g_gateway - Gateway messages to a particular domain (Or smarthost)
Used to gateway messages to another local mail server. Typically this other server is inside a fire wall so it's local IP address is not known by the DNS server. You specify the domain and IP address to send messages to and this server is treated as 'local' rather than remote in terms of open relay restrictions. eg: nonauthenticated users are able to send in mail. Open relay restrictions do not apply to messages sent to this domain because they are considered as if they were local users and not 'relaying'.
This setting has the fields domain(required), to(required), user(optional), pass(optional), relay=true/false(optional),check=true/false (optional)
Normally "domain" and "to" are the only fields that need to be filled in. eg. To relay mail from anyone to user accounts in the domain somedomain.com to the host 1.2.3.4.
g_gateway domain="somedomain.com" to="1.2.3.4" user="username" pass="password"
If SMTP authentication is required on the destination server the user and pass fields need to be completed.check=true
The check=true setting tells surgemail to actually connect to the server and check that recipients exist before accepting an incoming email for that user, this is STRONGLY recommended, as it stops the server having to bounce thousands of messages when spammers send to invalid addresses on your server. If SurgeMail cannot connect it will assume the user does exist so nothing is bounced except when the connection is successful.
Classic smarthost setting
This is where you want to send all outgoing email to another server, that may require authentication, note that we don't use relay="true" as that would make the server an open relay.
g_gateway domain="*" to="isp.mail.server" user="user@isp.server" pass="xxx" relay="true"
(warning, usually not needed or wise, this can make your server into an open relay for spammers to abuse!)
As a safety measure to prevent accidental openrelays, SurgeMail will not relay for non authenticated users or trusted users (users that are allowed to relay due to relaying settings eg g_relay_allow_ip) if the domain is "*". This can be overridden by placing "true" in the "relay" field. eg: To relay all mail for all users to host 1.2.3.4:
g_gateway domain="*" to="1.2.3.4" relay="false"
It is possible to use domain="c:\domains.txt" where domains.txt is a file listing the domains to be gatewayed, this should only be done for one gateway rule, and is only worth doing if you have thousands of domains to gateway.
local="true"
Requires that the destination addresses exist in the local account database.
Gateway after user lookup
When gatewaying to a domain which accepts all email regardless of address (e.g. exchange) you are best to define the users in your local user database, this is the only way to prevent nasty bounces and get rid of all the spam cleanly.
1) remove the gateway setting for the domain
2) add a virtual domain
3) In the virtual domain add surgewall settings, e.g. in this example I'm gatewaying the domain 'netwin.co.nz' to a
backend server called 'backend.netwin.co.nz"
vdomain address="" name="netwin.co.nz"
...
surgewall "backend.netwin.co.nz"
surgewall_options strip_domain="" proxy_failover="" auth_local="TRUE" pop="" smtp="" imap="" usercgi=""
You can find more gateway examples in our FAQ here http://www.netwinsite.com/surgemail/help/faq.htm#gateway
Syntax: g_gateway domain=string to=string user=string pass=string relay=string check=bool sms=bool local=bool
g_gateway_allow - Known hosts that act as incoming SMTP or surgewall servers for us
Some spam prevention mechanisms which use the ip address of the incoming system must be disabled for incoming SMTP servers/surgewall/firewall boxes so that stupid limits don't block all the incoming messages from your backup mx server etc. Settings this affects: g_tarpit_max, g_tarpit_max_remote, g_con_perip, RBL checks,
Syntax: g_gateway_allow string
g_gateway_always - Always send to gateway even if local domain exists
Always send to gateway even if local domain exists. Not sure why you would want to use this setting other than to temporarily send mail on to another server whilst keeping the local domain and accounts intact and untouced.
Syntax: g_gateway_always bool
g_gateway_auth - Send SMTP auth requests to another host
Send SMTP auth requests to another host.
Syntax: g_gateway_auth string
g_gateway_data - Gateway at the data stage
To allow bounces to be handled cleanly gateway messages before responding to the data comman so bounces can go direct without being generated and creating back scatter.
Syntax: g_gateway_data bool
g_gateway_from - Pass 'from' header thru during gatewawy check
In some cases to verify an email address the correct 'from' must be passed through, normally this is a bad idea as it will cause spf failures, but it is sometimes necessary
Syntax: g_gateway_from bool
g_gateway_helo - Header that must exist in incoming bounces (g_send_helo) or bounces are dropped
An incoming filter can discard the majority of incoming bounces by using this setting to figure out if a bounce is valid without having to do a user lookup first! Usually this would be the setting g_send_helo from your 'outgoing' mail server, this setting can be a list of host names.
Syntax: g_gateway_helo string
g_gateway_ifnot - Send mail to gateway in preference to local delivery unless IP matches
The use of g_gateway_ifnot will deliver mail to the g_gateway rule in preference to local delivery unless the IP number matches. This would typically be used to pass mail through an external SMTP server for certain or all domains for scanning purposes etc.
Syntax: g_gateway_ifnot string
g_gateway_ignorewild_ip - Ignore * gateway rules if from ip matches (allows outbound email scanning using gateway * to external scanner)
This setting has no further documentation currently available
Syntax: g_gateway_ignorewild_ip string
g_gateway_mx - If specified IP address is found in mx record for destination then allow relay (not recommended)
This can be useful if you have thousands of servers using your machine for mx backup and you want to allow them simply because the mx records exist, it's much better to use g_gateway or g_relay settings instead as this saves lookups and makes the results entirely more predictable 🙂
Syntax: g_gateway_mx string
g_gateway_open - Allows an open relay setting in g_gateway
This lets you set g_gateway domain=* and relay=true, this makes your server an open relay so is never a good idea!
Syntax: g_gateway_open bool
g_gateway_orcpt - Writes an original receipt header when forwarding a message, this may disclose multiple recipients, cc/bcc etc use only for tracking faults
This writes a header X-Rcpt-Original: ..., when forwarding a message to another server, good for tracking problems. This may disclose multiple hidden recipients, it should not be used normally
Syntax: g_gateway_orcpt bool
g_gateway_shuffle - Round robbin shuffle of to ip addresses for gateway rules
Use if you wish to spread outgoing load evenly to multiple outgoing servers.
Syntax: g_gateway_shuffle bool