Global settings Misc p-z

  1. Home
  2. Knowledge Base
  3. Settings
  4. Global settings Misc p-z

Table of Contents

g_pass_force – Force user to reset password if admin changes it

Makes the user change the password on the next login to user.cgi or surgeweb

Syntax: g_pass_force bool

g_pass_twofactor – Enable two factor authentication

Allow users to enable two factor authentication.

Syntax: g_pass_twofactor bool

g_perflog_disable – Disable perflog logging

Completely disable the logging of historica performance data for the status graphs.

Syntax: g_perflog_disable bool

g_perflog_flush_interval – Flush interval

Interval in seconds to flush the performance log files to disk. Default is 3600 s (ie once per hour)

Syntax: g_perflog_flush_interval int

g_perflog_logall – Log all counters

Log all counters including the currently undisplayed counters. This is useful if in the future you suddenly think, Oh I would really like to see the historic information on one of the undisplayed counters – which would normally not have been logged to file.

Syntax: g_perflog_logall bool

g_perflog_lowres – Log in low resolution

Normally data is logged avery 10 seconds and 5 display scales are available hour, day, week, month and year. If this is set samples are taken every 5 minutes and 4 display scales are avbailable: day, week, month, year.

Syntax: g_perflog_lowres bool

g_perflog_surgeonly – Only log surgemail counters

On Windows systems surgemail’s performance logging will gather counters from surgemail and from the system “Perfmon” performance logging. This disables the collection of system counters.

Syntax: g_perflog_surgeonly bool

g_pipelining – Show pipelining in ehlo response

Show pipelining in ehlo response – not recommended – has no behavior affect.

Syntax: g_pipelining bool

g_policy_enable – Enable policy.dat rules, still testing

This setting has no further documentation currently available

Syntax: g_policy_enable bool

g_pop_add_size – Improves pop performance on nfs slightly

This renames inbox messages to include the size of the file so that an lstat call is not needed.

Syntax: g_pop_add_size bool

g_pop_blocksize – Size of packets to read POP messages (best left alone)

Size of packets to read POP messages (best left alone).

Syntax: g_pop_blocksize int

g_pop_cram_enable – Enable cram-md5 support

This setting has no further documentation currently available

Syntax: g_pop_cram_enable bool

g_pop_delay – Send POP packets after waiting for more data to send

This setting replaced g_pop_nodelay, as the default has been changed. It was changed as this can improve performance.

Syntax: g_pop_delay bool

g_pop_flush_lines – Flush to tcp every line of message sent (slow)

Too debug faulty network/client pop issues, not for general use, this may slow performance significantly

Syntax: g_pop_flush_lines bool

g_pop_lock – Lock out duplicate POP users with the file system

Use this setting if you are sharing a file system between multiple mail servers. This will make the mail server lock the users files to prevent a second user of the same name logging in and reading mail from one of the other systems.

Syntax: g_pop_lock bool

g_pop_max – Max total POP & IMAP users at any one time

This limits the channels that will be used at any one time for incoming POP and IMAP connections. The purpose of this setting is to prevent a sudden burst of users reading mail from using up all available channels. Generally setting this is a bad idea as there is a sensible default (dependent on the system resources available).

See FAQ section on session limits

Syntax: g_pop_max string

g_pop_min_late – Give min time error on first command after login

This may be less disruptive as it stops the client thinking the password is wrong.

Syntax: g_pop_min_late bool

g_pop_min_msg – Additional warning to give user when they login too soon

This lets you explain to the user what the problem is. Don’t get carried away some clients may not like a long string here!

Syntax: g_pop_min_msg string

g_pop_min_skip – Skip ip addresses matching this list.

Useful for whitelisting webmail servers etc. 127.0.0.1 is always skipped

Syntax: g_pop_min_skip string

g_pop_min_time – Min time in seconds between consecutive POP logins, NEVER USE

If a pop client connects more often than this, give an error. This setting will very likely break webmail sessions and cause odd problems, Best avoided!

Syntax: g_pop_min_time int

This setting avoids problems when users use pop and imap access to the same account at the same time.

Syntax: g_pop_nolock bool

g_pop_port – Port to listen for POP connections (default 110)

Typically you won’t need to change this, however you can specify an IP address to bind to or a list of alternate ports, eg: 10.3.2.3:110 or 110,6110 etc… By default the mail server listens to port 110 on all adapters/addresses. Use the keyword ‘disabled’ to disable this part of the SurgeMail service.

Syntax: g_pop_port string

g_pop_secure_port – Port to listen for secure POP connections (default 995)

Dedicated secure port to listen on for POP connections. Use the keyword ‘disabled’ to disable this part of the SurgeMail service.

Syntax: g_pop_secure_port string

g_pop_warning – Send manager warning if this many sessions (pop or imap) reached (max 1 per hour)

This setting has no further documentation currently available

Syntax: g_pop_warning int

g_popfetch – Fetch incoming mail from another POP server

POPfetch will retrieve mail from POP accounts on another server and store it locally. The POP fetch interval can be set using g_popfetch_interval. The parameters for this setting are host(required), user(required), pass(required) or localuser(required).

eg:
g_popfetch host=”netwin.co.nz” user=”marijn” pass=”secret” localuser=”marijn@anydomain.com”

Alternatively POPfetch is able to attempt local delivery based on headers. Delivery is attempted to “X-Rcpt-To:” with fallback of “To:” and “Cc:” headers. To enable this the local user needs to be defined as “*,userxxx”. Fetched mail will be delivered as specified in the headers or if no valid user is identified in the header to the default user “userxxx”.

Syntax: g_popfetch host=string user=string pass=string localuser=string disable=bool

g_popfetch_interval – Interval between POPfetch attempts

The interval (in seconds) between successive attempts to fetch mail from remote mailserver POP accounts (as per g_popfetch rules). (default is 5 minutes = 300)

Syntax: g_popfetch_interval int

If true then POPfetch will try and open the link for 10 seconds, then retry, this should bring up ISDN lines.

Syntax: g_popfetch_kick bool

g_popfetch_nodup – Drop duplicate messages

Drop duplicate messages based on “Message-id:” header.

Syntax: g_popfetch_nodup bool

g_ppd_port – POPPassD port (default 106)

Port to listen for POPPassD connections. Typically you won’t need to change this, however you can specify an IP address to bind to or a list of alternate ports, eg: 10.3.2.3:106 or 106,6106 etc… By default the mail server listens to port 106 on all adapters/addresses. Use the keyword ‘disabled’ to disable this part of the SurgeMail service.

Syntax: g_ppd_port string

g_private – Enable a private customer specific feature

Used to enable private features. Not for general use

Syntax: g_private string

g_proxy – Proxy mode (or mailhost)

This enables the SurgeMail proxy mode, using ‘tohost=”xxx”‘ received from the authentication to determine real host for SMTP/POP connections. Any incoming SMTP, POP or IMAP connections will be passed on directly to the specified server. This allows you to split a domain over several separate systems. This method is outlined in general terms here.

To setup a proxy server system with 4 machines (2 proxy, 2 backend) use the following steps, lets assume your hosts are PROXY1, PROXY2, SERVER1, SERVER2

1) Set on the proxy servers in surgemail.ini g_proxy “true”

On the back end server use g_pop_nolock “true” (to avoid timing issues)

On the back end server set g_tohost_local “server1” (or server2) so it knows it’s own name.

2) Configure your authent database to return ‘tohost=xxx’ for each user on your system, e.g. in nwauth

nwauth
set testuser1@test.com test tohost="SERVER1"
set testuser2@test.com test tohost="SERVER2"
lookup testuser1@test.com
+OK testuser1@test.com config 0 tohost="SERVER1"

3) Configure your load balancing router to send users to PROXY1 & PROXY2, …

4) When new users are added always define the ‘tohost’ setting to define which system they are added to as load increases you can add more backend or frontend servers as needed.

This is very similar to the ‘mailhost’ setting some systems use in LDAPAuth to translate mailhost to ‘tohost’ you would use: info_fields mailhost,tohost in ldapauth.ini

Syntax: g_proxy bool

g_proxy_default – Default proxy host

Default host to forward to if ‘tohost’ is not defined in user database for this user.

Syntax: g_proxy_default string

g_proxy_to_gateways – Proxy pop/imap connections to matching gateway settings

This setting has no further documentation currently available

Syntax: g_proxy_to_gateways bool

g_proxy_usercgi – Proxy user.cgi requests to tohost (web_ref_text.txt & g_web_ref_path_extension must match on all servers)

This setting has no further documentation currently available

Syntax: g_proxy_usercgi bool

g_proxy_webmail – Redirect webmail logins to external host name

This lets you use a front end server to move web based logins onto the correct webmail host

Syntax: g_proxy_webmail host=string redirect=string

g_pstat_disable – Disable pstat per user accounting (for debugging)

Used for debugging only, do not play with this.

Syntax: g_pstat_disable bool

g_queue_all – Always queue local messages before delivery

This setting has no further documentation currently available

Syntax: g_queue_all bool

g_queue_limit – If on disk queue exceeds this block incoming mail

If you send email in faster than it can be sent, the queue grows forever until the server fails due to huge directories or insufficient disk space, this setting stops the incoming messages so you are alerted to the problem before it becomes critical. Note that this stops all incoming mail, including local deliveries. This is the number of items

Syntax: g_queue_limit int

Example: g_queue_limit “100000”

g_queue_max – Size of internal queue file cache

Size of internal mail queue file cache, range 500-3000.

Syntax: g_queue_max int

g_queue_spawn – Run command on queue files before delivery ONLY if g_queue_all is true, filename is passed as parameter

This setting has no further documentation currently available

Syntax: g_queue_spawn string

g_queue_warning – If on disk queue exceeds this send manager a warning

If you send email in faster than it can be sent, or something is wrong (e.g. a broken dns server) then this helps warn you early

Syntax: g_queue_warning int

Example: g_queue_warning “10000”

g_quota – Disk quota for users in specified g_access_group

If the user is in the specified group they get the specified disk quota. This is applied if no quota is specified in the authent module.

Syntax: g_quota group=string quota=string

g_quota_550 – Give 550 quota response instead of 552

Can help with old systems that need the wrong error code.

Syntax: g_quota_550 bool

g_quota_at – Default is 80%

Level at which user gets a warning message

Syntax: g_quota_at string

g_quota_before_forward – Do quota check before forwarding.

This setting has no further documentation currently available

Syntax: g_quota_before_forward bool

g_quota_disable – Disable quota system

Disables quota processing completely

Syntax: g_quota_disable bool

g_quota_friends – Count stored spam as part of quota

Count friends pending messages and spam store as part of the per user quota.

Syntax: g_quota_friends bool

g_quota_from – Return address for quota warning messages

This setting has no further documentation currently available

Syntax: g_quota_from string

g_quota_noemail – Disables all quota messages to the user

This setting has no further documentation currently available

Syntax: g_quota_noemail bool

g_quota_notrash – Remove Trash folder from quota calculation

This setting has no further documentation currently available

Syntax: g_quota_notrash bool

g_quota_rcpt_disable – Disables quota check at rcpt stage

SurgeMail now does quota checking at rcpt stage (Quota checking used to be done after data arrived) This setting disables the quota checking at rcpt stage if the above causes problems (not intended for general use).

Syntax: g_quota_rcpt_disable bool

g_quota_report – Send quota warnings to the manager

Useful for small systems where any quota limit failure is an issue for the manager to resolve, only one report is sent a day so you may not hear about all users over quota.

Syntax: g_quota_report bool

g_quota_skip – Skip quota checks for matching ip addresses

Skips the quota checking. Use this if you have a high priority robot (like your billing system) that must be able to deliver email to users (or students) even if the user is over quota.

Syntax: g_quota_skip string

g_quota_try_later – Retry responses for over quota

Give 450 response if user is over quota so message will be resent.

Syntax: g_quota_try_later bool

g_quota_warning_disable – Disables the 80% quota warning message

Disables the 80% quota warning message.

Syntax: g_quota_warning_disable bool

g_recent_bypass – Bypass recent login failure checking

This allows you to disable recent login failure checking for certain IP addresses. Normally there up to a maximum of 9 login attempts are allowed per connection.

Syntax: g_recent_bypass string

g_record_days – Period delivery logs are stored

The number of days SurgeMail message delivery logs are stored.

Syntax: g_record_days int

g_record_hash – Hash delivery logs

Message delivery logs may be stored in hashed format within g_record_path as <surgemail dir> \recYYMM\msgYYMMDD.rec

Syntax: g_record_hash bool

g_record_login – Log successful logins to msg*rec files

This setting has no further documentation currently available

Syntax: g_record_login bool

g_record_path – Path for mail delivery logs

Sets the path for the SurgeMail delivery logs. Delivery logs contain entries for mail received and delivered in a single file per day. See Searching the Log Files for more information.

Syntax: g_record_path string

g_recover_noquestions – Remove question based password recovery system

This setting has no further documentation currently available

Syntax: g_recover_noquestions bool

g_recover_reminder – Send users reminder email monthly until they set a recovery email address

This setting has no further documentation currently available

Syntax: g_recover_reminder bool

g_recycling – Keep deleted messages so users can undelete email

See tellmail undelete command

Syntax: g_recycling bool

g_recycling_del – Allow usergroup to delete messages from the recycle folder

This setting has no further documentation currently available

Syntax: g_recycling_del string

g_recycling_life – Days to keep imap deleted messages, default 30

This setting has no further documentation currently available

Syntax: g_recycling_life int

g_recycling_pop – Do recycling for POP deletes too

This setting has no further documentation currently available

Syntax: g_recycling_pop bool

g_recycling_visible – Only allow members of this group to see recycling folder

This setting has no further documentation currently available

Syntax: g_recycling_visible string

g_relay_allow_from – Allow relaying for known from addresses

This setting allows users to send outgoing Email if their envelope ‘from’ address is a known local address. This is a very bad idea in general as spammers can do this too. So in general don’t use this setting except as a lesser of two evils. It will be detected by some open relay checking systems and your site can then end up listed as an open relay. If this happens your Emails will be rejected by other peoples systems. e.g.

g_relay_allow_from "*@my.domain,*@second.domain,fred@third.domain"

Syntax: g_relay_allow_from string

g_relay_allow_ip – Allow relaying from these users

List the IP ranges of local users that you will allow to send ‘OUTGOING’ Email without using SMTP authentication, e.g. “127.0.0.1,10.0.*”. In the past, mail servers used to permit this from any IP address, but since this was abused by ‘spammers’ all modern mail servers only allow this from known local IP addresses. Remote users should use ‘smtp authentication’ or login via POP protocol before sending Email, then SurgeMail will trust them. Do NOT set this to ‘*’ If you do your system will be blocked as it will be assumed that spammers are using your system even if they are not!!!

Syntax: g_relay_allow_ip string

g_relay_dom_and_ip – Relay based on domain and IP

Allow relaying if the domain in the from envelope and IP address both match.

Syntax: g_relay_dom_and_ip domain=string ip=string

g_relay_ifnot – Accept locally only if not from this ip

This lets you send all email to ‘mx’ destination, even if the account is local, unless it is coming from a known ip address range.

Syntax: g_relay_ifnot string

g_relay_message – Message to display to users who try to relay

Text string displayed to users who try and relay.

Default (blank) is: “Relaying blocked, read new mail, add <sender.ip> to forwarding or enable smtp authentication in your mail client”

Syntax: g_relay_message string

g_relay_nolocal – Do not automatically relay for 127.0.0.1

This setting has no further documentation currently available

Syntax: g_relay_nolocal bool

g_relay_process – Relay process, e.g. testip.exe $WHOIP, return 1 to allow relaying, 0=deny

Allows you to run an external program to lookup an ip address and decide if it is one of your users who should be allowed to relay. This can be used when your users login via some type of shared system so the ip ranges are not known but you do have a way of checking if a user of yours is ‘currently’ connected on an ip address

Syntax: g_relay_process string

Example: g_relay_process “c:/surgemail/testip.exe $WHOIP”

g_relay_to – Relay to this domain from anyone

This setting allows mail from anyone to be relayed to the specified domain. The relaying is unconditional.

Syntax: g_relay_to string

g_relay_to_user – Relay to specific user from anyone

This setting has no further documentation currently available

Syntax: g_relay_to_user string

g_relay_window – Allow relaying after valid POP login

This sets the time after a valid POP login that you will allow a user on the same IP to send outgoing mail. In general it is safe to set this setting large and it can allow people using old mail clients (that do not know how to do SMTP authentication) to still send through your server without making your server an open relay.

Syntax: g_relay_window int

g_relay_window_from – Requires pop authed user is in from header of sent message

This must be used with g_relay_window, the matching is ‘simplistic’ and matches on the ‘from envelope’ but will stop most simple forms of abuse.

Syntax: g_relay_window_from bool

g_rename_content – Wild card list of mime types to rename, e.g. application*zip*

This setting has no further documentation currently available

Syntax: g_rename_content string

g_rename_files – Files to apply virus renaming to

Only takes effect if g_virus_rename is checked. Default is: “*.exe,*.pif,*.bat,*.com,*.cmd,*.jav,*.vbs,*.scr,*.wsh”

Syntax: g_rename_files string

g_report_host – Report facts to a central host

Not for general use currently

Syntax: g_report_host string

g_report_notspam – Send not spam samples to netwinsite.com automatically (unwise)

This feature enables automatic reporting of some not spam messages (as tagged by users on your server) – this setting has serious privacy considerations only use if your users are happy with this. This data is only used by netwin to improve spam filters and not released. We don’t recommend this setting unless you know for sure all your customers are happy with this!

Syntax: g_report_notspam bool

g_report_spam – Send spam samples to netwinsite.com when msg trained

Note that this sends full mail samples to netwinsite for later analysis/training.

Syntax: g_report_spam bool

g_responder_delay – Delay between responses to the same address.

This setting has no further documentation currently available

Syntax: g_responder_delay string

g_responder_from – Send ‘from’ destination user. Usually unwise!

Use g_bounce_noreply setting instead to avoid annoying bounces

Syntax: g_responder_from bool

g_responder_noreply – Send ‘from’ noreply@ destination domain, improves delivery

This improves delivery

Syntax: g_responder_noreply bool

g_responder_safer – Only respond if the sender can be verified in some way (spf/domainkeys)

This setting makes the server less likely to be black listed by accidentally responding to a forged email.

Syntax: g_responder_safer bool

g_responder_score – Do not respond if spam score is above this

This can further reduce spam back scatter issues

Syntax: g_responder_score int

g_responder_sender – Responder whitelist for email from address

Allow response on spf failure if from matches thsi wildcard

Syntax: g_responder_sender string

g_responder_skip – Skip responder if from matches

Skip responder if from envenlope matches this list/wild card

Syntax: g_responder_skip string

g_responder_source – Responder whitelist for from ip name or number

Allow response on spf failure if from matches thsi wildcard

Syntax: g_responder_source string

g_responder_to – Responder whitelist for destination user

Allow response on spf failure if to matches this list

Syntax: g_responder_to string

g_responder_utf8 – Send response in utf8 format

Alow utf8 chars in response

Syntax: g_responder_utf8 bool

g_restart – Auto restart server

If turned on Swatch (a spawned second process) checks every 30 seconds to see if the server is still running. If it isn’t running but it’s pid file still exists (so if it died) this second process restarts the missing server and sends the manager account an Email reporting the fault.

For this to work on NT you need to set Dr Watson NOT to show visual notification of faults:

 This sets Dr Watson to be the default debugger)
 c:/> drwtsn32 /i
 This brings up the Dr Watson settings, un-tick "Visual Notification"
 c:/> drwtsn32

Generally this setting is not needed and could be left off, but if an odd problem should develop, this setting can give you peace of mind for a few days while you wait for a problem resolution from NetWin.

Syntax: g_restart bool

g_restart_kill – Allow swatch to kill surgemail if not responding – beta

This setting has no further documentation currently available

Syntax: g_restart_kill bool

g_restart_malloc – Restart server if malloc exceeds this (in mb), e.g. 1000

This setting has no further documentation currently available

Syntax: g_restart_malloc int

g_restart_vmsize – Restart server if vmsize exceeds this (in mb), e.g. 1000

This setting has no further documentation currently available

Syntax: g_restart_vmsize int

g_route – Wildcard route mail to specified server

Route messages matching particular wildcard “from address” and wildcard “to address” to specified server. This is not a gatweay rule and is only applied to mail that has already been accepted via SMTP authentication, relaying rules or gateway rules.

This would typically be used to route all mail for a particular user on a domain to another mailserver or to route all mail from a local domain through another server:

Case 1: Route mail for one user to another server

g_route from=”*@*” to=”user@localdomain.com” dest=”1.2.3.4″ user=”” pass=””

Case 2: Route all mail from local domain through other server

g_route from=”*@localdomain.com” to=”*” dest=”1.2.3.4″ user=”” pass=””

g_route_except gets applied allowing you to prevent mail coming in from certain IP addresses to be routed.

Syntax: g_route from=string to=string dest=string user=string pass=string

g_route_by_tohost – Route based on authent ‘tohost’ field

Use routing to a particular server based on ‘tohost’ setting in authentication database. This is particularly useful if you have users spread over several physical locations and want to be able to route mail for different users to particular servers.

Syntax: g_route_by_tohost bool

g_route_except – IP exception to g_route and g_route_by_tohost

IP exception to g_route and g_route_by_tohost.

Syntax: g_route_except string

g_route_local – Route messages for local domains if the rule applies

This setting has no further documentation currently available

Syntax: g_route_local bool

g_route_local_ifexists – Route messages for local domains if the rule applies and the local user exists

g_route_local is also required.

Syntax: g_route_local_ifexists bool

g_sabre_version – SabreDAV version (DO NOT CHANGE, for debugging only)

This setting has no further documentation currently available

Syntax: g_sabre_version string

g_safe_alert – Email manager when user fails to login from new ip

Useful to keep an eye on users and hackers

Syntax: g_safe_alert bool

g_safe_country – White list use 2 char country code, e.g. US,NZ,AU a list is ok

This whitelists your entire country, which can help prevent user confusion by blocking logins while still blocking logins from the rest of the world

Syntax: g_safe_country string

g_safe_country_nowarning – Whitelist countries for just this setting

This setting has no further documentation currently available

Syntax: g_safe_country_nowarning string

g_safe_imap – Force users to prove they are real if logging in from pop/imap NEVER NEVER USE

This feature is intended to prevent spamers/hackers from harvesting accounts on your system and then using them to send out spam. This setting should never be used as users often never see the error and just get prompted for a new password.

Syntax: g_safe_imap bool

g_safe_message – First line of email sent to user when login blocked

The default is ‘Sorry logins are not permitted from unknown ip addresses’

Syntax: g_safe_message string

g_safe_smtp – Force users to prove they are real if logging in from unknown sources via smtp

This feature is intended to prevent spamers/hackers from harvesting accounts on your system and then using them to send out spam, the user is sent an email to enable logins

Syntax: g_safe_smtp bool

g_safe_smtp_email – Email manager as remote ip addresses are added

This feature is intended to prevent spamers/hackers from harvesting accounts on your system and then using them to send out spam

Syntax: g_safe_smtp_email bool

g_safe_text – The first line of the warning email when a new login occurs

This lets you explain to the user what this email is about.

Syntax: g_safe_text string

g_safe_warning – Email user for logins from new ip addresses

Helps alert users if their account has been hacked, will also cause confusion though. This is not the same as g_safe_smtp which also generates user level warnings…

Syntax: g_safe_warning bool

g_safe_white – White list for g_safe* settings

These ip addresses are always considered to safe, typically internal networks, 10.*.*.* .

Syntax: g_safe_white string

g_sample_get – Sample account to check if deliveries work

The idea is to create several accounts on various public mail servers. Then send a test message using a mailing list or g_redirect rule to these test accounts, then use the command tellmail sample_get CODE DELETE to check if the messages have arrived. The first paramter of tellmail sample_get is a code it expects to find in the message headers (or subject) and the second paramter should be the keyword ‘delete’ if you want it to delete the sample messages.

Syntax: g_sample_get host=string user=string pass=string

g_sample_show – Headers to show from sample messages

Typicall you will list headers that are added by spam filters

Syntax: g_sample_show string

g_scan_action – Converts return value from g_scan_cmd to action on email

Converts return value from g_scan_cmd, action=drop,accept,bounce.

Syntax: g_scan_action code=int action=string reason=string

g_scan_cmd – Run command on message, and return integer

Run command on message, and return integer, see g_scan_action.

Syntax: g_scan_cmd string

g_scan_cmd_failok – Don’t reject if script fails

This setting has no further documentation currently available

Syntax: g_scan_cmd_failok bool

g_scan_cmd_skip – Skip for matching ip addresses

This setting has no further documentation currently available

Syntax: g_scan_cmd_skip string

g_scan_cmd_testing – Don’t reject, (for testing)

This setting has no further documentation currently available

Syntax: g_scan_cmd_testing bool

g_sched_utoken_timeout – Timeout for sched utokens in minutes

Timeout for sched utokens in minutes.

Syntax: g_sched_utoken_timeout int

g_server_name – Wildcard “SERVER_NAME” translation for domain identification

The vdomain a user connects on is normally identified automatically for “user account self management” and for “webmail”. In the event that the domain name is not the same as the host name (eg hostname = mail.domain.com, domainname = domain.com) the WebMail web server can automatically translate the SERVER_NAME variable.

This setting specifies a wild card list of URLs ‘URL’ with associated translated host name for “SERVER_NAME”. If the URL matches then SERVER_NAME is set to the second part of this setting ‘name’. eg: to host the domains domain.com and mail.domain.com on host mail.domain.com:

g_server_name url=”*.domain.com” name=”domain.com”

Note: If your server name is not the same as your domain name also check the per domain setting URL_host.

Syntax: g_server_name url=string name=string

g_server_stamp – Replaces SurgeMail and version string in “Received” headers

Replaces SurgeMail and version string in Received headers of process mail

Syntax: g_server_stamp string

g_setpassword_firstlogin – Accept any password on first POP login and set in database (EMERGENCY USE ONLY, requires nwauth -reasonfail parameter)

This setting has no further documentation currently available

Syntax: g_setpassword_firstlogin bool

g_sf_binary – Use Binary Network

Binary tree for scoring – this mechanism scores based on finding the sample or samples with the closes matching features, and counting how many are spam/not spam. This method is the best choice (currently)

Syntax: g_sf_binary bool

g_sf_disable – Smart Filter Disable

This setting has no further documentation currently available

Syntax: g_sf_disable bool

g_sf_generate – Build local smart filter

Creates feature_gen.dat from sf_mfilter.txt (instead of using feature_gen.net downloaded from netwinsite.com). This requires your server to have a reasonable sample of spam in the train… folders, this is collected automatically over a few days.

Syntax: g_sf_generate bool

g_sf_ignore_users – Ignore user submissions just use automatic samples (obsolete)

This setting has no further documentation currently available

Syntax: g_sf_ignore_users bool

g_sf_limit – Limit range of self training

This setting has no further documentation currently available

Syntax: g_sf_limit bool

g_sf_list – Use list mechanism for scoring

A new mechanism to score more rationally based on the known data.

Syntax: g_sf_list bool

g_sf_nnet – Use Neural Network (Experimental, ONLY FOR TESTING)

Experimental setting

Syntax: g_sf_nnet bool

g_sf_nosanity – Disables improved g_sf_binary with sanity checks

This smoothes out the nonsense a bit if g_sf_binary over-reacts to training or small samples

Syntax: g_sf_nosanity bool

g_sf_obey_users – Obey user submissions about non spam, usually not a good idea

This setting has no further documentation currently available

Syntax: g_sf_obey_users bool

g_sf_rules – Use manual rules to improve scoring

Use additional manual rules

Syntax: g_sf_rules bool

g_sf_saneonly – Sane score only

Experimental setting

Syntax: g_sf_saneonly bool

g_sf_sanity2 – Enables improved sanity scoring

This second sanity check improves scores over 8 to be a bit more useful.

Syntax: g_sf_sanity2 bool

g_sf_sanity_test – Experimental setting never use

Test another spam scoring method

Syntax: g_sf_sanity_test bool

g_sf_test2 – Testing

Experimental setting

Syntax: g_sf_test2 bool

g_share_home – Allow sharing of home directory

This allows sharing of the home directory in the unlikely situation that you might want to run separate surgemail processes. eg one process to cope with SMTP and another to cope with POP access.

Syntax: g_share_home bool

g_share_mail – Allow sharing of mail directory

Set true if mail area is shared (by nfs or other mechanism)

Syntax: g_share_mail bool

g_share_quota – Do quota on disk (e.g. when using nfs shared spool)

Normally SurgeMail keeps track of quota for all users in memory, this is efficient, but means if your are using a shared mail spool the quota figures are completely wrong, so use this setting to make surgemail keep track of quota’s on disk, it increases disk load a bit of course but not too much.

Syntax: g_share_quota bool

g_shutdown_slow – Delay shutdown

Add 20 second delay to shutdown for testing purposes only.

Syntax: g_shutdown_slow bool

g_slow_welcome – Delay the welcome message

Add 20 second delay to welcome message for testing purposes only.

Syntax: g_slow_welcome bool

g_smite_all – Add smite headers to all messages passing through server

Normally SmiteSpam headers are only added for locally delivered messages. This setting to all messages passing through this server.

Syntax: g_smite_all bool

g_smite_gateway – Add smite headers to gatewayed messages

Normally SmiteSpam headers are only added for locally delivered messages. This setting adds the headers for gatewayed messages too. This also adds headers to messages that are redirected by forward rules as well.

Syntax: g_smite_gateway bool

g_smite_level – Smite level to discard message

If SmiteSpam gives a message a “smite score” above this, throw it awayl. This setting is best never used. If used it should be set to ‘1 or 2’. A value of 1 = “has been reported”, 2 = “has been reported multiple times”. If smite match score is above this drop message. This is applied when the user downloads the email not at delivery time. What you probably want is ‘g_spam_bounce’ described elsewhere on this page.

Syntax: g_smite_level int

g_smite_skip – Skip smitecrc processing for messages from these domains

This will skip running SmiteCRC for messages whose from address matches these domains. This is the mail from envelope header NOT the from header in the message (you can check the return path header in the message to check what you need to add for this setting).

Note this is a wildcard field so to match any mail claiming to be from safedomain.com you would have to set:

g_smite_skip “*@safedomain.com”

Syntax: g_smite_skip string

g_smite_skip_auth – Skip spam scanner if user logged in

Skips spam checks and spam header generation for any authenticated local user.

Syntax: g_smite_skip_auth bool

g_smite_skip_from – Skip spam scanner if from header/env matches this wild card

This setting has no further documentation currently available

Syntax: g_smite_skip_from string

g_smite_skip_ip – Skip smite based on sender IP

Skip smite scanner if sender IP matches this wild card list.

Syntax: g_smite_skip_ip string

g_smite_skip_only – Skip spam scanner if to matches this wild card and no other recipients that ‘don’t’ match…

This setting has no further documentation currently available

Syntax: g_smite_skip_only string

g_smite_skip_relay – Skip spam scanner if ip can relay

Skips spam checks and spam header generation for any local user.

Syntax: g_smite_skip_relay bool

g_smite_skip_to – Skip smite based on <to>

Skip smite scanner if to matches this wild card to <address>.

Syntax: g_smite_skip_to string

g_smite_tag – Tag message if in SmiteSpam database

If set to true will tag messages already in the SmiteSpam database. A value of 1 = “has been reported”, 2 = “has been reported multiple times”.

Syntax: g_smite_tag bool

g_sms_forward – Specifies IP’s which are allowed to forward to SMS gateways

Normally sms gateways are restricted to authenticated users (SMTP authentication) this allows you to specify IP’s which can send without authentication. For example you may want your dlist server to send SMS, in which case you might add 127.0.0.1 to this setting.

Syntax: g_sms_forward string

g_sms_gateway – Address and port of your SMS gateway

This is the ip and port of an ’email to sms gateway’. The gateway should accept SMTP messages on this port and convert the email into an sms message then deliver to the phone number in the ‘to’ address. SMSGate is our ’email to sms gateway’ and is FREE with SurgeMail. Setting user_sms to “true” for a domain allows users to specify a phone number (or email address) and rules for when to notify them.

Syntax: g_sms_gateway string

g_sms_gateway_force – Force sms notifications to go to g_sms_gateway

If a user sets their sms number to an email address, perhaps to make use of an existing gateway, then surgemail will send the message to the domain in that address. If you set this you can force the email to go to g_sms_gateway. NOTE: It is possible to configure SMSGate with ‘send_mode smtp’, ‘recv_mode none’ and no GSM modem. In this setup it simply reformats messages passing them on to the configured smtp_outserver for delivery as email messages.

Syntax: g_sms_gateway_force bool

g_sms_gateway_msgbytes – Maximum amount of message to send to g_sms_gatway (bytes)

Defines the maximum number of bytes of ‘body’ text to send to the g_sms_gateway. All headers are sent, then the defined number of bytes of ‘body’ text. Defaults to 160. May be set larger than the default if you have a lot of html messages or multipart html and text messages. Should not be set too large as there is no point sending binary attachments and the like to an sms gateway.

Syntax: g_sms_gateway_msgbytes int

g_sms_gateway_subjbytes – Maximum length of subject in sms message

Defines the maximum number of bytes of ‘subject’ text to send to the g_sms_gateway.

Syntax: g_sms_gateway_subjbytes int

g_spamdetect_some – Only show spamdetect header for bad scores

This setting has no further documentation currently available

Syntax: g_spamdetect_some bool

g_spawn_log – If true the spawns are logged to lib_spawn.log

Useful for finding obscure problems with spawned modules of various kinds, webmail, nwauth, virus checkers etc.

Syntax: g_spawn_log bool

g_spf_baddns_skip – If spf dns failure then allow message through (instead of giving retry error)

This setting is not normally needed as lookups generate retry failures so the sending server tries again and the dns failure (which is usually temporary) won’t occur the second time. Normally on a DNS failure SPF should give a ‘retry’ message, this is because spammers often have faulty DNS servers so that SPF checks always fail for their domain, so letting the message through will let some spam into your system. But in some situations the normal behavior might loose you real email so then using this setting at least until your dns problems are resolved might be wise.

Syntax: g_spf_baddns_skip bool

g_spf_byemail – Perform allow bounce confirmation via email.

This gives an email to the sender in the allow bounce message instead of aa url.

Syntax: g_spf_byemail bool

g_spf_debug_log – Enable spf.log file

By default this log is not generated as it’s not usually needed.

Syntax: g_spf_debug_log bool

g_spf_default – (strict only) Default spf record if none found default ‘mx/16 a ptr:%{d2} -all’

The example shown isn’t entirely true, we adjust the ‘d2’ depending on the domain, so it’s usually unwise to change this.

Syntax: g_spf_default string

g_spf_default_noblock – (strict only) Only stamp headers if default spf record fails when no real spf header

This setting makes blocking occur only for REAL spf records, not for the default one applied to domains that have no SPF record defined.

Syntax: g_spf_default_noblock bool

g_spf_dns_timeout – Seconds to wait for dns lookups for spf, best not to change

Generally a ten or twenty second timeout is reasonable. Adjusting the default is probably not necessary.

Syntax: g_spf_dns_timeout int

g_spf_domain – Domain for SPF rewrite and allow messages (defaults to first domain on server)

When SurgeMail relays/forwards a message the ‘from’ address is rewritten (g_spf_rewrite should be true). The new address is ‘from’ your domain and this setting tells surgemail which local domain to use for these from addresses.

Syntax: g_spf_domain string

g_spf_enforce – List of wildcard/domains to enforce spf for, e.g. paypal.com,*bank*

This enforces spf for domain that must be trusted.

Syntax: g_spf_enforce string

g_spf_enforce_auto – Enforce spf for commonly forged domains paypal.com,*bank*

If enabled this will enforce spf for some common domains that get forged.

Syntax: g_spf_enforce_auto bool

g_spf_enforce_local – If spf fails and it’s a local domain then skip grey listing and bounce

This settings stops spammers who fake your own email domains, but it may upset users who are not authenticating or are using their own mail servers, so you will have to expect a few minor issues like that when you turn this on. This setting over-rides the ‘users’ spf and friends settings for local domains. (was miss documented as give allow message)

Syntax: g_spf_enforce_local bool

g_spf_enforce_real – Enforce spf for domains with strong spf entries

Enforces spf if the domains spf record ends with -all

Syntax: g_spf_enforce_real bool

g_spf_header – Use g_verify_mx_skip and apply to resulting ip

If the sending host matches g_verify_mx_skip, then spf tests are performed on the first received header not listed in that setting. Only stamping is possible though since this indicates a front end gateway and a reject would cause a ‘bounce’ which would not be safe

Syntax: g_spf_header bool

g_spf_mode – Sender Permitted From

See https://netwinsite.com/spf.htm for details.

Syntax: g_spf_mode string

g_spf_noallow – Give hard bounce (no allow message) for spf failures for these domains & ignore friends

This toughens spf for critical domains (banks etc) where you don’t want any forged messages leaking through. This setting over-rides the users spf/friends settings for these domains (so should be used with some caution)

Syntax: g_spf_noallow string

g_spf_nocache – Disable SPF cache

There is a small cache used for SPF results, This setting disables it.

Syntax: g_spf_nocache bool

g_spf_nofriend – Ignore friends for spf

This toughens spf so friends matches don’t bypass it

Syntax: g_spf_nofriend bool

g_spf_nogrey – Skip SPF grey listing for these domains (require allow response)

This toughens spf for the domains in question, requiring that they really pass an ‘allow’ test rather than simply a grey listing test. Good for commonly forged domains which do normally obey spf.

Syntax: g_spf_nogrey string

g_spf_norewrite – Exceptions to rewrite rule, e.g. *@my.domain,bob@this.domain

Where you allow users to send through your server you may want to stop rewriting for their domains so that their from address is not munged. Local domains are automatically excempt from ‘rewriting’. Specify *@domain.name not just domain.name

Syntax: g_spf_norewrite string

g_spf_required – Require an spf entry for these domains

Used to make select domains add spf to talk to you 🙂

Syntax: g_spf_required string

g_spf_rev_skip – Skip SPF checks if reverse ip name matches in this list, e.g. *.yahoo.com

Where you identify a domain that does not support SPF and is often used in a manner which breaks SPF default rules this setting can safely allow the problem domain. This setting is probably not needed now most large mail systems are using SPF.

Syntax: g_spf_rev_skip string

g_spf_rewrite – Rewrite ‘from’ envelope in redirected mail (SRS)

When messages are redircted/forwarded to another server from you server, the ‘from’ address of the existing message envelope will no longer obey SPF rules as it will be coming from your server rather then the original server. So to fix this enable this rewrite setting and then the from envelope is rewritten to point to your system using a short life token. The ‘from’ header of the message is not modified.

Syntax: g_spf_rewrite bool

g_spf_rewrite_gateway – Rewrite even if gateway rule applies

In some cases you will want SRS rewriting for relay hosts, In which case you should turn this on.

Syntax: g_spf_rewrite_gateway bool

g_spf_rewrite_relay – Rewrite even if from ip is a host to relay for

In some cases you will want SRS rewriting for relay hosts, In which case you should turn this on.

Syntax: g_spf_rewrite_relay bool

g_spf_share – List of hosts to share allow ips with. Must all have same srs.secret file

List your other incoming mail servers (which must be running surgemail). This lets SurgeMail share the list of known IP addresses which have sent ‘allow’ emails. You must copy your srs.secret file across all of the servers in question so they can verify each other correctly.

Syntax: g_spf_share string

g_spf_skip – Skip spf checks for these ip addresses, e.g. other mx hosts

List the ip addresses of your other MX servers so SPF checks wont fail when a message comes in via an mx host instead of directly. The SPF checking must therefore be done on all the MX servers.

Syntax: g_spf_skip string

g_spf_skip_from – Skip based on from, e.g. noreply@*paypal.com,…, Also skips RBL

Good for skipping SPF checking if a domain is in some way incompatible with SPF checking

Syntax: g_spf_skip_from string

g_spf_skip_to – Skips SPF checks based on rcpt address and RBL checks.

Syntax: g_spf_skip_to “user@domain.com”

This setting can be used to skip spf checks based on the rcpt address, if used with g_orbs_late “true” then it can also be used to skip rbl checks if the rcpt matches this setting.

Syntax: g_spf_skip_to string

g_spf_timeout – Seconds to wait for all spf lookups to finish, default 48 seconds

Best not to change

Syntax: g_spf_timeout int

g_spf_user_domain – Make allow bounces use destination user domain name

This can be useful if you need to ensure emails bounce with an address that is similar to the destination

Syntax: g_spf_user_domain bool

g_spf_very_strict – (strict only) Only give ‘allow’ option for default spf rule failures not real ones

In this mode real SPF failures are hard failures, but if there is no SPF record for a domain then the friendly ‘allow’ system is used to let the user send mail with only mild difficulty.

Syntax: g_spf_very_strict bool

g_spf_web_url – Specify full url for spf byweb commands http://domain.name:port

Normally the default will work.

Syntax: g_spf_web_url string

g_spflog_domains – Specify which domains should get spflog entries sent to them.

If some of your backend servers are not surgemail then this setting will be needed to turn off the spflog messages to the non surgemail servers

Syntax: g_spflog_domains string

g_spflog_enable – Enable this if this server is a frontend for a SurgeMail server users log into.

Enable this if this server is a frontend for a SurgeMail server users log into.

Syntax: g_spflog_enable bool

g_spool_path – Allows SurgeMail to scan a directory for messages to send.

Syntax: g_spool_path “directory of spool”

SurgeMail will scan this directory every few seconds and check for any messages in this directory if found SurgeMail will then send them the messages (must end in the extension .msg). The format of the messages is as follows (without the quotes).

filename: test.msg


To: you@domain.com
From: blah@domain.com
Subject: blah blah

This is a test

Syntax: g_spool_path string

g_sstat_disable – Disable netwin statistics gathering.

We use this to keep track of which features customers use/like

Syntax: g_sstat_disable bool

g_stack – For testing only, NEVER SET THIS

Never set this, it can make the server unstable

Syntax: g_stack int

g_stack_imap – For testing only, NEVER SET THIS

Never set this, it can make the server unstable

Syntax: g_stack_imap int

g_startup_delay – Startup delay

Seconds to wait before accepting inbound connections when starting SurgeMail .

Syntax: g_startup_delay int

g_status_login – Require login for spam status actions

This setting has no further documentation currently available

Syntax: g_status_login bool

g_status_url – Specify default global url for status messages

Normally the default will work.

Syntax: g_status_url string

g_status_view_html – Obsolete setting

Setting is no longer used.

Syntax: g_status_view_html bool

g_store_dropped – Store upto 5000 bad bounces in the dropped directory

This is useful to check if vanish_bad_bounces is working correctly

Syntax: g_store_dropped bool

g_subject_blank – Subject header if one is missing

Used if the message has no Subject header

Syntax: g_subject_blank string

g_surbl – SURBL Spam URI Realtime Blocklists

This looks up each url found in each mail message and checks it against the SURBL database of your choice, the multi database can be used. See http://www.surbl.org/, adds headers of the form: X-Surbl: stamp urlfound nameofsurbl. PLEASE NOTE: Access to surbl is only provided freely in some conditions, larger ISP’s may need to purchase a feed, see http://www.surbl.org/usage-policy

Syntax: g_surbl name=string stamp=string

Example: g_surbl name=”multi.surbl.org” stamp=”sc.surbl.org,ws.surbl.org,phishing,ob.surbl.org,ab.surbl.org,jp”

g_surbl_from – Also check the return path

Adds return path domain/from check in the surbl database, use with Spamhaus DBL

Syntax: g_surbl_from bool

g_surbl_reject – Reject email with SURBL hits

This can reduce spam on your server by completely rejecting all email containing surbl web links…

Syntax: g_surbl_reject bool

g_surbl_skip – URL’s to allow even if listed in surbl

Sometimes you will want to whitelist a url that is listed in one or more surbl databases, use this setting to do that.

Syntax: g_surbl_skip string

g_surbl_skip_ip – Skip SURBL check if sender is from listed ip

Sometimes you will want to whitelist an ip from SURBL checks. Use this setting to do this.

Syntax: g_surbl_skip_ip string

g_surbl_whois – Also check whois info on suspect urls – not for busy servers!

This setting searches whois information and compares what it finds to a list of known persistent spammers who register new domains regularly – if a match is found a surbl header is added. The whois servers don’t like getting heavy load so don’t use this setting if your server is very busy. A cache is used to minimize the load.

Syntax: g_surbl_whois bool

g_surgeblog – Specialize SurgeMail as a Blog server

This setting causes SurgeMail’s interface to specialize itself for the purposes of being a Blog server.

Syntax: g_surgeblog bool

g_surgeplus_delay_tell_upgrade – Delay informing existing users about new SurgePlus versions for

Delay informing existing users about new versions of SurgePlus for this long after the new version is downloaded to your server. SurgePlus clients poll the server once an hour so they won’t be informed about the new version for up to an hour longer than the value of this setting. Use this setting combined with the g_surgeplus_delay_tell_upgrade_exempt setting so that only administrator users are informed about new versions at first so you can confirm the new version works fine with your existing server configuration before everyone upgrades. Example values: “3 hours” or “2 days”

Syntax: g_surgeplus_delay_tell_upgrade string

g_surgeplus_delay_tell_upgrade_exempt – Users exempt from delayed new version informing

See the above setting for information. Example value: “user1@domain.name,user2@domain.name”

Syntax: g_surgeplus_delay_tell_upgrade_exempt string

Use this setting if you don’t want your users to know about the SurgePlus Windows client. All this setting does is to hide the download links from the web interface.

Syntax: g_surgeplus_hide_client_downloads bool

This causes links to appear in the SurgePlus interface to switch to using WebMail (and DBabble if you have the g_dbabble_links setting on).

Syntax: g_surgeplus_links bool

g_surgeplus_log_level – SurgePlus log level. ‘none’, ‘info’, or ‘debug’. Default is ‘info’

Sets the amount of logging done for SurgePlus. When using ‘debug’ level, data is logged to surgeplusd.log in addition to surgeplus.log

Syntax: g_surgeplus_log_level string

Example: debug

g_surgeplus_online – Enable online tracking in surgeplus

Not recommended.

Syntax: g_surgeplus_online bool

g_surgeplus_pop_server_name – Default pop server to set SurgePlus client download to connect to.

SurgePlus Windows client downloads are set to connect to this POP server by default. This setting only applies if the user is downloading the client from a URL that does not match a valid domain on the server. If the URL does match a domain on the server, the domain specific version of this setting applies instead.

Syntax: g_surgeplus_pop_server_name string

g_surgeplus_port, g_surgeplus_secure_port – SurgePlus port and SurgePlus secure port.

SurgePlus uses the POP protocol to communicate with SurgeMail. However, some virus scanners running on the clients machine prevent the SurgePlus client from using POP commands that the virus scanner does not know about. In order to avoid this problem, SurgePlus uses port 7110 by default instead of port 110. However, clients not using a virus scanner (or clients using some virus scanners we have made SurgePlus work with – e.g. Norton) can safely use port 110 if they would otherwise be prevented from connecting to SurgeMail by a firewall. The SurgePlus client will quietly switch to using port 110 if it is not able to connect to the server using port 7110.

Syntax: g_surgeplus_secure_port int

g_surgeplus_smtp_server_name – Default smtp server to set SurgePlus client download to connect to.

SurgePlus Windows client downloads are set to connect to this SMTP server by default. This setting only applies if the user is downloading the client from a URL that does not match a valid domain on the server. If the URL does match a domain on the server, the domain specific version of this setting applies instead.

Syntax: g_surgeplus_smtp_server_name string

g_surgeplus_web_port – SurgePlus web port.

If you want your SurgePlus users to view shared files over a different port than WebMail uses give this setting a value.

Syntax: g_surgeplus_web_port int

g_surgeplus_web_url – Direct SurgePlus users to access shared files at this url

Use this to override the default location that users are directed to to view shared SurgePlus web files. If you don’t specify a value for this setting then it defaults to using the non-secure webmail port.

Syntax: g_surgeplus_web_url string

Example: https://||domain||:7443

g_surgewall_ignore_error – Deliver even if some rule sais bounce

This setting should never be used we think…

Syntax: g_surgewall_ignore_error bool

g_surgewall_redirect – Allow redirect/responder for surgewall

Allows redirect/responder settings to work for surgewall

Syntax: g_surgewall_redirect bool

g_surgewall_split – Split up surgewall messages, one per recipient

Split up incoming messages so subject tagging should work

Syntax: g_surgewall_split bool

g_tcp_bf_size – Set tcpip snd/rcv buffer sizes, best left blank

This setting has no further documentation currently available

Syntax: g_tcp_bf_size int

g_tcp_proxy_ip – Enable TCP proxy protocol for specific address

Enables the tcp proxy protocol on new connections for this address for pop,imap,smtp.

Syntax: g_tcp_proxy_ip string

g_tcp_que_len – Length of listen queue for incoming connections

Default is 25 or 200 on windows, to reduce non paged pool on windows reduce to 20

Syntax: g_tcp_que_len int

g_tcp_read_timeout – Timeout in ‘seconds’ on POP connections (do not adjust)

Timeout in ‘seconds’ on POP connections, do not adjust. (default 600).

Syntax: g_tcp_read_timeout int

g_tellmail_ip – Tellmail IP restriction

Restrict remote tellmail commands to these IP addresses.

Syntax: g_tellmail_ip string

g_thread_max – Total maximum number of threads allowed

Total maximum number of threads allowed on this system. This should not normally be changed. If you do increase it start small, eg: 400 is a safe number on most systems. Generally if you need to increase it more than that then you have a performance problem that needs fixing and increasing it more is unlikely to be a good idea. On Linux if your thread_max setting is above 500 then you must modify surgemail_start.sh to increase the handle limit from 1024 to 2048 (at least twice the g_thread_max value). If you get crashes with ‘handle_limit’ recorded in the logs then it’s likely that your operating system handle limit is too small for your g_thread_max setting. On Solaris you will need the 64 bit build of SurgeMail to increase this limit as the Solaris 32 bit ‘c’ libraries are limited to 256 file handles (I kid you not

See FAQ section on session limits

Syntax: g_thread_max int

g_thread_pool – Keep all threads in a common pool

This setting has no further documentation currently available

Syntax: g_thread_pool bool

g_thread_reuse_real2 – Thread reuse

If enabled the server will reuse existing threads instead of creating and destroying threads for each incoming/outgoing message. This has no affect on performance but does avoid a bug in some UNIX threading libraries which leak handles and cause problems if threads are not reused. Generally best disabled except on early Linux systems.

Syntax: g_thread_reuse2 bool

g_thread_smooth – Throttle thread creation as max hit to reduce peaks

This setting has no further documentation currently available

Syntax: g_thread_smooth bool

g_thread_spinlock – Spin more before sleeping when waiting for mutex

This setting has no further documentation currently available

Syntax: g_thread_spinlock bool

g_timeout_try_later – If timeout while waiting for message to arrive tell other end to retry

This ‘may’ cause faulty servers to endlessly retry a message. But should be ok. Normally this sort of timeout is very rare but can be caused by faulty virus scanner so retrying won’t always help

Syntax: g_timeout_try_later bool

g_timezone – Timezone text

Text to be placed in the timezone part of the date string. e.g. +1200 NZT

Syntax: g_timezone string

g_timezone_force – Hours offset to local time, e.g. 5 (best left blank)

This setting has no further documentation currently available

Syntax: g_timezone_force string

g_to_valid – Require an @ and dotted domain in all dest addresses

This forces all destination addresses to contain a domain name (breaks cron job emails on unix)

Syntax: g_to_valid bool

g_tohost_local – Tohost entries to deliver locally

Authentication database tohost name entry to deliver locally. This setting only applies if g_proxy or g_route_by_tohost is enabled. This is useful to allow the configuration of multisite systems using g_route_tohost with a single shared authentication database.

Syntax: g_tohost_local string

g_token_httponly – Use httponly flag, stop scripts using token, may break attachments

This setting has no further documentation currently available

Syntax: g_token_httponly bool

g_token_secure – Use secure flag for surgeweb, stops http access to token, so requires https to work

This setting has no further documentation currently available

Syntax: g_token_secure bool

g_toscan_path – Path used for mime parts for virus scanner

The default is the toscan directory under the home path, using this setting can help sometimes if permissions are a problem

Syntax: g_toscan_path string

g_train_store – Number of messages to store in each spam training directory (1000-5000)

We recommend about 10000 – dont get carried away, more is not necessarily better!

Syntax: g_train_store int

g_uidl_big – Use random uidl if uidl not found

This can avoid uid collisions if uidl files are lost mysteriously

Syntax: g_uidl_big bool

g_unique_name – A unique name for this server

This name is used in place of the machine hostname in message filenames and thus friends confirmation message subjects

Syntax: g_unique_name string

g_url_alias – Allows translation from one URL to another

Allows translation from one URL or beginning of a URL to another. eg:

g_url_alias from=”/cgi-bin/” to=”/scripts/”

will cause the URL http://localhost:7025/cgi-bin/fred.cgi to reference the same file as http://localhost:7025/scripts/fred.cgi would have, the fred.cgi in the SurgeMail ‘scripts’ directory. The domain url_alias settings are checked before these, the first matching rule is used, settings are checked in the order specified.

Syntax: g_url_alias from=string to=string ports=string

g_url_enable – Enables widearea url database

Syntax: g_url_enable <true/false>

If set then SurgeMail fetches the url database and updates from netwinsite.com every few hours. Messages which contain matches will get a header X-SpamUrl:… which will be used in the spam score. Once enabled you will contribute to Netwin’s central server and also download from their once every couple of days.
Additions to your isspam/notspam training addresses are also sent to netwinsite.com (just the url’s for white list/blacklist)

Syntax: g_url_enable bool

g_url_host_noscan – Disable the scan for url_host settings matching the domain in an incoming web request

SurgeMail uses g_server_name and url_host settings to determine the default domain to select for web requests, this setting stops it using the url_host settings (which may be slow on systems with a large number of domains)

Syntax: g_url_host_noscan bool

g_url_master – Not for general use

Used by netwin to manage the master server. Sorry this doesn’t allow you to run your own master.
Should be left blank

Syntax: g_url_master bool

g_url_master_to – Not for general use

Not for general use. Used by netwin for testing.

Syntax: g_url_master_to string

g_url_redirect – Sends http 301 redirect to tell browser resource has moved

Typical usage to move users from http to https automatically, e.g. g_url_redirect from=”http://*/surgeweb” to=”https://%1:7443/surgeweb” ports=”80,7080″

Syntax: g_url_redirect from=string to=string ports=string

g_utf8_case_insensitive – Use case insensitive compare for surgeweb and imap searches

This setting has no further documentation currently available

Syntax: g_utf8_case_insensitive bool

g_vanish_any_bounce – Vanish all bounces, requires g_vanish_bad_bounces

This setting will vanish spam pretending to be a bounce, it is possible it will vanish a real but badly formed bounce (badly formed as it contains no indication that it came from this server). Note: You MUST have g_vanish_bad_bounces true as well!

Syntax: g_vanish_any_bounce bool

g_vanish_bad_bounces – Vanish suspected spam bounces

Vanish suspected spam bounces (requires g_received_name).

Syntax: g_vanish_bad_bounces bool

g_vanish_relay – Vanish bad bounces before relaying email too

Requires g_vanish_bad_bounces too, and g_received_name must be set to something other than the email domain, e.g. bounces.your.domain

Syntax: g_vanish_relay bool

g_vanish_virus_bounces – Vanish suspected virus bounces (requires g_received_name)

This setting gets rid of most of those stupid virus bounces you get from emails you haven’t sent. It works by checking incoming virus bounces for the received header that must exist if it was sent with your mail server. If the header is not found, the message is dropped. Recomended.

Syntax: g_vanish_virus_bounces bool

g_verify_helo – Verify helo name translates to same network as sending system.

Syntax: g_verify_helo “true/false”

It will skip this check for any trusted connection (smtp authenticated, or any ip it would allow to forward)

It adds this header:
X-Verify-Helo

It simply takes the helo name, and turns it into a number a.b.c.d, then it checks that the connection is coming from ‘a.b.*.*’
if it isn’t it adds a header saying as much.

Syntax: g_verify_helo bool

g_verify_image_hard – Use extra difficult human verification image (used in blogs)

This setting has no further documentation currently available

Syntax: g_verify_image_hard bool

g_verify_mx – Verify sender IP by MX

Verify MX records contain senders IP address (also see g_verify_mx_skip).

Syntax: g_verify_mx bool

g_verify_mx_skip – Skip verify sender IP by MX

Use to define incoming mail gateway IPs so the MX verify doesn’t fail on them.

Syntax: g_verify_mx_skip string

g_verify_smtp – Verify SMTP port

Verify we can talk back to the SMTP port on incoming IP address.

Syntax: g_verify_smtp bool

g_verify_timeout – Seconds to wait for SMTP response, default is 10 seconds

As the verification of incoming addresses is done while the message is arriving at the ‘data’ stage, it is critical that it not take more than 30-60 seconds or the sending server will give up and the message will be lost. Generally this setting should not be changed.

Syntax: g_verify_timeout int

g_warning_to – Addresses to treat as local and send warning bounces to

This may cause back scatter to use with caution

Syntax: g_warning_to string

g_web_access_grp – Restrict user groups to specific ports

Specifies a user group or groups and a list of valid web ports for that group.

Syntax: g_web_access_grp group=string ports=string

g_web_access_ip – Restrict access to web ports based on ip

Specifies a list of ports and a wildcard list of valid ip addresses who can connect to those ports.

Syntax: g_web_access_ip ports=string ip=string

g_web_access_max – Maximum number of concurrent web logins for group

Specifies the maximum number of concurrent web logins for a certain group of users.

Syntax: g_web_access_max group=string max=int

g_web_add – Add http headers

This setting has no further documentation currently available

Syntax: g_web_add string

g_web_admin_max – Maximum number of concurrent web admin sessions

Web admin requests are recorded, the remote IP and local port are used to identify a particular session. This setting places a limit on the number of sessions at any one time.

Syntax: g_web_admin_max int

g_web_appsname – Apps url name on unified web interface

This setting has no further documentation currently available

Syntax: g_web_appsname string

g_web_appsroot – Apply apps interface at web root ie /

This setting has no further documentation currently available

Syntax: g_web_appsroot bool

g_web_charset – Charset for html pages

Sets the charset to use for each language i.e. e.g. iso-8859-1

Syntax: g_web_charset lang=string charset=string

g_web_force_doctype_first_disable – Disable webserver behaviour to force doctype definitions to be displayed first.

Comments displayed on the webpages (including template filenames), mean IE does not use the doctype definiton. Surgemail tries to display doctype first. This setting reverts to old behaviour.

Syntax: g_web_force_doctype_first_disable bool

g_web_forwarded_test – Fake the forwarded-for header

This setting has no further documentation currently available

Syntax: g_web_forwarded_test bool

g_web_forwarded_uselast – Use last address in multiple item forwarded-for header

This setting has no further documentation currently available

Syntax: g_web_forwarded_uselast bool

g_web_hide_source_names – Hide the name of the source template page in output web pages.

To aid tailoring each web page in the web admin shows it’s own address so you can find it to modify it. Some admins consider this a security issue, or just a bit ugly, so use this setting to hide this information when you don’t need it.

Syntax: g_web_hide_source_names bool

g_web_max – Max concurrent web connections, default is 100

This includes web admin, webmail etc…., The default limit should be sufficient for most systems. Although a limit of 10 would be tons for most systems we had to set the default high as this setting was added recently.

Syntax: g_web_max int

g_web_max_perip – Max concurrent web connections per-ip, default is 30

This includes web admin, webmail etc…., The default limit should be sufficient for most systems unless all your users are coming through a common proxy

Syntax: g_web_max_perip int

g_web_noserver – Disable Server header in http responses

Some security firms require this in order to hide the software application information

Syntax: g_web_noserver bool

g_web_old_behaviour – Revert to old style webserver behaviour

To pass various auditing tests admin interface no longer responds to arbitrary url. This restores old behaviour.

Syntax: g_web_old_behaviour bool

g_web_php_exe – Path to php.exe

Experimental support for php

Syntax: g_web_php_exe string

g_web_policy_disable – Disable obscure web policy security headers

This setting has no further documentation currently available

Syntax: g_web_policy_disable bool

g_web_ref_path_extension – Path extension to add to web page image/css references.

This setting is used for caching purposes. See SurgeMail template caching for details

Syntax: g_web_ref_path_extension string

g_web_timeout – Timeout for web requests

Timeout for web requests, the default is 180 seconds, generally it should not be set below 61 seconds

Syntax: g_web_timeout int

g_web_title – Title to use on specified web page

This lets you customize the title of each management web page.

Syntax: g_web_title page=string title=string

g_web_trust_ip – Trust ip address from rev proxy web server X-Forwarded-For

This setting has no further documentation currently available

Syntax: g_web_trust_ip string

g_web_url_path – Url to path translation with access specifier

This lets you set up aliases and translations of urls partly based on the access rights of the user.

Syntax: g_web_url_path url=string path=string access=string

g_web_utf8 – Make sure all user.cgi handling is done in UTF8

Make sure user.cgi handlign is all done in UTF8 rather than paged character sets.

Syntax: g_web_utf8 bool

g_webdav_enable – Enable webdav access for users (do not use)

Enable ‘webdav’ features so users can store data, you must also define g_webdav_path

Syntax: g_webdav_enable bool

g_webdav_group – Only allow webdav if member of webdav access group

Require that users be members of the webdav group

Syntax: g_webdav_group bool

g_webdav_path – Root path for webdav storage

For example c:\surgemail\webdav

Syntax: g_webdav_path string

g_webdav_public – Enable non authenticated access to pub folder (readonly)

This setting enables the user to place web pages (static) up on their email account, the public url would be http://your.server/wd/username/pub/…

Syntax: g_webdav_public bool

g_winmail_fix – Replace winmail.dat with normal attachments, requires tnef installed first http://netwinsite.com/tnef.htm

First install tnef, on unix use: apt-get install tnef, on windows download tnef.exe from our website

Syntax: g_winmail_fix bool

g_work – Workarea Path

Work area for SurgeMail temporary work files.

Syntax: g_work string

g_xauthuser_hide – Hide X-Authenticated-User header

The header X-Authenticated-User is added to all local deliveries for users that login using SMTP authentication. This is the most reliable way to determine who actually sent this email. This setting will disable the addition of this header.

Syntax: g_xauthuser_hide bool

g_xfile_allow – IP address to allow xfile and WebMail features from

Allow xfile & web upload features for users. Set to ‘*’ or the WebMail servers IP address.

Syntax: g_xfile_allow string

g_xrcpt_hide – Hide X-Rcpt header

The X-Rcpt header is added indicating which local account this message was delivered to. This setting will disable the addition of this header.

Syntax: g_xrcpt_hide bool

g_xrcptoriginal_hide – Hide X-Rcpt-Original header

The X-Rcpt header is added indicating which local account this message was delivered to. If the mail has been redirected for any reason the original delivery address is added as an X-Rcpt-Original header. This setting will disable the addition of this header.

Syntax: g_xrcptoriginal_hide bool

g_xserver_hide – Hide XServer header

This wil hide the X-Server header.

Was this article helpful?

Related Articles