g_pass_force – Force user to reset password if admin changes it
Makes the user change the password on the next login to user.cgi or surgeweb
Syntax: g_pass_force bool
g_pass_twofactor – Enable two factor authentication
Allow users to enable two factor authentication.
Syntax: g_pass_twofactor bool
g_perflog_disable – Disable perflog logging
Completely disable the logging of historica performance data for the status graphs.
Syntax: g_perflog_disable bool
g_perflog_flush_interval – Flush interval
Interval in seconds to flush the performance log files to disk. Default is 3600 s (ie once per hour)
Syntax: g_perflog_flush_interval int
g_perflog_logall – Log all counters
Log all counters including the currently undisplayed counters. This is useful if in the future you suddenly think, Oh I would really like to see the historic information on one of the undisplayed counters – which would normally not have been logged to file.
Syntax: g_perflog_logall bool
g_perflog_lowres – Log in low resolution
Normally data is logged avery 10 seconds and 5 display scales are available hour, day, week, month and year. If this is set samples are taken every 5 minutes and 4 display scales are avbailable: day, week, month, year.
Syntax: g_perflog_lowres bool
g_perflog_surgeonly – Only log surgemail counters
On Windows systems surgemail’s performance logging will gather counters from surgemail and from the system “Perfmon” performance logging. This disables the collection of system counters.
Syntax: g_perflog_surgeonly bool
g_pipelining – Show pipelining in ehlo response
Show pipelining in ehlo response – not recommended – has no behavior affect.
Syntax: g_pipelining bool
g_policy_enable – Enable policy.dat rules, still testing
This setting has no further documentation currently available
Syntax: g_policy_enable bool
g_pop_add_size – Improves pop performance on nfs slightly
This renames inbox messages to include the size of the file so that an lstat call is not needed.
Syntax: g_pop_add_size bool
g_pop_blocksize – Size of packets to read POP messages (best left alone)
Size of packets to read POP messages (best left alone).
Syntax: g_pop_blocksize int
g_pop_cram_enable – Enable cram-md5 support
This setting has no further documentation currently available
Syntax: g_pop_cram_enable bool
g_pop_delay – Send POP packets after waiting for more data to send
This setting replaced g_pop_nodelay, as the default has been changed. It was changed as this can improve performance.
Syntax: g_pop_delay bool
g_pop_flush_lines – Flush to tcp every line of message sent (slow)
Too debug faulty network/client pop issues, not for general use, this may slow performance significantly
Syntax: g_pop_flush_lines bool
g_pop_lock – Lock out duplicate POP users with the file system
Use this setting if you are sharing a file system between multiple mail servers. This will make the mail server lock the users files to prevent a second user of the same name logging in and reading mail from one of the other systems.
Syntax: g_pop_lock bool
g_pop_max – Max total POP & IMAP users at any one time
This limits the channels that will be used at any one time for incoming POP and IMAP connections. The purpose of this setting is to prevent a sudden burst of users reading mail from using up all available channels. Generally setting this is a bad idea as there is a sensible default (dependent on the system resources available).
See FAQ section on session limits
Syntax: g_pop_max string
g_pop_min_late – Give min time error on first command after login
This may be less disruptive as it stops the client thinking the password is wrong.
Syntax: g_pop_min_late bool
g_pop_min_msg – Additional warning to give user when they login too soon
This lets you explain to the user what the problem is. Don’t get carried away some clients may not like a long string here!
Syntax: g_pop_min_msg string
g_pop_min_skip – Skip ip addresses matching this list.
Useful for whitelisting webmail servers etc. 127.0.0.1 is always skipped
Syntax: g_pop_min_skip string
g_pop_min_time – Min time in seconds between consecutive POP logins, NEVER USE
If a pop client connects more often than this, give an error. This setting will very likely break webmail sessions and cause odd problems, Best avoided!
Syntax: g_pop_min_time int
g_pop_nolock – Allows concurrent pop logins, recommended
This setting avoids problems when users use pop and imap access to the same account at the same time.
Syntax: g_pop_nolock bool
g_pop_port – Port to listen for POP connections (default 110)
Typically you won’t need to change this, however you can specify an IP address to bind to or a list of alternate ports, eg: 10.3.2.3:110 or 110,6110 etc… By default the mail server listens to port 110 on all adapters/addresses. Use the keyword ‘disabled’ to disable this part of the SurgeMail service.
Syntax: g_pop_port string
g_pop_secure_port – Port to listen for secure POP connections (default 995)
Dedicated secure port to listen on for POP connections. Use the keyword ‘disabled’ to disable this part of the SurgeMail service.
Syntax: g_pop_secure_port string
g_pop_warning – Send manager warning if this many sessions (pop or imap) reached (max 1 per hour)
This setting has no further documentation currently available
Syntax: g_pop_warning int
g_popfetch – Fetch incoming mail from another POP server
POPfetch will retrieve mail from POP accounts on another server and store it locally. The POP fetch interval can be set using g_popfetch_interval. The parameters for this setting are host(required), user(required), pass(required) or localuser(required).
eg:
g_popfetch host=”netwin.co.nz” user=”marijn” pass=”secret” localuser=”marijn@anydomain.com”
Alternatively POPfetch is able to attempt local delivery based on headers. Delivery is attempted to “X-Rcpt-To:” with fallback of “To:” and “Cc:” headers. To enable this the local user needs to be defined as “*,userxxx”. Fetched mail will be delivered as specified in the headers or if no valid user is identified in the header to the default user “userxxx”.
Syntax: g_popfetch host=string user=string pass=string localuser=string disable=bool
g_popfetch_interval – Interval between POPfetch attempts
The interval (in seconds) between successive attempts to fetch mail from remote mailserver POP accounts (as per g_popfetch rules). (default is 5 minutes = 300)
Syntax: g_popfetch_interval int
g_popfetch_kick – POPfetch will try and open the link for 10 seconds, then retry, this should bring up ISDN lines.
If true then POPfetch will try and open the link for 10 seconds, then retry, this should bring up ISDN lines.
Syntax: g_popfetch_kick bool
g_popfetch_nodup – Drop duplicate messages
Drop duplicate messages based on “Message-id:” header.
Syntax: g_popfetch_nodup bool
g_ppd_port – POPPassD port (default 106)
Port to listen for POPPassD connections. Typically you won’t need to change this, however you can specify an IP address to bind to or a list of alternate ports, eg: 10.3.2.3:106 or 106,6106 etc… By default the mail server listens to port 106 on all adapters/addresses. Use the keyword ‘disabled’ to disable this part of the SurgeMail service.
Syntax: g_ppd_port string
g_private – Enable a private customer specific feature
Used to enable private features. Not for general use
Syntax: g_private string
g_proxy – Proxy mode (or mailhost)
This enables the SurgeMail proxy mode, using ‘tohost=”xxx”‘ received from the authentication to determine real host for SMTP/POP connections. Any incoming SMTP, POP or IMAP connections will be passed on directly to the specified server. This allows you to split a domain over several separate systems. This method is outlined in general terms here.
To setup a proxy server system with 4 machines (2 proxy, 2 backend) use the following steps, lets assume your hosts are PROXY1, PROXY2, SERVER1, SERVER2
1) Set on the proxy servers in surgemail.ini g_proxy “true”
On the back end server use g_pop_nolock “true” (to avoid timing issues)
On the back end server set g_tohost_local “server1” (or server2) so it knows it’s own name.
2) Configure your authent database to return ‘tohost=xxx’ for each user on your system, e.g. in nwauth
nwauth set testuser1@test.com test tohost="SERVER1" set testuser2@test.com test tohost="SERVER2" lookup testuser1@test.com +OK testuser1@test.com config 0 tohost="SERVER1"
3) Configure your load balancing router to send users to PROXY1 & PROXY2, …
4) When new users are added always define the ‘tohost’ setting to define which system they are added to as load increases you can add more backend or frontend servers as needed.
This is very similar to the ‘mailhost’ setting some systems use in LDAPAuth to translate mailhost to ‘tohost’ you would use: info_fields mailhost,tohost in ldapauth.ini
Syntax: g_proxy bool
g_proxy_default – Default proxy host
Default host to forward to if ‘tohost’ is not defined in user database for this user.
Syntax: g_proxy_default string
g_proxy_to_gateways – Proxy pop/imap connections to matching gateway settings
This setting has no further documentation currently available
Syntax: g_proxy_to_gateways bool
g_proxy_usercgi – Proxy user.cgi requests to tohost (web_ref_text.txt & g_web_ref_path_extension must match on all servers)
This setting has no further documentation currently available
Syntax: g_proxy_usercgi bool
g_proxy_webmail – Redirect webmail logins to external host name
This lets you use a front end server to move web based logins onto the correct webmail host
Syntax: g_proxy_webmail host=string redirect=string
g_pstat_disable – Disable pstat per user accounting (for debugging)
Used for debugging only, do not play with this.
Syntax: g_pstat_disable bool
g_queue_all – Always queue local messages before delivery
This setting has no further documentation currently available
Syntax: g_queue_all bool
g_queue_limit – If on disk queue exceeds this block incoming mail
If you send email in faster than it can be sent, the queue grows forever until the server fails due to huge directories or insufficient disk space, this setting stops the incoming messages so you are alerted to the problem before it becomes critical. Note that this stops all incoming mail, including local deliveries. This is the number of items
Syntax: g_queue_limit int
Example: g_queue_limit “100000”
g_queue_max – Size of internal queue file cache
Size of internal mail queue file cache, range 500-3000.
Syntax: g_queue_max int
g_queue_spawn – Run command on queue files before delivery ONLY if g_queue_all is true, filename is passed as parameter
This setting has no further documentation currently available
Syntax: g_queue_spawn string
g_queue_warning – If on disk queue exceeds this send manager a warning
If you send email in faster than it can be sent, or something is wrong (e.g. a broken dns server) then this helps warn you early
Syntax: g_queue_warning int
Example: g_queue_warning “10000”
g_quota – Disk quota for users in specified g_access_group
If the user is in the specified group they get the specified disk quota. This is applied if no quota is specified in the authent module.
Syntax: g_quota group=string quota=string
g_quota_550 – Give 550 quota response instead of 552
Can help with old systems that need the wrong error code.
Syntax: g_quota_550 bool
g_quota_at – Default is 80%
Level at which user gets a warning message
Syntax: g_quota_at string
g_quota_before_forward – Do quota check before forwarding.
This setting has no further documentation currently available
Syntax: g_quota_before_forward bool
g_quota_disable – Disable quota system
Disables quota processing completely
Syntax: g_quota_disable bool
g_quota_friends – Count stored spam as part of quota
Count friends pending messages and spam store as part of the per user quota.
Syntax: g_quota_friends bool
g_quota_from – Return address for quota warning messages
This setting has no further documentation currently available
Syntax: g_quota_from string
g_quota_noemail – Disables all quota messages to the user
This setting has no further documentation currently available
Syntax: g_quota_noemail bool
g_quota_notrash – Remove Trash folder from quota calculation
This setting has no further documentation currently available
Syntax: g_quota_notrash bool
g_quota_rcpt_disable – Disables quota check at rcpt stage
SurgeMail now does quota checking at rcpt stage (Quota checking used to be done after data arrived) This setting disables the quota checking at rcpt stage if the above causes problems (not intended for general use).
Syntax: g_quota_rcpt_disable bool
g_quota_report – Send quota warnings to the manager
Useful for small systems where any quota limit failure is an issue for the manager to resolve, only one report is sent a day so you may not hear about all users over quota.
Syntax: g_quota_report bool
g_quota_skip – Skip quota checks for matching ip addresses
Skips the quota checking. Use this if you have a high priority robot (like your billing system) that must be able to deliver email to users (or students) even if the user is over quota.
Syntax: g_quota_skip string
g_quota_try_later – Retry responses for over quota
Give 450 response if user is over quota so message will be resent.
Syntax: g_quota_try_later bool
g_quota_warning_disable – Disables the 80% quota warning message
Disables the 80% quota warning message.
Syntax: g_quota_warning_disable bool
g_recent_bypass – Bypass recent login failure checking
This allows you to disable recent login failure checking for certain IP addresses. Normally there up to a maximum of 9 login attempts are allowed per connection.
Syntax: g_recent_bypass string
g_record_days – Period delivery logs are stored
The number of days SurgeMail message delivery logs are stored.
Syntax: g_record_days int
g_record_hash – Hash delivery logs
Message delivery logs may be stored in hashed format within g_record_path as <surgemail dir> \recYYMM\msgYYMMDD.rec
Syntax: g_record_hash bool
g_record_login – Log successful logins to msg*rec files
This setting has no further documentation currently available
Syntax: g_record_login bool
g_record_path – Path for mail delivery logs
Sets the path for the SurgeMail delivery logs. Delivery logs contain entries for mail received and delivered in a single file per day. See Searching the Log Files for more information.
Syntax: g_record_path string
g_recover_noquestions – Remove question based password recovery system
This setting has no further documentation currently available
Syntax: g_recover_noquestions bool
g_recover_reminder – Send users reminder email monthly until they set a recovery email address
This setting has no further documentation currently available
Syntax: g_recover_reminder bool
g_recycling – Keep deleted messages so users can undelete email
See tellmail undelete command, The recycling folder tree is visible in surgeweb and can be made visible in other imap clients. Please not that you must refresh the index of a folder to see any old messages that are deleted as uid's are preserved. In surgeweb use the 'manage folders, refresh all indexes' to ensure all messages are displayed.
Syntax: g_recycling bool
g_recycling_del – Allow usergroup to delete messages from the recycle folder
This setting has no further documentation currently available
Syntax: g_recycling_del string
g_recycling_life – Days to keep imap deleted messages, default 30
This setting has no further documentation currently available
Syntax: g_recycling_life int
g_recycling_pop – Do recycling for POP deletes too
This setting has no further documentation currently available
Syntax: g_recycling_pop bool
g_recycling_visible – Only allow members of this group to see recycling folder
This setting has no further documentation currently available
Syntax: g_recycling_visible string
g_relay_allow_from – Allow relaying for known from addresses
This setting allows users to send outgoing Email if their envelope ‘from’ address is a known local address. This is a very bad idea in general as spammers can do this too. So in general don’t use this setting except as a lesser of two evils. It will be detected by some open relay checking systems and your site can then end up listed as an open relay. If this happens your Emails will be rejected by other peoples systems. e.g.
g_relay_allow_from "*@my.domain,*@second.domain,fred@third.domain"
Syntax: g_relay_allow_from string
g_relay_allow_ip – Allow relaying from these users
List the IP ranges of local users that you will allow to send ‘OUTGOING’ Email without using SMTP authentication, e.g. “127.0.0.1,10.0.*”. In the past, mail servers used to permit this from any IP address, but since this was abused by ‘spammers’ all modern mail servers only allow this from known local IP addresses. Remote users should use ‘smtp authentication’ or login via POP protocol before sending Email, then SurgeMail will trust them. Do NOT set this to ‘*’ If you do your system will be blocked as it will be assumed that spammers are using your system even if they are not!!!
Syntax: g_relay_allow_ip string
g_relay_dom_and_ip – Relay based on domain and IP
Allow relaying if the domain in the from envelope and IP address both match.
Syntax: g_relay_dom_and_ip domain=string ip=string
g_relay_ifnot – Accept locally only if not from this ip
This lets you send all email to ‘mx’ destination, even if the account is local, unless it is coming from a known ip address range.
Syntax: g_relay_ifnot string
g_relay_message – Message to display to users who try to relay
Text string displayed to users who try and relay.
Default (blank) is: “Relaying blocked, read new mail, add <sender.ip> to forwarding or enable smtp authentication in your mail client”
Syntax: g_relay_message string
g_relay_nolocal – Do not automatically relay for 127.0.0.1
This setting has no further documentation currently available
Syntax: g_relay_nolocal bool
g_relay_process – Relay process, e.g. testip.exe $WHOIP, return 1 to allow relaying, 0=deny
Allows you to run an external program to lookup an ip address and decide if it is one of your users who should be allowed to relay. This can be used when your users login via some type of shared system so the ip ranges are not known but you do have a way of checking if a user of yours is ‘currently’ connected on an ip address
Syntax: g_relay_process string
Example: g_relay_process “c:/surgemail/testip.exe $WHOIP”
g_relay_to – Relay to this domain from anyone
This setting allows mail from anyone to be relayed to the specified domain. The relaying is unconditional.
Syntax: g_relay_to string
g_relay_to_user – Relay to specific user from anyone
This setting has no further documentation currently available
Syntax: g_relay_to_user string
g_relay_window – Allow relaying after valid POP login
This sets the time after a valid POP login that you will allow a user on the same IP to send outgoing mail. In general it is safe to set this setting large and it can allow people using old mail clients (that do not know how to do SMTP authentication) to still send through your server without making your server an open relay.
Syntax: g_relay_window int
g_relay_window_from – Requires pop authed user is in from header of sent message
This must be used with g_relay_window, the matching is ‘simplistic’ and matches on the ‘from envelope’ but will stop most simple forms of abuse.
Syntax: g_relay_window_from bool
g_rename_content – Wild card list of mime types to rename, e.g. application*zip*
This setting has no further documentation currently available
Syntax: g_rename_content string
g_rename_files – Files to apply virus renaming to
Only takes effect if g_virus_rename is checked. Default is: “*.exe,*.pif,*.bat,*.com,*.cmd,*.jav,*.vbs,*.scr,*.wsh”
Syntax: g_rename_files string
g_report_host – Report facts to a central host
Not for general use currently
Syntax: g_report_host string
g_report_notspam – Send not spam samples to netwinsite.com automatically (unwise)
This feature enables automatic reporting of some not spam messages (as tagged by users on your server) – this setting has serious privacy considerations only use if your users are happy with this. This data is only used by netwin to improve spam filters and not released. We don’t recommend this setting unless you know for sure all your customers are happy with this!
Syntax: g_report_notspam bool
g_report_spam – Send spam samples to netwinsite.com when msg trained
Note that this sends full mail samples to netwinsite for later analysis/training.
Syntax: g_report_spam bool
g_responder_delay – Delay between responses to the same address.
This setting has no further documentation currently available
Syntax: g_responder_delay string
g_responder_from – Send ‘from’ destination user. Usually unwise!
Use g_bounce_noreply setting instead to avoid annoying bounces
Syntax: g_responder_from bool
g_responder_noreply – Send ‘from’ noreply@ destination domain, improves delivery
This improves delivery
Syntax: g_responder_noreply bool
g_responder_safer – Only respond if the sender can be verified in some way (spf/domainkeys)
This setting makes the server less likely to be black listed by accidentally responding to a forged email.
Syntax: g_responder_safer bool
g_responder_score – Do not respond if spam score is above this
This can further reduce spam back scatter issues
Syntax: g_responder_score int
g_responder_sender – Responder whitelist for email from address
Allow response on spf failure if from matches thsi wildcard
Syntax: g_responder_sender string
g_responder_skip – Skip responder if from matches
Skip responder if from envenlope matches this list/wild card
Syntax: g_responder_skip string
g_responder_source – Responder whitelist for from ip name or number
Allow response on spf failure if from matches thsi wildcard
Syntax: g_responder_source string
g_responder_to – Responder whitelist for destination user
Allow response on spf failure if to matches this list
Syntax: g_responder_to string
g_responder_utf8 – Send response in utf8 format
Alow utf8 chars in response
Syntax: g_responder_utf8 bool
g_restart – Auto restart server
If turned on Swatch (a spawned second process) checks every 30 seconds to see if the server is still running. If it isn’t running but it’s pid file still exists (so if it died) this second process restarts the missing server and sends the manager account an Email reporting the fault.
For this to work on NT you need to set Dr Watson NOT to show visual notification of faults:
This sets Dr Watson to be the default debugger) c:/> drwtsn32 /i This brings up the Dr Watson settings, un-tick "Visual Notification" c:/> drwtsn32
Generally this setting is not needed and could be left off, but if an odd problem should develop, this setting can give you peace of mind for a few days while you wait for a problem resolution from NetWin.
Syntax: g_restart bool
g_restart_kill – Allow swatch to kill surgemail if not responding – beta
This setting has no further documentation currently available
Syntax: g_restart_kill bool
g_restart_malloc – Restart server if malloc exceeds this (in mb), e.g. 1000
This setting has no further documentation currently available
Syntax: g_restart_malloc int
g_restart_vmsize – Restart server if vmsize exceeds this (in mb), e.g. 1000
This setting has no further documentation currently available
Syntax: g_restart_vmsize int
g_route – Wildcard route mail to specified server
Route messages matching particular wildcard “from address” and wildcard “to address” to specified server. This is not a gatweay rule and is only applied to mail that has already been accepted via SMTP authentication, relaying rules or gateway rules.
This would typically be used to route all mail for a particular user on a domain to another mailserver or to route all mail from a local domain through another server:
Case 1: Route mail for one user to another server
g_route from=”*@*” to=”user@localdomain.com” dest=”1.2.3.4″ user=”” pass=””
Case 2: Route all mail from local domain through other server
g_route from=”*@localdomain.com” to=”*” dest=”1.2.3.4″ user=”” pass=””
g_route_except gets applied allowing you to prevent mail coming in from certain IP addresses to be routed.
Syntax: g_route from=string to=string dest=string user=string pass=string
g_route_by_tohost – Route based on authent ‘tohost’ field
Use routing to a particular server based on ‘tohost’ setting in authentication database. This is particularly useful if you have users spread over several physical locations and want to be able to route mail for different users to particular servers.
Syntax: g_route_by_tohost bool
g_route_except – IP exception to g_route and g_route_by_tohost
IP exception to g_route and g_route_by_tohost.
Syntax: g_route_except string
g_route_local – Route messages for local domains if the rule applies
This setting has no further documentation currently available
Syntax: g_route_local bool
g_route_local_ifexists – Route messages for local domains if the rule applies and the local user exists
g_route_local is also required.
Syntax: g_route_local_ifexists bool
g_sabre_version – SabreDAV version (DO NOT CHANGE, for debugging only)
This setting has no further documentation currently available
Syntax: g_sabre_version string
g_safe_alert – Email manager when user fails to login from new ip
Useful to keep an eye on users and hackers
Syntax: g_safe_alert bool
g_safe_country – White list use 2 char country code, e.g. US,NZ,AU a list is ok
This whitelists your entire country, which can help prevent user confusion by blocking logins while still blocking logins from the rest of the world
Syntax: g_safe_country string
g_safe_country_nowarning – Whitelist countries for just this setting
This setting has no further documentation currently available
Syntax: g_safe_country_nowarning string
g_safe_imap – Force users to prove they are real if logging in from pop/imap NEVER NEVER USE
This feature is intended to prevent spamers/hackers from harvesting accounts on your system and then using them to send out spam. This setting should never be used as users often never see the error and just get prompted for a new password.
Syntax: g_safe_imap bool
g_safe_message – First line of email sent to user when login blocked
The default is ‘Sorry logins are not permitted from unknown ip addresses’
Syntax: g_safe_message string
g_safe_smtp – Force users to prove they are real if logging in from unknown sources via smtp
This feature is intended to prevent spamers/hackers from harvesting accounts on your system and then using them to send out spam, the user is sent an email to enable logins
Syntax: g_safe_smtp bool
g_safe_smtp_email – Email manager as remote ip addresses are added
This feature is intended to prevent spamers/hackers from harvesting accounts on your system and then using them to send out spam
Syntax: g_safe_smtp_email bool
g_safe_text – The first line of the warning email when a new login occurs
This lets you explain to the user what this email is about.
Syntax: g_safe_text string
g_safe_warning – Email user for logins from new ip addresses
Helps alert users if their account has been hacked, will also cause confusion though. This is not the same as g_safe_smtp which also generates user level warnings…
Syntax: g_safe_warning bool
g_safe_white – White list for g_safe* settings
These ip addresses are always considered to safe, typically internal networks, 10.*.*.* .
Syntax: g_safe_white string
g_sample_get – Sample account to check if deliveries work
The idea is to create several accounts on various public mail servers. Then send a test message using a mailing list or g_redirect rule to these test accounts, then use the command tellmail sample_get CODE DELETE to check if the messages have arrived. The first paramter of tellmail sample_get is a code it expects to find in the message headers (or subject) and the second paramter should be the keyword ‘delete’ if you want it to delete the sample messages.
Syntax: g_sample_get host=string user=string pass=string
g_sample_show – Headers to show from sample messages
Typicall you will list headers that are added by spam filters
Syntax: g_sample_show string
g_scan_action – Converts return value from g_scan_cmd to action on email
Converts return value from g_scan_cmd, action=drop,accept,bounce.
Syntax: g_scan_action code=int action=string reason=string
g_scan_cmd – Run command on message, and return integer
Run command on message, and return integer, see g_scan_action.
Syntax: g_scan_cmd string
g_scan_cmd_failok – Don’t reject if script fails
This setting has no further documentation currently available
Syntax: g_scan_cmd_failok bool
g_scan_cmd_skip – Skip for matching ip addresses
This setting has no further documentation currently available
Syntax: g_scan_cmd_skip string
g_scan_cmd_testing – Don’t reject, (for testing)
This setting has no further documentation currently available
Syntax: g_scan_cmd_testing bool
g_sched_utoken_timeout – Timeout for sched utokens in minutes
Timeout for sched utokens in minutes.
Syntax: g_sched_utoken_timeout int
g_server_name – Wildcard “SERVER_NAME” translation for domain identification
The vdomain a user connects on is normally identified automatically for “user account self management” and for “webmail”. In the event that the domain name is not the same as the host name (eg hostname = mail.domain.com, domainname = domain.com) the WebMail web server can automatically translate the SERVER_NAME variable.
This setting specifies a wild card list of URLs ‘URL’ with associated translated host name for “SERVER_NAME”. If the URL matches then SERVER_NAME is set to the second part of this setting ‘name’. eg: to host the domains domain.com and mail.domain.com on host mail.domain.com:
g_server_name url=”*.domain.com” name=”domain.com”
Note: If your server name is not the same as your domain name also check the per domain setting URL_host.
Syntax: g_server_name url=string name=string
g_server_stamp – Replaces SurgeMail and version string in “Received” headers
Replaces SurgeMail and version string in Received headers of process mail
Syntax: g_server_stamp string
g_setpassword_firstlogin – Accept any password on first POP login and set in database (EMERGENCY USE ONLY, requires nwauth -reasonfail parameter)
This setting has no further documentation currently available
Syntax: g_setpassword_firstlogin bool
g_sf_binary – Use Binary Network
Binary tree for scoring – this mechanism scores based on finding the sample or samples with the closes matching features, and counting how many are spam/not spam. This method is the best choice (currently)
Syntax: g_sf_binary bool
g_sf_disable – Smart Filter Disable
This setting has no further documentation currently available
Syntax: g_sf_disable bool
g_sf_generate – Build local smart filter
Creates feature_gen.dat from sf_mfilter.txt (instead of using feature_gen.net downloaded from netwinsite.com). This requires your server to have a reasonable sample of spam in the train… folders, this is collected automatically over a few days.
Syntax: g_sf_generate bool
g_sf_ignore_users – Ignore user submissions just use automatic samples (obsolete)
This setting has no further documentation currently available
Syntax: g_sf_ignore_users bool
g_sf_limit – Limit range of self training
This setting has no further documentation currently available
Syntax: g_sf_limit bool
g_sf_list – Use list mechanism for scoring
A new mechanism to score more rationally based on the known data.
Syntax: g_sf_list bool
g_sf_nnet – Use Neural Network (Experimental, ONLY FOR TESTING)
Experimental setting
Syntax: g_sf_nnet bool
g_sf_nosanity – Disables improved g_sf_binary with sanity checks
This smoothes out the nonsense a bit if g_sf_binary over-reacts to training or small samples
Syntax: g_sf_nosanity bool
g_sf_obey_users – Obey user submissions about non spam, usually not a good idea
This setting has no further documentation currently available
Syntax: g_sf_obey_users bool
g_sf_rules – Use manual rules to improve scoring
Use additional manual rules
Syntax: g_sf_rules bool
g_sf_saneonly – Sane score only
Experimental setting
Syntax: g_sf_saneonly bool
g_sf_sanity2 – Enables improved sanity scoring
This second sanity check improves scores over 8 to be a bit more useful.
Syntax: g_sf_sanity2 bool
g_sf_sanity_test – Experimental setting never use
Test another spam scoring method
Syntax: g_sf_sanity_test bool
g_sf_test2 – Testing
Experimental setting
Syntax: g_sf_test2 bool
g_share_home – Allow sharing of home directory
This allows sharing of the home directory in the unlikely situation that you might want to run separate surgemail processes. eg one process to cope with SMTP and another to cope with POP access.
Syntax: g_share_home bool
g_share_mail – Allow sharing of mail directory
Set true if mail area is shared (by nfs or other mechanism)
Syntax: g_share_mail bool
g_share_quota – Do quota on disk (e.g. when using nfs shared spool)
Normally SurgeMail keeps track of quota for all users in memory, this is efficient, but means if your are using a shared mail spool the quota figures are completely wrong, so use this setting to make surgemail keep track of quota’s on disk, it increases disk load a bit of course but not too much.
Syntax: g_share_quota bool
g_shutdown_slow – Delay shutdown
Add 20 second delay to shutdown for testing purposes only.
Syntax: g_shutdown_slow bool
g_slow_welcome – Delay the welcome message
Add 20 second delay to welcome message for testing purposes only.
Syntax: g_slow_welcome bool
g_smite_all – Add smite headers to all messages passing through server
Normally SmiteSpam headers are only added for locally delivered messages. This setting to all messages passing through this server.
Syntax: g_smite_all bool
g_smite_gateway – Add smite headers to gatewayed messages
Normally SmiteSpam headers are only added for locally delivered messages. This setting adds the headers for gatewayed messages too. This also adds headers to messages that are redirected by forward rules as well.
Syntax: g_smite_gateway bool
g_smite_level – Smite level to discard message
If SmiteSpam gives a message a “smite score” above this, throw it awayl. This setting is best never used. If used it should be set to ‘1 or 2’. A value of 1 = “has been reported”, 2 = “has been reported multiple times”. If smite match score is above this drop message. This is applied when the user downloads the email not at delivery time. What you probably want is ‘g_spam_bounce’ described elsewhere on this page.
Syntax: g_smite_level int
g_smite_skip – Skip smitecrc processing for messages from these domains
This will skip running SmiteCRC for messages whose from address matches these domains. This is the mail from envelope header NOT the from header in the message (you can check the return path header in the message to check what you need to add for this setting).
Note this is a wildcard field so to match any mail claiming to be from safedomain.com you would have to set:
g_smite_skip “*@safedomain.com”
Syntax: g_smite_skip string
g_smite_skip_auth – Skip spam scanner if user logged in
Skips spam checks and spam header generation for any authenticated local user.
Syntax: g_smite_skip_auth bool
g_smite_skip_from – Skip spam scanner if from header/env matches this wild card
This setting has no further documentation currently available
Syntax: g_smite_skip_from string
g_smite_skip_ip – Skip smite based on sender IP
Skip smite scanner if sender IP matches this wild card list.
Syntax: g_smite_skip_ip string
g_smite_skip_only – Skip spam scanner if to matches this wild card and no other recipients that ‘don’t’ match…
This setting has no further documentation currently available
Syntax: g_smite_skip_only string
g_smite_skip_relay – Skip spam scanner if ip can relay
Skips spam checks and spam header generation for any local user.
Syntax: g_smite_skip_relay bool
g_smite_skip_to – Skip smite based on <to>
Skip smite scanner if to matches this wild card to <address>.
Syntax: g_smite_skip_to string
g_smite_tag – Tag message if in SmiteSpam database
If set to true will tag messages already in the SmiteSpam database. A value of 1 = “has been reported”, 2 = “has been reported multiple times”.
Syntax: g_smite_tag bool
g_sms_forward – Specifies IP’s which are allowed to forward to SMS gateways
Normally sms gateways are restricted to authenticated users (SMTP authentication) this allows you to specify IP’s which can send without authentication. For example you may want your dlist server to send SMS, in which case you might add 127.0.0.1 to this setting.
Syntax: g_sms_forward string
g_sms_gateway – Address and port of your SMS gateway
This is the ip and port of an ’email to sms gateway’. The gateway should accept SMTP messages on this port and convert the email into an sms message then deliver to the phone number in the ‘to’ address. SMSGate is our ’email to sms gateway’ and is FREE with SurgeMail. Setting user_sms to “true” for a domain allows users to specify a phone number (or email address) and rules for when to notify them.
Syntax: g_sms_gateway string
g_sms_gateway_force – Force sms notifications to go to g_sms_gateway
If a user sets their sms number to an email address, perhaps to make use of an existing gateway, then surgemail will send the message to the domain in that address. If you set this you can force the email to go to g_sms_gateway. NOTE: It is possible to configure SMSGate with ‘send_mode smtp’, ‘recv_mode none’ and no GSM modem. In this setup it simply reformats messages passing them on to the configured smtp_outserver for delivery as email messages.
Syntax: g_sms_gateway_force bool
g_sms_gateway_msgbytes – Maximum amount of message to send to g_sms_gatway (bytes)
Defines the maximum number of bytes of ‘body’ text to send to the g_sms_gateway. All headers are sent, then the defined number of bytes of ‘body’ text. Defaults to 160. May be set larger than the default if you have a lot of html messages or multipart html and text messages. Should not be set too large as there is no point sending binary attachments and the like to an sms gateway.
Syntax: g_sms_gateway_msgbytes int
g_sms_gateway_subjbytes – Maximum length of subject in sms message
Defines the maximum number of bytes of ‘subject’ text to send to the g_sms_gateway.
Syntax: g_sms_gateway_subjbytes int
g_spamdetect_some – Only show spamdetect header for bad scores
This setting has no further documentation currently available
Syntax: g_spamdetect_some bool
g_spawn_log – If true the spawns are logged to lib_spawn.log
Useful for finding obscure problems with spawned modules of various kinds, webmail, nwauth, virus checkers etc.
Syntax: g_spawn_log bool
g_spf_baddns_skip – If spf dns failure then allow message through (instead of giving retry error)
This setting is not normally needed as lookups generate retry failures so the sending server tries again and the dns failure (which is usually temporary) won’t occur the second time. Normally on a DNS failure SPF should give a ‘retry’ message, this is because spammers often have faulty DNS servers so that SPF checks always fail for their domain, so letting the message through will let some spam into your system. But in some situations the normal behavior might loose you real email so then using this setting at least until your dns problems are resolved might be wise.
Syntax: g_spf_baddns_skip bool
g_spf_byemail – Perform allow bounce confirmation via email.
This gives an email to the sender in the allow bounce message instead of aa url.
Syntax: g_spf_byemail bool
g_spf_debug_log – Enable spf.log file
By default this log is not generated as it’s not usually needed.
Syntax: g_spf_debug_log bool
g_spf_default – (strict only) Default spf record if none found default ‘mx/16 a ptr:%{d2} -all’
The example shown isn’t entirely true, we adjust the ‘d2’ depending on the domain, so it’s usually unwise to change this.
Syntax: g_spf_default string
g_spf_default_noblock – (strict only) Only stamp headers if default spf record fails when no real spf header
This setting makes blocking occur only for REAL spf records, not for the default one applied to domains that have no SPF record defined.
Syntax: g_spf_default_noblock bool
g_spf_dns_timeout – Seconds to wait for dns lookups for spf, best not to change
Generally a ten or twenty second timeout is reasonable. Adjusting the default is probably not necessary.
Syntax: g_spf_dns_timeout int
g_spf_domain – Domain for SPF rewrite and allow messages (defaults to first domain on server)
When SurgeMail relays/forwards a message the ‘from’ address is rewritten (g_spf_rewrite should be true). The new address is ‘from’ your domain and this setting tells surgemail which local domain to use for these from addresses.
Syntax: g_spf_domain string
g_spf_enforce – List of wildcard/domains to enforce spf for, e.g. paypal.com,*bank*
This enforces spf for domain that must be trusted.
Syntax: g_spf_enforce string
g_spf_enforce_auto – Enforce spf for commonly forged domains paypal.com,*bank*
If enabled this will enforce spf for some common domains that get forged.
Syntax: g_spf_enforce_auto bool
g_spf_enforce_local – If spf fails and it’s a local domain then skip grey listing and bounce
This settings stops spammers who fake your own email domains, but it may upset users who are not authenticating or are using their own mail servers, so you will have to expect a few minor issues like that when you turn this on. This setting over-rides the ‘users’ spf and friends settings for local domains. (was miss documented as give allow message)
Syntax: g_spf_enforce_local bool
g_spf_enforce_real – Enforce spf for domains with strong spf entries
Enforces spf if the domains spf record ends with -all
Syntax: g_spf_enforce_real bool
g_spf_header – Use g_verify_mx_skip and apply to resulting ip
If the sending host matches g_verify_mx_skip, then spf tests are performed on the first received header not listed in that setting. Only stamping is possible though since this indicates a front end gateway and a reject would cause a ‘bounce’ which would not be safe
Syntax: g_spf_header bool
g_spf_mode – Sender Permitted From
See https://netwinsite.com/spf.htm for details.
Syntax: g_spf_mode string
g_spf_noallow – Give hard bounce (no allow message) for spf failures for these domains & ignore friends
This toughens spf for critical domains (banks etc) where you don’t want any forged messages leaking through. This setting over-rides the users spf/friends settings for these domains (so should be used with some caution)
Syntax: g_spf_noallow string
g_spf_nocache – Disable SPF cache
There is a small cache used for SPF results, This setting disables it.
Syntax: g_spf_nocache bool
g_spf_nofriend – Ignore friends for spf
This toughens spf so friends matches don’t bypass it
Syntax: g_spf_nofriend bool
g_spf_nogrey – Skip SPF grey listing for these domains (require allow response)
This toughens spf for the domains in question, requiring that they really pass an ‘allow’ test rather than simply a grey listing test. Good for commonly forged domains which do normally obey spf.
Syntax: g_spf_nogrey string
g_spf_norewrite – Exceptions to rewrite rule, e.g. *@my.domain,bob@this.domain
Where you allow users to send through your server you may want to stop rewriting for their domains so that their from address is not munged. Local domains are automatically excempt from ‘rewriting’. Specify *@domain.name not just domain.name
Syntax: g_spf_norewrite string
g_spf_required – Require an spf entry for these domains
Used to make select domains add spf to talk to you 
Syntax: g_spf_required string
g_spf_rev_skip – Skip SPF checks if reverse ip name matches in this list, e.g. *.yahoo.com
Where you identify a domain that does not support SPF and is often used in a manner which breaks SPF default rules this setting can safely allow the problem domain. This setting is probably not needed now most large mail systems are using SPF.
Syntax: g_spf_rev_skip string
g_spf_rewrite – Rewrite ‘from’ envelope in redirected mail (SRS)
When messages are redircted/forwarded to another server from you server, the ‘from’ address of the existing message envelope will no longer obey SPF rules as it will be coming from your server rather then the original server. So to fix this enable this rewrite setting and then the from envelope is rewritten to point to your system using a short life token. The ‘from’ header of the message is not modified.
Syntax: g_spf_rewrite bool
g_spf_rewrite_gateway – Rewrite even if gateway rule applies
In some cases you will want SRS rewriting for relay hosts, In which case you should turn this on.
Syntax: g_spf_rewrite_gateway bool
g_spf_rewrite_relay – Rewrite even if from ip is a host to relay for
In some cases you will want SRS rewriting for relay hosts, In which case you should turn this on.
Syntax: g_spf_rewrite_relay bool
g_spf_share – List of hosts to share allow ips with. Must all have same srs.secret file
List your other incoming mail servers (which must be running surgemail). This lets SurgeMail share the list of known IP addresses which have sent ‘allow’ emails. You must copy your srs.secret file across all of the servers in question so they can verify each other correctly.
Syntax: g_spf_share string
g_spf_skip – Skip spf checks for these ip addresses, e.g. other mx hosts
List the ip addresses of your other MX servers so SPF checks wont fail when a message comes in via an mx host instead of directly. The SPF checking must therefore be done on all the MX servers.
Syntax: g_spf_skip string
g_spf_skip_from – Skip based on from, e.g. noreply@*paypal.com,…, Also skips RBL
Good for skipping SPF checking if a domain is in some way incompatible with SPF checking
Syntax: g_spf_skip_from string
g_spf_skip_to – Skips SPF checks based on rcpt address and RBL checks.
Syntax: g_spf_skip_to “user@domain.com”
This setting can be used to skip spf checks based on the rcpt address, if used with g_orbs_late “true” then it can also be used to skip rbl checks if the rcpt matches this setting.
Syntax: g_spf_skip_to string
g_spf_timeout – Seconds to wait for all spf lookups to finish, default 48 seconds
Best not to change
Syntax: g_spf_timeout int
g_spf_user_domain – Make allow bounces use destination user domain name
This can be useful if you need to ensure emails bounce with an address that is similar to the destination
Syntax: g_spf_user_domain bool
g_spf_very_strict – (strict only) Only give ‘allow’ option for default spf rule failures not real ones
In this mode real SPF failures are hard failures, but if there is no SPF record for a domain then the friendly ‘allow’ system is used to let the user send mail with only mild difficulty.
Syntax: g_spf_very_strict bool
g_spf_web_url – Specify full url for spf byweb commands http://domain.name:port
Normally the default will work.
Syntax: g_spf_web_url string
g_spflog_domains – Specify which domains should get spflog entries sent to them.
If some of your backend servers are not surgemail then this setting will be needed to turn off the spflog messages to the non surgemail servers
Syntax: g_spflog_domains string
g_spflog_enable – Enable this if this server is a frontend for a SurgeMail server users log into.
Enable this if this server is a frontend for a SurgeMail server users log into.
Syntax: g_spflog_enable bool
g_spool_path – Allows SurgeMail to scan a directory for messages to send.
Syntax: g_spool_path “directory of spool”
SurgeMail will scan this directory every few seconds and check for any messages in this directory if found SurgeMail will then send them the messages (must end in the extension .msg). The format of the messages is as follows (without the quotes).
filename: test.msg
“
To: you@domain.com
From: blah@domain.com
Subject: blah blah
This is a test
“
Syntax: g_spool_path string
g_sstat_disable – Disable netwin statistics gathering.
We use this to keep track of which features customers use/like
Syntax: g_sstat_disable bool
g_stack – For testing only, NEVER SET THIS
Never set this, it can make the server unstable
Syntax: g_stack int
g_stack_imap – For testing only, NEVER SET THIS
Never set this, it can make the server unstable
Syntax: g_stack_imap int
g_startup_delay – Startup delay
Seconds to wait before accepting inbound connections when starting SurgeMail .
Syntax: g_startup_delay int
g_status_login – Require login for spam status actions
This setting has no further documentation currently available
Syntax: g_status_login bool
g_status_url – Specify default global url for status messages
Normally the default will work.
Syntax: g_status_url string
g_status_view_html – Obsolete setting
Setting is no longer used.
Syntax: g_status_view_html bool
g_store_dropped – Store upto 5000 bad bounces in the dropped directory
This is useful to check if vanish_bad_bounces is working correctly
Syntax: g_store_dropped bool
g_subject_blank – Subject header if one is missing
Used if the message has no Subject header
Syntax: g_subject_blank string
g_surbl – SURBL Spam URI Realtime Blocklists
This looks up each url found in each mail message and checks it against the SURBL database of your choice, the multi database can be used. See http://www.surbl.org/, adds headers of the form: X-Surbl: stamp urlfound nameofsurbl. PLEASE NOTE: Access to surbl is only provided freely in some conditions, larger ISP’s may need to purchase a feed, see http://www.surbl.org/usage-policy
Syntax: g_surbl name=string stamp=string
Example: g_surbl name=”multi.surbl.org” stamp=”sc.surbl.org,ws.surbl.org,phishing,ob.surbl.org,ab.surbl.org,jp”
g_surbl_from – Also check the return path
Adds return path domain/from check in the surbl database, use with Spamhaus DBL
Syntax: g_surbl_from bool
g_surbl_reject – Reject email with SURBL hits
This can reduce spam on your server by completely rejecting all email containing surbl web links…
Syntax: g_surbl_reject bool
g_surbl_skip – URL’s to allow even if listed in surbl
Sometimes you will want to whitelist a url that is listed in one or more surbl databases, use this setting to do that.
Syntax: g_surbl_skip string
g_surbl_skip_ip – Skip SURBL check if sender is from listed ip
Sometimes you will want to whitelist an ip from SURBL checks. Use this setting to do this.
Syntax: g_surbl_skip_ip string
g_surbl_whois – Also check whois info on suspect urls – not for busy servers!
This setting searches whois information and compares what it finds to a list of known persistent spammers who register new domains regularly – if a match is found a surbl header is added. The whois servers don’t like getting heavy load so don’t use this setting if your server is very busy. A cache is used to minimize the load.
Syntax: g_surbl_whois bool
g_surgeblog – Specialize SurgeMail as a Blog server
This setting causes SurgeMail’s interface to specialize itself for the purposes of being a Blog server.
Syntax: g_surgeblog bool
g_surgeplus_delay_tell_upgrade – Delay informing existing users about new SurgePlus versions for
Delay informing existing users about new versions of SurgePlus for this long after the new version is downloaded to your server. SurgePlus clients poll the server once an hour so they won’t be informed about the new version for up to an hour longer than the value of this setting. Use this setting combined with the g_surgeplus_delay_tell_upgrade_exempt setting so that only administrator users are informed about new versions at first so you can confirm the new version works fine with your existing server configuration before everyone upgrades. Example values: “3 hours” or “2 days”
Syntax: g_surgeplus_delay_tell_upgrade string
g_surgeplus_delay_tell_upgrade_exempt – Users exempt from delayed new version informing
See the above setting for information. Example value: “user1@domain.name,user2@domain.name”
Syntax: g_surgeplus_delay_tell_upgrade_exempt string
g_surgeplus_hide_client_downloads – Hide the links to download and install SurgePlus Windows client
Use this setting if you don’t want your users to know about the SurgePlus Windows client. All this setting does is to hide the download links from the web interface.
Syntax: g_surgeplus_hide_client_downloads bool
g_surgeplus_links – Add web links to SurgePlus from other web interfaces (and vice versa) for users allowed to use SurgePlus.
This causes links to appear in the SurgePlus interface to switch to using WebMail (and DBabble if you have the g_dbabble_links setting on).
Syntax: g_surgeplus_links bool
g_surgeplus_log_level – SurgePlus log level. ‘none’, ‘info’, or ‘debug’. Default is ‘info’
Sets the amount of logging done for SurgePlus. When using ‘debug’ level, data is logged to surgeplusd.log in addition to surgeplus.log
Syntax: g_surgeplus_log_level string
Example: debug
g_surgeplus_online – Enable online tracking in surgeplus
Not recommended.
Syntax: g_surgeplus_online bool
g_surgeplus_pop_server_name – Default pop server to set SurgePlus client download to connect to.
SurgePlus Windows client downloads are set to connect to this POP server by default. This setting only applies if the user is downloading the client from a URL that does not match a valid domain on the server. If the URL does match a domain on the server, the domain specific version of this setting applies instead.
Syntax: g_surgeplus_pop_server_name string
g_surgeplus_port, g_surgeplus_secure_port – SurgePlus port and SurgePlus secure port.
SurgePlus uses the POP protocol to communicate with SurgeMail. However, some virus scanners running on the clients machine prevent the SurgePlus client from using POP commands that the virus scanner does not know about. In order to avoid this problem, SurgePlus uses port 7110 by default instead of port 110. However, clients not using a virus scanner (or clients using some virus scanners we have made SurgePlus work with – e.g. Norton) can safely use port 110 if they would otherwise be prevented from connecting to SurgeMail by a firewall. The SurgePlus client will quietly switch to using port 110 if it is not able to connect to the server using port 7110.
Syntax: g_surgeplus_secure_port int
g_surgeplus_smtp_server_name – Default smtp server to set SurgePlus client download to connect to.
SurgePlus Windows client downloads are set to connect to this SMTP server by default. This setting only applies if the user is downloading the client from a URL that does not match a valid domain on the server. If the URL does match a domain on the server, the domain specific version of this setting applies instead.
Syntax: g_surgeplus_smtp_server_name string
g_surgeplus_web_port – SurgePlus web port.
If you want your SurgePlus users to view shared files over a different port than WebMail uses give this setting a value.
Syntax: g_surgeplus_web_port int
g_surgeplus_web_url – Direct SurgePlus users to access shared files at this url
Use this to override the default location that users are directed to to view shared SurgePlus web files. If you don’t specify a value for this setting then it defaults to using the non-secure webmail port.
Syntax: g_surgeplus_web_url string
Example: https://||domain||:7443
g_surgewall_ignore_error – Deliver even if some rule sais bounce
This setting should never be used we think…
Syntax: g_surgewall_ignore_error bool
g_surgewall_redirect – Allow redirect/responder for surgewall
Allows redirect/responder settings to work for surgewall
Syntax: g_surgewall_redirect bool
g_surgewall_split – Split up surgewall messages, one per recipient
Split up incoming messages so subject tagging should work
Syntax: g_surgewall_split bool
g_tcp_bf_size – Set tcpip snd/rcv buffer sizes, best left blank
This setting has no further documentation currently available
Syntax: g_tcp_bf_size int
g_tcp_proxy_ip – Enable TCP proxy protocol for specific address
Enables the tcp proxy protocol on new connections for this address for pop,imap,smtp.
Syntax: g_tcp_proxy_ip string
g_tcp_que_len – Length of listen queue for incoming connections
Default is 25 or 200 on windows, to reduce non paged pool on windows reduce to 20
Syntax: g_tcp_que_len int
g_tcp_read_timeout – Timeout in ‘seconds’ on POP connections (do not adjust)
Timeout in ‘seconds’ on POP connections, do not adjust. (default 600).
Syntax: g_tcp_read_timeout int
g_tellmail_ip – Tellmail IP restriction
Restrict remote tellmail commands to these IP addresses.
Syntax: g_tellmail_ip string
g_thread_max – Total maximum number of threads allowed
Total maximum number of threads allowed on this system. This should not normally be changed. If you do increase it start small, eg: 400 is a safe number on most systems. Generally if you need to increase it more than that then you have a performance problem that needs fixing and increasing it more is unlikely to be a good idea. On Linux if your thread_max setting is above 500 then you must modify surgemail_start.sh to increase the handle limit from 1024 to 2048 (at least twice the g_thread_max value). If you get crashes with ‘handle_limit’ recorded in the logs then it’s likely that your operating system handle limit is too small for your g_thread_max setting. On Solaris you will need the 64 bit build of SurgeMail to increase this limit as the Solaris 32 bit ‘c’ libraries are limited to 256 file handles (I kid you not
See FAQ section on session limits
Syntax: g_thread_max int
g_thread_pool – Keep all threads in a common pool
This setting has no further documentation currently available
Syntax: g_thread_pool bool
g_thread_reuse_real2 – Thread reuse
If enabled the server will reuse existing threads instead of creating and destroying threads for each incoming/outgoing message. This has no affect on performance but does avoid a bug in some UNIX threading libraries which leak handles and cause problems if threads are not reused. Generally best disabled except on early Linux systems.
Syntax: g_thread_reuse2 bool
g_thread_smooth – Throttle thread creation as max hit to reduce peaks
This setting has no further documentation currently available
Syntax: g_thread_smooth bool
g_thread_spinlock – Spin more before sleeping when waiting for mutex
This setting has no further documentation currently available
Syntax: g_thread_spinlock bool
g_timeout_try_later – If timeout while waiting for message to arrive tell other end to retry
This ‘may’ cause faulty servers to endlessly retry a message. But should be ok. Normally this sort of timeout is very rare but can be caused by faulty virus scanner so retrying won’t always help
Syntax: g_timeout_try_later bool
g_timezone – Timezone text
Text to be placed in the timezone part of the date string. e.g. +1200 NZT
Syntax: g_timezone string
g_timezone_force – Hours offset to local time, e.g. 5 (best left blank)
This setting has no further documentation currently available
Syntax: g_timezone_force string
g_to_valid – Require an @ and dotted domain in all dest addresses
This forces all destination addresses to contain a domain name (breaks cron job emails on unix)
Syntax: g_to_valid bool
g_tohost_local – Tohost entries to deliver locally
Authentication database tohost name entry to deliver locally. This setting only applies if g_proxy or g_route_by_tohost is enabled. This is useful to allow the configuration of multisite systems using g_route_tohost with a single shared authentication database.
Syntax: g_tohost_local string
g_token_httponly – Use httponly flag, stop scripts using token, may break attachments
This setting has no further documentation currently available
Syntax: g_token_httponly bool
g_token_secure – Use secure flag for surgeweb, stops http access to token, so requires https to work
This setting has no further documentation currently available
Syntax: g_token_secure bool
g_toscan_path – Path used for mime parts for virus scanner
The default is the toscan directory under the home path, using this setting can help sometimes if permissions are a problem
Syntax: g_toscan_path string
g_train_store – Number of messages to store in each spam training directory (1000-5000)
We recommend about 10000 – dont get carried away, more is not necessarily better!
Syntax: g_train_store int
g_uidl_big – Use random uidl if uidl not found
This can avoid uid collisions if uidl files are lost mysteriously
Syntax: g_uidl_big bool
g_unique_name – A unique name for this server
This name is used in place of the machine hostname in message filenames and thus friends confirmation message subjects
Syntax: g_unique_name string
g_url_alias – Allows translation from one URL to another
Allows translation from one URL or beginning of a URL to another. eg:
g_url_alias from=”/cgi-bin/” to=”/scripts/”
will cause the URL http://localhost:7025/cgi-bin/fred.cgi to reference the same file as http://localhost:7025/scripts/fred.cgi would have, the fred.cgi in the SurgeMail ‘scripts’ directory. The domain url_alias settings are checked before these, the first matching rule is used, settings are checked in the order specified.
Syntax: g_url_alias from=string to=string ports=string
g_url_enable – Enables widearea url database
Syntax: g_url_enable <true/false>
If set then SurgeMail fetches the url database and updates from netwinsite.com every few hours. Messages which contain matches will get a header X-SpamUrl:… which will be used in the spam score. Once enabled you will contribute to Netwin’s central server and also download from their once every couple of days.
Additions to your isspam/notspam training addresses are also sent to netwinsite.com (just the url’s for white list/blacklist)
Syntax: g_url_enable bool
g_url_host_noscan – Disable the scan for url_host settings matching the domain in an incoming web request
SurgeMail uses g_server_name and url_host settings to determine the default domain to select for web requests, this setting stops it using the url_host settings (which may be slow on systems with a large number of domains)
Syntax: g_url_host_noscan bool
g_url_master – Not for general use
Used by netwin to manage the master server. Sorry this doesn’t allow you to run your own master.
Should be left blank
Syntax: g_url_master bool
g_url_master_to – Not for general use
Not for general use. Used by netwin for testing.
Syntax: g_url_master_to string
g_url_redirect – Sends http 301 redirect to tell browser resource has moved
Typical usage to move users from http to https automatically, e.g. g_url_redirect from=”http://*/surgeweb” to=”https://%1:7443/surgeweb” ports=”80,7080″
Or you may wish to change the default page to webmail, e.g.
g_url_redirect from="/" to="/surgeweb" ports="443,80"
Syntax: g_url_redirect from=string to=string ports=string
g_utf8_case_insensitive – Use case insensitive compare for surgeweb and imap searches
This setting has no further documentation currently available
Syntax: g_utf8_case_insensitive bool
g_vanish_any_bounce – Vanish all bounces, requires g_vanish_bad_bounces
This setting will vanish spam pretending to be a bounce, it is possible it will vanish a real but badly formed bounce (badly formed as it contains no indication that it came from this server). Note: You MUST have g_vanish_bad_bounces true as well!
Syntax: g_vanish_any_bounce bool
g_vanish_bad_bounces – Vanish suspected spam bounces
Vanish suspected spam bounces (requires g_received_name).
Syntax: g_vanish_bad_bounces bool
g_vanish_relay – Vanish bad bounces before relaying email too
Requires g_vanish_bad_bounces too, and g_received_name must be set to something other than the email domain, e.g. bounces.your.domain
Syntax: g_vanish_relay bool
g_vanish_virus_bounces – Vanish suspected virus bounces (requires g_received_name)
This setting gets rid of most of those stupid virus bounces you get from emails you haven’t sent. It works by checking incoming virus bounces for the received header that must exist if it was sent with your mail server. If the header is not found, the message is dropped. Recomended.
Syntax: g_vanish_virus_bounces bool
g_verify_helo – Verify helo name translates to same network as sending system.
Syntax: g_verify_helo “true/false”
It will skip this check for any trusted connection (smtp authenticated, or any ip it would allow to forward)
It adds this header:
X-Verify-Helo
It simply takes the helo name, and turns it into a number a.b.c.d, then it checks that the connection is coming from ‘a.b.*.*’
if it isn’t it adds a header saying as much.
Syntax: g_verify_helo bool
g_verify_image_hard – Use extra difficult human verification image (used in blogs)
This setting has no further documentation currently available
Syntax: g_verify_image_hard bool
g_verify_mx – Verify sender IP by MX
Verify MX records contain senders IP address (also see g_verify_mx_skip).
Syntax: g_verify_mx bool
g_verify_mx_skip – Skip verify sender IP by MX
Use to define incoming mail gateway IPs so the MX verify doesn’t fail on them.
Syntax: g_verify_mx_skip string
g_verify_smtp – Verify SMTP port
Verify we can talk back to the SMTP port on incoming IP address.
Syntax: g_verify_smtp bool
g_verify_timeout – Seconds to wait for SMTP response, default is 10 seconds
As the verification of incoming addresses is done while the message is arriving at the ‘data’ stage, it is critical that it not take more than 30-60 seconds or the sending server will give up and the message will be lost. Generally this setting should not be changed.
Syntax: g_verify_timeout int
g_warning_to – Addresses to treat as local and send warning bounces to
This may cause back scatter to use with caution
Syntax: g_warning_to string
g_web_access_grp – Restrict user groups to specific ports
Specifies a user group or groups and a list of valid web ports for that group.
Syntax: g_web_access_grp group=string ports=string
g_web_access_ip – Restrict access to web ports based on ip
Specifies a list of ports and a wildcard list of valid ip addresses who can connect to those ports.
Syntax: g_web_access_ip ports=string ip=string
g_web_access_max – Maximum number of concurrent web logins for group
Specifies the maximum number of concurrent web logins for a certain group of users.
Syntax: g_web_access_max group=string max=int
g_web_add – Add http headers
This setting has no further documentation currently available
Syntax: g_web_add string
g_web_admin_max – Maximum number of concurrent web admin sessions
Web admin requests are recorded, the remote IP and local port are used to identify a particular session. This setting places a limit on the number of sessions at any one time.
Syntax: g_web_admin_max int
g_web_appsname – Apps url name on unified web interface
This setting has no further documentation currently available
Syntax: g_web_appsname string
g_web_appsroot – Apply apps interface at web root ie /
This setting has no further documentation currently available
Syntax: g_web_appsroot bool
g_web_charset – Charset for html pages
Sets the charset to use for each language i.e. e.g. iso-8859-1
Syntax: g_web_charset lang=string charset=string
g_web_force_doctype_first_disable – Disable webserver behaviour to force doctype definitions to be displayed first.
Comments displayed on the webpages (including template filenames), mean IE does not use the doctype definiton. Surgemail tries to display doctype first. This setting reverts to old behaviour.
Syntax: g_web_force_doctype_first_disable bool
g_web_forwarded_test – Fake the forwarded-for header
This setting has no further documentation currently available
Syntax: g_web_forwarded_test bool
g_web_forwarded_uselast – Use last address in multiple item forwarded-for header
This setting has no further documentation currently available
Syntax: g_web_forwarded_uselast bool
g_web_hide_source_names – Hide the name of the source template page in output web pages.
To aid tailoring each web page in the web admin shows it’s own address so you can find it to modify it. Some admins consider this a security issue, or just a bit ugly, so use this setting to hide this information when you don’t need it.
Syntax: g_web_hide_source_names bool
g_web_max – Max concurrent web connections, default is 100
This includes web admin, webmail etc…., The default limit should be sufficient for most systems. Although a limit of 10 would be tons for most systems we had to set the default high as this setting was added recently.
Syntax: g_web_max int
g_web_max_perip – Max concurrent web connections per-ip, default is 30
This includes web admin, webmail etc…., The default limit should be sufficient for most systems unless all your users are coming through a common proxy
Syntax: g_web_max_perip int
g_web_noserver – Disable Server header in http responses
Some security firms require this in order to hide the software application information
Syntax: g_web_noserver bool
g_web_old_behaviour – Revert to old style webserver behaviour
To pass various auditing tests admin interface no longer responds to arbitrary url. This restores old behaviour.
Syntax: g_web_old_behaviour bool
g_web_php_exe – Path to php.exe
Experimental support for php
Syntax: g_web_php_exe string
g_web_policy_disable – Disable obscure web policy security headers
This setting has no further documentation currently available
Syntax: g_web_policy_disable bool
g_web_ref_path_extension – Path extension to add to web page image/css references.
This setting is used for caching purposes. See SurgeMail template caching for details
Syntax: g_web_ref_path_extension string
g_web_timeout – Timeout for web requests
Timeout for web requests, the default is 180 seconds, generally it should not be set below 61 seconds
Syntax: g_web_timeout int
g_web_title – Title to use on specified web page
This lets you customize the title of each management web page.
Syntax: g_web_title page=string title=string
g_web_trust_ip – Trust ip address from rev proxy web server X-Forwarded-For
This setting has no further documentation currently available
Syntax: g_web_trust_ip string
g_web_url_path – Url to path translation with access specifier
This lets you set up aliases and translations of urls partly based on the access rights of the user.
Syntax: g_web_url_path url=string path=string access=string
g_web_utf8 – Make sure all user.cgi handling is done in UTF8
Make sure user.cgi handlign is all done in UTF8 rather than paged character sets.
Syntax: g_web_utf8 bool
g_webdav_enable – Enable webdav access for users (do not use)
Enable ‘webdav’ features so users can store data, you must also define g_webdav_path
Syntax: g_webdav_enable bool
g_webdav_group – Only allow webdav if member of webdav access group
Require that users be members of the webdav group
Syntax: g_webdav_group bool
g_webdav_path – Root path for webdav storage
For example c:\surgemail\webdav
Syntax: g_webdav_path string
g_webdav_public – Enable non authenticated access to pub folder (readonly)
This setting enables the user to place web pages (static) up on their email account, the public url would be http://your.server/wd/username/pub/…
Syntax: g_webdav_public bool
g_winmail_fix – Replace winmail.dat with normal attachments, requires tnef installed first http://netwinsite.com/tnef.htm
First install tnef, on unix use: apt-get install tnef, on windows download tnef.exe from our website
Syntax: g_winmail_fix bool
g_work – Workarea Path
Work area for SurgeMail temporary work files.
Syntax: g_work string
g_xauthuser_hide – Hide X-Authenticated-User header
The header X-Authenticated-User is added to all local deliveries for users that login using SMTP authentication. This is the most reliable way to determine who actually sent this email. This setting will disable the addition of this header.
Syntax: g_xauthuser_hide bool
g_xfile_allow – IP address to allow xfile and WebMail features from
Allow xfile & web upload features for users. Set to ‘*’ or the WebMail servers IP address.
Syntax: g_xfile_allow string
g_xrcpt_hide – Hide X-Rcpt header
The X-Rcpt header is added indicating which local account this message was delivered to. This setting will disable the addition of this header.
Syntax: g_xrcpt_hide bool
g_xrcptoriginal_hide – Hide X-Rcpt-Original header
The X-Rcpt header is added indicating which local account this message was delivered to. If the mail has been redirected for any reason the original delivery address is added as an X-Rcpt-Original header. This setting will disable the addition of this header.
Syntax: g_xrcptoriginal_hide bool
g_xserver_hide – Hide XServer header
This wil hide the X-Server header.