g_auth_hide - Disable SMTP Authentication
Per default SMTP authentication is enabled. If a user matches this IP range/list they will NOT be shown the ESMTP extension for SMTP authentication. This will usually stop the mail client from prompting the user for authentication. We STRONGLY recommend you do NOT use this feature. It is much better to let users authenticate when sending email.
Syntax: g_auth_hide string
g_auth_norelay - Ignore SMTP auth for relaying purposes
This means relaying only occurs if g_relay_allow_ip matches
Syntax: g_auth_norelay bool
g_auth_path - Path to nwauth files
Needed for mirroring if using multiauth
Syntax: g_auth_path string
g_auth_skipgateway - Skip gateway rules if we get a proxy SMTP auth command
Skip gateway rules if we get a proxy SMTP auth command. This is not for general use. It can be used if you are using SurgeMail in front of another mail server with a wild card gateway to gateway all domains to a back end mail server. Then an authenticated user is a local user trying to send out so the gateway rules are ignored. (this is strongly not recommended)
Syntax: g_auth_skipgateway bool
g_authent_addip - Send ip address as third parameter to authent module
This setting has no further documentation currently available
Syntax: g_authent_addip bool
g_authent_allow_badascii - Allow ascii chars outside the range 32 < 127
By default ascii characters < 32 and >= 127 are blocked as invalid. If you require these characters set this to TRUE.
Syntax: g_authent_allow_badascii bool
g_authent_always - Always lookup user, so virtual domains can exist just in authent module
Always lookup user, so virtual domains can exist just in authent module. This allows you to support 10,000 domains on one system without a 'huge' ini file. Be careful to not create/remove real domains with the same name as existing domains that only exist in the authent database as the 'drop files/inboxes' will move when this occurs and existing mail will vanish.
Syntax: g_authent_always bool
g_authent_any - Restore buggy behaviour of looking up users in domains that don't exist
Previously surgemail would lookup a user even if the domain in question did not exist, if you need to restore this odd behaviour then you can use this setting...
Syntax: g_authent_any bool
g_authent_cachebad - Cache life of failed authent lookups
Set the life in seconds that the cached failed lookups can be used, default 60 seconds. Best left alone unless your server is being hit by thousands of failed lookups and your authent module is slow.
Syntax: g_authent_cachebad int
g_authent_cachelife - Cache life of successful authent lookups
Set the life in seconds that successful cached lookups can be used, default 2 hours. Best left alone.
Syntax: g_authent_cachelife int
g_authent_cachesize - Size of the authent cache
Set the size of the authent cache, default is 500 entries. Generally best left alone.
Syntax: g_authent_cachesize int
g_authent_case_sensitive - Make passwords case sensitive
By default surgemail avoids case sensitive passwords as they do little to increase security but causes endless frustration for users, but this is just an opinion and some people disagree so use this setting if you wish to have case sensitive passwords :-).
Syntax: g_authent_case_sensitive bool
g_authent_decrypt - Collect and store plain text passwords for migration in file pass.decrypted
This setting should only be used as part of a migration, it obviously exposes your customers passwords to risk!.
Syntax: g_authent_decrypt bool
g_authent_domain - Authent domain
If this is 'true', the virtual domain name is appended to the username before it is passed to the authent process. This lets the authent process deal with virtual domains. As a general rule, this should ALWAYS be true.
Syntax: g_authent_domain bool
g_authent_encrypt_key - Encryption key config settings
Not for general use currently, used to partially obscure credit card info when stored in the authent module.
Syntax: g_authent_encrypt_key string
g_authent_enforce - Days till we prevent user from logging in, NOT RECOMMENDED
Days until we block logins if password is not changed. This setting will annoy your customers but not really achieve anything useful, it shouldn't be used in most situations
Syntax: g_authent_enforce int
g_authent_fwdfile - Use DMail forward files (deprecated - for backward compatibility only)
Allows old style DMail forward files to be read.
Syntax: g_authent_fwdfile bool
g_authent_info - Authent info
Defines a piece of information to store about the user in the user database (phone number, name, address etc). Each piece of information is given a name, a field, an access mode, a default and a type. The name defines what appears in the web management display. The field is what is sent to the authent_process. The access mode can be one of the following: user, domadmin, or admin, createonly, none. The default is what value is assigned upon creation of a new user. The type can be one of: date, readonly, encrypt or any custom string which you want to check for or match on the na_details.htm page with a template function like: ||ifequal||user_info_type||custom|| .. do things .. ||endif||
An access mode of 'admin' means that only the system admin can see the information, 'domadmin' means the sysadmin and any domain admin can see the information, 'user' means the user can see the information, 'createonly' means the user sets the information at creation time but cannot see it after that and 'none' ensures that no-one can see or modify the information (used for information that is handled by SurgeMail itself, either through the interface or otherwise)
e.g.
g_authent_info name="Phone Number" field="phone" access="user" default="" type=""
See here for a complete list of default settings.
Syntax: g_authent_info name=string field=string access=string default=string type=string
g_authent_info_grp - Fields to show to users in this group
Specifies the authent fields this user group is allowed to see and change. This applies only to the fields visible on the account properties page and the domain admin "Users" page it cannot be used to prevent access to fields which are managed by the web interface i.e. 'fwd'
Syntax: g_authent_info_grp group=string fields=string tag=string
g_authent_ip - Authent Lookup IP numbers via authent modules - enables relaying
If enabled each connecting IP address will be looked up in your user database as x.x.x.x@ip eg: "127.0.0.1@ip" and if the user is found then relaying is allowed and if 'send_limit="nn"' is defined then that will set the tarpit send limit for that user.
For per IP tarpit limits to work you need to define the g_tarpit_max and g_tarpit_max_remote settings. And g_tarpit_drop to make the limit effective.
Syntax: g_authent_ip bool
g_authent_last_login - Store users last login time in the database
This setting will cause the authent field 'last_login' to be updated when a user logs in. The field is set to a timestamp which is 'the number of seconds since midnight January 1, 1970'. This field is updated 'at most' once every 24 hours. Other features i.e. delete_user_after and disable_smtp_after will look for this field.
Syntax: g_authent_last_login bool
g_authent_logall - Turns on logging of authent requests
If enabled, authentication requests are logged in mail.log as "<day> <time> Authent[<action> <info>]".
Syntax: g_authent_logall bool
g_authent_lookup - Check if accounts exist using g_authent_pass too
This setting has no further documentation currently available
Syntax: g_authent_lookup bool
g_authent_nodomain - If true dont add @virtual.domain.name to external user lookups (NOT RECOMMENDED)
Use this at your own risk, it is provided for compatibility with dmail installations, but should be avoided if at all possible.
Syntax: g_authent_nodomain bool
g_authent_number - Authent number
The number of concurrent authent processes to run. If you are using a slow external authent module (e.g. sql) then it is probably worth running 3-4, there is no need to have more than 1 when using nwauth.exe. (Default = 1)
Syntax: g_authent_number int
g_authent_pass - Authent process to check passwords with
This setting has no further documentation currently available
Syntax: g_authent_pass string
g_authent_prefix_sep - Authent Prefix Separator (deprecated - for backward compatibility only)
Prefix separator for prefix based separator. Only relevant if enabled on a per vdomain basis using the "prefix" setting.
Syntax: g_authent_prefix_sep string
g_authent_process - Authent process
The command line of a NetWin authentication module. You can use one of our standard modules for LDAP, ODBCAuth, MySQL etc or write your own. For more information on these modules see the authentication section of the manual .
This will typically be something like:
g_authent_process "E:\surgemail\nwauth.exe -path E:\surgemail"
or
g_authent_process "/usr/local/surgemail/nwauth -path /usr/local/surgemail"
Syntax: g_authent_process string
g_authent_reminders - Days till we remind user to change password
Days until we remind user to change password.
Syntax: g_authent_reminders int
g_authent_restart - Cycle auth modules every 1000 lookups
This is useful if there are resource allocation issues in the authentication module. Eg OBDCAuth
Syntax: g_authent_restart bool
g_authent_single - Allow local users with a single quote char in their name
This let's users exist who contain the single quote ' character. It is not supported with some authent modules though, nwauth does allow it.
Syntax: g_authent_single bool
g_authent_spaces - Allow spaces in passwords DO NOT USE
Not supported for most authent modules, requires nwauth 4.0r or later, If you have already got users with spaces in their passwords and you turn this setting on, they will no longer be able to login until they reset their passwords. Authent module must support slash encoding, for nwauth add -spaces to command line
Syntax: g_authent_spaces bool
g_authent_strip_domain - Strip domain for authent lookups
Use when your database expects one 'primary' domain to do lookups without a domain name then SurgeMail will strip that domain only from lookups. Typically this is only necessary with old DMail authent modules.
Syntax: g_authent_strip_domain string
g_authent_timeout - Timeout for authent response
Timeout for authent response, default 60 seconds.
Syntax: g_authent_timeout int