Global settings Misc a-o

g_about_disable - Disable about web page

This setting has no further documentation currently available

Syntax: g_about_disable bool

g_acctlog_authonly - Log sending usage based on authenticated accounts only and ignore "MAIL FROM" address - which may be fake!!

This setting has no further documentation currently available

Syntax: g_acctlog_authonly bool

g_acctlog_noaliases - Don't log redirection & aliases as sending mail as a result of redirection / forwarding (means you will not log account forwarding usage)

This setting has no further documentation currently available

Syntax: g_acctlog_noaliases bool

g_acctlog_sum_inactive - Summarise local accounts that have not logged in yet as not_loggedin_yet@domain.com

This setting has no further documentation currently available

Syntax: g_acctlog_sum_inactive bool

g_aspam_headers - Add aspam information messages to messages.

Adds informational aspam headers to all messages.

Syntax: g_aspam_headers bool

g_aspam_need_ip - Require good matches to match external ip address

This prevents poluted bad messages in aspam_good causing spam to bypass the filters, but reduces effectiveness of the notspam address.

Syntax: g_aspam_need_ip bool

g_assume_created_epoch - If user has no 'created' field assume they were created an arbitrarily large time in the past

This setting effect the g_disable_smtp_after and g_delete_user_after settings which, by default, ignore users who have not logged in and have no created field.

Syntax: g_assume_created_epoch bool

g_atrn_client - Define a rule for fetching email using ATRN protocol

This is the setting for clients to define to fetch mail from an upstream server. Typically this is done on the special port 366, to specify another port use host:port in the host setting. E.g. host="smtp.upstream.com:25"

Syntax: g_atrn_client domain=string user=string pass=string host=string

g_atrn_port - Port to listen for 'atrn' (On Demand Relay) requests

See g_atrn_server for more details, the default is port 366, atrn is not obeyed on port 25

Syntax: g_atrn_port string

g_atrn_server - On Demand Mail Relay settings to define user/pass for clients to fetch mail

This allows a client on a dynamic IP to connect and request mail for a specific domain after authenticating by using the ATRN command. Typically this is done on the special port 366

Syntax: g_atrn_server domain=string user=string pass=string

g_attach_convert - Process matching attachments with specified command. Passed two files names

This setting has no further documentation currently available

Syntax: g_attach_convert to=string from=string subject=string files=string output=string command=str

g_autologin_file - File to use to share auto login information on NFS based cluster

This allows webmail to autologin when using an nfs based cluster and a load sharing device.

Syntax: g_autologin_file string

g_autologin_imap_disable - Disable IMAP based autologins

IMAP autologins allow autologin to surgeweb.

Syntax: g_autologin_imap_disable bool

g_autologin_pop - Enables WebMail Autologin using POP when on another server

Webmail needs the ability to automatically login to SurgeMail to changes passwords etc. This setting will do this via an extension to the pop protocol allowing WebMail to autologin whilst running on another server. (Normally this is done using a temporary file)

Syntax: g_autologin_pop bool

g_backtrace_disable - Backtrace Disable

Disable backtrace information for unix systems.

Syntax: g_backtrace_disable bool

g_bank_debug - Log request to bank server

Use when trying to debug the g_bank_url post/response

Syntax: g_bank_debug bool

g_bank_group - Create price groups with descriptions

See g_bank_url for details

Syntax: g_bank_group group=string price=string desc=string

g_bank_log - Log lines matching this in response.

See g_bank_url for details

Syntax: g_bank_log string

g_bank_ok - Find this in response, if found then charge was successful

See g_bank_url for details

Syntax: g_bank_ok string

g_bank_pass - Password for authenticated web request to banks system

See g_bank_url for details

Syntax: g_bank_pass string

g_bank_reason - This line is returned to user if it is found

See g_bank_url for details

Syntax: g_bank_reason string

g_bank_url - URL to charge a credit card (experimental)

This allows automated monthly charging of users

Syntax: g_bank_url string

g_bank_user - Username for authenticated web request to banks system

See g_bank_url for details

Syntax: g_bank_user string

g_bind_authent_default - Bind to default if authenticated

So authenticated users get the default binding not g_bind_byfromip

Syntax: g_bind_authent_default bool

g_bind_byfromip - Bind outgoing SMTP connections to the specified IP based on the sender IP

This setting has no further documentation currently available

Syntax: g_bind_byfromip fromip=string bindip=string

g_bind_from - Bind outgoing SMTP connections based on 'from' envelope

Bind outgoing SMTP connections based on the IP of the virtual domain in 'from' envelope. This is only useful if you are using IP based virtual domains. 

Syntax: g_bind_from bool

g_bind_in_always - Bind on incoming in preference to g_bind_from

So if the incomnig mail came in on interface address 1.2.3.4 then that same address is used to send the email

Syntax: g_bind_in_always bool

g_bind_incoming - Bind outgoing SMTP connections based on incoming ip address

So if the incomnig mail came in on interface address 1.2.3.4 then that same address is used to send the email

Syntax: g_bind_incoming bool

g_bind_out - Bind outgoing smtp connections to IP

Bind outgoing smtp connections to this IP number. 

Syntax: g_bind_out string

g_blogs_allow_links - Allow users to post comments that contain urls

Due to widespread abuse of blogs this is not recommended.

Syntax: g_blogs_allow_links bool

g_blogs_cleanup_links - Delete existing posts that contain urls

This setting will help cleanup existing spam postings to your users blogs.

Syntax: g_blogs_cleanup_links bool

g_blogs_comment_rev - Show blog comments newest first

Helps if there are lots of comments, this is a global setting not per blog..

Syntax: g_blogs_comment_rev bool

g_blogs_default_template - Default template set that is used by newly created blogs

This setting can have a value of the name of any directory in the SurgeMail blogtpl directory

Syntax: g_blogs_default_template string

g_blogs_domonly - Only list blogs in a users domain

By default all blogs in all domains are listed/shown to the user. This setting causes it to only list blogs in the users domain.

Syntax: g_blogs_domonly bool

g_blogs_enable - Surgemail blogs

Allow users to create blogs

Syntax: g_blogs_enable bool

g_blogs_image_optional - Allow users to specify if image verification is required for comments

By default image verification is now required, this prevents spammers from abusing the many 'test' blogs set up by your users.

Syntax: g_blogs_image_optional bool

g_blogs_max_per_user - Maximum number of blogs per user

Maximum number of blogs per user, default is 5

Syntax: g_blogs_max_per_user int

g_blogs_maximum_image_size - Default maximum image size

Images larger than this (in largest dimension) that are posted to blogs are scaled down, default is 390, per blog setting can overide this.

Syntax: g_blogs_maximum_image_size int

g_blogs_maximum_image_width - Default maximum image width

Images larger than this that are posted to blogs are scaled down, default is 390, per blog setting can overide this.

Syntax: g_blogs_maximum_image_width int

g_blogs_maximum_items_in_top_page - Maximum number of items on the top blog page

Maximum number of post bodies to appear on a blog top page, default is 10

Syntax: g_blogs_maximum_items_in_top_page int

g_blogs_no_suffix - Shortens URL, url_blogs must be defined for each domain

This shortens http://a.com/blog/juggling to http:/a.com/juggling, but does require that you define a specific name for the blogs in the domain based url_blogs setting

Syntax: g_blogs_no_suffix bool

g_blogs_not_global - Only allows access to a blog onthe domain it is defined on

Only allows access to a blog on the domain it is defined on, this is not recommended. (probably want to use g_blogs_not_unique, g_blogs_domonly too)

Syntax: g_blogs_not_global bool

g_blogs_not_unique - Allow the same blog name in multiple domains

If set you can create different blogs with the same name in different virtual domains, this is not recommended.

Syntax: g_blogs_not_unique bool

g_blogs_ping - Sites to ping on each post

Host and path to ping on each blog post. eg: host=rpc.weblog.com path=/RPC2

Syntax: g_blogs_ping host=string path=string

g_blogs_sub_domain_prefix - Prefix to use instead of blogs. for blog subdomains. use ! to have no prefix.

Experimental feature do not use

Syntax: g_blogs_sub_domain_prefix string

g_blogs_use_sub_domains - Make blogs accessible at http://blog_name.domain/

If you're DNS entry supports it, turn on this setting to make blogs accessible at http://blog_name.blogs.domain/ instead of http://domain/blogs/blog_name

Syntax: g_blogs_use_sub_domains bool

g_body_filter - Enable user email body filtering

Allows the user to configure filters which filter the body of incoming messages

Syntax: g_body_filter bool

g_bomb_max - Max messages to a single address per hour

Simple system to prevent intentional or more likely, accidental mail loops or mail bombs where thousands of Emails are sent to a single user. A setting in the range of 100-1000 is generally good depending on your sensitivity to incorrectly blocking real mail.  We suggest 1000 is a good setting if you are unsure.

This counts the messages from a single IP address to a single recipient. If a single IP sends more than this many messages to any single recipient then they will be tarpitted (slowed down and rejected).

Use spam_allow ip.address.list to over-ride the limit for known local systems that might exceed this limit (unlikely anything will).

Syntax: g_bomb_max int

g_bomb_max_from - Max msgs from a single email address/hour

Max msgs from a single email address/hour.

Syntax: g_bomb_max_from int

g_bomb_white - don't apply bomb_max limit if to address matches

Useful for robots etc that expect high volume

Syntax: g_bomb_white string

g_broad_noadd - Disable buttons on message

Disables the added buttons for voice messages

Syntax: g_broad_noadd bool

g_broad_pass - BroadSoft pass

Customer specific feature

Syntax: g_broad_pass string

g_broad_port - BroadSoft port

Customer specific feature

Syntax: g_broad_port string

g_broad_server - URL to BroadSoft server

Customer specific feature

Syntax: g_broad_server string

g_broad_url - URL to this server

Customer specific feature

Syntax: g_broad_url string

g_broad_user - BroadSoft user

Customer specific feature

Syntax: g_broad_user string

g_bull_rule - Post bulletins to this domain

Senders must be authenticated user that matches the sender, domain can be blank to send to all domains, the to field is the address you will send posts to, typically something like: bulletins@your.domain.name

Syntax: g_bull_rule to=string domain=string sender=string

g_byname_old - Enable old slow domain lookup functions

This setting should not be needed.

Syntax: g_byname_old bool

g_centipaid - see CentiPaid.htm

Authentication server and port for CentiPaid.

Syntax: g_centipaid string

g_cid_skip_to - Skip CID score, good for lawyers etc

Some users will trigger CID matches due to the nature of their business (accountants/lawyers) for these people you may want to list them here. CID is content matching, usually scams which often use legal language.

Syntax: g_cid_skip_to string

g_comment - Management notes and comments about the server

This is a dummy setting that lets you store information in the ini file that will survive setting changes from the web admin tool.

Syntax: g_comment date=string name=string comment=string

g_con_gateway - Connection limit per ip also applies to gateways

This setting has no further documentation currently available

Syntax: g_con_gateway int

g_con_perip - Connections per IP

Maximum number of connections allowed per IP address. Primarily this is used to prevent simple denial of service attacks where one user could otherwise use up all the channels your system can support and then do nothing with them. 

Syntax: g_con_perip int

g_con_perip_except - Connections per IP exception

IP list of exception addresses to g_con_perip. 

Syntax: g_con_perip_except string

g_con_persubnet - Maximum concurrent connections per subnet

Maximum number of concurrent connections per subnet. This limits concurrent connections from a sub net, great for automatically stopping professional spammers who use multiple addresses. A typical setting might be 20. Subnet is /24.

Syntax: g_con_persubnet int

g_con_peruser - Connection limit per user for imap/pop. Set above 20

This setting has no further documentation currently available

Syntax: g_con_peruser int

g_con_peruser_except - Exception users to g_con_peruser, include domain name

This setting has no further documentation currently available

Syntax: g_con_peruser_except string

g_convert_percent - Convert % signs top @ in recipient addresses

Some Spam tests send mail user%spamdomain.com@localdomain.com to see if a server is an open relay. If a default address is set up for the local domain this will be delivered to this local address and the test assumes the mail server is an open relay. This setting prevents this. 

Syntax: g_convert_percent bool

g_cookie_secure - Set all cookies to secure mode on https connections

This setting has no further documentation currently available

Syntax: g_cookie_secure bool

g_country_allow - user@domain list to bypass country_login rule

This setting has no further documentation currently available

Syntax: g_country_allow string

g_country_allowip - Ip addresses to bypass country_login rule

This setting has no further documentation currently available

Syntax: g_country_allowip string

g_country_ip - Tag messages with country of origin

Downloads a ip to country database and then adds a header based on that to each message to show where it came from. This file IpToCountry.csv should appear in your surgemail home directory after enabling this setting (restart surgemail too), if the file doesn't appear you can download it via http://updates.netwinsite.com/updates/IpToCountry.csv , tellmail aspam_update may trigger the download!

Syntax: g_country_ip bool

g_country_login - List of countries to allow logins from, 2 letter codes

See IpToCountry.csv and make sure g_country_ip is enabled

Syntax: g_country_login string

g_cpu_slow - Email warning if no cpu for this many seconds

Default is 10 seconds, helps detect system lockups and alert the manager

Syntax: g_cpu_slow int

g_crash_nomini - Crash without minidump on windows

This setting has no further documentation currently available

Syntax: g_crash_nomini bool

g_crash_normal - Crash without catching exceptions

Crash without catching signals 10,11. In particular this will generate correct core files on FreeBSD systems.

Syntax: g_crash_normal bool

g_crash_simple - Crash simpler for solaris to avoid deadlock situation

This setting has no further documentation currently available

Syntax: g_crash_simple bool

g_create_allow - List of characters allowed in usernames/passwords

Defaults to A-Za-z0-9\-_. meaning usernames/password may contain letters, numbers, -, _ and . and nothing else.

Syntax: g_create_allow string

g_create_allow_pass - List of characters allowed in passwords

Settting overriding g_create_allow just for passwords.

Syntax: g_create_allow_pass string

g_create_apply - List of user groups to apply create_* settings for.

This setting allows you to apply create_* settings to domain admin accounts. Specify g_access_group names and domain admins in these groups will have create_* settings applied to them when adding users in the domain admin interface.

Syntax: g_create_apply string

g_create_apply_admin - Apply allow* rules to the administrator

Without this setting the admin can create usernames that contain any characters pretty much

Syntax: g_create_apply_admin bool

g_create_badnames - List of illegal usernames

Comma separated list of illegal usernames, may contain wild cards, if username contains part of a non-wild card or matches a wildcard it is disallowed.

Syntax: g_create_badnames string

g_create_cleanup - Cleanup existing data before adding a user

This causes a delete to be actioned for a user before/as they are created. This ensures the new user does not end up with any files, on any mailing lists, with any aliases etc from a previous user of the same name/address. If you delete users from the authent database directly i.e. not using the surgemail web admin or calling 'tellmail delete_user' then this setting will cleanup the users files when their address is re-used.

Syntax: g_create_cleanup bool

g_create_dictionary - File containing dictionary words to compare passwords to

Text file containing one word per line, passwords are compared to all words longer than 4 characters in this file, if a username or password contains a word in this file it is not allowed. Only takes effect if g_create_strict is checked.

Syntax: g_create_dictionary string

g_create_pass_digit - Require one digit and letter in a password

This setting has no further documentation currently available

Syntax: g_create_pass_digit bool

g_create_pass_length - Limit the length of user passwords

This is applied during user self creation and when users change passwords. Set admin to true to restrict the domain and global admin also.

Syntax: g_create_pass_length min=int max=int admin=bool

g_create_pass_mixed - Require mixed case passwords

Require mixed case passwords

Syntax: g_create_pass_mixed bool

g_create_pass_notuser - Ban password containing username

Ban password if it conains the username

Syntax: g_create_pass_notuser bool

g_create_pass_recheck - Recheck passwords during login and warn user if g_hack_touser is true

This setting has no further documentation currently available

Syntax: g_create_pass_recheck bool

g_create_pass_recheck_text - Added to end of recheck email to give users a url to a help page

This setting has no further documentation currently available

Syntax: g_create_pass_recheck_text string

g_create_pass_slack - Slacken restrictions on trivial password creation

Useful sometimes for provisioning, allows username=password

Syntax: g_create_pass_slack bool

g_create_pass_special - Require special character, e.g. !@#$%^&*(){}[];:?><.,

Require a special character

Syntax: g_create_pass_special bool

g_create_record_ip - Causes surgemail to store ipnum in the authent database

This setting has no further documentation currently available

Syntax: g_create_record_ip bool

g_create_strict - Whether to apply strict rules to usernames/passwords

Checking this causes surgemail to check passwords do not contain words longer than 4 characters from g_create_dictionary as well as requiring the password to be 6+ characters, and usernames/passwords to contain more than 1 character.

Syntax: g_create_strict bool

g_create_strict_admin - Enforce strict rules for admins too, set g_create_strict AS WELL!!

This setting has no further documentation currently available

Syntax: g_create_strict_admin bool

g_create_user_length - Limit the length of usernames

This is applied during user self creation. Set admin to true to restrict the domain and global admin also.

Syntax: g_create_user_length min=int max=int admin=bool

g_date_add_utc - Add UTC if date header is missing it

Add timezone if date header is missing one

Syntax: g_date_add_utc bool

g_dbabble_links - Add web links to DBabble from other web interfaces (and vice versa)

This causes links to appear in the DBabble interface to switch to using WebMail (and SurgePlus if you have the g_surgeplus_links setting on).

Syntax: g_dbabble_links bool

g_dbabble_smtp_port - DBabble SMTP port (do not manually change this setting - it should be set from the DBabble section of the web admin interface only)

This setting specifies the port that DBabble listens on. DBabble looks at surgemail.ini and if it sees this setting, overrides it's own setting with this value. When you save changes to this setting from within the SurgeMail DBabble admin interface, SurgeMail automatically sets appropriate values for the g_redirect_iflocal and g_gateway settings.

Syntax: g_dbabble_smtp_port int

g_dbabble_smtp_prefix - DBabble SMTP prefix (do not manually change this setting - it should be set from the DBabble section of the web admin interface only)

This setting is used in conjunction with the dbabble_smtp_port setting to forward all mail with the specified prefix on to DBabble.

Syntax: g_dbabble_smtp_prefix string

g_debug_block - For catching bugs in block file processsing

For catching bugs in block file processsing.

Syntax: g_debug_block bool

g_debug_body - Save msg body during processing

This setting has no further documentation currently available

Syntax: g_debug_body bool

g_debug_check - Use more dmalloc debugging, some performance impact. Also set g_debug_free

This setting has no further documentation currently available

Syntax: g_debug_check bool

g_debug_crt - Some CRT debugging on windows, do not use

This setting has no further documentation currently available

Syntax: g_debug_crt bool

g_debug_free - Check free memory isn't corrupted - slows performance slightly

This is for tracking a particular bug, not for general use

Syntax: g_debug_free bool

g_debug_image - Save image thumbnail files to find bug

This setting has no further documentation currently available

Syntax: g_debug_image bool

g_debug_imap - Log imap folder renames and deletes in kmsg.log

This is for tracking a particular bug or user error 🙂

Syntax: g_debug_imap bool

g_debug_ini - Debugging, don't use this

This is a temp setting used for testing

Syntax: g_debug_ini bool

g_debug_ncpy - Debug ncpy function

This makes ncpy clear the entire destination buffer to increase the chance of a crash if the buffer length is wrong

Syntax: g_debug_ncpy bool

g_debug_timing - Record dfopen timing, tellmail dfopen_stats

This makes ncpy clear the entire destination buffer to increase the chance of a crash if the buffer length is wrong

Syntax: g_debug_timing bool

g_debug_vanished - Name of file to check for, if file vanishes, crash

This is for tracking a particular bug, not for general use

Syntax: g_debug_vanished string

g_delete_exclude - Field and value that excludes an account from g_delete_user_after

If the authent response includes this field/value pair then the user account will not expire

Syntax: g_delete_exclude field=string value=string

Example: field="noexpire" value="true"

g_delete_user_after - Number of days an account can remain unread before it is deleted

Number of days an account can remain unread before it is deleted. This setting cannot be used on an authent_domain FALSE domain unless it has a prefix setting.

e.g.
DELETE_USER_AFTER "30"
Then issue the command:
tellmail expire_accounts
Then examine users_delete.rec to see it is a valid list of old accounts, then use:
tellmail delete_user FILE users_delete.rec

To actually delete the accounts.

Syntax: g_delete_user_after int

g_delete_user_mode - What to do when an account is unread

You can set this to "file" or "suspend". "file" causes accounts to be written to the users_delete.rec file, which you can action by running "tellmail delete_user FILE" or "tellmail delete_user FILE users_delete.rec" (optionally specify the file). "suspend" causes accounts to be suspend, it does this by setting the field and value specified in the g_delete_user_suspend setting.

If this setting is blank the default is to use 'file' mode, accounts are NEVER deleted automatically except in the very oldest versions of surgemail (before version 3)

Syntax: g_delete_user_mode string

g_delete_user_suspend - If suspending an unread account set this field/value

Set the field and value to use when suspending an account due to g_delete_user_after and the g_delete_user_mode "suspend" settings.

Example: Disable accounts after 1 year 
       g_delete_user_after "365"
       g_delete_user_mode "suspend"
       g_delete_user_suspend field="mailstatus" value="closed"

Syntax: g_delete_user_suspend field=string value=string

g_deliver_robot - Robot/Script to run at delivery time $FILE$ AND $TO$ parameters

This setting has no further documentation currently available

Syntax: g_deliver_robot string

g_demo - Demo mode lock unsafe admin features

This setting has no further documentation currently available

Syntax: g_demo bool

g_demo_to - Demo mode valid external destinations

This setting has no further documentation currently available

Syntax: g_demo_to string

g_deny - Deny users from some IP ranges

Block known spammers etc by IP address. You can use wild cards and 'not' signs, e.g. "!*,127.*,10.*" 

Syntax: g_deny string

g_deny_country - Block email from some countries, use 2 digit code not the full name, see IpToCountry.csv, turn on g_country_ip!

Block countries, examine the file IpToCountry.csv for the abbreviations, g_country_ip must be set true, and issue tellmail aspam_update

Syntax: g_deny_country string

g_deny_login - Block users from some ip ranges logging in

This setting has no further documentation currently available

Syntax: g_deny_login string

g_deny_msg - Deny message

Message to give to users who are disconnected due to the above 'deny' setting. 

Syntax: g_deny_msg string

g_deny_smtp - Deny SMTP based on IP address

Block users from some IP ranges connecting to SMTP only. 

Syntax: g_deny_smtp string

g_disable_exclude - Field and value that excludes an account from g_disable_smtp_after

If the authent response includes this field/value pair then the user account will not be disabled from receiving messages

Syntax: g_disable_exclude field=string value=string

Example: field="noexpire" value="true"

g_disable_skip - Ip address of senders to accept email from even if user account is disabled due to g_disable_smtp_after

Useful to ensure delivery for important company notices

Syntax: g_disable_skip string

g_disable_smtp_after - Number of days an account can remain unread before delivery is disabled

DO NOT USE THIS SETTING IN A MIRROR/CLUSTER SETUP

Number of days an account can remain unread before delivery is disabled. 

Syntax: g_disable_smtp_after int

g_disable_surgeplus - Disable SurgePlus Calendar and File Sharing client

Disable users from logging in using the SurgePlus Calendar and File Sharing client. See SurgePlus

Syntax: g_disable_surgeplus bool

g_disable_surgeplus_updates - Disable automated downloading of new versions of SurgePlus client from netwinsite.com

New versions of the SurgePlus client are automatically downloaded from netwinsite.com and made available for download form your server by your users. See SurgePlus

Syntax: g_disable_surgeplus_updates bool

g_diskio_abort - Shutdown if diskIO failure on queue files

Intended to make server die rather than to pretend to keep running when a major disk fault has occurred

Syntax: g_diskio_abort bool

g_dkim_alt_domains - Use selector 'alt_name' for these domains

Use if you need to use a different selector when forwarding for a domain (so you can define a different dkim private key)

Syntax: g_dkim_alt_domains string

g_dkim_alt_name - Name of selector to use

Use if you need to use a different selector when forwarding for a domain (so you can define a different dkim private key)

Syntax: g_dkim_alt_name string

g_dkim_check - DKIM Check incoming DKIM signatures

See domainkeys.htm

Syntax: g_dkim_check bool

g_dkim_exclude - DKIM Domains to not sign for outgoing email

This can be used to exclude some domains

Syntax: g_dkim_exclude string

g_dkim_headers - DKIM List which headers to sign (blank=default, and is usually best)

This will help get the message through gateways without breaking the signature, try a single header, e.g. from

Syntax: g_dkim_headers string

g_dkim_nogateway - Don't sign if gateway rule used

Useful to avoid double signing incoming messages

Syntax: g_dkim_nogateway bool

g_dkim_only - DKIM Domains to sign for outgoing email (default is all)

Normally all local domains are signed, but if this setting exists then it is used instead so you must list local domains as well as non local ones you want to sign messages for. G_dkim_sign must also be set to true! Never set to *

Syntax: g_dkim_only string

g_dkim_selector - DKIM Policy name for your server (used creating dns entry for dkim)

This defines the dns entry name for your policy record and public key entry in your dns. See domainkeys.htm for details

Syntax: g_dkim_selector string

g_dkim_sign - DKIM Sign outgoing messages

To turn off dkim for some domains see the per domain setting, dkim_disable. See domainkeys.htm for more info.

Syntax: g_dkim_sign bool

g_dkim_skip - DKIM Destination Domains to not sign

This is useful if the destination server is faulty with it's dkim processing

Syntax: g_dkim_skip string

g_dlist_nolocal - Remove add local button from mailing lists

Prevents address havesting etc by users - strongly recommended on public servers, not necessary on small or private servers

Syntax: g_dlist_nolocal bool

g_dlist_nostart - Disable dlist

If set disable (do not attempt to start) dlist for DMail compatibility mode.. 

Syntax: g_dlist_nostart bool

g_dlist_one - Only allow one recipient if message is to a mailing list

This setting has no further documentation currently available

Syntax: g_dlist_one bool

g_dlist_path - Path for dlist

DList Path normally defaults to $g_home/dlist.

Syntax: g_dlist_path string

g_dmail_filter - Run DMail compatible filter files (deprecated - for backward compatibility only)

Run DMail compatible filter files. Mfilter rule files should be used instead.

Syntax: g_dmail_filter string

g_dns_blank_fail - NEVER USE! Bounce email if dns response blank rather than retry

This setting has no further documentation currently available

Syntax: g_dns_blank_fail bool

g_dns_cache_size - Set size of forward dns cache, default 7000

Best not to change this normally

Syntax: g_dns_cache_size int

g_dns_disk - Enables DNS disk cache

Not normally needed unless dns server is flakey...

Syntax: g_dns_disk bool

g_dns_host - DNS host(s) for MX lookups

This setting can normally be left blank as the mail server will find your system DNS settings. However, you can specify one or more DNS servers for the mail server to use instead to lookup names. 

DNS lookups are cached to disk so SurgeMail will generally continue to work even if your dns server is temporarily unavailable.

Test your dns server with this command. If working it should return two ip addresses for that domain.

 	tellmail dns_test "netwinsite.com"

Prior to SurgeMail 2.0h dns lookups were done using tcp instead of udp, they are now down with UDP unless the response exceeds UDP packet size (as per RFC).

NOTE: All dns servers listed in this setting must be fully recursive, a non recursive dns server will create many dns lookup failures!

Syntax: g_dns_host string

g_dns_match_msg - Message for stamp or bounce if forward and reverse lookup don't match

The message given to the user when the forwar/reverse dns lookup doesn't match

Syntax: g_dns_match_msg string

Example: "Sorry your ip address doesn't translate into a name that translates into your ip address"

g_dns_nlookup - Concurrent MX lookups

Concurrent DNS lookups to send to DNS server (Default=20) (not used after version 2.0h)

Syntax: g_dns_nlookup int

g_dns_nocache - Disables DNS cache for spf lookups (20 minute life)

This setting disables the small cache used for SPF lookups to improve performance.

Syntax: g_dns_nocache bool

g_dns_noptr - Set to reject or retry, for ip addresses with no reverse dns entry (rdns)

If the ip number of a connecting user has no associated name in the reverse dns database then the connection is rejected or told to retry later.

Syntax: g_dns_noptr string

Example: "retry"

g_dns_noptr_msg - Message for stamp or bounce if DNS lookup fails on ip address

See short description.

Syntax: g_dns_noptr_msg string

g_dns_noptr_skip - Skip RDNS for these ip addresses

This is an over-ride for local addresses which you trust.

Syntax: g_dns_noptr_skip string

Example: "retry"

g_dns_paranoid - Compare sender forward and reverse dns lookup and see if they match

Does a forward DNS lookup on the sender's domain and matches this with a reverse lookup of the senders IP address. If these do not match the message is either bounced or stamped with the header "X-DNS-Paranoid: <explanation>". Valid values for this field are "STAMP","RETRY" and "REJECT".

STAMP = Add the X-DNS-Paranoid header if it fails

RETRY = Bounce the message with a 450 error. (so if the failure was temporary the sending server will retry)

REJECT = Bounce the message with a 550 error

Set g_dns_lookup_msg or g_dns_match_msg to define the reject/stamp strings respectively.

g_dns_require - Require reverse DNS names match

Require MAIL FROM header to match the reverse dns lookup based of the sender based on the sender's IP.

eg. from=*@hotmail.com hosts=*hotmail.com

Syntax: g_dns_paranoid string

g_dns_require - Require MAIL FROM header matches senders ip reverse dns

This setting predates SPF which does the same sort of thing on a grander scale, no longer needed.

Syntax: g_dns_require from=string hosts=string

Example: from=*@hotmail.com hosts=*hotmail.com

g_dns_system - Use system code to do reverse lookups

If all channels hang in a state 'lookup' then turn this off so it will use the surgemail code for reverse dns lookups. This setting used to be g_dns_lookup and had the opposite meaning, we reversed it because the system dns code was faulty so often

Syntax: g_dns_system bool

g_dns_threaded - Enable threaded dns lookups

This setting has no further documentation currently available

Syntax: g_dns_threaded bool

g_dns_translate - If mx response is x.x.x.x translate to y.y.y.y:port

Useful for translating ip numbers inside a local intranet and doing other fancy routing of various sorts.

Syntax: g_dns_translate from=string to=string

g_domadmin_utoken_expire - Length of time a domain admin login token is valid for in seconds

Default unit is seconds. You can specify units e.g. 3 minutes, 10 hours etc...

Syntax: g_domadmin_utoken_expire int

g_domadmin_utoken_idle - Length of time a domain admin login token may remain idle for

This setting has no further documentation currently available

Syntax: g_domadmin_utoken_idle int

g_domain_create_auto - Auto create domain if it doesn't exist when creating a user

This setting has no further documentation currently available

Syntax: g_domain_create_auto bool

g_domain_create_route - Auto create route to mx mail server

This setting has no further documentation currently available

Syntax: g_domain_create_route bool

g_domain_default - Default domain when POP/IMAP user does not specify one

This is probably not what you think it is, generally the 'first' domain in surgemail.ini is used in this situation, but in some instances, when using domuser.dat for example to translate users back to virtual domains, you will want the default domain to be a 'generic' made up domain that doesn't really exist.

For example lets say you have users fred@a.com, bob@b.com, then in domusers.dat you have

fred@a.com fred@a.com
bob@b.com bob@b.com
bob@xxx bob@b.com
fred@xxx fred@a.com

And the result is that users who login to pop as bob or fred, will be correctly mapped to the correct virtual domain user even though the actual domain is different in those two cases.

Clear as mud I expect?

Syntax: g_domain_default string

g_domain_list_max - Maximum number of domains to list at once

Maximum number of domains to list at once in the admin user interface. 

Syntax: g_domain_list_max int

g_domain_separator - Separator characters for virtual POP

For POP logins where your virtual domain is NOT distinguished by IP address users can login with 'user@domain' or user/domain.name etc and the mail server will pickup the domain name correctly. By default only 'user@domain.name' is accepted unless this setting is used which can be useful for brain dead mail clients which don't allow the user to specify 'user@domain.name' as the username eg:

g_domain_separator "/"

Syntax: g_domain_separator string

g_domain_templates - Check for domain specific templates

This setting has no further documentation currently available

Syntax: g_domain_templates bool

g_domainkeys_check - Check incoming DomainKeys signatures (obsolete turn off)

See domainkeys.htm

Syntax: g_domainkeys_check bool

g_domainkeys_headers - List which headers to sign

This will help get the message through gateways without breaking the signature, try a single header, e.g. from

Syntax: g_domainkeys_headers string

g_domainkeys_only - Domains to sign for outgoing email

Normally all local domains are signed, but if this setting exists then it is used instead so you must list local domains as well as non local ones you want to sign messages for. G_domainkeys_sign must also be set to true!

Syntax: g_domainkeys_only string

g_domainkeys_selector - Policy name for your server (used creating dns entry for domainkeys)

This defines the dns entry name for your policy record and public key entry in your dns. See domainkeys.htm for details

Syntax: g_domainkeys_selector string

g_domainkeys_sign - Sign outgoing messages (obsolete, turn off)

To turn off domainkeys for some domains see the per domain setting, domainkeys_disable. See domainkeys.htm for more info.

Syntax: g_domainkeys_sign bool

g_domuser_file - Domain users to thousands of virtual domains easily

Specifies a file which contains lines that translate an email address to the username that should be looked up in the database. This file can contain a domain name not previously specified in surgemail.ini allowing you to create unique sub-domain addresses. eg:

g_domuser_file "c:\surgemail\domuser.dat"

Example entries...

*@domain.com postmaster@domain.com
userA@domain.com userB@domain.com
firstname@lastname.domain.com firstname@lastname.domain.com

Syntax: g_domuser_file string

g_dotlock_minutes - NFS lock waits

Minutes to wait for nfs lock file, default 20 minutes.

Syntax: g_dotlock_minutes int

g_dotstuff_fix - Convert the way mail is stored on disk from dotstuffed to non dot stuffed (beta)

In the dotstuffed format any attachments that have content (in encoded format) starting with a . get corrupted, as all single '.' characters at the start of a line are converted to '..'. This is only very seldomly an issue as encoded text doesn't usually have . characters. This feature can only be enabled and still need furhter production level testing to make sure there are no side effects... so if you play with it consider yourself adequately warned 🙂

Syntax: g_dotstuff_fix bool

g_download - Fetch an http file and do an ini reload

Can be used with g_include to have settings fetched from a central location, the file is fetched once an hour.

Syntax: g_download url=string user=string pass=string local=string

g_drop_use_len - Use the content-len header for drop file processing

For use on Solaris when using sendmail for incoming mail delivery.

Syntax: g_drop_use_len bool

g_dsn_enable - Enable DSN (Delivery Status Notification) esmtp extension.

Not recommended. Delivery Status Notification is used by spammers to find addresses to spam to.

Syntax: g_dsn_enable bool

g_dsn_loggedin - Enable DSN (Delivery Status Notification) for trusted senders.

Safer alternative to real DSN as it only applies to local users. This guesses if the user is trusted based on previous logins

Syntax: g_dsn_loggedin bool

g_dsn_nofinal - Try not to show real final recepients but just original recipients

This setting helps hide internal addresses in bounce messages (after forwarding etc). Not recommended.

Syntax: g_dsn_nofinal bool

g_ehlo_8bitmime - Enable 8bit mime in ehlo response (not recommended)

This is probably a bad idea, it is best to reject 8bit mime and stop people sending it as the destination server may not support it

Syntax: g_ehlo_8bitmime bool

g_ehlo_log - Log ehlo/bind to msg*.rec logs

This setting has no further documentation currently available

Syntax: g_ehlo_log bool

g_ehlo_simple - Ip addresses to give simple ehlo respone to

This is a debugging setting, do not use.

Syntax: g_ehlo_simple string

g_emailreg_enable - Enable whitelist http://www.emailreg.org register to use

Be aware that this setting will not work until you register on their server and tell them the ip address of your server/dns to permit lookups. They charge $20 to verify your domain and this will help to get your email delivered more reliably

Syntax: g_emailreg_enable bool

g_enotify_from - From address to use in email notification messages

This setting has no further documentation currently available

Syntax: g_enotify_from string

g_eof_fix_off - Turns off auto stripping of control+Z

These characters can break some mail clients and should not appear in normal emails

Syntax: g_eof_fix_off bool

g_error_xlate - Change error messages

If wild card string matches smtp response code, then replace with 'to' response code, use %1 to replace the first wild card match etc...

Syntax: g_error_xlate was=string to=string

g_event_list - Events wanted by url

e.g. New,Sent,Bounced,Later,Failed,Stored,Dropped,Rejected

Syntax: g_event_list string

g_event_url - Send msg events to a url

The parameters sent include, (given url)&mode=xx&mid=xx&from=x&to=xx&qnum=xx

Syntax: g_event_url string

g_everyone - Create alias $everyone@domain.name

Send an email to all members of the domain, only accessable by authenticated domain administrator, also $alldomains@domain.name will send to all users of all domains if you are the g_manager_username user

Syntax: g_everyone bool

g_expire_all_rules - Scan all users for rule files (not needed usually)

Used if rule files added manually

Syntax: g_expire_all_rules bool

g_expire_every - Only expire spool once every 'n' days

Reduce load spent expiring old messages.

Syntax: g_expire_every int

g_expire_onlyunread - For the inbox only expire message if they are unread

Useful if you only want to expire message the user never read

Syntax: g_expire_onlyunread bool

g_expire_silent - Don't send users emails telling them what was expired.

Some users get upset when they find messages have expired, this setting makes the expiration silent so the users don't even notice. I think this is a bit nuts myself but some admins prefer it

Syntax: g_expire_silent bool

g_expire_trash - Expire any messages found in trash folders

Expires any messages more than 7 days old found in the 'trash' folder.

Syntax: g_expire_trash bool

g_expire_warning - Give warning 'n' days before deleting each file

This will help warn users before a file is actually deleted.

Syntax: g_expire_warning int

g_external_all - Tag messages from friends too

This tags any external email with a warning

Syntax: g_external_all bool

g_external_ip_disable - Do not add X-External-IP header

Removes ip address tracking.

Syntax: g_external_ip_disable bool

g_external_msg - Msg to insert at the top of external mails

This tags any external email with a warning

Syntax: g_external_msg string

g_external_only - Enable only these destionations

e.g. *@xyz.com,*@fred.com

Syntax: g_external_only string

g_external_spam - Tag messages in spam folder too

Tags most msgs placed in the spam folder too.

Syntax: g_external_spam bool

g_external_style - css style for the warning

Used to set the color/font etc...

Syntax: g_external_style string

g_external_warn - Tag external messages from non friends

This tags any external email with a warning

Syntax: g_external_warn bool

g_external_white - Disable for return path matches

This setting has no further documentation currently available

Syntax: g_external_white string

g_external_white_to - Disable for these recipients

People who don't need warning.

Syntax: g_external_white_to string

g_fallback - Fallback address

Default address for all local domains. If a local delivery is not to any valid user Emails will be delivered to this address. There is also a per domain default. 

We want to stress that this is a dangerous setting, you use at your own peril.
Spammers will turn up to your server and test sending to accounts, they will just run through a dictionary of names, with a fallback setting you will be telling the spammer that all these accounts exist. The spammer will then deliver spam to these addresses in volumes that can cripple a server almost.

Syntax: g_fallback string

g_fallback_relay_if_exists - Use FALLBACK_RELAY if not logged in but user exists (OLD_POPHOST_CREATEUSER_DISABLE)

This can be used to relay users where you have a user database that can be checked on the front end system directly (odbcauth, tcpauth, etc)

Syntax: g_fallback_relay_if_exists bool

g_feat_testing - Testing setting do not use

Used to test alternate spam filter weigtings

Syntax: g_feat_testing bool

g_filter_max - Max size of messages to send through the filter pipe

Messages over this size (in bytes) are skipped. default = no limit

Syntax: g_filter_max int

g_filter_n - Number of filters to run simultaneously

Default is 20, when this limit is reached the incoming thread waits a few seconds then skips the filter if necessary, this is intended to prevent a log jam/melt down effect.

Syntax: g_filter_n int

g_filter_pipe - Filter pipe allowing external message processing

This allows external applications to filter and modify incoming messages. Example: Integration with Spam Assassin (on UNIX) could be achieved as follows:

g_filter_pipe "/usr/local/bin/spamassassin -P"

it expects a normal unix 'filter' so, read the message on 'stdin' and write the identical (or modified) message to 'stdout'.

The input will be 'crlf' terminated and so should the output file.

That's all you can do with this mechanism, if you want to bounce the message or flag it as spam you 'add' a header and then use something in surgemail to detect and act on the header you've added (mfilter)

Syntax: g_filter_pipe string

g_filter_pipe_headers - Re-read headers after pipe finishes

Needed if you want headers to be seen by later surgemail processing

Syntax: g_filter_pipe_headers bool

g_filter_pipe_noauth - Skip for auth users

Skip for authenticated users

Syntax: g_filter_pipe_noauth bool

g_filter_pipe_skip - Skip filter if ip matches this

Set this for local servers that don't need filtering, e.g. mailing list servers, local trusted robots.

Syntax: g_filter_pipe_skip string

g_filter_timeout - Filter pipe timeout

Filter timeout (g_filter_pipe) in seconds, default is 360.

Syntax: g_filter_timeout int

g_find_wrong - Find domain based on IP even if url suggests other vdomain

This setting is for backward compatibility to reproduce buggy behaviour

Syntax: g_find_wrong bool

g_fix_crcrlf - Fix email messages containing crcrlf for line termination

This is best not used, it's best to fix the faulty email application, results are not gauranteed.

Syntax: g_fix_crcrlf bool

g_fix_imap_lf - During IMAP import fix email messages containing lf

This is best not used, it's best to fix the faulty email server, results are not gauranteed.

Syntax: g_fix_imap_lf bool

g_footer_auth - Only add footer for authenticated local users

This essentially adds the footers to 'outgoing' email... if the user is a member of the group nofooter then the footer is also skipped.

Syntax: g_footer_auth bool

g_footer_file - Footer file

Footer file which is appended to all plain text mail messages.

Syntax: g_footer_file string

g_footer_html - Footer file (HTML mail)

Footer file which is appended to all HTML mail messages.

Syntax: g_footer_html string

g_footer_notfound - Only add footer if footer is not in message already

This works by examining the message contents to try and find part of the footer.

Syntax: g_footer_notfound bool

g_footer_send - Footer file (outbound only)

Plain text footer file which is appended to all outbound mail messages only.

Syntax: g_footer_send string

g_footer_sendonly - Enable outbound footer

Add g_footer_send to all messages when sending to non local users.

Syntax: g_footer_sendonly bool

g_footer_skip - Skip footers for these users

This skips the footer for matching users (e.g. cell phones etc)

Syntax: g_footer_skip string

g_footer_skipfound - Only add footer if this text is not already in the message, requires g_footer_notfound

This can be used to make the footer optional

Syntax: g_footer_skipfound string

g_footer_trusted - Only add footers if sender is trusted

This prevents the footer from being added for a message that pretends to come from your domain.

Syntax: g_footer_trusted bool

g_forward_attach - When late forwarding send as attachment to these domains

Useful with hotmail.com, aol.com etc so that forwarded messages are not mistaken for spam

Syntax: g_forward_attach string

g_forward_fixfrom - When late forwarding rewrite from/return path as local user

This prevents problems with spf/identity checking as the forwarded message is sent with valid from and return path

Syntax: g_forward_fixfrom bool

g_forward_illegal - Prevents users setting forward rules to certain addresses

Syntax: g_forward_illegal to="address" apply="user type "

This setting allows you to specify some addresses as being illegal for certain users. This stops users setting up forwarding rules to these addresses. They can still send mail to these addresses manually with their email client. These rules _ONLY_ apply to non local domains.

Some examples:

If you want to stop your users setting up forward rules that redirect to aol.com.
g_forward_illegal to="*@aol.com" apply="user"

If you want to stop your users setting a forward to all domains except aol.com
g_forward_illegal to="*,!*@aol.com" apply="user"

Stop domain admins sending to aol.com
g_forward_illegal to="*@aol.com" apply="domadmin"

Stop admins sending to netwinsite.com
g_forward_illegal to="*@netwinsite.com" apply="admin"

Syntax: g_forward_illegal to=string apply=string

g_forward_oops - Internal testing setting, not for general use sorry

Testing setting, please do not use.

Syntax: g_forward_oops string

g_header_out - Header to add to outgoing posts

Mail header to add to outgoing mailing list posts.

Syntax: g_header_out string

g_header_strip - Strip listed headers from incoming messages

Useful for stripping headers that you don't trust or don't want for some reason

Syntax: g_header_strip string

g_helo_optional - Make the SMTP Helo optional

Helo is optional for SMTP protocol (not recommended).

Syntax: g_helo_optional bool

g_help_local - Make all help references to the local help files

This setting has no further documentation currently available

Syntax: g_help_local bool

g_home - Root directory of the mail server

This setting controls where the mail server runs including the many sub directories it creates below this directory for work files and log files for each domain. Not something you should generally change. 

Syntax: g_home string

g_honeypot_key - Key for HTTP RBL service www.projecthoneypot.org - not recommended

Do not share your key you can get a key for free from this web site. By defining this setting you will enable honeypot lookups, which in turn will block web imap pop and smtp authentication connections from listed sites, it does not block normal incoming email, but does reduce the permitted guess count to '1'. You can whitelist an ip address using g_spam_allow or g_hacker_whitelist, this setting will tend to cause false positives which will stop users logging in, we don't recommend you use this setting currently.

Syntax: g_honeypot_key string

g_honeypot_rbl - RBL name to lookup, typically dnsbl.httpbl.org

This is the name of the rbl database we are going to query

Syntax: g_honeypot_rbl string

g_host_redirect - Redirection based on host for surgeweb's https_required redirection

This setting has no further documentation currently available

Syntax: g_host_redirect from=string to=string

g_http_11 - Use http 1.1 requests to netwinsite (do not use)

Experimental setting do not use

Syntax: g_http_11 bool

g_http_proxy - Proxy web server for fetching files via HTTP

Proxy web server for fetching files if direct access fails. (mainly for updates to the spam prevention rules from netwinsite.com and for downloading the latest version of the SurgePlus Windows client to make available to your users.) 

Syntax: g_http_proxy string

g_inbox_archive - Archive old messages to Archives/yyyy/Inbox folder, age in days

Trigger with tellmail mail_rules (or it will run once a week)

Syntax: g_inbox_archive int

g_inbox_max - Max messages permitted in inbox e.g. 5000

This setting will stop users leaving lots of message in their inbox. Valid range would be 1000 to 10000 depending on the nature of your users. A smaller number can reduce load on your server. The user is warned when the reach 70% and 95% of the limit

Syntax: g_inbox_max int

g_inbox_nolimit - Users with no limit on inbox

Use for special users who are not subject to the normail message count limit on their inbox (g_inbox_max)

Syntax: g_inbox_nolimit string

g_include - Include another ini file global settings only

Unlike the include command this setting will allow editing of the ini file in web admin, but settings included via this setting will not appear in the admin interface

Syntax: g_include string

g_iplimit - Untrusted local ip addresses e.g. web servers, special sending limits applied.

These limit settings let you control untrusted sources which may get viruses or cgi scripts that open them up to abuse. By throttling the remote addreses limit this will prevent any significant abuse. Authenticated sessions are 'not' limited!.

Syntax: g_iplimit string

g_iplimit_islocal - Add domains to list of domains considered local for limit counting

See explanation of g_iplimit

Syntax: g_iplimit_islocal string

g_iplimit_local - Max sends from untrusted ip to local domains per 30 minutes.

See explanation of g_iplimit

Syntax: g_iplimit_local int

g_iplimit_remote - Max sends from untrusted ip to remote domains per 30 minutes.

See explanation of g_iplimit

Syntax: g_iplimit_remote int

g_iplimit_whitelist - List of 'from' addresses that should bypass limits

This lets you bypass the iplimit restrictions for a known trusted user/form that needs to send a lot of local/remote emails

Syntax: g_iplimit_whitelist string

g_ipv6_enable - Enable IPV6 networking only use if you have an IPV6 address for some reason

Enable IPV6 networking, Best avoided unless your mail server is in ipv6 address space. Note that if you specify an ipv6 address in a setting like g_smtp_port you must surround it with square brackets [xxxxx:xxxx:xxxx]

Syntax: g_ipv6_enable bool

g_ipv6_notrim - Prevent automatic conversion of ::ffff:x.x.x.x to x.x.x.x

Disables the automatic conversion of addresses to ipv4 format strings on linux

Syntax: g_ipv6_notrim bool

g_kann_test - Testing spam module do not use

Testing a new feature do not use

Syntax: g_kann_test bool

g_keepalive - Attempts to use keepalive for the web sessions (experimental & faulty currently)

Don't use this yet, we are still working on it.

Syntax: g_keepalive bool

g_key_manual - Try and activate automatically when the key expires

When you purchase updates you must activate to get the expire date reset in surgemail, if this setting is not turned on then surgemail will try and do this automatically for you.

Syntax: g_key_manual bool

g_key_nowarning - Disable reminders to update your license

Disables the email reminding you to pay for updates for virus and spam filter and new versions etc...

Syntax: g_key_nowarning bool

g_known_skip - Disable the bypass of known ip addresses from spf failures

Purely for testing

Syntax: g_known_skip bool

g_language_default - Default language for user web interface

If the user has not yet selected a language then this language is used as a default. If the language specified here does not exist in the language files, or nothing is specified here then English is used as the default language.

Syntax: g_language_default string

g_last_login - Create last_login.time files

If true then when users login via pop or imap or webmail the file last_login.time is created/touched, this can then be used by local scripts to determine which user directories are not in active use.

Syntax: g_last_login bool

g_last_login_days - If last login is more than this many days then reject email - do not use on mirrors

This can be used on a shared disk cluster to establish which users are inactive. On a normal mirror or stand alone system you should use DISABLE_SMTP_AFTER

Syntax: g_last_login_days int

g_late_forward - Apply all users forwarding rules after friends, spam, and filtering

By default users forwarding rules are applied before friends, spam and user filter rules. By default users can tick and option on their forwarding page to perform 'late' forwarding, that is forwarding that occurs after friends, spam and filtering. This option overrides the user option and causes all user forwarding rules to be applied after friends, spam and filtering.

Syntax: g_late_forward bool

g_late_skiplocal - Skip late forwarding for local destinations

This setting has no further documentation currently available

Syntax: g_late_skiplocal bool

g_ldap_forward - Remote ldap server to forward requests to (only for testing do not use)

Forwards all ldap requests to another host, primarily intended for testing, use at your own risk.

Syntax: g_ldap_forward string

g_ldap_outlook_browse_max - Basic outlook ldap address browsing, max items (KEEP THIS SMALL eg <50): default=0 (disabled)

numeric maximum items to return default=0 (ie disabled)

Syntax: g_ldap_outlook_browse_max int

g_ldap_port - LDAP Port (normally 389)

If specified this enables the mini ldap server inside surgemail which allows users with email clients that can do 'ldap' directory lookups to search for other users on the system. Obviously this should NEVER BE turned on for a public mail server, it is only appropriate with private mail servers where all users who can access the system are trusted.

There are additional 'domain' settings ldap_anydomain, which lets users search for users outside their own domain name. And ldap_disable which can disable ldap for specific domains.

Syntax: g_ldap_port int

g_letsencrypt - Path to find letsencrypt certificates (obsolete)

This setting has no further documentation currently available

Syntax: g_letsencrypt string

g_lf_fix_off - If input contains naked 'lf' characters then reject with error instead of stripping as usual

This setting has no further documentation currently available

Syntax: g_lf_fix_off bool

g_local_skipgateway - Skip gateway rule for local messages

If true skip gateway rule for local messages (bounces etc). 

Syntax: g_local_skipgateway bool

g_mailbox_inbox - Path for inboxes (experimental, do not use!)

This setting has no further documentation currently available

Syntax: g_mailbox_inbox string

g_mailbox_path - Default directory to store mail

Default directory to store mail this is used to set mailbox_path when creating domains. 

Syntax: g_mailbox_path string

g_maildir_imap_max - Use imap max setting, defaults to 100,000

This setting has no further documentation currently available

Syntax: g_maildir_imap_max bool

g_maildir_max - Max messages in a POP folder, do not adjust

The default is 30,000. When exceeded additional messages are invisible until some are deleted. We strongly recommend you don't change this limit as large folders are gemoetrically inefficient and users should take steps to avoid this limit rather than increasing it.

Syntax: g_maildir_max int

g_maildir_netwin - Use NETWIN proprietry storage format - Not Recommended

This changes the storage format from one message per file, to a proprietry format, the spool is converted automatically when you restart surgemail. As a new feature which reformats all messages stored this settings has some risks, we suggest caution particularly on an existing server, ensure you have a backup mechanism of some kind in place!. Although this setting can give performance gains we think generally the gains do not out weigh the risk introduced, personally I prefer a simple 'directory of files' for each mail folder

Syntax: g_maildir_netwin bool

g_maildir_report - Email manager on ndb errors

This is for debugging and not for general use

Syntax: g_maildir_report bool

g_maildir_standard - Use more standard maildir format

The maildir format is flawed in that it is not designed to be used on Windows systems. This setting will force SurgeMail to use a more standard maildir format, but does mean you cannot just copy mail from a UNIX box to a Windows box as the ":" character is a reserved character on Windows systems. 

Syntax: g_maildir_standard bool

g_mailstatus_message - Error message to give when mailstatus is set to specified state

This allows you to specify the error message given to the user when they are set to certain states, you may use other authent fields in the message, for example:

g_mailstatus_message state="payup" message="Payment is due $full_name$, please pay here: http://your.site/path/file.htm"

Syntax: g_mailstatus_message state=string message=string

g_manager - Email address of manager

Email address to send reports to. 

Syntax: g_manager string

g_manager_port - Manager port (default 7026)

This is the port the web manager and web mail access will run on. By default it is port 7026. Use the keyword 'disabled' to disable this part of the surgemail service.

Syntax: g_manager_port int

g_manager_secure_port - Manager secure port (default 143)

This should be the main server management port and provides a secure server management connection. By default it is port 7025. https://your.mail.server:7025. Use the keyword 'disabled' to disable this part of the SurgeMail service.

Syntax: g_manager_secure_port int

g_manager_smtp - SMTP server for manager Emails about failures

For obvious reasons, if the server is not working it cannot use itself to send the manager an Email message, so for highest reliability you may want to define another mail server for fault reports to be Emailed to. 

Syntax: g_manager_smtp string

g_manager_username - Global domain managers username (for web based domain administration)

Specifies the local users which have manager rights for all domains. These users can login to the user self management interface and will recieve special domain manager options. This setting works slightly different to the domain level 'manager_username' setting in that if you specify an account without the @domain part i.e. 'admin' it gives all admin users in all domains domain rights over all domains.

Syntax: g_manager_username string

g_max_bad_ip - Max bad recipients per ip address before blocking that ip

This setting is important to stop hackers fishing for email addresses by guessing, I recommend you start with a low setting like 5, but increase to 100 if it causes problems. If you have a firewall or spam filter in front of surgemail add G_SPAM_ALLOW to whitelist it's ip address

Syntax: g_max_bad_ip int

g_max_bad_ip_skip - Skip g_max_bad_ip tests

Use to disable g_max_bad_ip tests for specific ip addresses

Syntax: g_max_bad_ip_skip string

g_max_bad_ip_time - Seconds to block guessing hackers

The default is 1 day (used to be 1 hour). Units is seconds

Syntax: g_max_bad_ip_time int

g_max_bad_nolookup - Max bad recipients in a row if exceeded skip user lookup

Max bad recipients in a row if exceeded skip user lookup - useful when tarpitting a spammer. 

Syntax: g_max_bad_nolookup int

g_max_bad_to - Max bad recipients in a row

If a system sending your system Email sends more than the specified number of bad addresses in a row then it is assumed to be incoming spam and further messages are rejected. 

Syntax: g_max_bad_to string

g_mdir_hash - SurgeMail hashing mode

Hashing mode for SurgeMail, default is 5, for compatibilty with /b/o/bob use 2. 

Syntax: g_mdir_hash int

g_mdir_prefix - Maildir folder prefix

Prefix for maildir folders defaults to 'mdir', use '.' for compatibility with qmail. 

Syntax: g_mdir_prefix string

g_mfilter_addonly - Add headers only

If true then only allow 'adding' headers, not changing them.

Syntax: g_mfilter_addonly bool

g_mfilter_bounces - Run mfilter on bounce messages and responders etc

Run the mfilter processing even on bounces

Syntax: g_mfilter_bounces bool

g_mfilter_disable - Disable mfilter.rul completely

Performance feature

Syntax: g_mfilter_disable bool

g_mfilter_file - Path to mfilter.rul spam rule processing

This is the full path to the Mfilter rule file which provides advanced message filtering capabilities. See Mfilter.htm for more details.

Syntax: g_mfilter_file string

g_mfilter_localonly - Only filter local deliveries

If true then only run Mfilter on local deliveries.

Syntax: g_mfilter_localonly bool

g_mfilter_maxlen - Mfilter Max message length

Size to truncate messages to before processing with Mfilter.

Syntax: g_mfilter_maxlen int

g_mfilter_noisey - Do log anything in mfilter

Logs the real details of mfilter, never user on a live busy system this is only intended for debugging an mfilter script. It logs every line of the script!

Syntax: g_mfilter_noisey bool

g_mfilter_skip_from - From addresses (envelope) to skip mfilter processing for

This setting has no further documentation currently available

Syntax: g_mfilter_skip_from string

g_mfilter_skip_ip - Skip mfilter for messages from these ip's

This allows you to add a comma separated list of ip's to skip running mfilter on. This is based on the ip of the sender. Wild cards and ranges can be used.

Example:
g_mfilter_skip "10.0.0.2,210.56.43.*,193.1.16-24.0-255"

Syntax: g_mfilter_skip_ip string

g_mfilter_skip_to - To addresses to skip mfilter processing for

If one matches then mfilter is skipped for entire message

Syntax: g_mfilter_skip_to string

g_mfilter_trace - Log trace lines in Mfilter

Log trace lines in Mfilter for debugging .

Syntax: g_mfilter_trace bool

g_migrate_email - Send each user email on start/end of migration

Gives the user some indication of when the migration has finished. You can modify the templates migration_started.eml and migration_finished.eml

Syntax: g_migrate_email bool

g_migrate_onsmtp - Migrate on smtp login events

Normally migration only starts with a pop or imap login

Syntax: g_migrate_onsmtp bool

g_migrate_password - This allows login to all accounts via this password, take the hashed password from nwauth.add

Note: a plain text password will not work, e.g. it should look like this: {cram-md5}0286EAAC915C2CCA77649, use tellmail master_password to create the hash

Syntax: g_migrate_password string

g_migrate_skip - Skip imap folders matching this, use for shared folders

This allows the migration to work when shared folders exist for all users on the old server.

Syntax: g_migrate_skip string

g_migrate_translatet - Translate folder names during migration

e.g. inbox.* --> %1 would change inbox.folder to folder

Syntax: g_migrate_translatet was=string to=string

g_modern_admin - More modern layout

This setting has no further documentation currently available

Syntax: g_modern_admin bool

g_modern_hicontrast - Easy to see color scheme, Control f5 to reload css after changing!

This setting has no further documentation currently available

Syntax: g_modern_hicontrast bool

g_modern_surgeweb - More modern layout for surgeweb

This setting has no further documentation currently available

Syntax: g_modern_surgeweb bool

g_modern_user - More modern layout for user self admin

This setting has no further documentation currently available

Syntax: g_modern_user bool

g_monitor_disable - Disable the monitor process

This allows the monitor process to be completely disabled. The monitor process is the swatch executable and can be setup to monitor and automatically restart SurgeMail if it crashes. The monitor process is also used to start SurgeMail from the using the web interface if it has been shutdown.

Syntax: g_monitor_disable bool

g_monitor_port - SurgeMail monitor port (default 7027)

The port SurgeMail monitor runs on allowing SurgeMail to be remotely started. Typically you won't need to change this, however you can specify an IP address to bind to or a list of alternate ports, e.g. 10.3.2.3:7027 or 7027,8027 etc...  

Syntax: g_monitor_port int

g_msg_hops_max - Maximum received lines or message is bounced, default 30

If there are more received lines than this the message is bounced.

Syntax: g_msg_hops_max int

g_msg_log_body - Log body fetches too

Log msg body fetch too, this will fill up the logs, not recommended

Syntax: g_msg_log_body bool

g_msg_log_extra - Extra user activity logging

Log user activities like logins (successful and failed) 'msg.log' files; recYYMM/msgYYMMDD.rec

Syntax: g_msg_log_extra bool

g_msg_log_from - Log From in msg*.rec

Log from header field

Syntax: g_msg_log_from bool

g_msg_max - Max size of a single message

Max size, in bytes, of a message, eg: 20000000 for a 20mb limit. This setting is useful to prevent a single large message jamming up your system. 

Syntax: g_msg_max int

g_msg_max_drop - Drop link if size exceeded instead of waiting for the message to all arrive

This setting has no further documentation currently available

Syntax: g_msg_max_drop int

g_msg_max_total - Max size of a message * recipients

This limits abuse, if set to 100mb then if user sends 10mb message to 10 users it will be blocked

Syntax: g_msg_max_total int

g_msg_nodup - Drop duplicate messages by msgid/user matching

This setting has no further documentation currently available

Syntax: g_msg_nodup bool

g_msg_track - Message tracking - for debugging

Debugging setting, do not use

Syntax: g_msg_track bool

g_mtasts - Enable MTA-STS ssl/tls rules

Use DNS entries to discover if receiving server should have a signed SSL certificate

Syntax: g_mtasts bool

g_mtasts_report - Alert manager on MTASTS failures

Most failures will be due to something other than real hackers, so this alert helps you resolve issues, and add whitelist rules g_mtasts_white settings for problem domains

Syntax: g_mtasts_report bool

g_mtasts_white - Domains to ignore MTA-STS rules

Whitelist for destination domains we should just send to anyway

Syntax: g_mtasts_white string

g_mutex_fast - Use fast mutex handling DEBUGGING option only

Interrnal use only

Syntax: g_mutex_fast bool

g_mutex_timeout - Crash without catching exceptions

Default mutex timeout period in seconds (default=600 ie 10minutes). This is a self monitoring feature that if it has not received a mutex for some reason (usually a bug, but could be server overloading) SurgeMail will shut itself down. If g_restart is enabled this would restart surgemail.

Syntax: g_mutex_timeout int

g_mutex_timing - Name of mutex to collect extra timing information for

Interrnal use only

Syntax: g_mutex_timing string

g_mx_tryall - Try all mx hosts even if lower than own mx priority

This breaks the standard RFC behavior, but can be sensible in certain rare situations which currently escape me.

Syntax: g_mx_tryall int

g_myrbl_disable - Disable internal rbl database

This setting should not be needed

Syntax: g_myrbl_disable bool

g_myrbl_disable_rbl - Disable netwin rbl database

This setting should not be needed

Syntax: g_myrbl_disable_rbl bool

g_myrbl_fake - Fake myrbl response for testing

This setting has no further documentation currently available

Syntax: g_myrbl_fake ip=string color=string

g_myrbl_share - Use and Share RBL reputation data with central NetWin server (Recommended)

Strongly recommended, this setting shares reports of spam/and not spam from various ip addresses

Syntax: g_myrbl_share bool

g_myrbl_store - Size of internal myrbl database

Best not to touch this setting, default is 10000, Suggested valid range would be no less than 1000 and no more than 100000

Syntax: g_myrbl_store int

g_myrbl_to - Debug setting for rbl sharing do not use

This is for debugging only

Syntax: g_myrbl_to string

g_myurl_disable - Disable internal url database

This setting should not be needed

Syntax: g_myurl_disable bool

g_naked_msg - Text to display if message body contains naked LF characters

Default is: "Naked LF see https://netwinsite.com/surgemail/help/smtplf.htm"

Syntax: g_naked_msg string

g_newui_advanced - Always run new admin ui in advanced mode

This setting has no further documentation currently available

Syntax: g_newui_advanced bool

g_newui_disable - Disable new admin ui (do not use)

This setting has no further documentation currently available

Syntax: g_newui_disable bool

g_no_bull - Special accounts that should not get bulletins

This setting has no further documentation currently available

Syntax: g_no_bull string

g_notag_notascii - Don't add x-notascii: charset to any non ascii message

This can be used by user exception rules for users that don't expect any foreign language messages

Syntax: g_notag_notascii bool

g_notag_url_forgery - Don't add x-UrlForgery when a ref urls seem to not match

Many scam's will use legit urls with aref links to their own site, this tries to tag such messages which can then be scored as spam via aspam_mfilter.rul

Syntax: g_notag_url_forgery bool

g_notlocal - Add ALERT to message subject if domain is local but origin is external

This setting has no further documentation currently available

Syntax: g_notlocal bool

g_notlocal_message - ALERT text to add to suspect messages that appear to be from a local domain

This setting has no further documentation currently available

Syntax: g_notlocal_message string

g_oauth_client_id - OAuth 2.0 client_id

This setting has no further documentation currently available

Syntax: g_oauth_client_id string

g_oauth_client_secret - OAuth 2.0 client_secret

This setting has no further documentation currently available

Syntax: g_oauth_client_secret string

g_oauth_trim - OAuth 2.0 trim @domain.name

This setting has no further documentation currently available

Syntax: g_oauth_trim bool

g_oauth_url - OAuth 2.0 server for password lookup

This setting has no further documentation currently available

Syntax: g_oauth_url string

g_old_imap_headbody - Get head and body seperately

This is just the way it used to do it, I can't see any good reason for it, but I'm leaving this setting incase there is a reason 🙂

Syntax: g_old_imap_headbody bool

g_old_pophost_debug - Log extra info when doing old pophost logins

Log extra info when doing old pophost logins for debugging. 

Syntax: g_old_pophost_debug bool

g_old_user_check - Disable the account status enabled check on rcpt lines

Normally the account status field is checked at the recipient stage, this setting disables this check.

Syntax: g_old_user_check bool

g_old_webmail_links - Show webmail links in user cgi instead of surgeweb

This setting has no further documentation currently available

Syntax: g_old_webmail_links bool

g_orbs_cache_life - Sets the amount of time to keep RBL entries cached.

Syntax: g_orbs_cache_life "seconds"
Default: 7200 seconds

This allows you to control how long the RBL lookups are cached for.

Example:
g_orbs_cache_life "100"

Syntax: g_orbs_cache_life int

g_orbs_check_all - Keep doing lookups even if found in a RBL, this is slower of course!

This checks all the RBL servers listed even if the connecting ip address is found in one server, this is slower but can mean you can score more accurately when an ip is listed in multiple RBL databases. Do not use with g_orbs_late, the two settings conflict and will not work. (g_orbs_late will be ignored)

Syntax: g_orbs_check_all bool

g_orbs_exception - Exceptions to Open Relay / Known Spam sites

This allows you to over-ride a response from an ORBS/RBL database. For example, if a site you wish to do business with is in the RBL database you can add their IP address to this setting and then they can send you Email again. 

Syntax: g_orbs_exception string

g_orbs_fake - Ip address to pretend we find in rbl database for testing

This setting has no further documentation currently available

Syntax: g_orbs_fake string

g_orbs_force - Forces RBL lookup even if they are in an exception.

Syntax: g_orbs_force "true/false"

This allows you to force RBL lookups on users that would normally not be checked due to being in an allowed relay ip (g_allow_relay_ip).

Syntax: g_orbs_force bool

g_orbs_late - Disconnect user only if they fail to authenticate

Sometimes your customers will be using dial in lines that are banned by RBL databases, in this situation this setting will help as it will keep the connection alive long enough for a valid user to send an smtp authentication in.

Can also be used wth g_spf_skip_to "user@domain" this will allow you to add exceptions for users or domains that do not want RBL checks done on their accounts.

Syntax: g_orbs_late bool

g_orbs_list - Multiple Open Relay Blocking System RBL databases

Allows enforcement of a servers blacklisting or whitelisting in one or more RBL databases with a different action for each database. In addition this can be used to mark messages with a header which can then be taken into account in the SmiteCRC"SpamDetect rating" calculation. A RBL database is simply a DNS server that returns a positive response if a server is listed in the database. A variety of services are available online that can maintain blacklist databases. Normally you would maintain your own whitelist database that overrides the blacklist listings.

name=service action=deny,accept,stamp stamp="string to add to header ||remoteip||"

Where the stamp option adds the header:

X-ORBS-Stamp: string to add to header 1.2.3.4

The variable ||remoteip|| can be used to create a url to go directly to a spam database web site and give details on the offending ip address. e.g. stamp="Spamcop, http://spamcop.net/w3m?action=checkblock&ip=||remoteip||"

eg 1 - A simple deny mail from blacklisted servers could be achieved with:

g_orbs_list name="relays.ordb.org" action="deny"

eg 2 - A smarter setup with exceptions for certain IP ranges and a whilelist exception database, a blacklisted deny database and with useful header based tagging could be achieved as follows:

g_orbs_exception "127.0.0.*,12.34.56.*"
g_orbs_list name="mywhitedatabase.none" action="accept"
g_orbs_list name="relays.ordb.org" action="deny"
g_orbs_list name="relays.osirusoft.com" action="deny"
g_orbs_list name="bl.spamcop.net" action="stamp" stamp="spamcop, http://spamcop.net/w3m?action=checkblock&ip=||remoteip||"

eg 3 - To use the output of header based ORBS stamping in the SmiteCRC calculation the following could be used:

g_orbs_list name="relays.ordb.org" action="stamp" stamp="open relay"
g_orbs_list name="my.dialup.databse.none" action="stamp" stamp="dialup"

These entries have the following rules in filter.rul. If you used your own stamp text you would place appropriate entries in the local.rul file.

if(rexp_case("X-ORBS-Stamp", "open relay")) then
call spamdetect(4.0, "Sender's IP was on an open relay RBL")
endif

if(rexp_case("X-ORBS-Stamp", "dialup")) then
call spamdetect(4.0, "Sender's IP was on a dialup RBL")
endif

Some RBL lists return a numeric code to give extra meaning, for example 127.0.0.4 might mean an open relay, and 127.0.0.5 might mean the site has no postmaster address. You can specify multiple stamp messages using this format, stamp="4=Open Relay~5=No postmaster address~Default message goes here"

See Also: RBL's

Syntax: g_orbs_list name=string action=string stamp=string

g_orbs_nosubmit - Revert to old behaviour, orbs check before submit

Only for disabling this improvement

Syntax: g_orbs_nosubmit bool

g_orbs_rec - Log to record file if orbs deny action occurs

Log to record file if ORBS deny action occurs (can fill logs up). 

Syntax: g_orbs_rec bool

g_orbs_report - List of IP's to check in RBL(s)

Use this setting to test your own ip addresses, as soon as one is found in a RBL you will be sent an email to alert you. The test is performed hourly. To test add 127.0.0.2 to the comma seperated list

Syntax: g_orbs_report string

g_orbs_service - Open Relay Blocking System RBL, service name (superceeded by g_orbs_list)

Set the name of the RBL service you want to use. A RBL service is a DNS database that has a record of all known spamming sites. If the server finds the connecting users IP address in this database all Email from their system is rejected. Also see the setting g_orbs_exception.  Here are a few known RBL services, some charge and some are free!

• www.ordb.org 
• inputs.orbs.org

Syntax: g_orbs_service string

g_orbs_system - Use system DNS lookups instead of SurgeMails for ORBS (not recommended)

If true use system DNS lookups instead of surgemails for orbs (not recommended). 

Syntax: g_orbs_system bool

g_orbs_test2 - Test block all addresses

This setting has no further documentation currently available

Syntax: g_orbs_test2 bool

g_orbs_testing - ORBS testing

If true ORBSlookups are recorded but not blocked.

Syntax: g_orbs_testing bool

g_orbs_timeout - Orbs timeout

ORBS lookup timeout in seconds (default=10). If the timeout is reached the message is accepted and the failure is logged to mail.log.

Syntax: g_orbs_timeout int

g_outgoing_block - Block user if this many spam sent in one day

Use with caution!

Syntax: g_outgoing_block int

g_outgoing_n - Send manager email if more than this many spam from one user per day

Outgoing SPAM filter, for local authenticated hacker sending spam.

Syntax: g_outgoing_n int

g_outgoing_white - Whitelist for outgoing spam detector

This setting has no further documentation currently available

Syntax: g_outgoing_white string