple_zip
Check zip files for executables and block
This can be used to stop many types of viruses
Syntax: g_virus_simple_zip bool
g_virus_simple_test
Compare with avast results
This scanner simply blocks dangerous attachments, it’s fast, and effective.
Syntax: g_virus_simple_test bool
g_virus_avast_old
Enable AVAST virus scanner integration, OBSOLETE, DO NOT USE
This setting has no further documentation currently available
Syntax: g_virus_avast_old bool
g_virus_avast_attachments
Only scan messages with suspect attachments (windows only currently)
This setting has no further documentation currently available
Syntax: g_virus_avast_attachments bool
Not recommended, now use the anti virus config page to configure surgemail to use your system scanner.
g_virus_allow_unmonitorable
Allow unmonitorable content (avast antivirus)
By default messages that cannot be scanned (eg as they contain password protected archive files) are blocked by the avast virus scanner. This setting allows unmonitorable contect to be sent.
Syntax: g_virus_allow_unmonitorable bool
g_virus_cmd
Command line virus checker to run on MIME parts
If defined the mail server will extract MIME parts in a multi part message and run the virus scanner over the extracted file. The command line can include $FILE$ which will be replaced with the actual file name of the extracted part. An intelligent cache is used so mailing lists, etc, will not require running the virus scanner on every message sent. If you set this to “do_not_run” then SurgeMail will extract the MIME parts but not actually run any program, some virus scanners scan all files on the system so the file is deleted magically and SurgeMail will notice and bounce the message. If your scanner supports the returning of return codes if a virus is found then you should use g_virus_cmd_codes with this setting as this is more reliable than having to detect if a file is deleted and also means also will work on viruses in archives which a lot of scanners won’t delete.
Syntax: g_virus_cmd string
g_virus_cmd_codes
Return codes to bounce message
Accept return codes from virus scanner as a confirmation that the scanned file is infected, eg: 1,2,3,4,5.
Lets SurgeMail check the return code from g_virus_cmd and if the code matches
one in the above setting assumes its a virus and bounces it.
g_virus_cmd_codes “10,12”
This would assume its a virus if the scanner returns return code 10 or 12 and then will bounce the message.
Syntax: g_virus_cmd_codes string
g_virus_cmd_nodel
Do not delete scanned files
Disables cleanup of scanned files, so you can test manually. The files are extracted to the “toscan” directory inside the SurgeMail directory. You should never normally need this on unless for debugging purposes.
Syntax: g_virus_cmd_nodel bool
g_virus_cmd_size
Max size of messages to scan
Useful to stop scanning of huge files, e.g. 1mb or bigger
Syntax: g_virus_cmd_size int
g_virus_cmd_sleep
Wait after g_virus_cmd incase delete is not immediate
Milli seconds to wait after g_virus_cmd incase delete is not immediate, eg: 500 = half a second.
Syntax: g_virus_cmd_sleep int
g_virus_cmd_max
Maximum number of concurrent threads to use for scanning
Syntax: g_virus_cmd_max “number of threads”
This sets the maximum number of threads that be used for running the virus scanner set by g_virus_cmd. Some scanners can take a while to scan a message and if the server is very busy this can tie up many channels and drain the cpu slowing down the entire mail server. When the maximum has been reached any messages coming in will be passed on without being run through the scanner – although this is not the best, it’s better than the mail server grinding to a halt.
Syntax: g_virus_cmd_max int
g_virus_cmd_drop
Drop silently instead of reject at data stage – not recommended
This should only be used when your front end server is not scanning for viruses and your back end server then rejects the message generating back scatter on the front end server.
Syntax: g_virus_cmd_drop bool
g_virus_cmd_email
Set if scanner can understand email message files
If this is set then then the scanner is responsible for extracting the mime parts of a message and scanning them
Syntax: g_virus_cmd_email bool
g_virus_cmd_body
Scan raw msg file too
This setting has no further documentation currently available
Syntax: g_virus_cmd_body bool
g_virus_cmd_test
Continue after virus found to compare scanners
This setting has no further documentation currently available
Syntax: g_virus_cmd_test bool
g_virus_cmd_log
Log stdout of virus command line scanner to vcmd.log
This setting has no further documentation currently available
Syntax: g_virus_cmd_log bool
g_virus_debug3
Testing virus scanners do not use
Do not use
Syntax: g_virus_debug3 bool
g_virus_disable_remote
Disable virus scans for non-local addresses
By default SurgeMail scans incoming messages from non-local senders, this disables that behaviour so scans will only occur if any recipient has virus scan access. You will probably need g_user_virus_scan true as well.
Syntax: g_virus_disable_remote bool
g_virus_disable_local
Disable scanning for local trusted users
Skip virus scanner for authenticated users and 127.0.0.1
Syntax: g_virus_disable_local bool
g_virus_filter
Virus checker or filter that takes commands on stdin and response on stdout
Virus filters use the following protocol the process is run continuously and sent on STDIN a command of the form, “nnn CHECK fullfilename envelopefilename\r\n” and in response it must send back is “nnn OK|REJECT|ERROR reason text\r\n”
It can modify the file directly and then respond with ‘ok’, however if it does this it must maintain the crlf line terminated and dot stuffed nature of the file.
Here is an example test of a virus filter
c:\surgemail> vfilter.exe 1 check c:\surgemail\work\a.itm c:\surgemail\work\a.hdr 1 REJECT Found something bad in that file 2 check c:\surgemail\work\a.itm c:\surgemail\work\a.hdr 2 OK send message along
a.hdr would contain:
From: bob@domain.com To: xyz@thisdomain.com To: xyz3@thisdomain.com
Syntax: g_virus_filter cmd=string type=string
g_virus_filter_require
Require filter pipe
If any g_virus_filter pipe fails bounce messages rather than allow to continue.
Syntax: g_virus_filter_require bool
g_virus_fprot
Set F-PROT port for mail scanning
Typically set this to 11200
First install f-prot virus scanner, exact steps will vary depending on platform so follow your F-Prot install instructions, but as an example on Linux we did this:
cd /usr/local gunzip DISTRIBUTION.tar.gz tar -xvf DISTRIBUTION.tar cd f-prot ./install-f-prot.pl cd tools
# Now start mail scanner as user 'mail' su mail -c"/usr/local/f-prot/tools/scan-mail.pl -server -daemon"
Your will also need to start the scanner as above in your startup scripts (e.g. rc.local)
Then lastly in surgemail.ini set
g_virus_fprot 11200
When a message is scanned a header X-Fprot: … is added giving some informational status.
Syntax: g_virus_fprot int
g_virus_recent_skip
Skip recent virus cache
Skip virus recent cache which attempts to speed up virus scanners.
Syntax: g_virus_recent_skip bool
g_virus_rename
Rename attached executables to prevent autorun
If enabled SurgeMail will rename dangerous executable files by replacing the ‘.’ with an ‘_’. This will stop many autorun viruses. This is name
Syntax: g_virus_rename bool
g_virus_rename_skip
Skip rename for these from/to addresses
This setting has no further documentation currently available
Syntax: g_virus_rename_skip string
g_virus_rename_skipauth
Skip rename if user sending is authenticated local user
This setting has no further documentation currently available
Syntax: g_virus_rename_skipauth bool
g_virus_report
Report detected viruses to someone
Sends an email report to the specified address when a virus comes in.
Syntax: g_virus_report string
g_virus_report_user
Report virus to recipients
This setting has no further documentation currently available
Syntax: g_virus_report_user bool
g_virus_report_all
Report every virus using g_virus_report
This setting has no further documentation currently available
Syntax: g_virus_report_all bool
g_virus_restart
Restart vpipe virus scanners
Restart vpipe virus scanners every this many items.
Syntax: g_virus_restart int
g_virus_late
Run virus scan after most spam filter processing
This can reduce load on virus scanner which is often a slow process
Syntax: g_virus_late bool
g_virus_localhost
Don’t skip virus checks for 127.0.0.1 originating emails
This setting should not normally be used, it will make it scan locally generated emails, dlist messages etc…
Syntax: g_virus_localhost bool
g_virus_strangers
Use simple attachment filter for non friends
This setting can stop zero hour attacks as it blocks any attachment that might be a virus if it’s not from a friend
Syntax: g_virus_strangers bool
g_virus_cloud
Use cloud scanner, not recommended
Enables the cloud scanner for inbox delivered messages if clamav is in use, this does send samples to an external system for scanning so may not be appropriate in all situations. It should only be used on systems where ‘clamav’ is the primary scanner with less than 1000 users.
Syntax: g_virus_cloud bool
g_virus_cloud_wild
File types to cloud scan *.exe,*.com
Best left as default
Syntax: g_virus_cloud_wild string
g_vpipe_concurrent
Concurrent requests to vpipe process
Concurrent requests to vpipe process, default is 7, set to 1 to debug vpipe issues
Syntax: g_vpipe_concurrent int
g_vpipe_fail_crash
Crash if vpipe fails
Crash SurgeMail if vpipe fails. This is for debugging purposes only.
Syntax: g_vpipe_fail_crash bool
g_vpipe_timeout
Timeout for firus filters (default 60s)
The timeout in second that SurgeMail will wait for a virus filter (defined by g_virus_filter) to complete. If after this time the virus filter has not responded the message will be let through and the following line logged in mail.log:
“Virus filter not responding, stuck on <msg file> allowing message through”
Syntax: g_vpipe_timeout int
Use the online HTML beautifier to maximize your web content composing efficiency.
g_vpipe_skip
Skip virus filter checks per IP address
Disable virus and crc checking for known safe bulk mailers that would otherwise overload the server. This setting affects the virus checker.
Example: g_vpipe_skip “20.0.0.2”
- g_virus_cmd
- virus filters (g_virus_filter)
- filter program (g_filter_pipe)
- F-Prot in daemon mode (g_virus_fprot)
Syntax: g_vpipe_skip string
g_vpipe_notag
Disable vpipe result headers
Disable headers showing vpipe results in messages.
Syntax: g_vpipe_notag bool
g_web_add
Add http headers
This setting has no further documentation currently available
Syntax: g_web_add string
g_web_api_ip
Allow access to web based API for msg access
This setting has no further documentation currently available
Syntax: g_web_api_ip string
g_web_charset
Charset for html pages
Sets the charset to use for each language i.e. e.g. iso-8859-1
Syntax: g_web_charset lang=string charset=string
g_web_max
Max concurrent web connections, default is 100
This includes web admin, webmail etc…., The default limit should be sufficient for most systems. Although a limit of 10 would be tons for most systems we had to set the default high as this setting was added recently.
Syntax: g_web_max int
g_web_max_perip
Max concurrent web connections per-ip, default is 30
This includes web admin, webmail etc…., The default limit should be sufficient for most systems unless all your users are coming through a common proxy
Syntax: g_web_max_perip int
g_web_timeout
Timeout for web requests
Timeout for web requests, the default is 180 seconds, generally it should not be set below 61 seconds
Syntax: g_web_timeout int
g_web_admin_max
Maximum number of concurrent web admin sessions
Web admin requests are recorded, the remote IP and local port are used to identify a particular session. This setting places a limit on the number of sessions at any one time.
Syntax: g_web_admin_max int
g_web_access_ip
Restrict access to web ports based on ip
Specifies a list of ports and a wildcard list of valid ip addresses who can connect to those ports.
Syntax: g_web_access_ip ports=string ip=string
g_web_access_grp
Restrict user groups to specific ports
Specifies a user group or groups and a list of valid web ports for that group.
Syntax: g_web_access_grp group=string ports=string
g_web_access_max
Maximum number of concurrent web logins for group
Specifies the maximum number of concurrent web logins for a certain group of users.
Syntax: g_web_access_max group=string max=int
g_web_noserver
Disable Server header in http responses
Some security firms require this in order to hide the software application information
Syntax: g_web_noserver bool
g_web_old_behaviour
Revert to old style webserver behaviour
To pass various auditing tests admin interface no longer responds to arbitrary url. This restores old behaviour.
Syntax: g_web_old_behaviour bool
g_web_policy_disable
Disable obscure web policy security headers
This setting has no further documentation currently available
Syntax: g_web_policy_disable bool
g_web_php_exe
Path to php.exe
Experimental support for php
Syntax: g_web_php_exe string
g_web_trust_ip
Trust ip address from rev proxy web server X-Forwarded-For
This setting has no further documentation currently available
Syntax: g_web_trust_ip string
g_web_forwarded_test
Fake the forwarded-for header
This setting has no further documentation currently available
Syntax: g_web_forwarded_test bool
g_web_forwarded_uselast
Use last address in multiple item forwarded-for header
This setting has no further documentation currently available
Syntax: g_web_forwarded_uselast bool
g_webdav_enable
Enable webdav access for users (do not use)
Enable ‘webdav’ features so users can store data, you must also define g_webdav_path
Syntax: g_webdav_enable bool
g_webdav_group
Only allow webdav if member of webdav access group
Require that users be members of the webdav group
Syntax: g_webdav_group bool
g_webdav_public
Enable non authenticated access to pub folder (readonly)
This setting enables the user to place web pages (static) up on their email account, the public url would be http://your.server/wd/username/pub/…
Syntax: g_webdav_public bool
g_webdav_path
Root path for webdav storage
For example c:\surgemail\webdav
Syntax: g_webdav_path string
g_webmail_limit
Maximum number of concurrent webmail requests
This should not generally be adjusted, it is simply a limit to prevent DOS attacks or overloading from web requests. A value of 10-300 would be reasonable. The default is 200
Syntax: g_webmail_limit int
g_webmail_port
WebMail port (default 7080)
This is the port that WebMail users should connect through (unless you want better security, then use the secure port and HTTPS protocol listed below) By default it is port 7080, but if you are not running a web server you probably want to change it or add port 80, eg:”7025,80″ so that people can get to it with a URL like this: http://your.mail.server instead of http://your.mail.server:7080. Use the keyword ‘disabled’ to disable this part of the SurgeMail service.
Syntax: g_webmail_port int
g_webmail_save
Write surgehost.ini and other obsolete webmail config info
This setting enables writing the webmail surgehost.ini file, it is not needed generally unless your users keep using the old webmail (which they shouldn’t)
Syntax: g_webmail_save bool
g_webmail_secure_port
WebMail secure port (default 7443)
This is the port that WebMail users should connect through.. By default it is port 7443, but if you are not running a web server you probably want to change it or add port 443, eg:”443″ so that people can get to it with a URL like this: https://your.mail.sever Instead of https://your.mail.server:7443. Use the keyword ‘disabled’ to disable this part of the SurgeMail service.
Syntax: g_webmail_secure_port int
g_webmail_timeout
Timeout for webmail or any cgi process (in seconds, default 360)
If he webmail cgi fails to respond this limits how long SurgeMail will wait before killing the process.
Syntax: g_webmail_timeout int
g_webmail_useip
Use the ip address in g_webmail_port setting
By default it will use the same url as the user connects on which is generally better.
Syntax: g_webmail_useip bool
g_webmail_popmode
Use POP3 instead of IMAP in WebMail.
This results in pophost being passed to webmails domain configuration file, surgehost.ini. If you change this setting you should delete surgehost.ini and run “tellmail surgehost_update” to rebuild it.
Syntax: g_webmail_popmode bool
g_webmail_url
Url to the WebMail cgi
If WebMail is not in the default place and/or is not on the SurgeMail machine then this setting tells SurgeMail where it is so links to WebMail from SurgeMail function correctly.
Syntax: g_webmail_url string
g_webmail_urladd
Url data to append to WebMail auto-login link
This setting allows you to specify additional information and settings which are passed to WebMail when SurgeMail links to it.
Syntax: g_webmail_urladd string
g_webmail_workarea
Path to WebMail workarea
If WebMail is not installed in the default location on this SurgeMail machine this setting tells SurgeMail where to find it.
Syntax: g_webmail_workarea string
g_webmail_select_domain
Send select_domain instead of host in webmail autologins
Recommended. This uses the select_domain method of auto-logins with WebMail, it often works where the old method fails.
Syntax: g_webmail_select_domain bool
g_webmail_secret
Secret string used by webmail when sending the ip address of connecting users
This is used with webmail when you want surgemail access rules to apply to webmail users, webmail has a matching setting which makes it pass the ip address through
Syntax: g_webmail_secret string
g_web_hide_source_names
Hide the name of the source template page in output web pages.
To aid tailoring each web page in the web admin shows it’s own address so you can find it to modify it. Some admins consider this a security issue, or just a bit ugly, so use this setting to hide this information when you don’t need it.
Syntax: g_web_hide_source_names bool
g_web_force_doctype_first_disable
Disable webserver behaviour to force doctype definitions to be displayed first.
Comments displayed on the webpages (including template filenames), mean IE does not use the doctype definiton. Surgemail tries to display doctype first. This setting reverts to old behaviour.
Syntax: g_web_force_doctype_first_disable bool
g_web_ref_path_extension
Path extension to add to web page image/css references.
This setting is used for caching purposes. See SurgeMail template caching for details
Syntax: g_web_ref_path_extension string
g_work
Workarea Path
Work area for SurgeMail temporary work files.
Syntax: g_work string
g_web_url_path
Url to path translation with access specifier
This lets you set up aliases and translations of urls partly based on the access rights of the user.
Syntax: g_web_url_path url=string path=string access=string
g_web_title
Title to use on specified web page
This lets you customize the title of each management web page.
Syntax: g_web_title page=string title=string
g_web_utf8
Make sure all user.cgi handling is done in UTF8
Make sure user.cgi handlign is all done in UTF8 rather than paged character sets.
Syntax: g_web_utf8 bool
g_web_appsroot
Apply apps interface at web root ie /
This setting has no further documentation currently available
Syntax: g_web_appsroot bool
g_web_appsname
Apps url name on unified web interface
This setting has no further documentation currently available
Syntax: g_web_appsname string
g_winmail_fix
Replace winmail.dat with normal attachments, requires tnef installed first http://netwinsite.com/tnef.htm
First install tnef, on unix use: apt-get install tnef, on windows download tnef.exe from our website
Syntax: g_winmail_fix bool
g_autologin_newlogic
Streamlined logic for surgeweb to user.cgi autologin handover
Improved logic for user.cgi autologin url generation. Notably affects proxy mode, frontend-backend configurations, and whether ssl is used.
Syntax: g_autologin_newlogic bool
g_surgeweb_disable
Disable access to SurgeWeb
Completely disable surgeweb access for whatever reason.
Syntax: g_surgeweb_disable bool
g_surgeweb_work
Path to Surgeweb cache/work files
This is where Surgeweb stores it’s temporary or working files, default I_G_HOME\surgeweb\work
Syntax: g_surgeweb_work string
g_surgeweb_backend_server
Backend machine to connect to
This specifies the backend machine where Surgeweb connects for email and to store user settings. Surgeweb will cache data here but store the master copy of anything on the backend machine.
Syntax: g_surgeweb_backend_server string
g_surgeweb_backend_web
Backend machine to connect to
This specifies the internet resolvable hostnaem or url for all user.cgi access connected to a backend server eg. myserver.com or https://myserver.com:7443
Syntax: g_surgeweb_backend_web string
g_surgeweb_benchmark
Log web request timing info for surgeweb benchmarking – matches ip addresses
Netwin testing use only
Syntax: g_surgeweb_benchmark string
g_surgeweb_debug
Log surgeweb debug info – matches ip addresses or email addresses – avoid
Note this setting should be used minimally as it affects performance
Syntax: g_surgeweb_debug string
g_surgeweb_logall
For requests matching g_surgeweb_debug also leave all webio & temp files – avoid
Netwin testing use only
Syntax: g_surgeweb_logall bool
g_surgeweb_restrict
Restrict surgeweb use to these accounts only
Allow surgeweb access to a matching set of email addresses
Syntax: g_surgeweb_restrict string
g_surgeweb_idle_timeout
Idle timeout for surgeweb sessions (hours, default=48)
If no manual action is taken during this time the surgeweb session gets logged out
Syntax: g_surgeweb_idle_timeout int
g_surgeweb_remember_timeout
“Remember” timeout / max session length for surgeweb sessions (days, default=14)
Maximum time for Remember me and for single sessions
Syntax: g_surgeweb_remember_timeout int
g_surgeweb_cache_less
Reduce surgeweb caching
Reduce the length of time that surgeweb caches message bodies in its g_surgeweb_work folder to save disk space usage
Syntax: g_surgeweb_cache_less bool
g_surgeweb_path
Change surgeweb path
This setting has no further documentation currently available
Syntax: g_surgeweb_path string
g_surgeweb_process
Run surgeweb in it’s own process (beta)
Intended to increase resilience
Syntax: g_surgeweb_process bool
g_surgeweb_testing
NEVER USE
Not for general use
Syntax: g_surgeweb_testing bool
g_surgeweb_ics
Surgeweb email/calendaring integration (ie ics file processing and sending)
Enable surgeweb ICS handling smarts to allow calender invites to be replied to and to allow calender invites to be sent
Syntax: g_surgeweb_ics bool
g_surgeweb_forgot_show
Show forgot password link on surgeweb login page
Default for forgot password link visibility on surgeweb login page. (note: gets overidden by older showlink_forget_pass surgeweb setting)
Syntax: g_surgeweb_forgot_show bool
g_surgeweb_testrig
Disable session cache for testrig
This setting has no further documentation currently available
Syntax: g_surgeweb_testrig bool
g_xauthuser_hide
Hide X-Authenticated-User header
The header X-Authenticated-User is added to all local deliveries for users that login using SMTP authentication. This is the most reliable way to determine who actually sent this email. This setting will disable the addition of this header.
Syntax: g_xauthuser_hide bool
g_xrcptoriginal_hide
Hide X-Rcpt-Original header
The X-Rcpt header is added indicating which local account this message was delivered to. If the mail has been redirected for any reason the original delivery address is added as an X-Rcpt-Original header. This setting will disable the addition of this header.
Syntax: g_xrcptoriginal_hide bool
g_xrcpt_hide
Hide X-Rcpt header
The X-Rcpt header is added indicating which local account this message was delivered to. This setting will disable the addition of this header.
Syntax: g_xrcpt_hide bool
g_xserver_hide
Hide XServer header
This wil hide the X-Server header.
g_sched_utoken_timeout
Timeout for sched utokens in minutes
Timeout for sched utokens in minutes.
Syntax: g_sched_utoken_timeout int
g_xfile_allow
IP address to allow xfile and WebMail features from
Allow xfile & web upload features for users. Set to ‘*’ or the WebMail servers IP address.
Syntax: g_xfile_allow string
g_deliver_robot
Robot/Script to run at delivery time $FILE$ AND $TO$ parameters
This setting has no further documentation currently available
Syntax: g_deliver_robot string
g_disable_surgeplus
Disable SurgePlus Calendar and File Sharing client
Disable users from logging in using the SurgePlus Calendar and File Sharing client. See SurgePlus
Syntax: g_disable_surgeplus bool
g_surgeplus_links
Add web links to SurgePlus from other web interfaces (and vice versa) for users allowed to use SurgePlus.
This causes links to appear in the SurgePlus interface to switch to using WebMail (and DBabble if you have the g_dbabble_links setting on).
Syntax: g_surgeplus_links bool
g_disable_surgeplus_updates
Disable automated downloading of new versions of SurgePlus client from netwinsite.com
New versions of the SurgePlus client are automatically downloaded from netwinsite.com and made available for download form your server by your users. See SurgePlus
Syntax: g_disable_surgeplus_updates bool
g_surgeplus_log_level
SurgePlus log level. ‘none’, ‘info’, or ‘debug’. Default is ‘info’
Sets the amount of logging done for SurgePlus. When using ‘debug’ level, data is logged to surgeplusd.log in addition to surgeplus.log
Syntax: g_surgeplus_log_level string
Example: debug
g_surgeplus_port
s-port-g-surgeplus-secure-port-surgeplus-port-and-surgeplus-secure-port" >
SurgePlus uses the POP protocol to communicate with SurgeMail. However, some virus scanners running on the clients machine prevent the SurgePlus client from using POP commands that the virus scanner does not know about. In order to avoid this problem, SurgePlus uses port 7110 by default instead of port 110. However, clients not using a virus scanner (or clients using some virus scanners we have made SurgePlus work with – e.g. Norton) can safely use port 110 if they would otherwise be prevented from connecting to SurgeMail by a firewall. The SurgePlus client will quietly switch to using port 110 if it is not able to connect to the server using port 7110.
Syntax: g_surgeplus_secure_port int
g_surgeplus_web_port
SurgePlus web port.
If you want your SurgePlus users to view shared files over a different port than WebMail uses give this setting a value.
Syntax: g_surgeplus_web_port int
g_surgeplus_web_url
Direct SurgePlus users to access shared files at this url
Use this to override the default location that users are directed to to view shared SurgePlus web files. If you don’t specify a value for this setting then it defaults to using the non-secure webmail port.
Syntax: g_surgeplus_web_url string
Example: https://||domain||:7443
g_surgeplus_hide_client_downloads
Hide the links to download and install SurgePlus Windows client
Use this setting if you don’t want your users to know about the SurgePlus Windows client. All this setting does is to hide the download links from the web interface.
Syntax: g_surgeplus_hide_client_downloads bool
g_surgeplus_pop_server_name
Default pop server to set SurgePlus client download to connect to.
SurgePlus Windows client downloads are set to connect to this POP server by default. This setting only applies if the user is downloading the client from a URL that does not match a valid domain on the server. If the URL does match a domain on the server, the domain specific version of this setting applies instead.
Syntax: g_surgeplus_pop_server_name string
g_surgeplus_smtp_server_name
Default smtp server to set SurgePlus client download to connect to.
SurgePlus Windows client downloads are set to connect to this SMTP server by default. This setting only applies if the user is downloading the client from a URL that does not match a valid domain on the server. If the URL does match a domain on the server, the domain specific version of this setting applies instead.
Syntax: g_surgeplus_smtp_server_name string
g_surgeplus_delay_tell_upgrade
Delay informing existing users about new SurgePlus versions for
Delay informing existing users about new versions of SurgePlus for this long after the new version is downloaded to your server. SurgePlus clients poll the server once an hour so they won’t be informed about the new version for up to an hour longer than the value of this setting. Use this setting combined with the g_surgeplus_delay_tell_upgrade_exempt setting so that only administrator users are informed about new versions at first so you can confirm the new version works fine with your existing server configuration before everyone upgrades. Example values: “3 hours” or “2 days”
Syntax: g_surgeplus_delay_tell_upgrade string
g_surgeplus_delay_tell_upgrade_exempt
Users exempt from delayed new version informing
See the above setting for information. Example value: “user1@domain.name,user2@domain.name”
Syntax: g_surgeplus_delay_tell_upgrade_exempt string
g_surgeplus_online
Enable online tracking in surgeplus
Not recommended.
Syntax: g_surgeplus_online bool