Global Settings

Note: Most 'matching' settings take wild card lists as parameters, for example "fred*" will match "freddy" and "Fred@bob". And "1.2.*,2.3.*" will match 1.2.4.4 and 2.3.99.100. Many settings will also accept a ! as a "not", and are processed from left to right. eg "!*,127.*,10.*" would first "deny all" then try and match on any 127.* or 10.* domains. Settings using ip's will take ranges also like 10.0.1-120.5 and also support CIDR notation eg 10.10.1.32/27.
You can read about CIDR notation here http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing and there is an online CIDR calculator here http://www.subnet-calculator.com/cidr.php.

g_about_disable - Disable about web page

This setting has no further documentation currently available

Syntax: g_about_disable bool

g_access_group - Access groups

Access rules defining groups of IP addresses with certain POP, IMAP and SMTP privileges. When a user is authenticated access is checked against group membership defined in the "mailaccess" field in the authentication database. See accounts for more information.

eg. this could allow you to charge webmail users for pop access privileges:
g_access_group group=paid_user access_pop=* access_imap=* access_smtp=* 
g_access_group group=free_user access_pop=webmail.svr.ip access_imap=webmail.svr.ip access_smtp=webmail.svr.ip 

with "Access type" set to "free_user" on accounts page or equivalently in nwauth authentication database:
marijn@mydomain.com:{ssha}tVANQo...:created="1060034937" mailaccess="free_user" ...

To prevent webmail access for some users you would do this:

g_access_group_default "normal"
g_access_group group="normal" access_pop="*" access_imap=*" access_smtp="*"
g_access_group group="nowebmail" access_pop="*,!webmail.ip" access_imap="*,!webmail.ip" access_smtp="*"

And put the users you want to limit in a group called 'nowebmail' e.g.

lookup fred@domain
+OK fred@domaing config 0 mailaccess="nowebmail"

Syntax: g_access_group group=string access_pop=string access_imap=string access_smtp=string access_incoming=string

g_access_group_default - Access group defaults

Access group defaults for users with no access groups set. (must be used in conjunction with g_access_group)

Syntax: g_access_group_default string

g_access_surgeweb - Apply g_access_group rules to surgeweb sessions based on client's address

This setting has no further documentation currently available

Syntax: g_access_surgeweb bool

g_access_webonly - Users in this group can only use web not imap or pop

This setting has no further documentation currently available

Syntax: g_access_webonly string

g_acctlog_aliases - Log redirection & aliases in account usage too

This setting has no further documentation currently available

Syntax: g_acctlog_aliases bool

g_acctlog_noauth - Log sending usage based on from which may be fake

This setting has no further documentation currently available

Syntax: g_acctlog_noauth bool

g_acctlog_sum_inactive - Summarise local accounts that have not logged in yet as not_loggedin_yet@domain.com

This setting has no further documentation currently available

Syntax: g_acctlog_sum_inactive bool

g_admin_access - Allow / Restrict domain admin access to features based on g_access_group

g_admin_access group="wildcard" access="list"

This setting matches the g_access_group the admin is in to the wildcard specified and applies the specified access list to that domain admin, giving / restricting thier access to certain features. The list may include any of the following:

Value Result
alias Access to domain users "Alias" page and features.
aspam Access to the "ASpam" page and features.
blog Access to the "Blogs" page and features.
bulletins Access to the "Bulletins" page and features.
centipaid Access to domain users "Centipaid" page and features.
enotify Access to domain users "Email Notification" page and features.
exceptions Access to domain users "Exceptions" page.
friends Access to domain users "Friends" pages, and system.
fwd Access to domain users "Forwarding" features, forwarding, auto-responder.
fwdonly Access to domain users "Forwarding" features, forwarding
lists Access to the "Lists" page and features.
log Access to domain users "Log" page.
mailbox Access to domain users "Mailbox" page, view mailbox, setup rules.
sms Access to domain users "Sms" page.
spam Access to domain users "Spam" page, and SmiteSpam and Aspam processing of messages.
spampriv Access to domain users "Spam" pages' spam private feature
spf Access to domain users "Spf" page and features.
usage Access to the "Usage" button, which shows a domain users usage.
users Access to the "Users" page and features.
redirect Access to the "Redirect" page and settings.
redirect_cc Access to the "Redirect CC" page and settings.

In addition you can prefix any of the above with ! to deny access. There are two other special case values, "all" and "none" which mean exactly what they say, access to "all" or "none" of the features.

Example:

g_admin_access group="simple" access="all,!users,!reports"

The above setting gives admins in the 'simple' group access to all the features except the users and reports features.

Syntax: g_admin_access group=string access=string

g_admin_access_default - Default features granted to domain admins

This setting is a default access list for all domain admins on the server, it is specified in the same maner as the g_admin_access settings 'access' parameter. eg:

g_user_access_default "all,!users,!reports"

Syntax: g_admin_access_default string

g_admin_guesses - Number of guesses allowed for admin.

Syntax: g_admin_guesses "number"

This sets the number of guesses allowed for the admin username/password. Once this has been reached the ip is banned.

Syntax: g_admin_guesses int

g_admin_ip - Admin IP access

Mask of valid IP addresses for admin users (default *), this is a security setting you can use to restrict remote web admin access to trusted IP addresses. One is always allowed to use manage SurgeMail using 127.0.0.1 regardless of whether this is explicitly specified.

eg. To restrict to local network as per net mask
g_admin_ip "10.0.0.*,10.1.2.*" 

Syntax: g_admin_ip string

g_admin_localhost - Allow localhost web admin without user/pass

Allows a localhost connection to access the web admin port without using the administrator username / password. This is good if you keep forgetting the admin password like I do.

Syntax: g_admin_localhost bool

g_admin_readonly - System admins with readonly access to the management interface

This setting has no further documentation currently available

Syntax: g_admin_readonly string

g_admin_utoken_expire - Length of time a web admin session is valid for

This setting has no further documentation currently available

Syntax: g_admin_utoken_expire int

g_admin_utoken_idle - Length of time a web admin session may remain idle for

This setting has no further documentation currently available

Syntax: g_admin_utoken_idle int

g_alias_login_disable - Disable user login as alias

Stops the user login to pop or imap as the alias account

Syntax: g_alias_login_disable bool

g_allow_bodyless - Allow bodyless email

This will allow bodyless email to be accepted. These are usually spam.  In particular Norton Antivirus in autoprotect mode closes the POP link which makes it appear that SurgeMail has terminated the connection when a bodyless email is encountered.

Syntax: g_allow_bodyless bool

g_allow_passzip_from - A list of addresses to allow unmonitorable archive messages to be sent from

These may of course contain viruses as they cannot be scanned, but some people still need to be able to accept such files.

Syntax: g_allow_passzip_from string

g_allow_passzip_to - A list of addresses to allow unmonitorable archive messages to be sent to

These may of course contain viruses as they cannot be scanned, but some people still need to be able to accept such files.

Syntax: g_allow_passzip_to string

g_allow_user_authent_field_get - A space separated list of authent process fields that users are allowed to view for themself using the POP xauthent_field_get command

This provides limited access to the user database for applications like webmail and surgeplus.

Syntax: g_allow_user_authent_field_get string

g_allow_user_authent_field_set - A space separated list of authent process fields that users are allowed to set for themself using the POP xauthent_field_set command

This provides limited access to the user database for applications like webmail and surgeplus.

Syntax: g_allow_user_authent_field_set string

g_apple_bug1 - Apple bug allow content-length headers

This setting has no further documentation currently available

Syntax: g_apple_bug1 bool

g_apple_bug2 - Apple bug2 don't try and return bad if looping

This setting has no further documentation currently available

Syntax: g_apple_bug2 bool

g_archive - Archive delivered mail

Archive rules allowing all mail delivered to be archived to either:

- Fixed size rotating archive - use this if you want to be able to get back a particular message that has recently passed thorugh the server but you do not want the mail archives to be able to grow too large

- History archive of a fixed (or unlimited) duration that can grow as much as the disk space available. Use this if you need to archive say all mail sent to / from a particular customer for the last year.

The archive is stored as a directory containing bucket files. This allows you to retrieve messages that have been delivered if you need to retrieve a particular message for any reason. To retrieve a message this needs to be extracted manually from the archive files manually using a text editor or your own script. The maximum bucket size (default if 1Mb) of the archive and the maximum individual message size can be set.

Filtering is done based upon wildcard destination and source addresses and subject. These fields provide a logical AND, with a blanks filed matching the default "*". A specific email may match multiple archive rules, and will be archived in each archive in this case. Also note that if a match is part of a larger string the match string should have wildcards surrounding it. eg: to match "important business" in the subject "Very important business for you" you should specify "*important business*".

eg. To catch all email delivered from domain.com you would specify:
g_archive to="*" from="*@domain.com" subject="" path="c:\mailarchive" size="10mb" maxitem="10k" 

You can also select whether the archiving rule is triggered before or after any filtering that is applied such as virus or spam filtering using the early flag. This can be useful to capture the original source of viruses or spam for testing purposes.

Syntax: g_archive to=string from=string path=string subject=string size=string maxitem=string keep=string early=bool owner=string fromorto=string

g_archive_bucketsize - Size for archive bucket files. Default is 1mb

Sets the size of the archive buckets used by the circular archives. If set too large then editing the buckets manually is awkward.

Syntax: g_archive_bucketsize int

g_archive_early - Apply all archive rules before content filtering is applied (obsolete)

This will apply the archive rules before content filtering is applied. This can be user to capture the source message if it is getting stored or bounced unnecessarily by any of the SurgeMail filters. The early flag on individual archive rules should be used instead of this setting.

Syntax: g_archive_early bool

g_archive_files - Archive attachments to a directory

Each message to the named account will have it's attachments removed and placed in the named directory. The path can contain the symbols $month$ $year$ $day$ $second$. The 'second' is only within this day. Together these variables can be used to ensure a unique path is used for each file if the names might conflict. Use g_redirect_cc to archive email going to an existing account because if you set 'to' equal to a real account then the real account will stop receiving messages!

Syntax: g_archive_files path=string to=string files=string

g_archive_on_delete_dir - Directory to archive user files to on delete

Directory to archive deleted users files to. Defaults to 'archive_deleted' in the SurgeMail installation folder.

Syntax: g_archive_on_delete_dir string

g_archive_on_delete_off - Disables archive and instead deletes the files immediately

Purged monthly or by tellmail purge_deleted_users

Syntax: g_archive_on_delete_off bool

g_archive_tcpip - Rules for TCPIP archive process

Contact netwin for more details of this mechanism if you wish to use it.

Syntax: g_archive_tcpip to=string from=string path=string dom=string

g_archive_tcpip_host - Host to send archive data too

When using an archive server this defines the host that is running the archive server. Contact netwin if you need more info on this feature.

Syntax: g_archive_tcpip_host string

g_aspam_headers - Add aspam information messages to messages.

Adds informational aspam headers to all messages.

Syntax: g_aspam_headers bool

g_aspam_need_ip - Require good matches to match external ip address

This prevents poluted bad messages in aspam_good causing spam to bypass the filters, but reduces effectiveness of the notspam address.

Syntax: g_aspam_need_ip bool

g_assume_created_epoch - If user has no 'created' field assume they were created an arbitrarily large time in the past

This setting effect the g_disable_smtp_after and g_delete_user_after settings which, by default, ignore users who have not logged in and have no created field.

Syntax: g_assume_created_epoch bool

g_atrest_all - Auto encrypt all msgs when users next login

This setting has no further documentation currently available

Syntax: g_atrest_all bool

g_atrest_api - Enabe api for enabling atrest encryption - not needed

This setting has no further documentation currently available

Syntax: g_atrest_api bool

g_atrest_crazy - No recovery admin password needed

This setting has no further documentation currently available

Syntax: g_atrest_crazy bool

g_atrest_enable - At rest encryption. Unwise usually!

This setting has no further documentation currently available

Syntax: g_atrest_enable bool

g_atrn_client - Define a rule for fetching email using ATRN protocol

This is the setting for clients to define to fetch mail from an upstream server. Typically this is done on the special port 366, to specify another port use host:port in the host setting. E.g. host="smtp.upstream.com:25"

Syntax: g_atrn_client domain=string user=string pass=string host=string

g_atrn_port - Port to listen for 'atrn' (On Demand Relay) requests

See g_atrn_server for more details, the default is port 366, atrn is not obeyed on port 25

Syntax: g_atrn_port string

g_atrn_server - On Demand Mail Relay settings to define user/pass for clients to fetch mail

This allows a client on a dynamic IP to connect and request mail for a specific domain after authenticating by using the ATRN command. Typically this is done on the special port 366

Syntax: g_atrn_server domain=string user=string pass=string

g_att_enable - Allow users to enable attachment storage option

This setting has no further documentation currently available

Syntax: g_att_enable bool

g_att_in - Enable for incoming (by default)

This setting has no further documentation currently available

Syntax: g_att_in bool

g_att_in_keep - Days to keep incoming attachments (2000)

This setting has no further documentation currently available

Syntax: g_att_in_keep int

g_att_info - One line text explaining about the attachments

This setting has no further documentation currently available

Syntax: g_att_info string

g_att_max - If total msg exceeds this reduce g_att_min/10

Ideally this should be smarter. But will only fail if more than 10 attachments

Syntax: g_att_max int

g_att_min - Min size to store, dflt 200k

This setting has no further documentation currently available

Syntax: g_att_min int

g_att_path - Path to store attachments

This setting has no further documentation currently available

Syntax: g_att_path string

g_att_send - Enable when sending (by default)

This setting has no further documentation currently available

Syntax: g_att_send bool

g_att_send_keep - Days to keep sent attachments (90)

This setting has no further documentation currently available

Syntax: g_att_send_keep int

g_attach_convert - Process matching attachments with specified command. Passed two files names

This setting has no further documentation currently available

Syntax: g_attach_convert to=string from=string subject=string files=string output=string command=string

g_auth_hide - Disable SMTP Authentication

Per default SMTP authentication is enabled. If a user matches this IP range/list they will NOT be shown the ESMTP extension for SMTP authentication. This will usually stop the mail client from prompting the user for authentication. We STRONGLY recommend you do NOT use this feature. It is much better to let users authenticate when sending email.

Syntax: g_auth_hide string

g_auth_norelay - Ignore SMTP auth for relaying purposes

This means relaying only occurs if g_relay_allow_ip matches

Syntax: g_auth_norelay bool

g_auth_norelay_webok - Allow surgeweb sessions anyway.

This means relaying only occurs if g_relay_allow_ip matches

Syntax: g_auth_norelay_webok bool

g_auth_path - Path to nwauth files

Needed for mirroring if using multiauth

Syntax: g_auth_path string

g_auth_skipgateway - Skip gateway rules if we get a proxy SMTP auth command

Skip gateway rules if we get a proxy SMTP auth command. This is not for general use. It can be used if you are using SurgeMail in front of another mail server with a wild card gateway to gateway all domains to a back end mail server. Then an authenticated user is a local user trying to send out so the gateway rules are ignored. (this is strongly not recommended)

Syntax: g_auth_skipgateway bool

g_auth_trust - Trust authenticated user header from these servers

Use this setting to specify the filter machines which perform spam scanning for this machine. Use this on the filter machine, to specify itself so that mailing list messages do not get scanning/tagged twice. Ensure your users are sending messages via the filter machine.

Syntax: g_auth_trust string

g_authent_addip - Send ip address as third parameter to authent module

This setting has no further documentation currently available

Syntax: g_authent_addip bool

g_authent_allow_badascii - Allow ascii chars outside the range 32 < 127

By default ascii characters < 32 and >= 127 are blocked as invalid. If you require these characters set this to TRUE.

Syntax: g_authent_allow_badascii bool

g_authent_always - Always lookup user, so virtual domains can exist just in authent module

Always lookup user, so virtual domains can exist just in authent module. This allows you to support 10,000 domains on one system without a 'huge' ini file. Be careful to not create/remove real domains with the same name as existing domains that only exist in the authent database as the 'drop files/inboxes' will move when this occurs and existing mail will vanish.

Syntax: g_authent_always bool

g_authent_any - Restore buggy behaviour of looking up users in domains that don't exist

Previously surgemail would lookup a user even if the domain in question did not exist, if you need to restore this odd behaviour then you can use this setting...

Syntax: g_authent_any bool

g_authent_cachebad - Cache life of failed authent lookups

Set the life in seconds that the cached failed lookups can be used, default 60 seconds. Best left alone unless your server is being hit by thousands of failed lookups and your authent module is slow.

Syntax: g_authent_cachebad int

g_authent_cachelife - Cache life of successful authent lookups

Set the life in seconds that successful cached lookups can be used, default 2 hours. Best left alone.

Syntax: g_authent_cachelife int

g_authent_cachesize - Size of the authent cache

Set the size of the authent cache, default is 500 entries. Generally best left alone.

Syntax: g_authent_cachesize int

g_authent_case_sensitive - Make passwords case sensitive

By default surgemail avoids case sensitive passwords as they do little to increase security but causes endless frustration for users, but this is just an opinion and some people disagree so use this setting if you wish to have case sensitive passwords :-).

Syntax: g_authent_case_sensitive bool

g_authent_decrypt - Collect and store plain text passwords for migration in file pass.decrypted

This setting should only be used as part of a migration, it obviously exposes your customers passwords to risk!.

Syntax: g_authent_decrypt bool

g_authent_domain - Authent domain

If this is 'true', the virtual domain name is appended to the username before it is passed to the authent process. This lets the authent process deal with virtual domains. As a general rule, this should ALWAYS be true. 

Syntax: g_authent_domain bool

g_authent_encrypt_key - Encryption key config settings

Not for general use currently, used to partially obscure credit card info when stored in the authent module.

Syntax: g_authent_encrypt_key string

g_authent_enforce - Days till we prevent user from logging in, NOT RECOMMENDED

Days until we block logins if password is not changed. This setting will annoy your customers but not really achieve anything useful, it shouldn't be used in most situations. Expire password. Force password change

Syntax: g_authent_enforce int

g_authent_fwdfile - Use DMail forward files (deprecated - for backward compatibility only)

Allows old style DMail forward files to be read.

Syntax: g_authent_fwdfile bool

g_authent_info - Authent info

Defines a piece of information to store about the user in the user database (phone number, name, address etc). Each piece of information is given a name, a field, an access mode, a default and a type. The name defines what appears in the web management display. The field is what is sent to the authent_process. The access mode can be one of the following: user, domadmin, or admin, createonly, none. The default is what value is assigned upon creation of a new user. The type can be one of: date, readonly, encrypt or any custom string which you want to check for or match on the na_details.htm page with a template function like:

An access mode of 'admin' means that only the system admin can see the information, 'domadmin' means the sysadmin and any domain admin can see the information, 'user' means the user can see the information, 'createonly' means the user sets the information at creation time but cannot see it after that and 'none' ensures that no-one can see or modify the information (used for information that is handled by SurgeMail itself, either through the interface or otherwise)

e.g.
     g_authent_info      name="Phone Number" field="phone" access="user" default="" type=""

See here for a complete list of default settings.

Syntax: g_authent_info name=string field=string access=string default=string type=string

g_authent_info_grp - Fields to show to users in this group

Specifies the authent fields this user group is allowed to see and change. This applies only to the fields visible on the account properties page and the domain admin "Users" page it cannot be used to prevent access to fields which are managed by the web interface i.e. 'fwd'

Syntax: g_authent_info_grp group=string fields=string tag=string

g_authent_ip - Authent Lookup IP numbers via authent modules - enables relaying

If enabled each connecting IP address will be looked up in your user database as x.x.x.x@ip eg: "127.0.0.1@ip" and if the user is found then relaying is allowed and if 'send_limit="nn"' is defined then that will set the tarpit send limit for that user.

For per IP tarpit limits to work you need to define the g_tarpit_max and g_tarpit_max_remote settings. And g_tarpit_drop to make the limit effective.

Syntax: g_authent_ip bool

g_authent_last_login - Store users last login time in the database

This setting will cause the authent field 'last_login' to be updated when a user logs in. The field is set to a timestamp which is 'the number of seconds since midnight January 1, 1970'. This field is updated 'at most' once every 24 hours. Other features i.e. delete_user_after and disable_smtp_after will look for this field.

Syntax: g_authent_last_login bool

g_authent_logall - Turns on logging of authent requests

If enabled, authentication requests are logged in mail.log as "<day> <time> Authent[<action> <info>]".

Syntax: g_authent_logall bool

g_authent_lookup - Check if accounts exist using g_authent_pass too

This setting has no further documentation currently available

Syntax: g_authent_lookup bool

g_authent_nodomain - If true dont add @virtual.domain.name to external user lookups (NOT RECOMMENDED)

Use this at your own risk, it is provided for compatibility with dmail installations, but should be avoided if at all possible.

Syntax: g_authent_nodomain bool

g_authent_number - Authent number

The number of concurrent authent processes to run. If you are using a slow external authent module (e.g. sql) then it is probably worth running 3-4, there is no need to have more than 1 when using nwauth.exe. (Default = 1) 

Syntax: g_authent_number int

g_authent_pass - Authent process to check passwords with

This setting has no further documentation currently available

Syntax: g_authent_pass string

g_authent_prefix_sep - Authent Prefix Separator (deprecated - for backward compatibility only)

Prefix separator for prefix based separator. Only relevant if enabled on a per vdomain basis using the "prefix" setting.

Syntax: g_authent_prefix_sep string

g_authent_process - Authent process

The command line of a NetWin authentication module. You can use one of our standard modules for LDAP, ODBCAuth, MySQL etc or write your own. For more information on these modules see the authentication section of the manual .

This will typically be something like:
g_authent_process "E:\surgemail\nwauth.exe -path E:\surgemail"
or
g_authent_process "/usr/local/surgemail/nwauth -path /usr/local/surgemail"

Syntax: g_authent_process string

g_authent_reminders - Days till we remind user to change password

Days until we remind user to change password.

Syntax: g_authent_reminders int

g_authent_require - Days till we require user to change password

This is the one to use, only requires change in surgeweb, expire password

Syntax: g_authent_require int

g_authent_restart - Cycle auth modules every 1000 lookups

This is useful if there are resource allocation issues in the authentication module. Eg OBDCAuth

Syntax: g_authent_restart bool

g_authent_single - Allow local users with a single quote char in their name

This let's users exist who contain the single quote ' character. It is not supported with some authent modules though, nwauth does allow it.

Syntax: g_authent_single bool

g_authent_spaces - Allow spaces in passwords DO NOT USE

Not supported for most authent modules, requires nwauth 4.0r or later, If you have already got users with spaces in their passwords and you turn this setting on, they will no longer be able to login until they reset their passwords. Authent module must support slash encoding, for nwauth add -spaces to command line

Syntax: g_authent_spaces bool

g_authent_strip_domain - Strip domain for authent lookups

Use when your database expects one 'primary' domain to do lookups without a domain name then SurgeMail will strip that domain only from lookups. Typically this is only necessary with old DMail authent modules.

Syntax: g_authent_strip_domain string

g_authent_timeout - Timeout for authent response

Timeout for authent response, default 60 seconds.

Syntax: g_authent_timeout int

g_autologin_file - File to use to share auto login information on NFS based cluster

This allows webmail to autologin when using an nfs based cluster and a load sharing device.

Syntax: g_autologin_file string

g_autologin_imap_disable - Disable IMAP based autologins

IMAP autologins allow autologin to surgeweb.

Syntax: g_autologin_imap_disable bool

g_autologin_newlogic - Streamlined logic for surgeweb to user.cgi autologin handover

Improved logic for user.cgi autologin url generation. Notably affects proxy mode, frontend-backend configurations, and whether ssl is used.

Syntax: g_autologin_newlogic bool

g_autologin_pop - Enables WebMail Autologin using POP when on another server

Webmail needs the ability to automatically login to SurgeMail to changes passwords etc. This setting will do this via an extension to the pop protocol allowing WebMail to autologin whilst running on another server. (Normally this is done using a temporary file)

Syntax: g_autologin_pop bool

g_backtrace_disable - Backtrace Disable

Disable backtrace information for unix systems.

Syntax: g_backtrace_disable bool

g_bad_login_allow - Number of consecutive bad logins for a user before blocking that user

Number of consecutive bad logins for a user before blocking that user.

Syntax: g_bad_login_allow int

g_bad_login_dumb - Give login failures even if known address

This disables the smart feature so this setting will probably catch real users :-)

Syntax: g_bad_login_dumb bool

g_bad_login_ip_allow - Number of bad logins from an IP before blocking that IP

Number of bad logins from a single IP before blocking that IP.

Syntax: g_bad_login_ip_allow int

g_bad_login_ip_ignore - IP address(es) to allow any number of bad logins from

Use for webmail system or other local gateway to stop bad login counter from locking out all users.

Syntax: g_bad_login_ip_ignore string

g_bad_login_lockout - Lockout addresses permenantly - use if DOS attack

This can reduce load during DOS attack.

Syntax: g_bad_login_lockout bool

g_bad_login_mins - Minutes to block login for, if consecutive bad ones received

Minutes to block login for, if consecutive g_badlogin_allow or g_badlogin_ip_allow bad logins received=.

Syntax: g_bad_login_mins int

g_badfrom_badmx - Drop message if this MX

If mx host is one of these addresses then drop the message, it's definitely spam (e.g. 127.*).

Syntax: g_badfrom_badmx string

g_badfrom_check - Check if 'from' envelope can be delivered to

If this is set to "true" then SurgeMail will connect back to the envelope 'from' address and check that the address is valid, a cache is used to improve performance, if it cannot connect then the message is bounced as probable spam. It's nicer to use the following setting "g_badfrom_stamp" as well, then if SurgeMail cannot connect back or the user is invalid then a header is added to indicate this, and our SmiteSpam rules will use this to increase the spam weighting.

You can use g_spam_allow to exempt an IP from this check as well as g_badfrom_whitelist for a domain. Please note that by default SurgeMail uses a blank mail from to do its check.
MAIL FROM: <>
Some servers might reject this, though they shouldn't because its a standard bounce, however if they do you can use g_badfrom_from to set a mail from address to be used for this check.

Syntax: g_badfrom_check bool

g_badfrom_from - Mail from account for g_badfrom_check

From to use when doing the g_badfrom_check check, not normally needed, if set must be set to valid account.

Syntax: g_badfrom_from string

g_badfrom_noip - Check envelope from domain exists and is a valid IP number

Check envelope from domain exists and is a valid ip number, if not bounce message.

Syntax: g_badfrom_noip bool

g_badfrom_noip_temp - Makes g_badfrom_noip return a temporary error instead of a 501 error

Use g_verify_mx_skip to bypass/whitelist ip addresses from this check

Syntax: g_badfrom_noip_temp bool

g_badfrom_stamp - If 'g_badfrom_check' is bad then stamp a header on the message

g_badfrom_check must also be set to true. If this is set to "true" then SurgeMail will connect back to the envelope 'from' address and check that the address is valid, a cache is used to improve performance, if it cannot connect then a header is added to indicate this, and our SmiteSpam rules will use this to increase the spam weighting.

Syntax: g_badfrom_stamp bool

g_badfrom_whitelist - Whitelist of domains to skip from checks

Whitelist of "from" address domains to skip g_badfrom_* checks.

eg.
g_badfrom_whitelist "specialdomain.com"

Syntax: g_badfrom_whitelist string

g_ban_blackhole - Leave connected but reject all recipients without looking them up

Leave connected but reject all recipients without looking them up. This is good of dealing with high volume spammers without wasting resources doing user lookups. 

Syntax: g_ban_blackhole bool

g_ban_from - Ban any matching MAIL FROM: envelope

Same as 'ban_helo' but applies to the from (return address) part of the mail envelope. This is NOT the same as the from/sender header in the message itself!!! This equates to the 'Return-path:' header that the mail server adds. 

Syntax: g_ban_from string

g_ban_helo - Ban any machine that gives a matching 'helo' string

This is a simple spam protection system to block known spam/problem users based on the 'helo' name they send to your system. This name is recorded in the 'received' header along with the IP address. This name is very easy to 'fake' so is not a high security level of protection, but it is simple for stopping stupid robots etc, that have gone insane.

Example: *junkmail.com 

Syntax: g_ban_helo string

g_ban_rcpt - Ban any matching RCPT TO: envelope

Same as 'ban_helo' but applies to the recipient part of the envelope (destination users) this is NOT the same as the 'To:' header in the message itself!!! This can sometimes be used to block really simple spamming programs that always send to the same invalid users. 

Syntax: g_ban_rcpt string

g_bank_debug - Log request to bank server

Use when trying to debug the g_bank_url post/response

Syntax: g_bank_debug bool

g_bank_group - Create price groups with descriptions

See g_bank_url for details

Syntax: g_bank_group group=string price=string desc=string

g_bank_log - Log lines matching this in response.

See g_bank_url for details

Syntax: g_bank_log string

g_bank_ok - Find this in response, if found then charge was successful

See g_bank_url for details

Syntax: g_bank_ok string

g_bank_pass - Password for authenticated web request to banks system

See g_bank_url for details

Syntax: g_bank_pass string

g_bank_reason - This line is returned to user if it is found

See g_bank_url for details

Syntax: g_bank_reason string

g_bank_url - URL to charge a credit card (experimental)

This allows automated monthly charging of users

Syntax: g_bank_url string

g_bank_user - Username for authenticated web request to banks system

See g_bank_url for details

Syntax: g_bank_user string

g_bind_authent_default - Bind to default if authenticated

So authenticated users get the default binding not g_bind_byfromip

Syntax: g_bind_authent_default bool

g_bind_byfromip - Bind outgoing SMTP connections to the specified IP based on the sender IP

This setting has no further documentation currently available

Syntax: g_bind_byfromip fromip=string bindip=string

g_bind_from - Bind outgoing SMTP connections based on 'from' envelope

Bind outgoing SMTP connections based on the IP of the virtual domain in 'from' envelope. This is only useful if you are using IP based virtual domains. 

Syntax: g_bind_from bool

g_bind_in_always - Bind on incoming in preference to g_bind_from

So if the incomnig mail came in on interface address 1.2.3.4 then that same address is used to send the email

Syntax: g_bind_in_always bool

g_bind_incoming - Bind outgoing SMTP connections based on incoming ip address

So if the incomnig mail came in on interface address 1.2.3.4 then that same address is used to send the email

Syntax: g_bind_incoming bool

g_bind_out - Bind outgoing smtp connections to IP

Bind outgoing smtp connections to this IP number. 

Syntax: g_bind_out string

g_bind_to - Bind outgoing SMTP if to address matches

This setting has no further documentation currently available

Syntax: g_bind_to string

g_bind_to_ip - The address to bind to

This setting has no further documentation currently available

Syntax: g_bind_to_ip string

g_bind_to_name - The name to use in the ehlo

This setting has no further documentation currently available

Syntax: g_bind_to_name string

g_black_above - Level for spam detection for g_black_count

Level for spam detection for blacklisting IP number e.g. 7. 

Syntax: g_black_above int

g_black_count - Blacklist sender IP based on spam sent

Number of spam in a row before IP blacklisted for 30 minutes eg: 30 (default = disabled)

Syntax: g_black_count int

g_black_isspam - Blacklist ip address for any spam training event

This setting has no further documentation currently available

Syntax: g_black_isspam bool

g_black_nbad - Blacklist ip address if this many bad recipients in a row (e.g. 8)

There is no default. The ip is blacklisted for the time specified by G_MAX_BAD_IP_TIME or one day. Whitelist with G_BLACK_WHITE for ip address or from matches. This limit is related to a single connection, not all errors from an ip over time.

Syntax: g_black_nbad int

g_black_to - Blacklist sender IP based on catch addresses

Blacklist senders IP address for 30 minutes if they deliver to these spam catch email addresses.

eg. g_black_to "smith@mydomain.com,catcher@myotherdomain.com"

Syntax: g_black_to string

g_black_white - Whitelist to prevent blacklisting, e.g. 1.2.3.*,mail*.aol.com

This setting has no further documentation currently available

Syntax: g_black_white string

g_block_files - Block certain attachments

Allow you to block any mail with certain files attached. 

g_block_files "*.exe,*.cmd,*.com"

Syntax: g_block_files string

g_block_longok - If true allow long file names (more than 180 char)

By default files names over this length are ALWAYS blocked if g_block_files is used, in rare situations these are not just viruses attempting to get around the filter.

Syntax: g_block_longok bool

g_block_skip - From or To address to bypass g_block_files

Some users will need to send various attachments, these users are excempt to the g_block_files rule

Syntax: g_block_skip string

g_block_wild - Block wildcards in usernames

Block the '*' wildcard character in usernames.

Syntax: g_block_wild bool

g_blogs_allow_links - Allow users to post comments that contain urls

Due to widespread abuse of blogs this is not recommended.

Syntax: g_blogs_allow_links bool

g_blogs_cleanup_links - Delete existing posts that contain urls

This setting will help cleanup existing spam postings to your users blogs.

Syntax: g_blogs_cleanup_links bool

g_blogs_comment_rev - Show blog comments newest first

Helps if there are lots of comments, this is a global setting not per blog..

Syntax: g_blogs_comment_rev bool

g_blogs_default_template - Default template set that is used by newly created blogs

This setting can have a value of the name of any directory in the SurgeMail blogtpl directory

Syntax: g_blogs_default_template string

g_blogs_domonly - Only list blogs in a users domain

By default all blogs in all domains are listed/shown to the user. This setting causes it to only list blogs in the users domain.

Syntax: g_blogs_domonly bool

g_blogs_enable - Surgemail blogs

Allow users to create blogs

Syntax: g_blogs_enable bool

g_blogs_https - Use https for blog urls

This setting has no further documentation currently available

Syntax: g_blogs_https bool

g_blogs_image_optional - Allow users to specify if image verification is required for comments

By default image verification is now required, this prevents spammers from abusing the many 'test' blogs set up by your users.

Syntax: g_blogs_image_optional bool

g_blogs_max_per_user - Maximum number of blogs per user

Maximum number of blogs per user, default is 5

Syntax: g_blogs_max_per_user int

g_blogs_maximum_image_size - Default maximum image size

Images larger than this (in largest dimension) that are posted to blogs are scaled down, default is 390, per blog setting can overide this.

Syntax: g_blogs_maximum_image_size int

g_blogs_maximum_image_width - Default maximum image width

Images larger than this that are posted to blogs are scaled down, default is 390, per blog setting can overide this.

Syntax: g_blogs_maximum_image_width int

g_blogs_maximum_items_in_top_page - Maximum number of items on the top blog page

Maximum number of post bodies to appear on a blog top page, default is 10

Syntax: g_blogs_maximum_items_in_top_page int

g_blogs_no_suffix - Shortens URL, url_blogs must be defined for each domain

This shortens http://a.com/blog/juggling to http:/a.com/juggling, but does require that you define a specific name for the blogs in the domain based url_blogs setting

Syntax: g_blogs_no_suffix bool

g_blogs_not_global - Only allows access to a blog onthe domain it is defined on

Only allows access to a blog on the domain it is defined on, this is not recommended. (probably want to use g_blogs_not_unique, g_blogs_domonly too)

Syntax: g_blogs_not_global bool

g_blogs_not_unique - Allow the same blog name in multiple domains

If set you can create different blogs with the same name in different virtual domains, this is not recommended.

Syntax: g_blogs_not_unique bool

g_blogs_ping - Sites to ping on each post

Host and path to ping on each blog post. eg: host=rpc.weblog.com path=/RPC2

Syntax: g_blogs_ping host=string path=string

g_blogs_sub_domain_prefix - Prefix to use instead of blogs. for blog subdomains. use ! to have no prefix.

Experimental feature do not use

Syntax: g_blogs_sub_domain_prefix string

g_blogs_use_sub_domains - Make blogs accessible at http://blog_name.domain/

If you're DNS entry supports it, turn on this setting to make blogs accessible at http://blog_name.blogs.domain/ instead of http://domain/blogs/blog_name

Syntax: g_blogs_use_sub_domains bool

g_body_filter - Enable user email body filtering

Allows the user to configure filters which filter the body of incoming messages

Syntax: g_body_filter bool

g_bomb_max - Max messages to a single address per hour

Simple system to prevent intentional or more likely, accidental mail loops or mail bombs where thousands of Emails are sent to a single user. A setting in the range of 100-1000 is generally good depending on your sensitivity to incorrectly blocking real mail.  We suggest 1000 is a good setting if you are unsure.

This counts the messages from a single IP address to a single recipient. If a single IP sends more than this many messages to any single recipient then they will be tarpitted (slowed down and rejected).

Use spam_allow ip.address.list to over-ride the limit for known local systems that might exceed this limit (unlikely anything will).

Syntax: g_bomb_max int

g_bomb_max_from - Max msgs from a single email address/hour

Max msgs from a single email address/hour.

Syntax: g_bomb_max_from int

g_bomb_white - don't apply bomb_max limit if to address matches

Useful for robots etc that expect high volume

Syntax: g_bomb_white string

g_bounce_bind - Use a specific ip address for outgoing bounces

Some RBL sites blacklist machines for sending bounces, which is probably a good thing. But even with spf running your server may occasionally send a bounce to a forged address, and so you can use an alternate ip address for these bounces to avoid blacklisting your main mail server address. First you must assign the ip address to your network interface etc

Syntax: g_bounce_bind string

g_bounce_disable - Bounce Disable

Disable all bounces. This is particularly useful when under spam attack. This is for outgoing bounces it stops SurgeMail generating bounces it won't affect incomming bounces from other servers.

example:
g_bounce_disable "true"

Syntax: g_bounce_disable bool

g_bounce_limit - Max size of bounce messages

Max size in bytes of message to send back as bounce message is truncated if necessary.

Syntax: g_bounce_limit int

g_bounce_nodrop - Enables locally generated bounces for non local users

This setting makes bounces occur normally, the reason bounces are normally dropped for non local users is that they are almost always spam bouncing off another server due to forwarding settings, and as such sending a bounce email will get your server black listed, so we decided it was best to drop them by default since they are rarely useful. Turn this setting on at your own risk :-). Instead use g_bounce_to to list domains that it is safe to bounce to.

Syntax: g_bounce_nodrop bool

g_bounce_paranoid - Prevent external bounces going through surgemail

This can help stop back scatter from another server going through your server to an external domain

Syntax: g_bounce_paranoid bool

g_bounce_redirect - Send all bounces to a local address

This can be used to avoid 'back scatter' which can get your server listed in various black listed sites. In general your server should not generate bounces so if you get lots you may find changing config settings can stop them. Note this only redirects bounces to non local recipients, so your users sending outgoing mail will still get their own bounce messages.

Syntax: g_bounce_redirect string

g_bounce_reject - Reject bounces by ip address from known dumb mail servers

Some mail servers (exchange) will accept email, then bounce it, this is now considered a 'crime' and will get your server black listed, so if you have surgemail running as a gateway for such servers you can tell it to reject any bounce that server is foolish enough to send you.

Syntax: g_bounce_reject string

g_bounce_safe - Only send bounces to local domains

This may result in lost messages, but can also avoid backscatter issues

Syntax: g_bounce_safe bool

g_bounce_some_stop - Disables locally generated bounces for partial message failure - NEVER use this!

This can decrease back scatter, but it has other bad effects, it can result in duplicate messasges arriving. Never never use this setting

Syntax: g_bounce_some_stop bool

g_bounce_suggest - Send bounces to postmaster if spf cannot be verified

This may help stop black listing for backscatter while still alerting the sending domain admin that one of their users emails to your server bounced, You can specify a template file suggest.eml if you don't like the default message suggesting the postmaster add spf records for their domain

Syntax: g_bounce_suggest bool

g_bounce_to - Domains to treat as local and send bounces to

This setting makes bounces occur normally, the reason bounces are normally dropped for non local users is that they are almost always spam bouncing off another server due to forwarding settings, and as such sending a bounce email will get your server black listed, so we decided it was best to drop them by default since they are rarely useful. Turn this setting on at your own risk :-). Instead use g_bounce_to to list domains that it is safe to bounce to. e.g. *@a.com,*@b.com

Syntax: g_bounce_to string

g_bounce_to_recipient - Bounce suregewall failure to the recipient

This can help prevent message loss in rare cases where quota/size limits prevent a delivery from surgewall server to destination server.

Syntax: g_bounce_to_recipient bool

g_breakin_enable - Stop multiple ip logins for one account in a few seconds

When a hacker guesses a password on your system they will often send outgoing spam to your server from multiple ip addresses, Surgemail detects this and emails the administrator when it occurs, use g_breakin_white to enable specific users who need to do this (this is very unusual though)

Syntax: g_breakin_enable bool

g_breakin_n - Number of different ip's that trigger a lockout, default is 8

Only lower numbers are valid.

Syntax: g_breakin_n int

g_breakin_short - Match on 1.2.3.* for ip addresses, helps with google sending

When a hacker guesses a password on your system they will often send outgoing spam to your server from multiple ip addresses, Surgemail detects this and emails the administrator when it occurs, use g_breakin_white to enable specific users who need to do this (this is very unusual though)

Syntax: g_breakin_short bool

g_breakin_white - Email addresses that can send concurrently from mulltiple ips (use * to allow everyone)

When a hacker guesses a password on your system they will often send outgoing spam to your server from multiple ip addresses, Surgemail detects this and emails the administrator when it occurs, use this setting to enable specific users who need to do this (this is very unusual though), it also accepts wild cards, e.g. * if you wish to disable teh feature. A list is given as "user@domin,user2@domain2"

Syntax: g_breakin_white string

g_breakin_window - Window in seconds, default is 300

The window in which the multiple logins are counted

Syntax: g_breakin_window string

g_broad_noadd - Disable buttons on message

Disables the added buttons for voice messages

Syntax: g_broad_noadd bool

g_broad_pass - BroadSoft pass

Customer specific feature

Syntax: g_broad_pass string

g_broad_port - BroadSoft port

Customer specific feature

Syntax: g_broad_port string

g_broad_server - URL to BroadSoft server

Customer specific feature

Syntax: g_broad_server string

g_broad_url - URL to this server

Customer specific feature

Syntax: g_broad_url string

g_broad_user - BroadSoft user

Customer specific feature

Syntax: g_broad_user string

g_bull_maxage - Delete bulletins over maxage days

This setting has no further documentation currently available

Syntax: g_bull_maxage int

g_bull_rule - Post bulletins to this domain

Senders must be authenticated user that matches the sender, domain can be blank to send to all domains, the to field is the address you will send posts to, typically something like: bulletins@your.domain.name

Syntax: g_bull_rule to=string domain=string sender=string

g_byname_old - Enable old slow domain lookup functions

This setting should not be needed.

Syntax: g_byname_old bool

g_calendar_version - CalDAV / SabreDAV calendaring configuration version number

This setting has no further documentation currently available

Syntax: g_calendar_version int

g_callhome_disable - Disable misc features that reference netwinsite

Useful if you are paranoid about information :-)

Syntax: g_callhome_disable bool

g_centipaid - see CentiPaid.htm

Authentication server and port for CentiPaid.

Syntax: g_centipaid string

g_check_date - Reject messages if date is in the future

Downloads a ip to country database and then adds a header based on that to each message to show where it came from. This file IpToCountry.csv should appear in your surgemail home directory after enabling this setting (restart surgemail too), if the file doesn't appear you can download it via http://updates.netwinsite.com/updates/IpToCountry.csv , tellmail aspam_update may trigger the download!

Syntax: g_check_date bool

g_cid_skip_to - Skip CID score, good for lawyers etc

Some users will trigger CID matches due to the nature of their business (accountants/lawyers) for these people you may want to list them here. CID is content matching, usually scams which often use legal language.

Syntax: g_cid_skip_to string

g_comment - Management notes and comments about the server

This is a dummy setting that lets you store information in the ini file that will survive setting changes from the web admin tool.

Syntax: g_comment date=string name=string comment=string

g_con_gateway - Connection limit per ip also applies to gateways

This setting has no further documentation currently available

Syntax: g_con_gateway int

g_con_perip - Connections per IP

Maximum number of connections allowed per IP address. Primarily this is used to prevent simple denial of service attacks where one user could otherwise use up all the channels your system can support and then do nothing with them. 

Syntax: g_con_perip int

g_con_perip_except - Connections per IP exception

IP list of exception addresses to g_con_perip. 

Syntax: g_con_perip_except string

g_con_persubnet - Maximum concurrent connections per subnet

Maximum number of concurrent connections per subnet. This limits concurrent connections from a sub net, great for automatically stopping professional spammers who use multiple addresses. A typical setting might be 20. Subnet is /24.

Syntax: g_con_persubnet int

g_con_peruser - Connection limit per user for imap/pop. Set above 20

This setting has no further documentation currently available

Syntax: g_con_peruser int

g_con_peruser_except - Exception users to g_con_peruser, include domain name

This setting has no further documentation currently available

Syntax: g_con_peruser_except string

g_convert_percent - Convert % signs top @ in recipient addresses

Some Spam tests send mail user%spamdomain.com@localdomain.com to see if a server is an open relay. If a default address is set up for the local domain this will be delivered to this local address and the test assumes the mail server is an open relay. This setting prevents this. 

Syntax: g_convert_percent bool

g_cookie_secure - Set all cookies to secure mode on https connections

This setting has no further documentation currently available

Syntax: g_cookie_secure bool

g_country_allow - user@domain list to bypass country_login rule

This setting has no further documentation currently available

Syntax: g_country_allow string

g_country_allowip - Ip addresses to bypass country_login rule

This setting has no further documentation currently available

Syntax: g_country_allowip string

g_country_ip - Tag messages with country of origin

Downloads a ip to country database and then adds a header based on that to each message to show where it came from. This file IpToCountry.csv should appear in your surgemail home directory after enabling this setting (restart surgemail too), if the file doesn't appear you can download it via http://updates.netwinsite.com/updates/IpToCountry.csv , tellmail aspam_update may trigger the download!

Syntax: g_country_ip bool

g_country_login - List of countries to allow logins from, 2 letter codes

See IpToCountry.csv and make sure g_country_ip is enabled

Syntax: g_country_login string

g_cpu_slow - Email warning if no cpu for this many seconds

Default is 10 seconds, helps detect system lockups and alert the manager

Syntax: g_cpu_slow int

g_crash_nomini - Crash without minidump on windows

This setting has no further documentation currently available

Syntax: g_crash_nomini bool

g_crash_normal - Crash without catching exceptions

Crash without catching signals 10,11. In particular this will generate correct core files on FreeBSD systems.

Syntax: g_crash_normal bool

g_crash_simple - Crash simpler for solaris to avoid deadlock situation

This setting has no further documentation currently available

Syntax: g_crash_simple bool

g_create_allow - List of characters allowed in usernames/passwords

Defaults to A-Za-z0-9\-_. meaning usernames/password may contain letters, numbers, -, _ and . and nothing else.

Syntax: g_create_allow string

g_create_allow_pass - List of characters allowed in passwords

Settting overriding g_create_allow just for passwords.

Syntax: g_create_allow_pass string

g_create_apply - List of user groups to apply create_* settings for.

This setting allows you to apply create_* settings to domain admin accounts. Specify g_access_group names and domain admins in these groups will have create_* settings applied to them when adding users in the domain admin interface.

Syntax: g_create_apply string

g_create_apply_admin - Apply allow* rules to the administrator

Without this setting the admin can create usernames that contain any characters pretty much

Syntax: g_create_apply_admin bool

g_create_badnames - List of illegal usernames

Comma separated list of illegal usernames, may contain wild cards, if username contains part of a non-wild card or matches a wildcard it is disallowed.

Syntax: g_create_badnames string

g_create_cleanup - Cleanup existing data before adding a user

This causes a delete to be actioned for a user before/as they are created. This ensures the new user does not end up with any files, on any mailing lists, with any aliases etc from a previous user of the same name/address. If you delete users from the authent database directly i.e. not using the surgemail web admin or calling 'tellmail delete_user' then this setting will cleanup the users files when their address is re-used.

Syntax: g_create_cleanup bool

g_create_dictionary - File containing dictionary words to compare passwords to

Text file containing one word per line, passwords are compared to all words longer than 4 characters in this file, if a username or password contains a word in this file it is not allowed. Only takes effect if g_create_strict is checked.

Syntax: g_create_dictionary string

g_create_pass_digit - Require one digit and letter in a password

This setting has no further documentation currently available

Syntax: g_create_pass_digit bool

g_create_pass_length - Limit the length of user passwords

This is applied during user self creation and when users change passwords. Set admin to true to restrict the domain and global admin also.

Syntax: g_create_pass_length min=int max=int admin=bool

g_create_pass_mixed - Require mixed case passwords

Require mixed case passwords

Syntax: g_create_pass_mixed bool

g_create_pass_notuser - Ban password containing username

Ban password if it conains the username

Syntax: g_create_pass_notuser bool

g_create_pass_recheck - Recheck passwords during login and warn user if g_hack_touser is true

This setting has no further documentation currently available

Syntax: g_create_pass_recheck bool

g_create_pass_recheck_text - Added to end of recheck email to give users a url to a help page

This setting has no further documentation currently available

Syntax: g_create_pass_recheck_text string

g_create_pass_slack - Slacken restrictions on trivial password creation

Useful sometimes for provisioning, allows username=password

Syntax: g_create_pass_slack bool

g_create_pass_special - Require special character, e.g. !@#$%^&*(){}[];:?><.,

Require a special character

Syntax: g_create_pass_special bool

g_create_record_ip - Causes surgemail to store ipnum in the authent database

This setting has no further documentation currently available

Syntax: g_create_record_ip bool

g_create_strict - Whether to apply strict rules to usernames/passwords

Checking this causes surgemail to check passwords do not contain words longer than 4 characters from g_create_dictionary as well as requiring the password to be 6+ characters, and usernames/passwords to contain more than 1 character.

Syntax: g_create_strict bool

g_create_strict_admin - Enforce strict rules for admins too, set g_create_strict AS WELL!!

This setting has no further documentation currently available

Syntax: g_create_strict_admin bool

g_create_user_length - Limit the length of usernames

This is applied during user self creation. Set admin to true to restrict the domain and global admin also.

Syntax: g_create_user_length min=int max=int admin=bool

g_date_add_utc - Add UTC if date header is missing it

Add timezone if date header is missing one

Syntax: g_date_add_utc bool

g_dbabble_links - Add web links to DBabble from other web interfaces (and vice versa)

This causes links to appear in the DBabble interface to switch to using WebMail (and SurgePlus if you have the g_surgeplus_links setting on).

Syntax: g_dbabble_links bool

g_dbabble_smtp_port - DBabble SMTP port (do not manually change this setting - it should be set from the DBabble section of the web admin interface only)

This setting specifies the port that DBabble listens on. DBabble looks at surgemail.ini and if it sees this setting, overrides it's own setting with this value. When you save changes to this setting from within the SurgeMail DBabble admin interface, SurgeMail automatically sets appropriate values for the g_redirect_iflocal and g_gateway settings.

Syntax: g_dbabble_smtp_port int

g_dbabble_smtp_prefix - DBabble SMTP prefix (do not manually change this setting - it should be set from the DBabble section of the web admin interface only)

This setting is used in conjunction with the dbabble_smtp_port setting to forward all mail with the specified prefix on to DBabble.

Syntax: g_dbabble_smtp_prefix string

g_debug_block - For catching bugs in block file processsing

For catching bugs in block file processsing.

Syntax: g_debug_block bool

g_debug_body - Save msg body during processing

This setting has no further documentation currently available

Syntax: g_debug_body bool

g_debug_check - Use more dmalloc debugging, some performance impact. Also set g_debug_free

This setting has no further documentation currently available

Syntax: g_debug_check bool

g_debug_crt - Some CRT debugging on windows, do not use

This setting has no further documentation currently available

Syntax: g_debug_crt bool

g_debug_free - Check free memory isn't corrupted - slows performance slightly

This is for tracking a particular bug, not for general use

Syntax: g_debug_free bool

g_debug_freepc - 0-100 percent of malloc/free's to check later

This is for tracking a particular bug, not for general use

Syntax: g_debug_freepc int

g_debug_image - Save image thumbnail files to find bug

This setting has no further documentation currently available

Syntax: g_debug_image bool

g_debug_imap - Log imap folder renames and deletes in kmsg.log

This is for tracking a particular bug or user error :-)

Syntax: g_debug_imap bool

g_debug_ini - Debugging, don't use this

This is a temp setting used for testing

Syntax: g_debug_ini bool

g_debug_ncpy - Debug ncpy function

This makes ncpy clear the entire destination buffer to increase the chance of a crash if the buffer length is wrong

Syntax: g_debug_ncpy bool

g_debug_ncpy2 - Debug ncpy clear only

This makes ncpy clear the entire destination buffer to increase the chance of a crash if the buffer length is wrong

Syntax: g_debug_ncpy2 bool

g_debug_padpc - 0-100 percent of malloc/free's to pad

This is for tracking a particular bug, not for general use

Syntax: g_debug_padpc int

g_debug_timing - Record dfopen timing, tellmail dfopen_stats

This makes ncpy clear the entire destination buffer to increase the chance of a crash if the buffer length is wrong

Syntax: g_debug_timing bool

g_debug_vanished - Name of file to check for, if file vanishes, crash

This is for tracking a particular bug, not for general use

Syntax: g_debug_vanished string

g_delete_exclude - Field and value that excludes an account from g_delete_user_after

If the authent response includes this field/value pair then the user account will not expire

Syntax: g_delete_exclude field=string value=string

Example: field="noexpire" value="true"

g_delete_user_after - Number of days an account can remain unread before it is deleted

 

Number of days an account can remain unread before it is deleted. This setting cannot be used on an authent_domain FALSE domain unless it has a prefix setting.

 

e.g.
DELETE_USER_AFTER "30"
Then issue the command:
tellmail expire_accounts
Then examine users_delete.rec to see it is a valid list of old accounts, then use:
tellmail delete_user FILE users_delete.rec

To actually delete the accounts.

Syntax: g_delete_user_after int

g_delete_user_mode - What to do when an account is unread

You can set this to "file" or "suspend". "file" causes accounts to be written to the users_delete.rec file, which you can action by running "tellmail delete_user FILE" or "tellmail delete_user FILE users_delete.rec" (optionally specify the file). "suspend" causes accounts to be suspend, it does this by setting the field and value specified in the g_delete_user_suspend setting.

If this setting is blank the default is to use 'file' mode, accounts are NEVER deleted automatically except in the very oldest versions of surgemail (before version 3)

Syntax: g_delete_user_mode string

g_delete_user_suspend - If suspending an unread account set this field/value

Set the field and value to use when suspending an account due to g_delete_user_after and the g_delete_user_mode "suspend" settings.

Example: Disable accounts after 1 year 
       g_delete_user_after "365"
       g_delete_user_mode "suspend"
       g_delete_user_suspend field="mailstatus" value="closed"

Syntax: g_delete_user_suspend field=string value=string

g_deliver_robot - Robot/Script to run at delivery time $FILE$ AND $TO$ parameters

This setting has no further documentation currently available

Syntax: g_deliver_robot string

g_demo - Demo mode lock unsafe admin features

This setting has no further documentation currently available

Syntax: g_demo bool

g_demo_to - Demo mode valid external destinations

This setting has no further documentation currently available

Syntax: g_demo_to string

g_deny - Deny users from some IP ranges

Block known spammers etc by IP address. You can use wild cards and 'not' signs, e.g. "!*,127.*,10.*" 

Syntax: g_deny string

g_deny_country - Block email from some countries, use 2 digit code not the full name, see IpToCountry.csv, turn on g_country_ip!

Block countries, examine the file IpToCountry.csv for the abbreviations, g_country_ip must be set true, and issue tellmail aspam_update

Syntax: g_deny_country string

g_deny_log - Log g_deny rejections to msg.log - can clutter log

This setting has no further documentation currently available

Syntax: g_deny_log bool

g_deny_login - Block users from some ip ranges logging in

This setting has no further documentation currently available

Syntax: g_deny_login string

g_deny_msg - Deny message

Message to give to users who are disconnected due to the above 'deny' setting. 

Syntax: g_deny_msg string

g_deny_smtp - Deny SMTP based on IP address

Block users from some IP ranges connecting to SMTP only. 

Syntax: g_deny_smtp string

g_disable_exclude - Field and value that excludes an account from g_disable_smtp_after

If the authent response includes this field/value pair then the user account will not be disabled from receiving messages

Syntax: g_disable_exclude field=string value=string

Example: field="noexpire" value="true"

g_disable_qnum - Disable qnum msg header

This setting has no further documentation currently available

Syntax: g_disable_qnum bool

g_disable_skip - Ip address of senders to accept email from even if user account is disabled due to g_disable_smtp_after

Useful to ensure delivery for important company notices

Syntax: g_disable_skip string

g_disable_smtp_after - Number of days an account can remain unread before delivery is disabled

DO NOT USE THIS SETTING IN A MIRROR/CLUSTER SETUP

Number of days an account can remain unread before delivery is disabled. 

Syntax: g_disable_smtp_after int

g_disable_surgeplus - Disable SurgePlus Calendar and File Sharing client

Disable users from logging in using the SurgePlus Calendar and File Sharing client. See SurgePlus

Syntax: g_disable_surgeplus bool

g_disable_surgeplus_updates - Disable automated downloading of new versions of SurgePlus client from netwinsite.com

New versions of the SurgePlus client are automatically downloaded from netwinsite.com and made available for download form your server by your users. See SurgePlus

Syntax: g_disable_surgeplus_updates bool

g_disk_debug - Log slow disk access n

This setting has no further documentation currently available

Syntax: g_disk_debug bool

g_disk_warning - Give manager warning if disk % exceeded, default 95%

This setting has no further documentation currently available

Syntax: g_disk_warning string

g_diskio_abort - Shutdown if diskIO failure on queue files

Intended to make server die rather than to pretend to keep running when a major disk fault has occurred

Syntax: g_diskio_abort bool

g_dkim_allow - From addresses to not enforce dkim for

See domainkeys.htm

Syntax: g_dkim_allow string

g_dkim_allowip - From ip addresses to not enforce dkim for

See domainkeys.htm

Syntax: g_dkim_allowip string

g_dkim_alt_domains - Use selector 'alt_name' for these domains

Use if you need to use a different selector when forwarding for a domain (so you can define a different dkim private key)

Syntax: g_dkim_alt_domains string

g_dkim_alt_name - Name of selector to use

Use if you need to use a different selector when forwarding for a domain (so you can define a different dkim private key)

Syntax: g_dkim_alt_name string

g_dkim_check - DKIM Check incoming DKIM signatures

See domainkeys.htm

Syntax: g_dkim_check bool

g_dkim_exclude - DKIM Domains to not sign for outgoing email

This can be used to exclude some domains

Syntax: g_dkim_exclude string

g_dkim_headers - DKIM List which headers to sign (blank=default, and is usually best)

This will help get the message through gateways without breaking the signature, try a single header, e.g. from

Syntax: g_dkim_headers string

g_dkim_nogateway - Don't sign if gateway rule used

Useful to avoid double signing incoming messages

Syntax: g_dkim_nogateway bool

g_dkim_only - DKIM Domains to sign for outgoing email (default is all)

Normally all local domains are signed, but if this setting exists then it is used instead so you must list local domains as well as non local ones you want to sign messages for. G_dkim_sign must also be set to true! Never set to *

Syntax: g_dkim_only string

g_dkim_return - Sign if 'return path' matches g_dkim_only

Useful when you want to act as a signing gateway

Syntax: g_dkim_return bool

g_dkim_selector - DKIM Policy name for your server (used creating dns entry for dkim)

This defines the dns entry name for your policy record and public key entry in your dns. See domainkeys.htm for details

Syntax: g_dkim_selector string

g_dkim_sign - DKIM Sign outgoing messages

To turn off dkim for some domains see the per domain setting, dkim_disable. See domainkeys.htm for more info.

Syntax: g_dkim_sign bool

g_dkim_skip - DKIM Destination Domains to not sign

This is useful if the destination server is faulty with it's dkim processing

Syntax: g_dkim_skip string

g_dlist_nolocal - Remove add local button from mailing lists

Prevents address havesting etc by users - strongly recommended on public servers, not necessary on small or private servers

Syntax: g_dlist_nolocal bool

g_dlist_nostart - Disable dlist

If set disable (do not attempt to start) dlist for DMail compatibility mode.. 

Syntax: g_dlist_nostart bool

g_dlist_one - Only allow one recipient if message is to a mailing list

This setting has no further documentation currently available

Syntax: g_dlist_one bool

g_dlist_path - Path for dlist

DList Path normally defaults to $g_home/dlist.

Syntax: g_dlist_path string

g_dmail_filter - Run DMail compatible filter files (deprecated - for backward compatibility only)

Run DMail compatible filter files. Mfilter rule files should be used instead.

Syntax: g_dmail_filter string

g_dmarc_enforce - Enforce dmarc reject / quarrantine more strictly do not use

This setting has no further documentation currently available

Syntax: g_dmarc_enforce bool

g_dmarc_none_quarantine - Treat a 'none' policy as quarantine rule

This setting has no further documentation currently available

Syntax: g_dmarc_none_quarantine bool

g_dmarc_use - Reject and quarrantine based on DMARC use this

This setting has no further documentation currently available

Syntax: g_dmarc_use bool

g_dmarc_whitelist - Use and share reputation data for dmarc whitelisting

This setting has no further documentation currently available

Syntax: g_dmarc_whitelist bool

g_dns_blank_fail - NEVER USE! Bounce email if dns response blank rather than retry

This setting has no further documentation currently available

Syntax: g_dns_blank_fail bool

g_dns_cache_size - Set size of forward dns cache, default 7000

Best not to change this normally

Syntax: g_dns_cache_size int

g_dns_disk - Enables DNS disk cache

Not normally needed unless dns server is flakey...

Syntax: g_dns_disk bool

g_dns_host - DNS host(s) for MX lookups

This setting can normally be left blank as the mail server will find your system DNS settings. However, you can specify one or more DNS servers for the mail server to use instead to lookup names. 

DNS lookups are cached to disk so SurgeMail will generally continue to work even if your dns server is temporarily unavailable.

Test your dns server with this command. If working it should return two ip addresses for that domain.

 	tellmail dns_test "netwinsite.com"

Prior to SurgeMail 2.0h dns lookups were done using tcp instead of udp, they are now down with UDP unless the response exceeds UDP packet size (as per RFC).

NOTE: All dns servers listed in this setting must be fully recursive, a non recursive dns server will create many dns lookup failures!

Syntax: g_dns_host string

g_dns_match_msg - Message for stamp or bounce if forward and reverse lookup don't match

The message given to the user when the forwar/reverse dns lookup doesn't match

Syntax: g_dns_match_msg string

Example: "Sorry your ip address doesn't translate into a name that translates into your ip address"

g_dns_nlookup - Concurrent MX lookups

Concurrent DNS lookups to send to DNS server (Default=20) (not used after version 2.0h)

Syntax: g_dns_nlookup int

g_dns_nocache - Disables DNS cache for spf lookups (20 minute life)

This setting disables the small cache used for SPF lookups to improve performance.

Syntax: g_dns_nocache bool

g_dns_noptr - Set to reject or retry, for ip addresses with no reverse dns entry (rdns)

If the ip number of a connecting user has no associated name in the reverse dns database then the connection is rejected or told to retry later.

Syntax: g_dns_noptr string

Example: "retry"

g_dns_noptr_msg - Message for stamp or bounce if DNS lookup fails on ip address

See short description.

Syntax: g_dns_noptr_msg string

g_dns_noptr_skip - Skip RDNS for these ip addresses

This is an over-ride for local addresses which you trust.

Syntax: g_dns_noptr_skip string

Example: "retry"

g_dns_paranoid - Compare sender forward and reverse dns lookup and see if they match

Does a forward DNS lookup on the sender's domain and matches this with a reverse lookup of the senders IP address. If these do not match the message is either bounced or stamped with the header "X-DNS-Paranoid: <explanation>". Valid values for this field are "STAMP","RETRY" and "REJECT".

STAMP = Add the X-DNS-Paranoid header if it fails

RETRY = Bounce the message with a 450 error. (so if the failure was temporary the sending server will retry)

REJECT = Bounce the message with a 550 error

Set g_dns_lookup_msg or g_dns_match_msg to define the reject/stamp strings respectively.

g_dns_require - Require reverse DNS names match

Require MAIL FROM header to match the reverse dns lookup based of the sender based on the sender's IP.

eg. from=*@hotmail.com hosts=*hotmail.com

Syntax: g_dns_paranoid string

g_dns_require - Require MAIL FROM header matches senders ip reverse dns

This setting predates SPF which does the same sort of thing on a grander scale, no longer needed.

Syntax: g_dns_require from=string hosts=string

Example: from=*@hotmail.com hosts=*hotmail.com

g_dns_system - Use system code to do reverse lookups

If all channels hang in a state 'lookup' then turn this off so it will use the surgemail code for reverse dns lookups. This setting used to be g_dns_lookup and had the opposite meaning, we reversed it because the system dns code was faulty so often

Syntax: g_dns_system bool

g_dns_test_blank - Break dns lookups to test how it's handled

This setting has no further documentation currently available

Syntax: g_dns_test_blank bool

g_dns_threaded - Enable threaded dns lookups

This setting has no further documentation currently available

Syntax: g_dns_threaded bool

g_dns_translate - If mx response is x.x.x.x translate to y.y.y.y:port

Useful for translating ip numbers inside a local intranet and doing other fancy routing of various sorts.

Syntax: g_dns_translate from=string to=string

g_dns_unthreaded - Disable threaded dns lookups

This setting has no further documentation currently available

Syntax: g_dns_unthreaded bool

g_domadmin_utoken_expire - Length of time a domain admin login token is valid for in seconds

Default unit is seconds. You can specify units e.g. 3 minutes, 10 hours etc...

Syntax: g_domadmin_utoken_expire int

g_domadmin_utoken_idle - Length of time a domain admin login token may remain idle for

This setting has no further documentation currently available

Syntax: g_domadmin_utoken_idle int

g_domain_create_auto - Auto create domain if it doesn't exist when creating a user

This setting has no further documentation currently available

Syntax: g_domain_create_auto bool

g_domain_create_route - Auto create route to mx mail server

This setting has no further documentation currently available

Syntax: g_domain_create_route bool

g_domain_default - Default domain when POP/IMAP user does not specify one

This is probably not what you think it is, generally the 'first' domain in surgemail.ini is used in this situation, but in some instances, when using domuser.dat for example to translate users back to virtual domains, you will want the default domain to be a 'generic' made up domain that doesn't really exist.

For example lets say you have users fred@a.com, bob@b.com, then in domusers.dat you have

fred@a.com fred@a.com
bob@b.com bob@b.com
bob@xxx bob@b.com
fred@xxx fred@a.com

And the result is that users who login to pop as bob or fred, will be correctly mapped to the correct virtual domain user even though the actual domain is different in those two cases.

Clear as mud I expect?

Syntax: g_domain_default string

g_domain_list_max - Maximum number of domains to list at once

Maximum number of domains to list at once in the admin user interface. 

Syntax: g_domain_list_max int

g_domain_separator - Separator characters for virtual POP

For POP logins where your virtual domain is NOT distinguished by IP address users can login with 'user@domain' or user/domain.name etc and the mail server will pickup the domain name correctly. By default only 'user@domain.name' is accepted unless this setting is used which can be useful for brain dead mail clients which don't allow the user to specify 'user@domain.name' as the username eg:

g_domain_separator "/"

Syntax: g_domain_separator string

g_domain_templates - Check for domain specific templates

This setting has no further documentation currently available

Syntax: g_domain_templates bool

g_domuser_file - Domain users to thousands of virtual domains easily

Specifies a file which contains lines that translate an email address to the username that should be looked up in the database. This file can contain a domain name not previously specified in surgemail.ini allowing you to create unique sub-domain addresses. eg:

g_domuser_file "c:\surgemail\domuser.dat"

Example entries...

*@domain.com postmaster@domain.com
userA@domain.com userB@domain.com
firstname@lastname.domain.com firstname@lastname.domain.com

Syntax: g_domuser_file string

g_dotlock_minutes - NFS lock waits

Minutes to wait for nfs lock file, default 20 minutes.

Syntax: g_dotlock_minutes int

g_dotstuff_fix - Convert the way mail is stored on disk from dotstuffed to non dot stuffed (beta)

In the dotstuffed format any attachments that have content (in encoded format) starting with a . get corrupted, as all single '.' characters at the start of a line are converted to '..'. This is only very seldomly an issue as encoded text doesn't usually have . characters. This feature can only be enabled and still need furhter production level testing to make sure there are no side effects... so if you play with it consider yourself adequately warned :-)

Syntax: g_dotstuff_fix bool

g_download - Fetch an http file and do an ini reload

Can be used with g_include to have settings fetched from a central location, the file is fetched once an hour.

Syntax: g_download url=string user=string pass=string local=string

g_drop_use_len - Use the content-len header for drop file processing

For use on Solaris when using sendmail for incoming mail delivery.

Syntax: g_drop_use_len bool

g_dsn_enable - Enable DSN (Delivery Status Notification) esmtp extension.

Not recommended. Delivery Status Notification is used by spammers to find addresses to spam to.

Syntax: g_dsn_enable bool

g_dsn_loggedin - Enable DSN (Delivery Status Notification) for trusted senders.

Safer alternative to real DSN as it only applies to local users. This guesses if the user is trusted based on previous logins

Syntax: g_dsn_loggedin bool

g_dsn_nofinal - Try not to show real final recepients but just original recipients

This setting helps hide internal addresses in bounce messages (after forwarding etc). Not recommended.

Syntax: g_dsn_nofinal bool

g_ehlo_8bitmime - Enable 8bitmime in ehlo response (NEVER USE)

This is probably a bad idea, it is best to reject 8bit mime and stop people sending it as the destination server may not support it

Syntax: g_ehlo_8bitmime string

g_ehlo_log - Log ehlo/bind to msg*.rec logs

This setting has no further documentation currently available

Syntax: g_ehlo_log bool

g_ehlo_simple - Ip addresses to give simple ehlo respone to

This is a debugging setting, do not use.

Syntax: g_ehlo_simple string

g_ehlo_smtputf8 - Enable smtputf8 for matching ip addresses (NEVER USE)

This is probably a bad idea, it is best to reject 8bit mime and stop people sending it as the destination server may not support it

Syntax: g_ehlo_smtputf8 string

g_emailreg_enable - Enable whitelist http://www.emailreg.org register to use

Be aware that this setting will not work until you register on their server and tell them the ip address of your server/dns to permit lookups. They charge $20 to verify your domain and this will help to get your email delivered more reliably

Syntax: g_emailreg_enable bool

g_encrypt_config - Encrypt some config settings (passwords)

This can be used if naked passwords in the config are a problem. This setting currently applies to g_gateway, and may apply to others in future. You must manually copy the file config.key from master to slave.

Syntax: g_encrypt_config bool

g_encrypt_disable - Disable encryption

Disable encryption mechanism

Syntax: g_encrypt_disable bool

g_encrypt_expire - Days to keep encrypted messages, default 60

When a message is sent via encryption it is deleted after this many days

Syntax: g_encrypt_expire int

g_encrypt_inline - Use INLINE method by default

Sets the default encryption method when a rule does not apply

Syntax: g_encrypt_inline bool

g_encrypt_limit - Max encrypted msgs per user per hour

Per user limit

Syntax: g_encrypt_limit int

g_encrypt_max - Max encrypted per day server wide

Server wide limit to prevent abuse (or accidental over use)

Syntax: g_encrypt_max int

g_encrypt_nodomain - Allow encryption for users without local domains

This lets you create accounts for domains that don't exist, these users can then send encrypted messages.

Syntax: g_encrypt_nodomain bool

g_encrypt_nofwd - Don't encrypt forwarded

Known fault, this affects all recipeients, not generally good to use

Syntax: g_encrypt_nofwd bool

g_encrypt_noip - Don't encrypt if from this ip range

Only significant if the setting to lock all messages is enabled.

Syntax: g_encrypt_noip string

g_encrypt_nolate - Disable encryption on late forwarding

If default encrpting is enabled then you might need this setting to stop it for late forwarding.

Syntax: g_encrypt_nolate bool

g_encrypt_none - Don't encrypt if subject starts with this

Only significant if the setting to lock all messages is enabled.

Syntax: g_encrypt_none string

g_encrypt_nowater - Show this if no water mark defined yet

e.g. No watermark defined, please complete this form

Syntax: g_encrypt_nowater string

g_encrypt_path - Path to encrypted files, this is not supported when mirroring!

DO NOT USE

Syntax: g_encrypt_path string

g_encrypt_prefix - Prefix for encrypted messages must match encrypt rule so replies are encrypted

This setting has no further documentation currently available

Syntax: g_encrypt_prefix string

g_encrypt_pw_host - Central host for encryption password storage

DO NOT USE

Syntax: g_encrypt_pw_host string

g_encrypt_pw_key - Central host password key

DO NOT USE

Syntax: g_encrypt_pw_key string

g_encrypt_reminders - Days before we send users a reminder to change passwords, not recommended

Not for general use, keywords (expire password reminder)

Syntax: g_encrypt_reminders int

g_encrypt_reply_plain - Send plain message for local replies

By default a reply to a local user is also encrypted this makes it not encrypt the reply as user should be reading the message via SSL so the data is secure anyway.

Syntax: g_encrypt_reply_plain bool

g_encrypt_reset_easy - Send the reset request dirctly to the destination user - security risk!

This setting has no further documentation currently available

Syntax: g_encrypt_reset_easy bool

g_encrypt_reset_msg - Msg Body sent when password has been reset

Message body sent to end user when password is reset

Syntax: g_encrypt_reset_msg string

g_encrypt_reset_safe - When users password is reset, delete all messages to them

This setting increases security and should be used if your server allows public account registrations.

Syntax: g_encrypt_reset_safe bool

g_encrypt_reset_sender - Msg Body sent to sender when password reset requested

Message body sent to sender password reset is requested

Syntax: g_encrypt_reset_sender string

g_encrypt_reset_user - Msg to person when they click on reset password button

The sender has been emailed a link they can use to reset your password

Syntax: g_encrypt_reset_user string

g_encrypt_rule - Matches will be encrypted when sent

If this rule matches then the message will be encrypted before it is sent to the user. method=server or inline, we recommend 'server' mode as it's much simpler.

Syntax: g_encrypt_rule header=string contains=string from=string to=string noconfirm=bool method=string

g_encrypt_smart - Smart Encrypt Private Feature (not available)

Encrypt all messages except g_encrypt_unlock and surgeweb defined addresses - this feature not generally available till 9/March/2013, encrypt_smart per domain must also be turned on.

Syntax: g_encrypt_smart bool

g_encrypt_ssl_force - Require ssl on incoming encrypted messages

When a message is going to be encrypted this setting ensures it is sent from the user to the server via SSL

Syntax: g_encrypt_ssl_force bool

g_encrypt_ssl_noforce - Exceptions, e.g. surgeweb or localhost

When a message is going to be encrypted this setting ensures it is sent from the user to the server via SSL

Syntax: g_encrypt_ssl_noforce string

g_encrypt_surgeweb_show - Show SurgeVault in SurgeWeb

Enables the display of surgevault encryption in the surgeweb interface (can be modified using encrypt_hide on surgeweb customisation page)

Syntax: g_encrypt_surgeweb_show bool

g_encrypt_unlock - Unlock for these destinations. e.g. user@domain

Not for general use

Syntax: g_encrypt_unlock string

g_encrypt_wall - Encrypt surgewall msgs

Normally surgewall skips encryption

Syntax: g_encrypt_wall bool

g_enotify_from - From address to use in email notification messages

This setting has no further documentation currently available

Syntax: g_enotify_from string

g_eof_fix_off - Turns off auto stripping of control+Z

These characters can break some mail clients and should not appear in normal emails

Syntax: g_eof_fix_off bool

g_error_xlate - Change error messages

If wild card string matches smtp response code, then replace with 'to' response code, use %1 to replace the first wild card match etc...

Syntax: g_error_xlate was=string to=string

g_event_list - Events wanted by url

e.g. New,Sent,Bounced,Later,Failed,Stored,Dropped,Rejected

Syntax: g_event_list string

g_event_url - Send msg events to a url

The parameters sent include, (given url)&mode=xx&mid=xx&from=x&to=xx&qnum=xx

Syntax: g_event_url string

g_everyone - Create alias $everyone@domain.name

Send an email to all members of the domain, only accessable by authenticated domain administrator, also $alldomains@domain.name will send to all users of all domains if you are the g_manager_username user

Syntax: g_everyone bool

g_expire_all_rules - Scan all users for rule files (not needed usually)

Used if rule files added manually

Syntax: g_expire_all_rules bool

g_expire_every - Only expire spool once every 'n' days

Reduce load spent expiring old messages.

Syntax: g_expire_every int

g_expire_onlyunread - For the inbox only expire message if they are unread

Useful if you only want to expire message the user never read

Syntax: g_expire_onlyunread bool

g_expire_silent - Don't send users emails telling them what was expired.

Some users get upset when they find messages have expired, this setting makes the expiration silent so the users don't even notice. I think this is a bit nuts myself but some admins prefer it

Syntax: g_expire_silent bool

g_expire_trash - Expire any messages found in trash folders after 7 days

Expires any messages more than 7 days old found in the 'trash' folder.

Syntax: g_expire_trash bool

g_expire_warning - Give warning 'n' days before deleting each file

This will help warn users before a file is actually deleted.

Syntax: g_expire_warning int

g_external_all - Tag messages from friends too

This tags any external email with a warning

Syntax: g_external_all bool

g_external_dlist - Tag messages arriving for mailing lists

This tags any external email with a warning

Syntax: g_external_dlist bool

g_external_ip_disable - Do not add X-External-IP header

Also use g_received_skip

Syntax: g_external_ip_disable bool

g_external_msg - Msg to insert at the top of external mails

This tags any external email with a warning

Syntax: g_external_msg string

g_external_only - Enable only these destinations

e.g. *@xyz.com,*@fred.com

Syntax: g_external_only string

g_external_spam - Tag messages in spam folder too

Tags most msgs placed in the spam folder too.

Syntax: g_external_spam bool

g_external_style - css style for the warning

Used to set the color/font etc...

Syntax: g_external_style string

g_external_warn - Tag external messages from non friends

This tags any external email with a warning

Syntax: g_external_warn bool

g_external_white - Disable for return path matches

This setting has no further documentation currently available

Syntax: g_external_white string

g_external_white_to - Disable for these recipients

People who don't need warning.

Syntax: g_external_white_to string

g_fallback - Fallback address

Default address for all local domains. If a local delivery is not to any valid user Emails will be delivered to this address. There is also a per domain default. 

We want to stress that this is a dangerous setting, you use at your own peril.
Spammers will turn up to your server and test sending to accounts, they will just run through a dictionary of names, with a fallback setting you will be telling the spammer that all these accounts exist. The spammer will then deliver spam to these addresses in volumes that can cripple a server almost.

Syntax: g_fallback string

g_fallback_relay_if_exists - Use FALLBACK_RELAY if not logged in but user exists (OLD_POPHOST_CREATEUSER_DISABLE)

This can be used to relay users where you have a user database that can be checked on the front end system directly (odbcauth, tcpauth, etc)

Syntax: g_fallback_relay_if_exists bool

g_fast_time_off - Disable faster time function

This setting has no further documentation currently available

Syntax: g_fast_time_off bool

g_feat_testing - Testing setting do not use

Used to test alternate spam filter weigtings

Syntax: g_feat_testing bool

g_filter_max - Max size of messages to send through the filter pipe

Messages over this size (in bytes) are skipped. default = no limit

Syntax: g_filter_max int

g_filter_n - Number of filters to run simultaneously

Default is 20, when this limit is reached the incoming thread waits a few seconds then skips the filter if necessary, this is intended to prevent a log jam/melt down effect.

Syntax: g_filter_n int

g_filter_pipe - Filter pipe allowing external message processing

This allows external applications to filter and modify incoming messages. Example: Integration with Spam Assassin (on UNIX) could be achieved as follows:

g_filter_pipe "/usr/local/bin/spamassassin -P"

it expects a normal unix 'filter' so, read the message on 'stdin' and write the identical (or modified) message to 'stdout'.

The input will be 'crlf' terminated and so should the output file.

That's all you can do with this mechanism, if you want to bounce the message or flag it as spam you 'add' a header and then use something in surgemail to detect and act on the header you've added (mfilter)

Syntax: g_filter_pipe string

g_filter_pipe_headers - Re-read headers after pipe finishes

Needed if you want headers to be seen by later surgemail processing

Syntax: g_filter_pipe_headers bool

g_filter_pipe_noauth - Skip for auth users

Skip for authenticated users

Syntax: g_filter_pipe_noauth bool

g_filter_pipe_skip - Skip filter if ip matches this

Set this for local servers that don't need filtering, e.g. mailing list servers, local trusted robots.

Syntax: g_filter_pipe_skip string

g_filter_timeout - Filter pipe timeout

Filter timeout (g_filter_pipe) in seconds, default is 360.

Syntax: g_filter_timeout int

g_find_wrong - Find domain based on IP even if url suggests other vdomain

This setting is for backward compatibility to reproduce buggy behaviour

Syntax: g_find_wrong bool

g_fix_crcrlf - Fix email messages containing crcrlf for line termination, NEVER USE

This is best not used, it's best to fix the faulty email application, results are not gauranteed.

Syntax: g_fix_crcrlf bool

g_fix_imap_lf - During IMAP import fix email messages containing lf

This is best not used, it's best to fix the faulty email server, results are not gauranteed.

Syntax: g_fix_imap_lf bool

g_footer_auth - Only add footer for authenticated local users

This essentially adds the footers to 'outgoing' email... if the user is a member of the group nofooter then the footer is also skipped.

Syntax: g_footer_auth bool

g_footer_file - Footer file

Footer file which is appended to all plain text mail messages.

Syntax: g_footer_file string

g_footer_html - Footer file (HTML mail)

Footer file which is appended to all HTML mail messages.

Syntax: g_footer_html string

g_footer_notfound - Only add footer if footer is not in message already

This works by examining the message contents to try and find part of the footer.

Syntax: g_footer_notfound bool

g_footer_send - Footer file (outbound only)

Plain text footer file which is appended to all outbound mail messages only.

Syntax: g_footer_send string

g_footer_sendonly - Enable outbound footer

Add g_footer_send to all messages when sending to non local users.

Syntax: g_footer_sendonly bool

g_footer_skip - Skip footers for these users

This skips the footer for matching users (e.g. cell phones etc)

Syntax: g_footer_skip string

g_footer_skipfound - Only add footer if this text is not already in the message, requires g_footer_notfound

This can be used to make the footer optional

Syntax: g_footer_skipfound string

g_footer_trusted - Only add footers if sender is trusted

This prevents the footer from being added for a message that pretends to come from your domain.

Syntax: g_footer_trusted bool

g_forward_attach - When late forwarding send as attachment to these domains

Useful with hotmail.com, aol.com etc so that forwarded messages are not mistaken for spam

Syntax: g_forward_attach string

g_forward_fixfrom - When late forwarding rewrite from/return path as local user

This prevents problems with spf/identity checking as the forwarded message is sent with valid from and return path

Syntax: g_forward_fixfrom bool

g_forward_illegal - Prevents users setting forward rules to certain addresses

Syntax: g_forward_illegal to="address" apply="user type "

This setting allows you to specify some addresses as being illegal for certain users. This stops users setting up forwarding rules to these addresses. They can still send mail to these addresses manually with their email client. These rules _ONLY_ apply to non local domains.

Some examples:

If you want to stop your users setting up forward rules that redirect to aol.com.
g_forward_illegal to="*@aol.com" apply="user"

If you want to stop your users setting a forward to all domains except aol.com
g_forward_illegal to="*,!*@aol.com" apply="user"

Stop domain admins sending to aol.com
g_forward_illegal to="*@aol.com" apply="domadmin"

Stop admins sending to netwinsite.com
g_forward_illegal to="*@netwinsite.com" apply="admin"

Syntax: g_forward_illegal to=string apply=string

g_forward_oops - Internal testing setting, not for general use sorry

Testing setting, please do not use.

Syntax: g_forward_oops string

g_friends_add_trusted - Add to friends list when if sender is trusted

This is useful if senders are not using smtp auth but you still want friends to be added, typically used with surgewall...

Syntax: g_friends_add_trusted bool

g_friends_allow_spf - Allow all email through as if it was a friend during temporary allow

The user click on a button to disable friends for a few hours, during this time all messages will get treated as a friend and thus bypass SPF too.

Syntax: g_friends_allow_spf bool

g_friends_always - Always use friends list.

This enables the "Add all outgoing email addresses to list" feature and always checks incoming messages against the friends list so that SurgeMail can correctly tag or filter it.

Syntax: g_friends_always bool

g_friends_at_rcpt - Whether to check users friends list at rcpt stage

This setting is automatically added/removed by the web admin when global friends defaults are configured. It allows us to check friends at rcpt stage without paying a disk access cost for non-friends users.

Syntax: g_friends_at_rcpt bool

g_friends_autodom - Auto whitelist friends based on domain/ip

This means a friend or trained message will whitelist the entire domain/ip address combination until contradicted for all users

Syntax: g_friends_autodom bool

g_friends_bounce_friend - Allow exception rules to bounce a mesesage from a friend

This setting has no further documentation currently available

Syntax: g_friends_bounce_friend bool

g_friends_bounce_rej - Reject blank return path as friends failures

This setting has no further documentation currently available

Syntax: g_friends_bounce_rej bool

g_friends_bounce_second - Bounce the next time the user sends a message if waiting for confirm still

This can make it clearer that email is not getting through to the destination

Syntax: g_friends_bounce_second bool

g_friends_byemail - Use old email based friends rejections

This restores the old beahviour, you would normally only use this if your mail server was unaccessable via http as email based rejections are not as easy to use or as reliable as web based human confirmations

Syntax: g_friends_byemail bool

g_friends_check_spf - Disable friends bounces if SPF headers missing/failed to avoid backscatter.

If the incoming message may be forged it will bounce messages using an smtp error code to deny delivery but it will allow any real sender to bypass this. This settings is good if spamcop block your domain for sending friends challenges as it cuts down on the number of such messages. This avoids backscatter

Syntax: g_friends_check_spf bool

g_friends_cleanup - Cleanup/repair large friend.lst files

This setting has no further documentation currently available

Syntax: g_friends_cleanup bool

g_friends_confirm_debug - Log sucessful friends confirmation responses

This enables us to examine suspect replies to friends confirmations for indications that they were sent by spammers or mail robots.

Syntax: g_friends_confirm_debug bool

g_friends_confirm_subject - String to use as the subject of a friends confirmation email

String to use as the subject of a friends confirmation email. Defaults to: "Please reply to message and allow delivery". This value must contain the text , this text is replaced by the unique message id that allows SurgeMail to find the message to release eg. confirm(1150419513.1880_1180.domain). It is also advisable to place the near the start of the string as some clients will truncate long subjects and any truncation of the value will result in failure to release the message.

Syntax: g_friends_confirm_subject string

g_friends_daemon_ok - Accept emails from any mailer deamon

This setting has no further documentation currently available

Syntax: g_friends_daemon_ok bool

g_friends_debug1 - NEVER USE, only for NetWin testing

This makes surgemail always send an email bounce rather than a safe reject, only intended for testing bounce messages

Syntax: g_friends_debug1 bool

g_friends_default_autoadd - Default auto addition when sending (recommended)

This setting has no further documentation currently available

Syntax: g_friends_default_autoadd bool

g_friends_default_mode - Default friends mode, smite (recommended) silent, or list

Valid settings are kids,disabled,smite,silent,list. Recommended silent or smite, in silent mode no challenge email is sent, in smite mode a challenge email is sent if the score is exceeded.

Syntax: g_friends_default_mode string

g_friends_global_add - Add to a global friends list if ip matches and sender doesn't match authenticated user

Used when you wish to whitelist outgoing addresses even though the sender/reply address does not match the authenticated user (e.g. messages sent via exchange)

Syntax: g_friends_global_add string

g_friends_global_exclude - Addresses not to auto add, e.g. *@paypal.com

This is good for avoiding meaningless entries or obvious entries that people might send email to by mistake

Syntax: g_friends_global_exclude string

g_friends_ignore - List of addresses considered friends for all users on the system

List of addresses considered friends for all users on the system eg: the system manager email address

Syntax: g_friends_ignore string

g_friends_ignore_trusted - If from trusted ip still apply friends

Useful when you have a gateway that is sending to surgemail

Syntax: g_friends_ignore_trusted bool

g_friends_lang_auto - Set users language settings automatically based on observed emails from friends

This setting improves spam handling

Syntax: g_friends_lang_auto bool

g_friends_latest_headers - Friends system re-read message headers

Causes friends to re-read message headers, allowing rules based on headers added during delivery

Syntax: g_friends_latest_headers bool

g_friends_local_match - If from!=returnpath and one is local, then block friends match

This setting has no further documentation currently available

Syntax: g_friends_local_match bool

g_friends_long - In friends web release addresses use a longer url

Uses an older style link

Syntax: g_friends_long bool

g_friends_msg - Message used for friends bounce.

e.g. Delivery pending, to deliver you must send an email to

Syntax: g_friends_msg string

g_friends_msg_link - Message used for friends link bounce.

e.g. Note: Delivery will ONLY occur if you click on this link

Syntax: g_friends_msg_link string

g_friends_name - What to call the friends system

This specifies what to call the friends system when referring to it on web pages and in email to our users, you can call it whatever you like

Syntax: g_friends_name string

g_friends_obey_spf - If SPF failed then no friends match allowed for local domains

If spf failed then don't allow a friends match

Syntax: g_friends_obey_spf bool

g_friends_old_status_email - Use older status email & processing

Use status.eml instead of status_html.eml

Syntax: g_friends_old_status_email bool

g_friends_only - Friends system

An anti-spam feature which screens incoming mail to ensure it comes from a human. For incoming mail from unknown addresses a message is sent to this person requesting them to reply to confirm they are human and the original message will be delivered. See this page for more details.

Syntax: g_friends_only bool

g_friends_pending_keep - Time to keep friend pending messages

How long to store users friends pending messages before deleting them (days)

Syntax: g_friends_pending_keep int

g_friends_pending_max - Max items in pending before deleting them

The default is 10000 Items

Syntax: g_friends_pending_max int

g_friends_pending_name - The imap name of the friends_pending (and spam store) quarantine folder - should match surgeweb imap_spam_folder - default is 'Friends Pending'

This shouldn't be changed unless this feature has not been used before as it will confuse your users. Any matching folder the user has of the same name will become invisible. So at least make it something other than simply Spam!!

Syntax: g_friends_pending_name string

g_friends_pending_vanish - Enable auto-vanish of pending messages on confirmation bounce

When a bounce for a confirmation message is received we vanish it, this setting will also delete the original message.

Syntax: g_friends_pending_vanish bool

g_friends_release_wash - Clean any subject marking (ie stars) when releasing/allowing

This setting has no further documentation currently available

Syntax: g_friends_release_wash bool

g_friends_rotate - Rotate user level log file, default 30k

Set log size, the log is also rotated when a friends report email is sent (if configured)

Syntax: g_friends_rotate int

g_friends_safer - Make friends always avoid back scatter.

By using a rejection during the incoming message instead of sending an email back scatter is completely avoided.

Syntax: g_friends_safer bool

g_friends_silent - Disable friends responses to users

This setting is to simply disable the confirm emails, not generally recommended as this makes friends a bit pointless.

Syntax: g_friends_silent bool

g_friends_silent_level - If spam score above this then don't send friends message

Not generally recommended.

Syntax: g_friends_silent_level int

g_friends_skip_ip - List of ip addresses considered friends for all users on the system

This setting has no further documentation currently available

Syntax: g_friends_skip_ip string

g_friends_spam_score - Default level to quaranteen message in spam folder (Recommended 8 or 10)

This sets the default when no friends.ini file exists, a level of 8 will give best all round results, a level of 10 will stop less spam but avoid false positives.

Syntax: g_friends_spam_score int

g_friends_spf - Refine friends matching using spf/dmarc when possible

This setting has no further documentation currently available

Syntax: g_friends_spf bool

g_friends_spf_fail_bounce - Bounce SPF failures, do not send friends confirmations (Not recommended)

The default behaviour is to only send confirmations if SPF checks pass, if they fail friends checking is skipped, no confirmation request is sent and the email is not blocked by friends.

Syntax: g_friends_spf_fail_bounce bool

g_friends_status_sort - Sort friends status messages with low scores at the top

This setting has no further documentation currently available

Syntax: g_friends_status_sort bool

g_friends_testurl - Test g_friends_url and status_url and url_host work externally

Reports to manager if any fail

Syntax: g_friends_testurl bool

g_friends_url - Specify default global url for friends release http://domain.name:port

Normally the default will work.

Syntax: g_friends_url string

g_friends_use_https - Use https port for friends urls

Normally the default will work.

Syntax: g_friends_use_https bool

g_friends_warnonce - Give bounce on only the first message

This used to be the default, but it meant people thought delivery was occurring!

Syntax: g_friends_warnonce bool

g_from_allow - From header allow

From headers to allow bypassing the g_from* checks. e.g. "*@x.y.com,*@b.com,fred@bb.com"

Syntax: g_from_allow string

g_from_allow_ip - IP addresses to bypass local from check

This setting has no further documentation currently available

Syntax: g_from_allow_ip string

g_from_allow_to - destination user to bypass local from check

This setting has no further documentation currently available

Syntax: g_from_allow_to string

g_from_bl - Domain Based Blacklist Zones, lookups FROM domain in dns

The 'from' domain is checked against the specified RBL which must be a special 'FROM' based rbl which lists spammers by from address. Most spammers fake from addresses so this is a fairly marginally useful method.

Syntax: g_from_bl name=string stamp=string

g_from_body_bounce - Reject if local from header address is probably faked

Checks if the sender is authenticated or from an address that can relay, if not then the message is bounced if it claims to be from a local domain. One of the settings to prevent forgery

Syntax: g_from_body_bounce bool

g_from_bounce - Bounce if from is probably faked

Bounce if from address is probably faked.

This check is activated for any mail with a local domain in the from address but not using SMTP authentcation, relay allow IP address or spam allow IP address.

Syntax: g_from_bounce bool

g_from_check - Check from matches valid local domain

Check from domains match valid local domains if user is authenticated, or g_from_allow.

Should be used with g_from_bounce "true" which basically forces them to authenticate and then makes this setting work properly.

Syntax: g_from_check bool

g_from_domain - Default domain for from envelope

Fixes the 'from' envelope if the email client failed to specify a domain name, this doesn't fix the from header currently but we may change that in future!

Syntax: g_from_domain string

g_from_exact - Check from matches authenticated user

Check from matches authenticated user. If user is not authenticated the setting is skipped.

Should be used with g_from_bounce "true" which basically forces them to authenticate and then makes this setting work properly.

Syntax: g_from_exact bool

g_from_force - From address for all sent messages

Used when you want to make all messages use the same valid bounce address, reply-to header will contain original from if it doesn't exist

Syntax: g_from_force string

g_from_header - From header used in delivery bounces

From header used in delivery bounces.

Syntax: g_from_header string

g_from_list_too - Also enforce from rules from lists

Doesn't allow lists to bypass forge rules

Syntax: g_from_list_too bool

g_from_must_exist - Require local from addresses to exist or reject mail

Can be useful in blocking dumb spam robots

Syntax: g_from_must_exist bool

g_from_noforge - If envelope or from is local domain then the other must be too

This can prevent many common forms of forgery, this will bounce some real email, so probably better to use the noforgeme setting instead. One of the settings to prevent forgery

Syntax: g_from_noforge bool

g_from_noforge_some - If from matches this then from/envelope must match

Prevent forgeries of important local addresses, e.g. *support*

Syntax: g_from_noforge_some string

g_from_noforgeme - If to==from then from and env from must match

This can prevent many common forms of forgery, this is safer than the noforge setting above, and generally almost as effective. One of the settings to prevent forgery

Syntax: g_from_noforgeme bool

g_from_noforgename - If from contains two addresses the domains must match

Prevents forgery where the descriptive name is a fake email address that doesn't match the real address

Syntax: g_from_noforgename bool

g_from_nofriend - If forge setting would bounce message then allow message but don't allow friend match

This setting modifies the g_from_noforgeme behaviour so it doesn't block the message but does prevent a friend match occurring

Syntax: g_from_nofriend bool

g_from_ok - Whitelist for invalid from addresses we will permit

This setting has no further documentation currently available

Syntax: g_from_ok string

g_from_relay - If not authenticated and g_relay_allow_ip matched then block if not local domain or whitelisted

This one helps prevent a local virus sending out spam. It basically says non authenticated users who can relay due to a g_relay_allow_ip rule must send from one of your domains or use smtp authentication or be in a white list. Note this test is performed on the message envelope not the body. We recommend insisting on smtp authentication to reduce your risk of this type of problem.

Syntax: g_from_relay bool

g_from_relay_white - White list of domains for g_from_relay setting

This is domains that can be used as a 'from' address for non authenticated users, in addition to local domains

Syntax: g_from_relay_white string

g_from_rewrite - Rewrite from envelope for outgoing email, e.g. *@this.domain -> %1@another.domain

This lets you change the 'from' address from an internal domain name to a valid public domain name. The change is performed on the From envelope (return path), not the from header. And the chanage does not affect the return path written in local deliveries, only outgoing email. Mfilter rules can be used to rewrite the actual message headers.

Syntax: g_from_rewrite was=string to=string

g_from_rewrite_header - Rewrite the from header as well

Replaces the From: header in the mesage with the new address.

Syntax: g_from_rewrite_header bool

g_from_rewrite_sender - Rewrite the sender header as well

Replaces the Sender: header in the mesage with the new address.

Syntax: g_from_rewrite_sender bool

g_from_stamp - Stamp if from is probably faked

Stamp message with "X-Verify-Failed:" header if from address is probably faked.

eg: X-Verify-Failed: <user@mydomain.com> From mydomain.com is local but user not authenticated or from g_relay_allow_ip

This check is activated based on the same conditions as g_from_bounce.

Syntax: g_from_stamp bool

g_from_timeout - Timeout on g_badfrom_* checks

Timeout in seconds of g_badfrom_* checks. Default = 60 seconds. If this timeout is reached the g_badfrom check will be classed as having failed.

Syntax: g_from_timeout int

g_from_valid - Require an @ and dotted domain in all return addresses

This forces the sender to either give 'no' reply address or a valid one with an @ and a dotted domain

Syntax: g_from_valid bool

g_gateway - Gateway messages to a particular domain (Or smarthost)

Used to gateway messages to another local mail server.  Typically this other server is inside a fire wall so it's local IP address is not known by the DNS server.  You specify the domain and IP address to send messages to and this server is treated as 'local' rather than remote in terms of open relay restrictions. eg: nonauthenticated users are able to send in mail. Open relay restrictions do not apply to messages sent to this domain because they are considered as if they were local users and not 'relaying'. 

This setting has the fields domain(required), to(required), user(optional), pass(optional), relay=true/false(optional),check=true/false (optional)

Normally "domain" and "to" are the only fields that need to be filled in. eg. To relay mail from anyone to user accounts in the domain somedomain.com to the host 1.2.3.4.
g_gateway domain="somedomain.com" to="1.2.3.4"

user="username" pass="password"

If SMTP authentication is required on the destination server the user and pass fields need to be completed.

check=true

The check=true setting tells surgemail to actually connect to the server and check that recipients exist before accepting an incoming email for that user, this is STRONGLY recommended, as it stops the server having to bounce thousands of messages when spammers send to invalid addresses on your server. If SurgeMail cannot connect it will assume the user does exist so nothing is bounced except when the connection is successful.

Classic smarthost setting

This is where you want to send all outgoing email to another server, that may require authentication, note that we don't use relay="true" as that would make the server an open relay.

g_gateway domain="*" to="isp.mail.server" user="user@isp.server" pass="xxx"

relay="true" (warning, usually not needed or wise, this can make your server into an open relay for spammers to abuse!)

As a safety measure to prevent accidental openrelays, SurgeMail will not relay for non authenticated users or trusted users (users that are allowed to relay due to relaying settings eg g_relay_allow_ip) if the domain is "*". This can be overridden by placing "true" in the "relay" field. eg: To relay all mail for all users to host 1.2.3.4:

g_gateway domain="*" to="1.2.3.4" relay="false"

It is possible to use domain="c:\domains.txt" where domains.txt is a file listing the domains to be gatewayed, this should only be done for one gateway rule, and is only worth doing if you have thousands of domains to gateway.

local="true"

Requires that the destination addresses exist in the local account database.

Gateway after user lookup

When gatewaying to a domain which accepts all email regardless of address (e.g. exchange) you are best to define the users in your local user database, this is the only way to prevent nasty bounces and get rid of all the spam cleanly.

1) remove the gateway setting for the domain
2) add a virtual domain
3) In the virtual domain add surgewall settings, e.g. in this example I'm gatewaying the domain 'netwin.co.nz' to a
backend server called 'backend.netwin.co.nz"

vdomain address="" name="netwin.co.nz"
...
surgewall "backend.netwin.co.nz"
surgewall_options strip_domain="" proxy_failover="" auth_local="TRUE" pop="" smtp="" imap="" usercgi=""

 

You can find more gateway examples in our FAQ here http://www.netwinsite.com/surgemail/help/faq.htm#gateway

Syntax: g_gateway domain=string to=string user=string pass=string relay=string check=bool sms=bool local=bool

g_gateway_allow - Known hosts that act as incoming SMTP or surgewall servers for us

Some spam prevention mechanisms which use the ip address of the incoming system must be disabled for incoming SMTP servers/surgewall/firewall boxes so that stupid limits don't block all the incoming messages from your backup mx server etc. Settings this affects: g_tarpit_max, g_tarpit_max_remote, g_con_perip, RBL checks,

Syntax: g_gateway_allow string

g_gateway_always - Always send to gateway even if local domain exists

Always send to gateway even if local domain exists. Not sure why you would want to use this setting other than to temporarily send mail on to another server whilst keeping the local domain and accounts intact and untouced.

Syntax: g_gateway_always bool

g_gateway_auth - Send SMTP auth requests to another host

Send SMTP auth requests to another host.

Syntax: g_gateway_auth string

g_gateway_data - Gateway at the data stage

To allow bounces to be handled cleanly gateway messages before responding to the data comman so bounces can go direct without being generated and creating back scatter.

Syntax: g_gateway_data bool

g_gateway_from - Pass 'from' header thru during gatewawy check

In some cases to verify an email address the correct 'from' must be passed through, normally this is a bad idea as it will cause spf failures, but it is sometimes necessary

Syntax: g_gateway_from bool

g_gateway_helo - Header that must exist in incoming bounces (g_send_helo) or bounces are dropped

An incoming filter can discard the majority of incoming bounces by using this setting to figure out if a bounce is valid without having to do a user lookup first! Usually this would be the setting g_send_helo from your 'outgoing' mail server, this setting can be a list of host names.

Syntax: g_gateway_helo string

g_gateway_ifnot - Send mail to gateway in preference to local delivery unless IP matches

The use of g_gateway_ifnot will deliver mail to the g_gateway rule in preference to local delivery unless the IP number matches. This would typically be used to pass mail through an external SMTP server for certain or all domains for scanning purposes etc.

Syntax: g_gateway_ifnot string

g_gateway_ignorewild_ip - Ignore * gateway rules if from ip matches (allows outbound email scanning using gateway * to external scanner)

This setting has no further documentation currently available

Syntax: g_gateway_ignorewild_ip string

g_gateway_mx - If specified IP address is found in mx record for destination then allow relay (not recommended)

This can be useful if you have thousands of servers using your machine for mx backup and you want to allow them simply because the mx records exist, it's much better to use g_gateway or g_relay settings instead as this saves lookups and makes the results entirely more predictable :-)

Syntax: g_gateway_mx string

g_gateway_open - Allows an open relay setting in g_gateway

This lets you set g_gateway domain=* and relay=true, this makes your server an open relay so is never a good idea!

Syntax: g_gateway_open bool

g_gateway_orcpt - Writes an original receipt header when forwarding a message, this may disclose multiple recipients, cc/bcc etc use only for tracking faults

This writes a header X-Rcpt-Original: ..., when forwarding a message to another server, good for tracking problems. This may disclose multiple hidden recipients, it should not be used normally

Syntax: g_gateway_orcpt bool

g_gateway_shuffle - Round robbin shuffle of to ip addresses for gateway rules

Use if you wish to spread outgoing load evenly to multiple outgoing servers.

Syntax: g_gateway_shuffle bool

g_gift_disable - Disable check for imap gift hacker

This setting has no further documentation currently available

Syntax: g_gift_disable bool

g_group_field - Group Field from authentication database

Based upon a match on an arbitrary field in the authentication database a user can be defined as being part of an access_group. All fields (field, value, group) are required. eg: To add the user to the access_group "paid_user" if the field "mystatus" has the value "fullaccess":

g_group_field field="mystatus" value="fullaccess" group="paid_user"

Syntax: g_group_field field=string value=string group=string

g_gzip_disable - Disable gzip web compression

This setting has no further documentation currently available

Syntax: g_gzip_disable bool

g_hack_detect_disable - Stop admin emails when users login with a weak password

Useful if you must have weak passwords for some reason

Syntax: g_hack_detect_disable bool

g_hack_msg - Message to send to users with a weak password

Message to send to users with a weak password

Syntax: g_hack_msg string

g_hack_noemail - Disable weak password reports

This setting has no further documentation currently available

Syntax: g_hack_noemail bool

g_hack_report - Address to send weak password reports to

This setting has no further documentation currently available

Syntax: g_hack_report string

g_hack_touser - Send warnings about hacking directly to users

Send warnings directly to users

Syntax: g_hack_touser bool

g_hack_url - Url for users to change password

Url to your server for users to change password, if not given the user.cgi url will be generated

Syntax: g_hack_url string

g_hacker_alert - Email manager if address is locked out

This setting has no further documentation currently available

Syntax: g_hacker_alert bool

g_hacker_days - Days to keep ipaddress locked out, default 7

This setting has no further documentation currently available

Syntax: g_hacker_days int

g_hacker_fwd - Email manager if user sets fowarding rule

Useful to identify a spammer trying to set a bounce address to pickup incoming email

Syntax: g_hacker_fwd bool

g_hacker_max - Login guesses for one ip address before we lockout the ip address

Stops hackers from guessing passwords every day until they find one, use tellmail unlock ip.number to unlock, or whitelist it...

Syntax: g_hacker_max int

g_hacker_more - Be more restrictive, don't allow /24 netblocks based on loginip

This setting has no further documentation currently available

Syntax: g_hacker_more bool

g_hacker_password - If hacker attempts to login with account name as password, then blacklist ip

Good for stopping robots guessing accounts

Syntax: g_hacker_password bool

g_hacker_passwords - Failed logins that use these passwords will lockout the ip address

List commonly guessed passwords, e.g. 12345678

Syntax: g_hacker_passwords string

g_hacker_poison - Poison accounts. Instantly blacklist ip address e.g. root@*

If user tries to login with this account then their ip address is blocked from further logins. Give full domain name or wild card, e.g. root@your.domain,staff@*

Syntax: g_hacker_poison string

g_hacker_star - Lockout users who say * at us

This setting has no further documentation currently available

Syntax: g_hacker_star bool

g_hacker_timeout - Lockout users who timeout smtp connections

This setting has no further documentation currently available

Syntax: g_hacker_timeout bool

g_hacker_weak - If user tries weak password, lockout ip address

If someone is 'guessing' weak passwords their ip address will be locked out

Syntax: g_hacker_weak bool

g_hacker_whitelist - Ip addresses to avoid guessing issues

Whitelist for gateways or other systems that you expect multiple failed logins from (e.g. webmail host)

Syntax: g_hacker_whitelist string

g_header_out - Header to add to outgoing posts

Mail header to add to outgoing mailing list posts.

Syntax: g_header_out string

g_header_strip - Strip listed headers from incoming messages

Useful for stripping headers that you don't trust or don't want for some reason

Syntax: g_header_strip string

g_helo_optional - Make the SMTP Helo optional

Helo is optional for SMTP protocol (not recommended).

Syntax: g_helo_optional bool

g_help_local - Make all help references to the local help files

This setting has no further documentation currently available

Syntax: g_help_local bool

g_help_url - Link to another website for help instead of surgemail.com

This setting has no further documentation currently available

Syntax: g_help_url string

g_home - Root directory of the mail server

This setting controls where the mail server runs including the many sub directories it creates below this directory for work files and log files for each domain. Not something you should generally change. 

Syntax: g_home string

g_honeypot_key - Key for HTTP RBL service www.projecthoneypot.org - not recommended

Do not share your key you can get a key for free from this web site. By defining this setting you will enable honeypot lookups, which in turn will block web imap pop and smtp authentication connections from listed sites, it does not block normal incoming email, but does reduce the permitted guess count to '1'. You can whitelist an ip address using g_spam_allow or g_hacker_whitelist, this setting will tend to cause false positives which will stop users logging in, we don't recommend you use this setting currently.

Syntax: g_honeypot_key string

g_honeypot_rbl - RBL name to lookup, typically dnsbl.httpbl.org

This is the name of the rbl database we are going to query

Syntax: g_honeypot_rbl string

g_host_alias_sni - Fix fault where host_alias matches domain rather than ssl name

This setting has no further documentation currently available

Syntax: g_host_alias_sni bool

g_host_ip - This host public IP address

Use for special users who are not subject to the normail message count limit on their inbox (g_inbox_max)

Syntax: g_host_ip string

g_host_redirect - Redirection based on host for surgeweb's https_required redirection

This setting has no further documentation currently available

Syntax: g_host_redirect from=string to=string

g_http_11 - Use http 1.1 requests to netwinsite (do not use)

Experimental setting do not use

Syntax: g_http_11 bool

g_http_add_header - Add generic headers to web responses

This setting has no further documentation currently available

Syntax: g_http_add_header string

g_http_proxy - Proxy web server for fetching files via HTTP

Proxy web server for fetching files if direct access fails. (mainly for updates to the spam prevention rules from netwinsite.com and for downloading the latest version of the SurgePlus Windows client to make available to your users.) 

Syntax: g_http_proxy string

g_imap_acl - Enable ACL (shared folders) in imap

This setting allows folders to be shared between users. See the domain setting 'imap_public'. Requires surgemail 3.9d or later! For this to work you will need an imap client that supports ACL's to create and map shared folders (.e.g. thunderbird)

Syntax: g_imap_acl bool

g_imap_acl_prefix - Changes prefix from ~ to ^ to fix IOS bug

This setting allows folders to be shared between users. See the domain setting 'imap_public'. Requires surgemail 3.9d or later! For this to work you will need an imap client that supports ACL's to create and map shared folders (.e.g. thunderbird)

Syntax: g_imap_acl_prefix bool

g_imap_allow_trailing - Allow leading/trailing spaces on folder names on linux, not a good idea

This setting has no further documentation currently available

Syntax: g_imap_allow_trailing bool

g_imap_auto_create - Create folders matching this list in response to 'select' commands

Some imap clients assume certain folders exist, this setting can be used to let surgemail auto create such folders when the imap client requests some action involving the folder

Syntax: g_imap_auto_create string

g_imap_auto_subscribe - Auto subscribe folders for users

This setting has no further documentation currently available

Syntax: g_imap_auto_subscribe bool

g_imap_blacklist - Test if imap users are in rbl's and email admin

This lets you find any of your users who's ip address has been blacklisted, at most it will email once a day, any additional entries are logged in mail.err log file (search for 'blacklist')

Syntax: g_imap_blacklist bool

g_imap_capa - Where to get the CAPABILITY value from

When you have suffix based domains and you're using SurgeWall the CAPABILITY request comes before the domain of the user is known. As such SurgeMail cannot determine whether to send the real servers CAPABILITY or it's own. This setting will choose the default behaviour, valid values are: Local, . By default SurgeMail defaults to the behaviour of the primary domain, if it's surgewall then it obtains the real server capability. "Local" defaults to SurgeMails own capability, and defaults to the real server capability.

Syntax: g_imap_capa string

g_imap_capa_strip - Capability values to hide

In some situations you might not want to advertise server capabilities, for example SURGEMAIL and XFLDDATA when they cause problems with SurgeWall operations. Or perhaps the IDLE capability. Specifying the capability strings to hide here will cause SurgeMail to stop advertising those capabilies.

Syntax: g_imap_capa_strip string

g_imap_cram_enable - Enable CRAM-MD5 authentication (requires nwauth 4.0h or greater)

Please note that CRAM-MD5 does have security implications, specifically it means that the local users password must be stored in a semi reversable state in the authent database. Also you must be using the new version of the NWAuth module.

Syntax: g_imap_cram_enable bool

g_imap_debug - For NetWin use only

This setting has no further documentation currently available

Syntax: g_imap_debug bool

g_imap_delay - Glob data into bigger packets, never use this

This setting has no further documentation currently available

Syntax: g_imap_delay bool

g_imap_expunge_close - Expunge on every close, not recommended

This setting has no further documentation currently available

Syntax: g_imap_expunge_close bool

g_imap_folder - Type can be: Trash,Junk,Sent,Drafts,Archive

Helps email clients all use the same folder names, Valid types include: Trash,Flagged,AllMail,Junk,Important,Sent,Drafts, note these names have no meaning on the server, in particular AllMail is not actually all mail.

Syntax: g_imap_folder name=string type=string

g_imap_folder_create - Auto create default folders for Trash/Sent etc

Warning this may change the default folder currently used by creating one the user didn't previously have

Syntax: g_imap_folder_create bool

g_imap_friends - Make the friends_pending folder visible in imap

Setting to map the friends_pending folder into an imap folder. There is no corresponding setting for the 'held' folder as we believe people should always use the friends mechanism as it is a superset of the held folder in functionality

Syntax: g_imap_friends bool

g_imap_idle_free - Releases threads in 'idle' state

This setting has no further documentation currently available

Syntax: g_imap_idle_free bool

g_imap_idle_nsf - The number of seconds before a complete directory rescan. To be used on NFS network drives

Number of seconds for IMAP IDLE to do directory rescan - , note setting is miss spelled, do not correct it!

Syntax: g_imap_idle_nsf int

g_imap_inactive_free - Releases threads not active

This setting has no further documentation currently available

Syntax: g_imap_inactive_free bool

g_imap_log - Enable imap.log logging

This setting has no further documentation currently available

Syntax: g_imap_log bool

g_imap_log_body - Log imap fetch body commands to msg*.rec log files

This only logs when a body or body part is read via imap

Syntax: g_imap_log_body bool

g_imap_log_copy - Log imap copy commands to msg*.rec log files

This setting has no further documentation currently available

Syntax: g_imap_log_copy bool

g_imap_log_flush - IMAP log flush

Flush IMAP log on every write (for debugging).

Syntax: g_imap_log_flush bool

g_imap_log_header - Log imap fetch header commands to msg*.rec log files (not usually needed)

This logs rather a lot so may create excessive logging. Probably the log body setting is more wise.

Syntax: g_imap_log_header bool

g_imap_log_main - Log imap to mail.log too (not recommended)

This setting has no further documentation currently available

Syntax: g_imap_log_main bool

g_imap_log_protocol - Log IMAP protocol

Log IMAP protocol and other IMAP information to the mail.log file.

Syntax: g_imap_log_protocol bool

g_imap_log_size - Size of imap.log file

This sets the imap.log file size, default is 2mb

Syntax: g_imap_log_size int

g_imap_log_user - Log imap info to imap.log in users mdir folder

This setting has no further documentation currently available

Syntax: g_imap_log_user bool

g_imap_loop_report - Report imap loops of bad email clients

This only logs when a body or body part is read via imap

Syntax: g_imap_loop_report bool

g_imap_max_limit - Limits messages being put in folders

This setting helps limit impact when a user has a large folder, it will fail to load a folder larger than this and report errors in the log, it does not prevent the folder from having messages added to it, and it does not inform the user that the problem has occurred, this setting is primarily to limit impact of a crazy user :-), see also G_MAILDIR_MAX

Syntax: g_imap_max_limit int

g_imap_max_messages - The number of messages in a single imap folder, default 200000

This setting helps limit impact when a user has a large folder, it will fail to load a folder larger than this and report errors in the log, it does not prevent the folder from having messages added to it, and it does not inform the user that the problem has occurred, this setting is primarily to limit impact of a crazy user :-), see also G_MAILDIR_MAX

Syntax: g_imap_max_messages int

g_imap_maxbusy - Limit for concurrent requests per user, user is throttled if exceeded dflt 8

This setting has no further documentation currently available

Syntax: g_imap_maxbusy int

g_imap_maxdup - Max duplicate imap fetch commands before we throttle connection, default 500

This setting has no further documentation currently available

Syntax: g_imap_maxdup int

g_imap_move - IMAP move extension

This setting has no further documentation currently available

Syntax: g_imap_move bool

g_imap_no_internal_date - Disable the internal date output on IMAP commands

The RFC implementation of internal dateis broken wiht MS outlook. SurgeMail has been modified to conform to the outlook inplementation of internal date making this setting redundant..

Syntax: g_imap_no_internal_date bool

g_imap_old - Revert to old imap module

Replace normal imap with old imap module, not recommended/supported

Syntax: g_imap_old bool

g_imap_old_ip - Revert to old imap module for some ip's

Replace normal imap with old imap module, not recommended/supported

Syntax: g_imap_old_ip string

g_imap_pop_burst - Always burst using imap code

Prevents redownloading messages if file indicating user is using imap is lost. Generally this setting is not needed and should not be used. Turning it on/off will result in users getting duplicate messagese if they are using POP and have leave on server ticked

Syntax: g_imap_pop_burst bool

g_imap_port - IMAP Port (default 143)

Specifies the PORT to listen for IMAP connections on. IMAP is an alternative to POP protocol where the messages and folders all exist on the server. This is ideal when sharing a mail account between several users or when using Email from more than one computer.  Use the keyword 'disabled' to disable this part of the surgemail service.

Syntax: g_imap_port int

g_imap_search_body - Build and use indexes for imap body searching

This setting has no further documentation currently available

Syntax: g_imap_search_body bool

g_imap_search_index - Build and use indexes for imap header searching

This setting has no further documentation currently available

Syntax: g_imap_search_index bool

g_imap_search_noattach - Skip non text attachments when searching

This setting has no further documentation currently available

Syntax: g_imap_search_noattach bool

g_imap_search_text - Use only body and header indexes, fast but won't get all matches

This setting has no further documentation currently available

Syntax: g_imap_search_text bool

g_imap_search_timeout - Limit on imap search, default is 180 seconds

This setting has no further documentation currently available

Syntax: g_imap_search_timeout int

g_imap_secure_port - IMAP Port (default 993)

Specifies the PORT to listen for dedicated SSL IMAP connections.

Syntax: g_imap_secure_port int

g_imap_size_fetch - If true, will display message sizes on fetch command. (ie * 123 EXISTS)

Displays message size in IMAP responses

Syntax: g_imap_size_fetch bool

g_imap_spam_train - Train if moving message to 'spam' folder, or from 'spam' folder to inbox

This setting has no further documentation currently available

Syntax: g_imap_spam_train bool

g_imap_status_cache - Cache imap status responses (Obsolete, use _stored setting)

Improves performance/reduces disk IO for imap

Syntax: g_imap_status_cache bool

g_imap_status_stored - Keep imap folder counts stored on disk

Improves performance/reduces disk IO for imap

Syntax: g_imap_status_stored bool

g_imap_sync_all - Apply imap_max_sync to all folders

This setting has no further documentation currently available

Syntax: g_imap_sync_all bool

g_imap_sync_nomax - Exception to imap_max_sync setting

This setting has no further documentation currently available

Syntax: g_imap_sync_nomax string

g_imap_testing - Test imap module instead of normal one (not functional)

Replace normal imap with a test one, this is not functional, do not use this setting.

Syntax: g_imap_testing bool

g_imap_throttle - Limit for sustained imap commands per second before warning admin, default is 5

Useful for detecting an email client in a loop wasting your resources

Syntax: g_imap_throttle int

g_imap_throttle_exclude - Users who are not limited

This setting has no further documentation currently available

Syntax: g_imap_throttle_exclude string

g_imap_throttle_limit - Daily mb download limit before applying throttle speed, e.g. 500

This setting has no further documentation currently available

Syntax: g_imap_throttle_limit int

g_imap_throttle_speed - Limit to this speed in bytes per second when throttling, e.g. 50k

This setting has no further documentation currently available

Syntax: g_imap_throttle_speed int

g_imap_timeout - Time, in minutes for imap timeout, RFC required default is 30

You may in some cases wish to reduce this below the RFC required default if your server is under very heavy load. Results may be unexpected when breaking RFC behavior!

Syntax: g_imap_timeout int

g_imap_timeout_login - Timeout prior to login in seconds

You may in some cases wish to reduce this below the RFC required default if your server is under very heavy load. Results may be unexpected when breaking RFC behavior!

Syntax: g_imap_timeout_login int

g_imap_timezone - Timezone to display - for testing purposes only

as per title :-)

Syntax: g_imap_timezone string

g_imap_trash_nocopy - Prevent copying from Trash to Trash folder

This setting has no further documentation currently available

Syntax: g_imap_trash_nocopy bool

g_imap_uidl_nofix - Disable UIDL auto repair of duplicate entries

If true disable auto repair of identical UIDL entries.

Syntax: g_imap_uidl_nofix bool

g_imap_unsub_auto - Unsubscribe if a folder doesn't exist

Helps dumb email clients that get confused

Syntax: g_imap_unsub_auto bool

g_imap_user_flags - This setting may confuse some email clients (mac) use with cautioun

This may confused some email clients if multiple clients are used on a single account as the user flags can conflict

Syntax: g_imap_user_flags bool

g_imap_user_moreflags - Allow unlimited flags

This may confused some email clients if multiple clients are used on a single account as the user flags can conflict

Syntax: g_imap_user_moreflags bool

g_imap_warn_big - Warn user if inbox or sent has more than this many messages

We recommend setting this at about 10000, users should use the auto cleanup features (via user.cgi) to archive older messages to another folder

Syntax: g_imap_warn_big int

g_inbox_archive - Archive old messages to Archives/yyyy/Inbox folder, age in days

Trigger with tellmail mail_rules (or it will run once a week)

Syntax: g_inbox_archive int

g_inbox_max - Max messages permitted in inbox e.g. 5000

This setting will stop users leaving lots of message in their inbox. Valid range would be 1000 to 10000 depending on the nature of your users. A smaller number can reduce load on your server. The user is warned when the reach 70% and 95% of the limit

Syntax: g_inbox_max int

g_inbox_nolimit - Users with no limit on inbox

Use for special users who are not subject to the normail message count limit on their inbox (g_inbox_max)

Syntax: g_inbox_nolimit string

g_include - Include another ini file global settings only

Unlike the include command this setting will allow editing of the ini file in web admin, but settings included via this setting will not appear in the admin interface

Syntax: g_include string

g_iplimit - Untrusted local ip addresses e.g. web servers, special sending limits applied.

These limit settings let you control untrusted sources which may get viruses or cgi scripts that open them up to abuse. By throttling the remote addreses limit this will prevent any significant abuse. Authenticated sessions are 'not' limited!.

Syntax: g_iplimit string

g_iplimit_islocal - Add domains to list of domains considered local for limit counting

See explanation of g_iplimit

Syntax: g_iplimit_islocal string

g_iplimit_local - Max sends from untrusted ip to local domains per 30 minutes.

See explanation of g_iplimit

Syntax: g_iplimit_local int

g_iplimit_remote - Max sends from untrusted ip to remote domains per 30 minutes.

See explanation of g_iplimit

Syntax: g_iplimit_remote int

g_iplimit_whitelist - List of 'from' addresses that should bypass limits

This lets you bypass the iplimit restrictions for a known trusted user/form that needs to send a lot of local/remote emails

Syntax: g_iplimit_whitelist string

g_ipv4_only - List of hosts/mx that should NOT use IPV6 addresses

x

Syntax: g_ipv4_only string

g_ipv6_enable - Enable IPV6 networking only use if you have an IPV6 address for some reason

Enable IPV6 networking, Best avoided unless your mail server is in ipv6 address space.

Syntax: g_ipv6_enable bool

g_ipv6_notrim - Prevent automatic conversion of ::ffff:x.x.x.x to x.x.x.x

Disables the automatic conversion of addresses to ipv4 format strings on linux

Syntax: g_ipv6_notrim bool

g_ipv6_only - List of hosts/mx that should NOT use IPV4 addresses

x

Syntax: g_ipv6_only string

g_kann_test - Testing spam module do not use

Testing a new feature do not use

Syntax: g_kann_test bool

g_keepalive - Attempts to use keepalive for the web sessions (experimental & faulty currently)

Don't use this yet, we are still working on it.

Syntax: g_keepalive bool

g_key_manual - Try and activate automatically when the key expires

When you purchase updates you must activate to get the expire date reset in surgemail, if this setting is not turned on then surgemail will try and do this automatically for you.

Syntax: g_key_manual bool

g_key_nowarning - Disable reminders to update your license

Disables the email reminding you to pay for updates for virus and spam filter and new versions etc...

Syntax: g_key_nowarning bool

g_known_skip - Disable the bypass of known ip addresses from spf failures

Purely for testing

Syntax: g_known_skip bool

g_language_default - Default language for user web interface

If the user has not yet selected a language then this language is used as a default. If the language specified here does not exist in the language files, or nothing is specified here then English is used as the default language.

Syntax: g_language_default string

g_last_login - Create last_login.time files

If true then when users login via pop or imap or webmail the file last_login.time is created/touched, this can then be used by local scripts to determine which user directories are not in active use.

Syntax: g_last_login bool

g_last_login_days - If last login is more than this many days then reject email - do not use on mirrors

This can be used on a shared disk cluster to establish which users are inactive. On a normal mirror or stand alone system you should use DISABLE_SMTP_AFTER

Syntax: g_last_login_days int

g_late_forward - Apply all users forwarding rules after friends, spam, and filtering

By default users forwarding rules are applied before friends, spam and user filter rules. By default users can tick and option on their forwarding page to perform 'late' forwarding, that is forwarding that occurs after friends, spam and filtering. This option overrides the user option and causes all user forwarding rules to be applied after friends, spam and filtering.

Syntax: g_late_forward bool

g_late_skiplocal - Skip late forwarding for local destinations

This setting has no further documentation currently available

Syntax: g_late_skiplocal bool

g_ldap_forward - Remote ldap server to forward requests to (only for testing do not use)

Forwards all ldap requests to another host, primarily intended for testing, use at your own risk.

Syntax: g_ldap_forward string

g_ldap_outlook_browse_max - Basic outlook ldap address browsing, max items (KEEP THIS SMALL eg <50): default=0 (disabled)

numeric maximum items to return default=0 (ie disabled)

Syntax: g_ldap_outlook_browse_max int

g_ldap_port - LDAP Port (normally 389)

If specified this enables the mini ldap server inside surgemail which allows users with email clients that can do 'ldap' directory lookups to search for other users on the system. Obviously this should NEVER BE turned on for a public mail server, it is only appropriate with private mail servers where all users who can access the system are trusted.

There are additional 'domain' settings ldap_anydomain, which lets users search for users outside their own domain name. And ldap_disable which can disable ldap for specific domains.

Syntax: g_ldap_port int

g_legal_archive_accesskey - Amazon s3 awsaccesskeyid

This setting has no further documentation currently available

Syntax: g_legal_archive_accesskey string

g_legal_archive_add - Users must belong to this group to get their email archived

This setting has no further documentation currently available

Syntax: g_legal_archive_add string

g_legal_archive_body - Allow body searching, very very slow

This setting has no further documentation currently available

Syntax: g_legal_archive_body bool

g_legal_archive_bucket - bucket for for net service

This setting has no further documentation currently available

Syntax: g_legal_archive_bucket string

g_legal_archive_enable - Enable legal archive

This setting has no further documentation currently available

Syntax: g_legal_archive_enable bool

g_legal_archive_encrypt_key - Key for encrypting the data, you MUST never loose this

This setting has no further documentation currently available

Syntax: g_legal_archive_encrypt_key string

g_legal_archive_hostid - Unique integer for this host 1-9 use if sharing mail spool

This setting has no further documentation currently available

Syntax: g_legal_archive_hostid int

g_legal_archive_keep - Days to keep legal archive, units=days unless you specify years or months, default 5 years

This setting has no further documentation currently available

Syntax: g_legal_archive_keep int

g_legal_archive_local - Store files locally only

This setting has no further documentation currently available

Syntax: g_legal_archive_local bool

g_legal_archive_mirror - Mirror the archive, also use tellmail resync_archive

This setting has no further documentation currently available

Syntax: g_legal_archive_mirror bool

g_legal_archive_nofail - Don't bounce messages if archive fails

This setting has no further documentation currently available

Syntax: g_legal_archive_nofail bool

g_legal_archive_only - Drop all messages after archiving them!

This setting has no further documentation currently available

Syntax: g_legal_archive_only bool

g_legal_archive_path - Local path for archive indexes

This setting has no further documentation currently available

Syntax: g_legal_archive_path string

g_legal_archive_secretkey - Amazon s3 awssecretkey

This setting has no further documentation currently available

Syntax: g_legal_archive_secretkey string

g_legal_archive_show - Users must belong to 'archive_show' group to see their own archive

This setting has no further documentation currently available

Syntax: g_legal_archive_show bool

g_legal_archive_spam - Store files even if identified as spam (OBSOLETE)

Messages are always stored now regardless of spam score

Syntax: g_legal_archive_spam bool

g_legal_archive_trim - Trim messages to max size e.g 20mb

This setting has no further documentation currently available

Syntax: g_legal_archive_trim int

g_letsencrypt - Path to find letsencrypt certificates (obsolete)

This setting has no further documentation currently available

Syntax: g_letsencrypt string

g_lf_fix_list - Enable lf fix for faulty email clients

This setting has no further documentation currently available

Syntax: g_lf_fix_list string

g_lf_fix_off - Disable lf fix, obsolete SEE g_lf_fix_list

This setting has no further documentation currently available

Syntax: g_lf_fix_off bool

g_local_skipgateway - Skip gateway rule for local messages

If true skip gateway rule for local messages (bounces etc). 

Syntax: g_local_skipgateway bool

g_log_bounce_disable - Stop bounce reject entries filling up log (typically from spam bounces)

Disables useless logging in msg*.rec files, only recommended for busy servers

Syntax: g_log_bounce_disable bool

g_log_date_old - Log old short date in log files

Makes log lines more complete

Syntax: g_log_date_old bool

g_log_disable - Disable most logging - not recommended

This setting has no further documentation currently available

Syntax: g_log_disable bool

g_log_dns - Log dns responses in gory detail

Useful when debugging unexpected DNS results, search for 'dns' in mail.log to find the results.

Syntax: g_log_dns bool

g_log_dropped_disable - Don't log if no 'data' command sent

Disables useless logging in msg*.rec files, only recommended for busy servers

Syntax: g_log_dropped_disable bool

g_log_fakemid - Header to use instead of message-id in log files

This setting has no further documentation currently available

Syntax: g_log_fakemid string

g_log_flush - Flushing log - flush on every write

This makes the server flush log data after every write to the file. This affects performance but can sometimes be the only way to track down an unusual fault eg: if the server dies the log is completely up to date and shows the last thing the server did before dying. 

Syntax: g_log_flush bool

g_log_fwd - Log fwd/redirection rules associated in msg.rec

Log fwd/redirection rules associated with g_log_rcpt in msg.rec files. 

Syntax: g_log_fwd bool

g_log_level - Set logging level

Set the logging level. This is primarily intended for finding faults with the server. Info level logging is the default. Alternatives are 'error' and 'debug' 

Syntax: g_log_level string

g_log_norcpt - Don't log individual recipients in msg.rec files

Log individual recipients in msg.rec files

Syntax: g_log_norcpt bool

g_log_password - Log password failures to login_failed.log

It is considered bad form to do this, but it can be very useful, so it's up to you!

Syntax: g_log_password bool

g_log_path - Path for log files

Sets the path for all SurgeMails generated logfiles. (except the delivery record logs)

Syntax: g_log_path string

g_log_pid - Log pid

Log PID along with thread-id in the UNIXlog files.

Syntax: g_log_pid bool

g_log_quota - Log quota for specified user

Creates a file for each user that matches this list, user_user@domain.log

Syntax: g_log_quota string

g_log_reject_disable - Disable the logging of rejected mail

SurgeMail will normally log failed deliveries due to MFilter / SmiteSpam / etc in the delivery logs. This setting will restrict this logging to accepted mail only.

Syntax: g_log_reject_disable bool

g_log_size - Size of the mail.log files before they are rotated

The mail.log files are a fixed size rotating log of what is happening inside SurgeMail. Dependant on the load of your server this may contain a few days worth of activity or a few minutes worth. This setting allows you to change the default 2MB before rotation size.

Syntax: g_log_size int

g_log_slow - Do slower logging system

Forces logging to disk even if it may slow things down. Not recommended.

Syntax: g_log_slow bool

g_log_start_norotate - Don't rotate log on startup

By default the mail.log is rotated to mail2.log... on startup.

Syntax: g_log_start_norotate bool

g_log_syslog - Send 'msg.rec' entries to syslog

This is useful to 'merge' log information on a single host, on unix you specify the destination in your syslog configuration rather than specifying a host. On windows you can specify the remote host as you may not have a local syslog daemon

Syntax: g_log_syslog bool

g_log_syslog_debug - Send 'mail.log' entries to syslog as 'mail.debug' data

This data is probably not worth sending to syslog, it's really debugging information of no long term value and too much to store.

Syntax: g_log_syslog_debug bool

g_log_syslog_host - Specify host to send syslog entries to (windows only)

On windows this lets you tell surgemail where the syslog deamon is, on unix you can do this in your syslog config file.

Syntax: g_log_syslog_host string

g_log_syslog_only - Disable writing to msg.rec

This prevents the local logs from being written

Syntax: g_log_syslog_only bool

g_log_syslog_port - Default is 514 (windows only)

On windows this lets you tell surgemail where the syslog deamon is, on unix you can do this in your syslog config file.

Syntax: g_log_syslog_port int

g_log_tcp_read,g_log_tcp_write - Log actual data for a specific IP

These settings let you 'trace' the data going 'to' and or 'from' a specific IP address (or list, or wild card) Lets say you have a client on a specific address that has a problem where the fault could be server/client or network related. To track it down add this to surgemail.ini

g_log_tcp_read "2.3.4.5"
g_log_tcp_write "2.3.4.5"

Then try whatever is 'failing' and examine 'mail.log' to see what was read/written to that client.

Syntax: g_log_tcp_read string

g_log_thid - Log thread id in .rec files

Logs the thread id in the msg*.rec files, this is good for some types of debugging.

Syntax: g_log_thid bool

g_log_user - Log pop/imap/smtp protocol for specified user

Creates a file for each user that matches this list, user_user@domain.log

Syntax: g_log_user string

g_login_log_size - Size of login.log file

Max is 2gig, this is the size of login.log

Syntax: g_login_log_size int

g_lookup_names - Lookup names for connecting IP addresses

This is one of those things that you very likely do not want to turn on. It makes the mail server lookup the IP name of any connecting user, however lookups can take 30-90 seconds so it can negatively impact apparent performance. Most of the access rules in the server can accept IP names if this setting is enabled, e.g. instead of specifying local users are 153.2.3.* you can say '*.netwinsite.com" 

Syntax: g_lookup_names bool

g_lookup_reject_fails - If lookup cannot get a name, reject user (not generally recommended)

If lookup cannot get a name, reject user (not generally recommended) 

Syntax: g_lookup_reject_fails bool

g_lowdisk_mailbox - Disksize warning limit for mailbox_paths

This setting has no further documentation currently available

Syntax: g_lowdisk_mailbox string

g_lowdisk_warning - Disk space level below which to warn the manager

SurgeMail checks available disk space on startup and every half hour whilst running on all the mail, temp and home directories. If any is found to be low an email is sent to the system manager.  The recommended level is at least 100MB (default is 10MB).

Syntax: g_lowdisk_warning string

g_mailbox_inbox - Path for inboxes (experimental, do not use!)

This setting has no further documentation currently available

Syntax: g_mailbox_inbox string

g_mailbox_path - Default directory to store mail

Default directory to store mail this is used to set mailbox_path when creating domains. 

Syntax: g_mailbox_path string

g_maildir_imap_max - Use imap max setting, defaults to 100,000

This setting has no further documentation currently available

Syntax: g_maildir_imap_max bool

g_maildir_max - Max messages in a POP folder, do not adjust

The default is 30,000. When exceeded additional messages are invisible until some are deleted. We strongly recommend you don't change this limit as large folders are gemoetrically inefficient and users should take steps to avoid this limit rather than increasing it.

Syntax: g_maildir_max int

g_maildir_netwin - Use NETWIN proprietry storage format - Not Recommended

This changes the storage format from one message per file, to a proprietry format, the spool is converted automatically when you restart surgemail. As a new feature which reformats all messages stored this settings has some risks, we suggest caution particularly on an existing server, ensure you have a backup mechanism of some kind in place!. Although this setting can give performance gains we think generally the gains do not out weigh the risk introduced, personally I prefer a simple 'directory of files' for each mail folder

Syntax: g_maildir_netwin bool

g_maildir_report - Email manager on ndb errors

This is for debugging and not for general use

Syntax: g_maildir_report bool

g_maildir_standard - Use more standard maildir format

The maildir format is flawed in that it is not designed to be used on Windows systems. This setting will force SurgeMail to use a more standard maildir format, but does mean you cannot just copy mail from a UNIX box to a Windows box as the ":" character is a reserved character on Windows systems. 

Syntax: g_maildir_standard bool

g_mailstatus_message - Error message to give when mailstatus is set to specified state

This allows you to specify the error message given to the user when they are set to certain states, you may use other authent fields in the message, for example:

g_mailstatus_message state="payup" message="Payment is due $full_name$, please pay here: http://your.site/path/file.htm"

Syntax: g_mailstatus_message state=string message=string

g_manager - Email address of manager

Email address to send reports to. 

Syntax: g_manager string

g_manager_port - Manager port (default 7026)

This is the port the web manager and web mail access will run on. By default it is port 7026. Use the keyword 'disabled' to disable this part of the surgemail service.

Syntax: g_manager_port int

g_manager_secure_port - Manager secure port (default 143)

This should be the main server management port and provides a secure server management connection. By default it is port 7025. https://your.mail.server:7025. Use the keyword 'disabled' to disable this part of the SurgeMail service.

Syntax: g_manager_secure_port int

g_manager_smtp - SMTP server for manager Emails about failures

For obvious reasons, if the server is not working it cannot use itself to send the manager an Email message, so for highest reliability you may want to define another mail server for fault reports to be Emailed to. 

Syntax: g_manager_smtp string

g_manager_username - Global domain managers username (for web based domain administration)

Specifies the local users which have manager rights for all domains. These users can login to the user self management interface and will recieve special domain manager options. This setting works slightly different to the domain level 'manager_username' setting in that if you specify an account without the @domain part i.e. 'admin' it gives all admin users in all domains domain rights over all domains.

Syntax: g_manager_username string

g_max_bad_ip - Max bad recipients per ip address before blocking that ip

This setting is important to stop hackers fishing for email addresses by guessing, I recommend you start with a low setting like 5, but increase to 100 if it causes problems. If you have a firewall or spam filter in front of surgemail add G_SPAM_ALLOW to whitelist it's ip address

Syntax: g_max_bad_ip int

g_max_bad_ip_skip - Skip g_max_bad_ip tests

Use to disable g_max_bad_ip tests for specific ip addresses

Syntax: g_max_bad_ip_skip string

g_max_bad_ip_time - Seconds to block guessing hackers

The default is 1 day (used to be 1 hour). Units is seconds

Syntax: g_max_bad_ip_time int

g_max_bad_nolookup - Max bad recipients in a row if exceeded skip user lookup

Max bad recipients in a row if exceeded skip user lookup - useful when tarpitting a spammer. 

Syntax: g_max_bad_nolookup int

g_max_bad_to - Max bad recipients in a row

If a system sending your system Email sends more than the specified number of bad addresses in a row then it is assumed to be incoming spam and further messages are rejected. 

Syntax: g_max_bad_to string

g_mdir_hash - SurgeMail hashing mode

Hashing mode for SurgeMail, default is 5, for compatibilty with /b/o/bob use 2. 

Syntax: g_mdir_hash int

g_mdir_prefix - Maildir folder prefix

Prefix for maildir folders defaults to 'mdir', use '.' for compatibility with qmail. 

Syntax: g_mdir_prefix string

g_mfilter_addonly - Add headers only

If true then only allow 'adding' headers, not changing them.

Syntax: g_mfilter_addonly bool

g_mfilter_bounces - Run mfilter on bounce messages and responders etc

Run the mfilter processing even on bounces

Syntax: g_mfilter_bounces bool

g_mfilter_disable - Disable mfilter.rul completely

Performance feature

Syntax: g_mfilter_disable bool

g_mfilter_file - Path to mfilter.rul spam rule processing

This is the full path to the Mfilter rule file which provides advanced message filtering capabilities. See Mfilter.htm for more details.

Syntax: g_mfilter_file string

g_mfilter_localonly - Only filter local deliveries

If true then only run Mfilter on local deliveries.

Syntax: g_mfilter_localonly bool

g_mfilter_maxlen - Mfilter Max message length

Size to truncate messages to before processing with Mfilter.

Syntax: g_mfilter_maxlen int

g_mfilter_noisey - Do log anything in mfilter

Logs the real details of mfilter, never user on a live busy system this is only intended for debugging an mfilter script. It logs every line of the script!

Syntax: g_mfilter_noisey bool

g_mfilter_skip_from - From addresses (envelope) to skip mfilter processing for

This setting has no further documentation currently available

Syntax: g_mfilter_skip_from string

g_mfilter_skip_ip - Skip mfilter for messages from these ip's

This allows you to add a comma separated list of ip's to skip running mfilter on. This is based on the ip of the sender. Wild cards and ranges can be used.

Example:
g_mfilter_skip "10.0.0.2,210.56.43.*,193.1.16-24.0-255"

Syntax: g_mfilter_skip_ip string

g_mfilter_skip_to - To addresses to skip mfilter processing for

If one matches then mfilter is skipped for entire message

Syntax: g_mfilter_skip_to string

g_mfilter_trace - Log trace lines in Mfilter

Log trace lines in Mfilter for debugging .

Syntax: g_mfilter_trace bool

g_migrate_domain - The domain which g_migrate_password is for

This setting has no further documentation currently available

Syntax: g_migrate_domain string

g_migrate_email - Send each user email on start/end of migration

Gives the user some indication of when the migration has finished. You can modify the templates migration_started.eml and migration_finished.eml

Syntax: g_migrate_email bool

g_migrate_onsmtp - Migrate on smtp login events

Normally migration only starts with a pop or imap login

Syntax: g_migrate_onsmtp bool

g_migrate_password - Allows login to all accounts create hash with tellmail master_password

Note: a plain text password will not work, e.g. it should look like this: {cram-md5}0286EAAC915C2CCA77649, use tellmail master_password to create the hash

Syntax: g_migrate_password string

g_migrate_skip - Skip imap folders matching this, use for shared folders

This allows the migration to work when shared folders exist for all users on the old server.

Syntax: g_migrate_skip string

g_migrate_translatet - Translate folder names during migration

e.g. inbox.* --> %1 would change inbox.folder to folder

Syntax: g_migrate_translatet was=string to=string

g_mirror_config - Mirror surgemail.ini

Syntax: g_mirror_config "true/false"

You put this on both machines and it will attempt to mirror the surgemail.ini. There will be some settings that you do not wish to mirror and these can be exempted by using:

g_mirror_config_except "setting,setting,setting"

Some settings are not mirrored by default these are: g_mirror_host, g_mirror_nwauth*, g_mirror_mode, g_authent_path, g_dlist_path, g_log_path, g_record_path, g_home, g_authent_process, g_mfilter_file, g_webmail_work, g_work, g_virus_cmd, g_atrn_port, g_imap_port, g_imap_secure_port, g_ldap_port, g_manager_port, g_manager_secure_port, g_monitor_port, g_pop_port, g_pop_secure_port, g_ppd_port, g_smtp_port, g_smtp_secure_port, g_webmail_port, g_webmail_secure_port, g_surgeplus_port, g_surgeplus_secure_port, g_surgeplus_web_port, g_bind_out, g_virus_avast, dmail_drop_path, dmail_bin_path, web_path, webmail_work

(it is possible we will update this list over time)
* g_mirror_nwauth is obsolete don't use it.

Syntax: g_mirror_config bool

g_mirror_config_except - Mirror surgemail.ini

Syntax: g_mirror_config "setting,setting,setting"

This will tell the server not to import the specified settings from the other mirror.

Example:
g_mirror_except "g_spam_allow"

This will tell the server not to change this setting. This only affects the machine its on, if the other server does not have this set, it will continue to mirror the setting. This setting accepts wildcards. This setting accepts a special case value "address" that will prevent mirroring of existing domain ip addresses, allowing different ips on each mirror machine. There are a number of settings which are not mirrored by default these are specified above in g_mirror_config.

In addition the mailbox_path setting is not mirrored, unless, the existing setting is a sub directory of the g_mailbox_path and the new setting is a sub directory of the g_mailbox_path from the other server, in which case the mailbox_path is set to the same sub directory using the existing g_mailbox_path setting eg.

[recieving server]
g_mailbox_path "c:\surgemail\mbox"
mailbox_path "c:\surgemail\mbox\domain"

[sending server]
g_mailbox_path "d:\surgemail\mbox"
mailbox_path "c:\surgemail\mbox\domain_moved_here"

[result on recieving server]
g_mailbox_path "c:\surgemail\mbox"
mailbox_path "c:\surgemail\mbox\domain_moved_here"

Syntax: g_mirror_config_except string

g_mirror_debug - Log more info to mirror log.

Helps when tracking down fault with nwauth or mirroring, never leave turned on as it can lead to mutex crashing

Syntax: g_mirror_debug bool

g_mirror_debug3 - NEVER USE, MAKES MIRROR FAIL.

Helps when tracking down fault with nwauth or mirroring, never leave turned on as it can lead to mutex crashing

Syntax: g_mirror_debug3 bool

g_mirror_email - Email manager list of fixes sent

This is a debug setting to spot issues with mirroring, it emails the manager a log of the files that were resynced, set G_MIRROR_PRUNE_AGE 1 as well to cut down on false positives.

Syntax: g_mirror_email bool

g_mirror_host - Mirror host 

This unique SurgeMail feature allows you to setup two identical mail servers across a local or widearea network. The waiting mail messages & folders etc are duplicated continuously between the two systems, so users can use either system. If either system fails for any hardware reason the other acts as an instant on line replacement without any interruption to the user. In addition when the faulty system is replaced the two automatically re-synchronize. 

See this page for Mirror overview

Syntax: g_mirror_host string

g_mirror_lists_one - Mirror list changes only one way to slave

This setting has no further documentation currently available

Syntax: g_mirror_lists_one bool

g_mirror_live - Mirror: Send incoming messages immediately

Enables a faster mirroring mechanism, strongly recomended, this setting will be the default in a future release

Syntax: g_mirror_live bool

g_mirror_live_max - Limit size of mirror_live default 60k

This prevents smtp delays when mirroring over a slowish link. The default is 60k

Syntax: g_mirror_live_max int

g_mirror_lock - Lock PRIMARY during secondary bursts

This setting has no further documentation currently available

Syntax: g_mirror_lock bool

g_mirror_max - Max items in one folder to mirror, default 160k currently

This setting has no further documentation currently available

Syntax: g_mirror_max int

g_mirror_mode - Master / slave mirror system

Certain actions may only be run on the mirror master system (such as expire processing) or are different in behaviour between the master and slave (such as NWAuth mirrorring and dlist mirorring). This setting must be set to MASTER on one system and SLAVE on the other system for correct operation. (Note basic mirrorring of delivered mail will happen if this setting is the same on both systems it is just some of the special mirrorring functionality that this is required for)

Syntax: g_mirror_mode string

g_mirror_nossl - Disable SSL for mirror protocol connection

This is best turned off unless your servers are talking over a wide area untrusted network. 

Syntax: g_mirror_nossl bool

g_mirror_nsend - Sending threads to use, default 8

Sending threads for normal queue

Syntax: g_mirror_nsend int

g_mirror_nwauth - Mirror NWAuth data files (deprecated - for backward compatibility only)

This setting is no longer used (as of SurgeMail 1.7d), the g_mirror_mode setting is used instead to decide whether do mirror the NWAuth database.

Syntax: g_mirror_nwauth bool

g_mirror_nwauth_always - Mirror nwauth database files

Set this if you're using multiauth to run nwauth and you want those files mirrored. Requires you to add -isslave2 to multiauth.ini nwauth command line. Requires the nwauth files to be located in the surgemail root/install directory.

Syntax: g_mirror_nwauth_always bool

g_mirror_others - BETA Other hosts, for 3,4 host mirrors,(DO NOT USE)

This setting has no further documentation currently available

Syntax: g_mirror_others string

g_mirror_prune_age - Mirror minimum age for items to be pruned during sync_prune

Mirror minimum age for items to be pruned during sync_prune, default 14 days. 

Syntax: g_mirror_prune_age int

g_mirror_repair - Run resync_prune once per month, only set on primary, TURN OFF DURING FAILURES

This setting runs a monthly resync to keep the cluster in sync. Maybe be resource intensive on a large system! This should always be disabled during a failure as it could cause messages loss when the master is re connected.

Syntax: g_mirror_repair bool

g_mirror_resync_inbox - BETA Resync inbox for active users once a day

This setting has no further documentation currently available

Syntax: g_mirror_resync_inbox bool

g_mirror_secret - Mirror secret shared password

This password is required to prevent the mirroring mechanisms being abused. We recommend a random string of letters at least 10 characters long. e.g. "urcajfielsjfs" 

Syntax: g_mirror_secret string

g_mirror_threads - Max threads we can use during resync_fast, default 6

During resync fast four threads are used, this is usually sufficient, more may overload your system and result in failures, if your system is not under load you could set it as high as eight, but this would only be sensible if your disk array has more than 4 drives in it!

Syntax: g_mirror_threads int

g_mirror_trash - Normally on a resync the trash folder is ignored.

This can be useful when you want to compare results so you want everything even if it's a bit pointless

Syntax: g_mirror_trash bool

g_modern_admin - More modern admin ui layout

This setting has no further documentation currently available

Syntax: g_modern_admin bool

g_modern_hicontrast - Easy to see color scheme, Control f5 to reload css after changing!

This setting has no further documentation currently available

Syntax: g_modern_hicontrast bool

g_modern_surgeweb - More modern layout for surgeweb

This setting has no further documentation currently available

Syntax: g_modern_surgeweb bool

g_modern_user - More modern layout for user self admin

This setting has no further documentation currently available

Syntax: g_modern_user bool

g_monitor_disable - Disable the monitor process

This allows the monitor process to be completely disabled. The monitor process is the swatch executable and can be setup to monitor and automatically restart SurgeMail if it crashes. The monitor process is also used to start SurgeMail from the using the web interface if it has been shutdown.

Syntax: g_monitor_disable bool

g_monitor_port - SurgeMail monitor port (default 7027)

The port SurgeMail monitor runs on allowing SurgeMail to be remotely started. Typically you won't need to change this, however you can specify an IP address to bind to or a list of alternate ports, e.g. 10.3.2.3:7027 or 7027,8027 etc...  

Syntax: g_monitor_port int

g_msg_hops_max - Maximum received lines or message is bounced, default 30

If there are more received lines than this the message is bounced.

Syntax: g_msg_hops_max int

g_msg_log_body - Log body fetches too

Log msg body fetch too, this will fill up the logs, not recommended

Syntax: g_msg_log_body bool

g_msg_log_dkim - Log DKIM in msg*.rec

Log from header field

Syntax: g_msg_log_dkim bool

g_msg_log_extra - Extra user activity logging

Log user activities like logins (successful and failed) 'msg.log' files; recYYMM/msgYYMMDD.rec

Syntax: g_msg_log_extra bool

g_msg_log_from - Log From in msg*.rec

Log from header field

Syntax: g_msg_log_from bool

g_msg_log_pop - Log all pop reads in msg*.rec

Log from header field

Syntax: g_msg_log_pop bool

g_msg_max - Max size of a single message

Max size, in bytes, of a message, eg: 20,000,000 for a 20mb limit. This setting is useful to prevent a single large message jamming up your system. 

Syntax: g_msg_max int

g_msg_max_drop - Drop link if size exceeded (DO NOT USE)

This setting has no further documentation currently available

Syntax: g_msg_max_drop int

g_msg_max_send - Max size for authenticated local users

This setting has no further documentation currently available

Syntax: g_msg_max_send int

g_msg_max_total - Max size of a message * recipients

This limits abuse, if set to 100mb then if user sends 10mb message to 10 users it will be blocked

Syntax: g_msg_max_total int

g_msg_nodup - Drop duplicate messages by msgid/user matching

This setting has no further documentation currently available

Syntax: g_msg_nodup bool

g_msg_track - Message tracking - for debugging

Debugging setting, do not use

Syntax: g_msg_track bool

g_mtasts - Enable MTA-STS ssl/tls rules

Use DNS entries to discover if receiving server should have a signed SSL certificate

Syntax: g_mtasts bool

g_mtasts_report - Alert manager on MTASTS failures

Most failures will be due to something other than real hackers, so this alert helps you resolve issues, and add whitelist rules g_mtasts_white settings for problem domains

Syntax: g_mtasts_report bool

g_mtasts_white - Domains to ignore MTA-STS rules

Whitelist for destination domains we should just send to anyway

Syntax: g_mtasts_white string

g_mutex_fast - Use fast mutex handling DEBUGGING option only

Interrnal use only

Syntax: g_mutex_fast bool

g_mutex_timeout - Crash without catching exceptions

Default mutex timeout period in seconds (default=600 ie 10minutes). This is a self monitoring feature that if it has not received a mutex for some reason (usually a bug, but could be server overloading) SurgeMail will shut itself down. If g_restart is enabled this would restart surgemail.

Syntax: g_mutex_timeout int

g_mutex_timing - Name of mutex to collect extra timing information for

Interrnal use only

Syntax: g_mutex_timing string

g_mx_tryall - Try all mx hosts even if lower than own mx priority

This breaks the standard RFC behavior, but can be sensible in certain rare situations which currently escape me.

Syntax: g_mx_tryall bool

g_myrbl_disable - Disable internal rbl database

This setting should not be needed

Syntax: g_myrbl_disable bool

g_myrbl_disable_rbl - Disable netwin rbl database

This setting should not be needed

Syntax: g_myrbl_disable_rbl bool

g_myrbl_fake - Fake myrbl response for testing

This setting has no further documentation currently available

Syntax: g_myrbl_fake ip=string color=string

g_myrbl_share - Use and Share RBL reputation data with central NetWin server (Recommended)

Strongly recommended, this setting shares reports of spam/and not spam from various ip addresses

Syntax: g_myrbl_share bool

g_myrbl_store - Size of internal myrbl database

Best not to touch this setting, default is 10000, Suggested valid range would be no less than 1000 and no more than 100000

Syntax: g_myrbl_store int

g_myrbl_to - Debug setting for rbl sharing do not use

This is for debugging only

Syntax: g_myrbl_to string

g_myurl_disable - Disable internal url database

This setting should not be needed

Syntax: g_myurl_disable bool

g_naked_msg - Text to display if message body contains naked LF characters

Default is: "Naked LF see https://netwinsite.com/surgemail/help/smtplf.htm"

Syntax: g_naked_msg string

g_newui_advanced - Always run new admin ui in advanced mode

This setting has no further documentation currently available

Syntax: g_newui_advanced bool

g_newui_disable - Disable new admin ui (do not use)

This setting has no further documentation currently available

Syntax: g_newui_disable bool

g_no_bull - Special accounts that should not get bulletins

This setting has no further documentation currently available

Syntax: g_no_bull string

g_notag_notascii - Don't add x-notascii: charset to any non ascii message

This can be used by user exception rules for users that don't expect any foreign language messages

Syntax: g_notag_notascii bool

g_notag_url_forgery - Don't add x-UrlForgery when a ref urls seem to not match

Many scam's will use legit urls with aref links to their own site, this tries to tag such messages which can then be scored as spam via aspam_mfilter.rul

Syntax: g_notag_url_forgery bool

g_notlocal - Add ALERT to message subject if domain is local but origin is external NOT FUNCTIONAL!

This setting has no further documentation currently available

Syntax: g_notlocal bool

g_notlocal_message - ALERT text to add to suspect messages that appear to be from a local domain

This setting has no further documentation currently available

Syntax: g_notlocal_message string

g_oauth_client_id - OAuth 2.0 client_id

This setting has no further documentation currently available

Syntax: g_oauth_client_id string

g_oauth_client_secret - OAuth 2.0 client_secret

This setting has no further documentation currently available

Syntax: g_oauth_client_secret string

g_oauth_trim - OAuth 2.0 trim @domain.name

This setting has no further documentation currently available

Syntax: g_oauth_trim bool

g_oauth_url - OAuth 2.0 server for password lookup, e.g. http://x.com/oauth

This setting has no further documentation currently available

Syntax: g_oauth_url string

g_old_imap_headbody - Get head and body seperately

This is just the way it used to do it, I can't see any good reason for it, but I'm leaving this setting incase there is a reason :-)

Syntax: g_old_imap_headbody bool

g_old_imap_nossl - Disable auto ssl mode

This is just the way it used to do it, I can't see any good reason for it, but I'm leaving this setting incase there is a reason :-)

Syntax: g_old_imap_nossl bool

g_old_imap_skip - Skip these folders

This is just the way it used to do it, I can't see any good reason for it, but I'm leaving this setting incase there is a reason :-)

Syntax: g_old_imap_skip string

g_old_pophost_debug - Log extra info when doing old pophost logins

Log extra info when doing old pophost logins for debugging. 

Syntax: g_old_pophost_debug bool

g_old_user_check - Disable the account status enabled check on rcpt lines

Normally the account status field is checked at the recipient stage, this setting disables this check.

Syntax: g_old_user_check bool

g_old_webmail_links - Show webmail links in user cgi instead of surgeweb

This setting has no further documentation currently available

Syntax: g_old_webmail_links bool

g_orbs_cache_life - Sets the amount of time to keep RBL entries cached.

Syntax: g_orbs_cache_life "seconds"
Default: 7200 seconds

This allows you to control how long the RBL lookups are cached for.

Example:
g_orbs_cache_life "100"

 

Syntax: g_orbs_cache_life int

g_orbs_check_all - Keep doing lookups even if found in a RBL, this is slower of course!

This checks all the RBL servers listed even if the connecting ip address is found in one server, this is slower but can mean you can score more accurately when an ip is listed in multiple RBL databases. Do not use with g_orbs_late, the two settings conflict and will not work. (g_orbs_late will be ignored)

Syntax: g_orbs_check_all bool

g_orbs_exception - Exceptions to Open Relay / Known Spam sites

This allows you to over-ride a response from an ORBS/RBL database. For example, if a site you wish to do business with is in the RBL database you can add their IP address to this setting and then they can send you Email again. 

Syntax: g_orbs_exception string

g_orbs_fake - Ip address to pretend we find in rbl database for testing

This setting has no further documentation currently available

Syntax: g_orbs_fake string

g_orbs_force - Forces RBL lookup even if they are in an exception.

Syntax: g_orbs_force "true/false"

This allows you to force RBL lookups on users that would normally not be checked due to being in an allowed relay ip (g_allow_relay_ip).

Syntax: g_orbs_force bool

g_orbs_late - Disconnect user only if they fail to authenticate

Sometimes your customers will be using dial in lines that are banned by RBL databases, in this situation this setting will help as it will keep the connection alive long enough for a valid user to send an smtp authentication in.

Can also be used wth g_spf_skip_to "user@domain" this will allow you to add exceptions for users or domains that do not want RBL checks done on their accounts.

Syntax: g_orbs_late bool

g_orbs_list - Multiple Open Relay Blocking System RBL databases

Allows enforcement of a servers blacklisting or whitelisting in one or more RBL databases with a different action for each database. In addition this can be used to mark messages with a header which can then be taken into account in the SmiteCRC"SpamDetect rating" calculation. A RBL database is simply a DNS server that returns a positive response if a server is listed in the database. A variety of services are available online that can maintain blacklist databases. Normally you would maintain your own whitelist database that overrides the blacklist listings.

name=service action=deny,accept,stamp stamp="string to add to header "

Where the stamp option adds the header:

X-ORBS-Stamp: string to add to header 1.2.3.4

The variable can be used to create a url to go directly to a spam database web site and give details on the offending ip address. e.g. stamp="Spamcop, http://spamcop.net/w3m?action=checkblock&ip="

eg 1 - A simple deny mail from blacklisted servers could be achieved with:

g_orbs_list name="relays.ordb.org" action="deny"

eg 2 - A smarter setup with exceptions for certain IP ranges and a whilelist exception database, a blacklisted deny database and with useful header based tagging could be achieved as follows:

g_orbs_exception "127.0.0.*,12.34.56.*"
g_orbs_list name="mywhitedatabase.none" action="accept"
g_orbs_list name="relays.ordb.org" action="deny"
g_orbs_list name="relays.osirusoft.com" action="deny"
g_orbs_list name="bl.spamcop.net" action="stamp" stamp="spamcop, http://spamcop.net/w3m?action=checkblock&ip="

eg 3 - To use the output of header based ORBS stamping in the SmiteCRC calculation the following could be used:

g_orbs_list name="relays.ordb.org" action="stamp" stamp="open relay"
g_orbs_list name="my.dialup.databse.none" action="stamp" stamp="dialup"

These entries have the following rules in filter.rul. If you used your own stamp text you would place appropriate entries in the local.rul file.

if(rexp_case("X-ORBS-Stamp", "open relay")) then
call spamdetect(4.0, "Sender's IP was on an open relay RBL")
endif

if(rexp_case("X-ORBS-Stamp", "dialup")) then
call spamdetect(4.0, "Sender's IP was on a dialup RBL")
endif

Some RBL lists return a numeric code to give extra meaning, for example 127.0.0.4 might mean an open relay, and 127.0.0.5 might mean the site has no postmaster address. You can specify multiple stamp messages using this format, stamp="4=Open Relay~5=No postmaster address~Default message goes here"

See Also: RBL's

Syntax: g_orbs_list name=string action=string stamp=string

g_orbs_nosubmit - Revert to old behaviour, orbs check before submit

Only for disabling this improvement

Syntax: g_orbs_nosubmit bool

g_orbs_rec - Log to record file if orbs deny action occurs

Log to record file if ORBS deny action occurs (can fill logs up). 

Syntax: g_orbs_rec bool

g_orbs_report - List of IP's to check in RBL(s)

Use this setting to test your own ip addresses, as soon as one is found in a RBL you will be sent an email to alert you. The test is performed hourly. To test add 127.0.0.2 to the comma seperated list

Syntax: g_orbs_report string

g_orbs_service - Open Relay Blocking System RBL, service name (superceeded by g_orbs_list)

Set the name of the RBL service you want to use. A RBL service is a DNS database that has a record of all known spamming sites. If the server finds the connecting users IP address in this database all Email from their system is rejected. Also see the setting g_orbs_exception.  Here are a few known RBL services, some charge and some are free!

Syntax: g_orbs_service string

g_orbs_system - Use system DNS lookups instead of SurgeMails for ORBS (not recommended)

If true use system DNS lookups instead of surgemails for orbs (not recommended). 

Syntax: g_orbs_system bool

g_orbs_test2 - Test block all addresses

This setting has no further documentation currently available

Syntax: g_orbs_test2 bool

g_orbs_testing - ORBS testing

If true ORBSlookups are recorded but not blocked.

Syntax: g_orbs_testing bool

g_orbs_timeout - Orbs timeout

ORBS lookup timeout in seconds (default=10). If the timeout is reached the message is accepted and the failure is logged to mail.log.

Syntax: g_orbs_timeout int

g_outgoing_block - Block user if this many spam sent in one day

Use with caution!

Syntax: g_outgoing_block int

g_outgoing_n - Send manager email if more than this many spam from one user per day

Outgoing SPAM filter, for local authenticated hacker sending spam.

Syntax: g_outgoing_n int

g_outgoing_white - Whitelist for outgoing spam detector

This setting has no further documentation currently available

Syntax: g_outgoing_white string

g_pass_force - Force user to reset password if admin changes it

Makes the user change the password on the next login to user.cgi or surgeweb

Syntax: g_pass_force bool

g_pass_twofactor - Enable two factor authentication

Allow users to enable two factor authentication.

Syntax: g_pass_twofactor bool

g_pass_twofactor_bypass - Bypass twofactor for ip addresses

Requires merged login.

Syntax: g_pass_twofactor_bypass string

g_pass_twofactor_life - Session life in minutes, dflt 4 hours

Allow users to enable two factor authentication.

Syntax: g_pass_twofactor_life int

g_pass_twofactor_merged - Require +code for imap/pop logins sometimes

Requires merged login.

Syntax: g_pass_twofactor_merged bool

g_perflog_disable - Disable perflog logging

Completely disable the logging of historica performance data for the status graphs.

Syntax: g_perflog_disable bool

g_perflog_flush_interval - Flush interval

Interval in seconds to flush the performance log files to disk. Default is 3600 s (ie once per hour)

Syntax: g_perflog_flush_interval int

g_perflog_logall - Log all counters

Log all counters including the currently undisplayed counters. This is useful if in the future you suddenly think, Oh I would really like to see the historic information on one of the undisplayed counters - which would normally not have been logged to file.

Syntax: g_perflog_logall bool

g_perflog_lowres - Log in low resolution

Normally data is logged avery 10 seconds and 5 display scales are available hour, day, week, month and year. If this is set samples are taken every 5 minutes and 4 display scales are avbailable: day, week, month, year.

Syntax: g_perflog_lowres bool

g_perflog_surgeonly - Only log surgemail counters

On Windows systems surgemail's performance logging will gather counters from surgemail and from the system "Perfmon" performance logging. This disables the collection of system counters.

Syntax: g_perflog_surgeonly bool

g_phish_block - Replace most urls with a warning link to stop phishing

This setting has no further documentation currently available

Syntax: g_phish_block bool

g_phish_friends - Replace urls for msgs from friends too

This setting has no further documentation currently available

Syntax: g_phish_friends bool

g_phish_key - Used in key generation, never change

This setting has no further documentation currently available

Syntax: g_phish_key string

g_phish_local - Replace urls for locally sent msgs too

This setting has no further documentation currently available

Syntax: g_phish_local bool

g_phish_only - Email addresses to apply link rewrite, default is everyone

This setting has no further documentation currently available

Syntax: g_phish_only string

g_pipelining - Show pipelining in ehlo response

Show pipelining in ehlo response - not recommended - has no behavior affect.

Syntax: g_pipelining bool

g_policy_enable - Enable policy.dat rules, still testing

This setting has no further documentation currently available

Syntax: g_policy_enable bool

g_pop_add_size - Improves pop performance on nfs slightly

This renames inbox messages to include the size of the file so that an lstat call is not needed.

Syntax: g_pop_add_size bool

g_pop_blocksize - Size of packets to read POP messages (best left alone)

Size of packets to read POP messages (best left alone).

Syntax: g_pop_blocksize int

g_pop_cram_enable - Enable cram-md5 support

This setting has no further documentation currently available

Syntax: g_pop_cram_enable bool

g_pop_delay - Send POP packets after waiting for more data to send

This setting replaced g_pop_nodelay, as the default has been changed. It was changed as this can improve performance.

Syntax: g_pop_delay bool

g_pop_flush_lines - Flush to tcp every line of message sent (slow)

Too debug faulty network/client pop issues, not for general use, this may slow performance significantly

Syntax: g_pop_flush_lines bool

g_pop_lock - Lock out duplicate POP users with the file system

Use this setting if you are sharing a file system between multiple mail servers. This will make the mail server lock the users files to prevent a second user of the same name logging in and reading mail from one of the other systems.

Syntax: g_pop_lock bool

g_pop_max - Max total POP & IMAP users at any one time

This limits the channels that will be used at any one time for incoming POP and IMAP connections. The purpose of this setting is to prevent a sudden burst of users reading mail from using up all available channels. Generally setting this is a bad idea as there is a sensible default (dependent on the system resources available). 

See FAQ section on session limits

Syntax: g_pop_max string

g_pop_min_late - Give min time error on first command after login

This may be less disruptive as it stops the client thinking the password is wrong.

Syntax: g_pop_min_late bool

g_pop_min_msg - Additional warning to give user when they login too soon

This lets you explain to the user what the problem is. Don't get carried away some clients may not like a long string here!

Syntax: g_pop_min_msg string

g_pop_min_skip - Skip ip addresses matching this list.

Useful for whitelisting webmail servers etc. 127.0.0.1 is always skipped

Syntax: g_pop_min_skip string

g_pop_min_time - Min time in seconds between consecutive POP logins, NEVER USE

If a pop client connects more often than this, give an error. This setting will very likely break webmail sessions and cause odd problems, Best avoided!

Syntax: g_pop_min_time int

g_pop_nolock - Allows concurrent pop logins, recommended

This setting avoids problems when users use pop and imap access to the same account at the same time.

Syntax: g_pop_nolock bool

g_pop_port - Port to listen for POP connections (default 110)

Typically you won't need to change this, however you can specify an IP address to bind to or a list of alternate ports, eg: 10.3.2.3:110 or 110,6110 etc... By default the mail server listens to port 110 on all adapters/addresses. Use the keyword 'disabled' to disable this part of the SurgeMail service.

Syntax: g_pop_port string

g_pop_secure_port - Port to listen for secure POP connections (default 995)

Dedicated secure port to listen on for POP connections.  Use the keyword 'disabled' to disable this part of the SurgeMail service.

Syntax: g_pop_secure_port string

g_pop_warning - Send manager warning if this many sessions (pop or imap) reached (max 1 per hour)

This setting has no further documentation currently available

Syntax: g_pop_warning int

g_popfetch - Fetch incoming mail from another POP server

POPfetch will retrieve mail from POP accounts on another server and store it locally. The POP fetch interval can be set using g_popfetch_interval. The parameters for this setting are host(required), user(required), pass(required) or localuser(required).

eg:
g_popfetch host="netwin.co.nz" user="marijn" pass="secret" localuser="marijn@anydomain.com"

Alternatively POPfetch is able to attempt local delivery based on headers. Delivery is attempted to "X-Rcpt-To:" with fallback of "To:" and "Cc:" headers. To enable this the local user needs to be defined as "*,userxxx". Fetched mail will be delivered as specified in the headers or if no valid user is identified in the header to the default user "userxxx". 

Syntax: g_popfetch host=string user=string pass=string localuser=string disable=bool

g_popfetch_interval - Interval between POPfetch attempts

The interval (in seconds) between successive attempts to fetch mail from remote mailserver POP accounts (as per g_popfetch rules). (default is 5 minutes = 300)  

Syntax: g_popfetch_interval int

g_popfetch_kick - POPfetch will try and open the link for 10 seconds, then retry, this should bring up ISDN lines.

If true then POPfetch will try and open the link for 10 seconds, then retry, this should bring up ISDN lines. 

Syntax: g_popfetch_kick bool

g_popfetch_nodup - Drop duplicate messages

Drop duplicate messages based on "Message-id:" header. 

Syntax: g_popfetch_nodup bool

g_ppd_port - POPPassD port (default 106)

Port to listen for POPPassD connections. Typically you won't need to change this, however you can specify an IP address to bind to or a list of alternate ports, eg: 10.3.2.3:106 or 106,6106 etc... By default the mail server listens to port 106 on all adapters/addresses.  Use the keyword 'disabled' to disable this part of the SurgeMail service.

Syntax: g_ppd_port string

g_private - Enable a private customer specific feature

Used to enable private features. Not for general use

Syntax: g_private string

g_proxy - Proxy mode (or mailhost)

This enables the SurgeMail proxy mode, using 'tohost="xxx"' received from the authentication to determine real host for SMTP/POP connections. Any incoming SMTP, POP or IMAP connections will be passed on directly to the specified server. This allows you to split a domain over several separate systems. This method is outlined in general terms here.

To setup a proxy server system with 4 machines (2 proxy, 2 backend) use the following steps, lets assume your hosts are PROXY1, PROXY2, SERVER1, SERVER2

1) Set on the proxy servers in surgemail.ini g_proxy "true"

On the back end server use g_pop_nolock "true" (to avoid timing issues)

On the back end server set g_tohost_local "server1" (or server2) so it knows it's own name.

2) Configure your authent database to return 'tohost=xxx' for each user on your system, e.g. in nwauth

nwauth
set testuser1@test.com test tohost="SERVER1"
set testuser2@test.com test tohost="SERVER2"
lookup testuser1@test.com
+OK testuser1@test.com config 0 tohost="SERVER1"

3) Configure your load balancing router to send users to PROXY1 & PROXY2, ...

4) When new users are added always define the 'tohost' setting to define which system they are added to as load increases you can add more backend or frontend servers as needed.

This is very similar to the 'mailhost' setting some systems use in LDAPAuth to translate mailhost to 'tohost' you would use: info_fields mailhost,tohost in ldapauth.ini

Syntax: g_proxy bool

g_proxy_default - Default proxy host

Default host to forward to if 'tohost' is not defined in user database for this user. 

Syntax: g_proxy_default string

g_proxy_to_gateways - Proxy pop/imap connections to matching gateway settings

This setting has no further documentation currently available

Syntax: g_proxy_to_gateways bool

g_proxy_usercgi - Proxy user.cgi requests to tohost (web_ref_text.txt & g_web_ref_path_extension must match on all servers)

This setting has no further documentation currently available

Syntax: g_proxy_usercgi bool

g_proxy_webmail - Redirect webmail logins to external host name

This lets you use a front end server to move web based logins onto the correct webmail host

Syntax: g_proxy_webmail host=string redirect=string

g_pstat_disable - Disable pstat per user accounting (for debugging)

Used for debugging only, do not play with this.

Syntax: g_pstat_disable bool

g_queue_all - Always queue local messages before delivery

This setting has no further documentation currently available

Syntax: g_queue_all bool

g_queue_limit - If on disk queue exceeds this block incoming mail

If you send email in faster than it can be sent, the queue grows forever until the server fails due to huge directories or insufficient disk space, this setting stops the incoming messages so you are alerted to the problem before it becomes critical. Note that this stops all incoming mail, including local deliveries. This is the number of items

Syntax: g_queue_limit int

Example: g_queue_limit "100000"

g_queue_max - Size of internal queue file cache

Size of internal mail queue file cache, range 500-3000. 

Syntax: g_queue_max int

g_queue_spawn - Run command on queue files before delivery ONLY if g_queue_all is true, filename is passed as parameter

This setting has no further documentation currently available

Syntax: g_queue_spawn string

g_queue_warning - If on disk queue exceeds this send manager a warning

If you send email in faster than it can be sent, or something is wrong (e.g. a broken dns server) then this helps warn you early

Syntax: g_queue_warning int

Example: g_queue_warning "10000"

g_quota - Disk quota for users in specified g_access_group

If the user is in the specified group they get the specified disk quota. This is applied if no quota is specified in the authent module.

Syntax: g_quota group=string quota=string

g_quota_550 - Give 550 quota response instead of 552

Can help with old systems that need the wrong error code.

Syntax: g_quota_550 bool

g_quota_at - Default is 80%

Level at which user gets a warning message

Syntax: g_quota_at string

g_quota_before_forward - Do quota check before forwarding.

This setting has no further documentation currently available

Syntax: g_quota_before_forward bool

g_quota_default - Default quota

This setting has no further documentation currently available

Syntax: g_quota_default string

g_quota_disable - Disable quota system

Disables quota processing completely

Syntax: g_quota_disable bool

g_quota_friends - Count stored spam as part of quota

Count friends pending messages and spam store as part of the per user quota. 

Syntax: g_quota_friends bool

g_quota_from - Return address for quota warning messages

This setting has no further documentation currently available

Syntax: g_quota_from string

g_quota_noemail - Disables all quota messages to the user

This setting has no further documentation currently available

Syntax: g_quota_noemail bool

g_quota_notrash - Remove Trash folder from quota calculation

This setting has no further documentation currently available

Syntax: g_quota_notrash bool

g_quota_rcpt_disable - Disables quota check at rcpt stage

SurgeMail now does quota checking at rcpt stage (Quota checking used to be done after data arrived) This setting disables the quota checking at rcpt stage if the above causes problems (not intended for general use). 

Syntax: g_quota_rcpt_disable bool

g_quota_report - Send quota warnings to the manager

Useful for small systems where any quota limit failure is an issue for the manager to resolve, only one report is sent a day so you may not hear about all users over quota.

Syntax: g_quota_report bool

g_quota_skip - Skip quota checks for matching ip addresses

Skips the quota checking. Use this if you have a high priority robot (like your billing system) that must be able to deliver email to users (or students) even if the user is over quota.

Syntax: g_quota_skip string

g_quota_try_later - Retry responses for over quota

Give 450 response if user is over quota so message will be resent. 

Syntax: g_quota_try_later bool

g_quota_warning_disable - Disables the 80% quota warning message

Disables the 80% quota warning message. 

Syntax: g_quota_warning_disable bool

g_rbl_login - Server to lookup ips that should not be allowed to login

This setting has no further documentation currently available

Syntax: g_rbl_login string

g_rcpt_bang - Allow bang characters in addresses

Allow exclamation marks in addresses. ie '!'

Syntax: g_rcpt_bang bool

g_rcpt_colon - Allow colon characters in addresses

Allow colon characters in addresses. ie ':'

Syntax: g_rcpt_colon bool

g_rcpt_max - Max recipients per message, default is 1000

Max recipients per message, default is 1000, can only be lower than 1000.

Syntax: g_rcpt_max int

g_rcpt_max_in - Limit for recipients of untrusted channels, default g_rcpt_max

This limit is only applied to untrusted sessions (incoming mail)

Syntax: g_rcpt_max_in int

g_rcpt_msg - Invalid recipient response

Response given for invalid recipient errors message is prefixed by email address..

Syntax: g_rcpt_msg string

g_rcpt_nodup - Ignore duplicate recipients to the same user

When enabled this prevents a message being delivered more than once to a single person, it's a fairly good setting to use and will get rid of some spam for people using fallback addresses.

Syntax: g_rcpt_nodup bool

g_rcpt_ok - Whitelist for invalid rcpt addresses we will permit

This setting has no further documentation currently available

Syntax: g_rcpt_ok string

g_rcpt_quote - Allow quote character(s) in addresses

By default quotes are blocked at the SMTP level, this is because some of the authent modules don't handle quotes in addresses so it's best not to let them through. There is no known reason for ever turning this setting on.

Syntax: g_rcpt_quote bool

g_rcpt_trace - Add X-Rcpt-Trace headers

This will list all recipients in the message to facilitate tracing

Syntax: g_rcpt_trace bool

g_rdns_timeout - Timeout for reverse DNS lookups default is 30 seconds

Best set between 10 and 60

Syntax: g_rdns_timeout int

g_received_name - Name shown in received headers

Name shown as received "by" in the received headers this defaults to server name but can be specified if required:

eg "myservername"

   Received: from netwin.co.nz (unverified [10.0.0.5])
      by myservername (SurgeMail 1.5f) with ESMTP id 1140619
      for <marijn@netwin.co.nz>; Fri, 07 Nov 2003 10:25:59 +1300

Syntax: g_received_name string

g_received_names - List of valid received names for incoming email

This list is used when processing vanish_bad_bounces, vanish_virus_bounces and vanish_any_bounce. It defines the valid received names to expect quoted in a properly formed bounce message for a message from this server/system.

Syntax: g_received_names string

g_received_skip - Don't write a received header for local trusted users

This setting can be used to hide sensitive local ip addresses from outgoing mail headers. This will make tracking abuse more difficult, we do not recommend using this setting generally.

Syntax: g_received_skip bool

g_received_skip_all - Skip local received header (DO NOT USE)

Note that in the case of a message that is to a local and remote recipeient, it will skip the headers for both, even though the desire is to skip them for the remote recipient only. This not quite right, ideally one should skip this for outgoing only but since the header is added at delivery time we thought this was close enough.

Syntax: g_received_skip_all bool

g_received_skip_spf - Skip spf received header (DO NOT USE)

Note that in the case of a message that is to a local and remote recipeient, it will skip the headers for both, even though the desire is to skip them for the remote recipient only. This not quite right, ideally one should skip this for outgoing only but since the header is added at delivery time we thought this was close enough.

Syntax: g_received_skip_spf bool

g_recent_bypass - Bypass recent login failure checking

This allows you to disable recent login failure checking for certain IP addresses. Normally there up to a maximum of 9 login attempts are allowed per connection.

Syntax: g_recent_bypass string

g_record_days - Period delivery logs are stored

The number of days SurgeMail message delivery logs are stored.

Syntax: g_record_days int

g_record_hash - Hash delivery logs

Message delivery logs may be stored in hashed format within g_record_path as <surgemail dir> \recYYMM\msgYYMMDD.rec

Syntax: g_record_hash bool

g_record_login - Log successful logins to msg*rec files

This setting has no further documentation currently available

Syntax: g_record_login bool

g_record_path - Path for mail delivery logs

Sets the path for the SurgeMail delivery logs. Delivery logs contain entries for mail received and delivered in a single file per day. See Searching the Log Files for more information.

Syntax: g_record_path string

g_recover_noquestions - Remove question based password recovery system

This setting has no further documentation currently available

Syntax: g_recover_noquestions bool

g_recover_reminder - Send users reminder email monthly until they set a recovery email address

This setting has no further documentation currently available

Syntax: g_recover_reminder bool

g_recycling - Keep deleted messages so users can undelete email

See tellmail undelete command

Syntax: g_recycling bool

g_recycling_del - Allow usergroup to delete messages from the recycle folder

This setting has no further documentation currently available

Syntax: g_recycling_del string

g_recycling_imap - Make visible to IMAP users, default is now ONLY surgeweb users

This setting has no further documentation currently available

Syntax: g_recycling_imap bool

g_recycling_life - Days to keep imap deleted messages, default 30

This setting has no further documentation currently available

Syntax: g_recycling_life int

g_recycling_pop - Do recycling for POP deletes too

This setting has no further documentation currently available

Syntax: g_recycling_pop bool

g_recycling_visible - Only allow members of this group to see recycling folder

This setting has no further documentation currently available

Syntax: g_recycling_visible string

g_redirect - Redirect messages to 'was' to the 'new' address

Specifies global redirection rule. These rules are applied to local and remote addresses so should be used with 'care', for domain based redirection use the redirect rules within a domain. An example rule would be: fred@xx.com --> bob@yy.com or *@xx.com --> joe@xx.com 

Wild cards can be used and replaced, e.g.

g_redirect was="*@gadget.net" to="%1@gadget.com"
g_redirect was="*@*.gadget.com" to="%1-%2@gadget.com"

Would make

bob@gadget.net --> bob@gadget.com
fred@cool.gadget.com --> fred-cool@gadget.com

These rules are processed 'before' the domain is identified, therefore you cannot use host_alias domain values in them. Use a domain redirect rule if this is required.

You can also redirect a message to a robot or script like this:

g_redirect was="auto@mydomain.com" to="|/usr/local/myrobot.sh"

Your script can read the environment variables:
MAILFROM
RCPTTO
MSGSIZE

And must read the message on 'stdin', the message will be terminated with "crlf.crlf"

Your script can then process the message and if it want's to respond must use smtp to send a response back etc...

Your script will run as the user 'mail' so if that user does not have access to the script file or work files then it will fail :-)

 

Syntax: g_redirect was=string to=string

g_redirect_cc - Carbon Copy redirect message

Same as 'redirect' but the message is still delivered to the original address as well. For g_redirect_cc there are two special names defined "$localdomain$" and "$remotedomain$", which can be used in the 'was' paramater (requires SurgeMail 2.3). 

Syntax: g_redirect_cc was=string to=string

g_redirect_cc_attach - Redirect message as attachment if rule applies

This rule is applied at the point of delivery, so only if the original user actually gets the email, and the message is sent as an attachment, the original message is ALSO delivered

Syntax: g_redirect_cc_attach was=string to=string header=string contains=string

g_redirect_from - Redirect message if from matches

Redirect a message to another address if the from matches. 

Syntax: g_redirect_from from=string to=string

g_redirect_from_cc - Carbon Copy redirect message if from matches

Redirect a copy of the message to another address if the from matches still delivering to the original address as well.

Syntax: g_redirect_from_cc from=string to=string

g_redirect_hide - Hide the redirection in the SMTP output

Hide the redirection in the SMTP output

Syntax: g_redirect_hide bool

g_redirect_iflocal - If local domain, then apply redirect

This is for doing fancy redirection where the rule is only applied if the domain of the destination is a local domain. For example to redirect all messages to postmaster at any local domain to one particular admin user.

Syntax: g_redirect_iflocal was=string to=string

Example: g_redirect_iflocal was="postmaster@*" to="john@main.domain"

g_redirect_ignore_errors - Accept email even if redirected addresses fail

We consider this to be faulty behaviour as it will lead to emails vanishing with no bounce, use entirely at your own risk.

Syntax: g_redirect_ignore_errors bool

g_redirect_newmid - Generate new MID on redirection

This can help avoid loops.

Syntax: g_redirect_newmid bool

g_redirect_noautocreate_rules - Don't create redirection rules for domains automatically

This will stop SurgeMail creating redirection rules for new domains such as postmaster,abuse and support

Syntax: g_redirect_noautocreate_rules bool

g_redirect_ses - If message is not local then apply redirect

Send all outgoing email to this address instead, useful for redirecting email to a robot (like amazon ses service), this is called for each outgoing message, once for each recipient

Syntax: g_redirect_ses from=string was=string to=string

Example: g_redirect_ses was="*" to="john@external.domain"

g_relay_allow_from - Allow relaying for known from addresses

This setting allows users to send outgoing Email if their envelope 'from' address is a known local address. This is a very bad idea in general as spammers can do this too. So in general don't use this setting except as a lesser of two evils.  It will be detected by some open relay checking systems and your site can then end up listed as an open relay.  If this happens your Emails will be rejected by other peoples systems. e.g.

g_relay_allow_from "*@my.domain,*@second.domain,fred@third.domain"

Syntax: g_relay_allow_from string

g_relay_allow_ip - Allow relaying from these users

List the IP ranges of local users that you will allow to send 'OUTGOING' Email without using SMTP authentication, e.g. "127.0.0.1,10.0.*". In the past, mail servers used to permit this from any IP address, but since this was abused by 'spammers' all modern mail servers only allow this from known local IP addresses. Remote users should use 'smtp authentication' or login via POP protocol before sending Email, then SurgeMail will trust them. Do NOT set this to '*' If you do your system will be blocked as it will be assumed that spammers are using your system even if they are not!!! 

Syntax: g_relay_allow_ip string

g_relay_dom_and_ip - Relay based on domain and IP

Allow relaying if the domain in the from envelope and IP address both match.

Syntax: g_relay_dom_and_ip domain=string ip=string

g_relay_ifnot - Accept locally only if not from this ip

This lets you send all email to 'mx' destination, even if the account is local, unless it is coming from a known ip address range.

Syntax: g_relay_ifnot string

g_relay_message - Message to display to users who try to relay

Text string displayed to users who try and relay.

Default (blank) is: "Relaying blocked, read new mail, add <sender.ip> to forwarding or enable smtp authentication in your mail client"

Syntax: g_relay_message string

g_relay_nolocal - Do not automatically relay for 127.0.0.1

This setting has no further documentation currently available

Syntax: g_relay_nolocal bool

g_relay_process - Relay process, e.g. testip.exe $WHOIP, return 1 to allow relaying, 0=deny

Allows you to run an external program to lookup an ip address and decide if it is one of your users who should be allowed to relay. This can be used when your users login via some type of shared system so the ip ranges are not known but you do have a way of checking if a user of yours is 'currently' connected on an ip address

Syntax: g_relay_process string

Example: g_relay_process "c:/surgemail/testip.exe $WHOIP"

g_relay_to - Relay to this domain from anyone

This setting allows mail from anyone to be relayed to the specified domain. The relaying is unconditional.

Syntax: g_relay_to string

g_relay_to_user - Relay to specific user from anyone

This setting has no further documentation currently available

Syntax: g_relay_to_user string

g_relay_window - Allow relaying after valid POP login

This sets the time after a valid POP login that you will allow a user on the same IP to send outgoing mail. In general it is safe to set this setting large and it can allow people using old mail clients (that do not know how to do SMTP authentication) to still send through your server without making your server an open relay. 

Syntax: g_relay_window int

g_relay_window_from - Requires pop authed user is in from header of sent message

This must be used with g_relay_window, the matching is 'simplistic' and matches on the 'from envelope' but will stop most simple forms of abuse.

Syntax: g_relay_window_from bool

g_rename_content - Wild card list of mime types to rename, e.g. application*zip*

This setting has no further documentation currently available

Syntax: g_rename_content string

g_rename_files - Files to apply virus renaming to

Only takes effect if g_virus_rename is checked. Default is: "*.exe,*.pif,*.bat,*.com,*.cmd,*.jav,*.vbs,*.scr,*.wsh"

Syntax: g_rename_files string

g_report_host - Report facts to a central host

Not for general use currently

Syntax: g_report_host string

g_report_notspam - Send not spam samples to netwinsite.com automatically (unwise)

This feature enables automatic reporting of some not spam messages (as tagged by users on your server) - this setting has serious privacy considerations only use if your users are happy with this. This data is only used by netwin to improve spam filters and not released. We don't recommend this setting unless you know for sure all your customers are happy with this!

Syntax: g_report_notspam bool

g_report_spam - Send spam samples to netwinsite.com when msg trained

Note that this sends full mail samples to netwinsite for later analysis/training.

Syntax: g_report_spam bool

g_responder_delay - Delay between responses to the same address.

This setting has no further documentation currently available

Syntax: g_responder_delay string

g_responder_friends - Only respond if from known friends

This can further reduce spam back scatter issues

Syntax: g_responder_friends bool

g_responder_from - Send 'from' destination user.

Use g_bounce_noreply setting instead to avoid annoying bounces

Syntax: g_responder_from bool

g_responder_noreply - Send 'from' noreply@ destination domain, improves delivery

This improves delivery

Syntax: g_responder_noreply bool

g_responder_safer - Only respond if the sender can be verified in some way (spf/domainkeys)

This setting makes the server less likely to be black listed by accidentally responding to a forged email.

Syntax: g_responder_safer bool

g_responder_score - Do not respond if spam score is above this

This can further reduce spam back scatter issues

Syntax: g_responder_score int

g_responder_sender - Responder whitelist for email from address

Allow response on spf failure if from matches thsi wildcard

Syntax: g_responder_sender string

g_responder_skip - Skip responder if from matches

Skip responder if from envenlope matches this list/wild card

Syntax: g_responder_skip string

g_responder_source - Responder whitelist for from ip name or number

Allow response on spf failure if from matches thsi wildcard

Syntax: g_responder_source string

g_responder_to - Responder whitelist for destination user

Allow response on spf failure if to matches this list

Syntax: g_responder_to string

g_responder_utf8 - Send response in utf8 format

Alow utf8 chars in response

Syntax: g_responder_utf8 bool

g_restart - Auto restart server

If turned on Swatch (a spawned second process) checks every 30 seconds to see if the server is still running. If it isn't running but it's pid file still exists (so if it died) this second process restarts the missing server and sends the manager account an Email reporting the fault.

For this to work on NT you need to set Dr Watson NOT to show visual notification of faults:

 This sets Dr Watson to be the default debugger)
         c:/> drwtsn32 /i   
 This brings up the Dr Watson settings, un-tick "Visual Notification"
         c:/> drwtsn32

Generally this setting is not needed and could be left off, but if an odd problem should develop, this setting can give you peace of mind for a few days while you wait for a problem resolution from NetWin. 

Syntax: g_restart bool

g_restart_kill - Allow swatch to kill surgemail if not responding - beta

This setting has no further documentation currently available

Syntax: g_restart_kill bool

g_restart_malloc - Restart server if malloc exceeds this (in mb), e.g. 1000

This setting has no further documentation currently available

Syntax: g_restart_malloc int

g_restart_vmsize - Restart server if vmsize exceeds this (in mb), e.g. 1000

This setting has no further documentation currently available

Syntax: g_restart_vmsize int

g_retry_bounces - Max hours to keep trying to bounce messages

Max hours to keep trying to deliver a bounce the default is 48hrs

Syntax: g_retry_bounces int

g_retry_dns - Hours to keep trying if dns response suggested invalid domain name, default 0

By default, if the DNS server says a domain doesn't exist, the message is immediately bounced so the sending user can take action. In some rare cases this will occur with a valid domain name because the actual DNS of the domain you are sending to is temporarily down. In this situation making SurgeMail retry for 1 hour can prevent these false bounces. I don't recommend this setting as mostly the DNS response and cache etc is very very reliable because SurgeMail keeps a local cache of DNS lookups that worked on disk. So for a failure like this to occur it must be the first time the server has EVER looked up the domain, so the odds are extremely remote. Delaying a useful response to the user for 1 hour just for this remote chance is not wise in my opinion.

Syntax: g_retry_dns int

Example: g_retry_dns "1"

g_retry_from - Time to keep messages from these domains

This setting has no further documentation currently available

Syntax: g_retry_from domain=string hours=string

g_retry_limit - Max hours to keep trying to deliver messages

Every hour the mail server will attempt to deliver any messages that fail for a reason that may be a temporary fault (for example the destination mail server doesn't respond). This setting limits how long these retries continue for. The default is 48 hours (2 days). 

Syntax: g_retry_limit int

g_retry_minutes - Time between attempted retries

Time in minutes that SurgeMail will try and resend a message that has failed to be delivered.
(default = 60 minutes).

Syntax: g_retry_minutes int

g_retry_rule - Retry rules overriding g_retry_limit

Rules that allow you to specify the retry_limit in hours on a per destination domain basis.

Example:
g_retry_rule domain="test.com" hours="48"

That will make it keep retrying to send to the domain test.com for 48 hours.

Syntax: g_retry_rule domain=string hours=string

g_retry_unwarn - Send user sent on confirmation if warning sent

This complements the warning setting, so the user can see the message did eventually go through and after how long...

Syntax: g_retry_unwarn bool

g_retry_warn - Send user a warning if first send fails

I like this setting myself but it can confuse users as the first send attempt will often fail and the user will mis read the bounce and think it's failed completely. It does mean when a message is urgent the user gets told right away, instead of 2 days later, that there is a problem sending the message so for a business it's a nice setting to enable.

Syntax: g_retry_warn bool

g_retry_warn_n - Send user a warning if nth send fails

Similar to the above setting but this one reduces the false warnings as messasges often fail on the first attempt

Syntax: g_retry_warn_n int

g_route - Wildcard route mail to specified server

Route messages matching particular wildcard "from address" and wildcard "to address" to specified server. This is not a gatweay rule and is only applied to mail that has already been accepted via SMTP authentication, relaying rules or gateway rules.

This would typically be used to route all mail for a particular user on a domain to another mailserver or to route all mail from a local domain through another server:

Case 1: Route mail for one user to another server

g_route from="*@*" to="user@localdomain.com" dest="1.2.3.4" user="" pass=""

Case 2: Route all mail from local domain through other server

g_route from="*@localdomain.com" to="*" dest="1.2.3.4" user="" pass=""

g_route_except gets applied allowing you to prevent mail coming in from certain IP addresses to be routed.

Syntax: g_route from=string to=string dest=string user=string pass=string

g_route_by_tohost - Route based on authent 'tohost' field

Use routing to a particular server based on 'tohost' setting in authentication database. This is particularly useful if you have users spread over several physical locations and want to be able to route mail for different users to particular servers.

Syntax: g_route_by_tohost bool

g_route_except - IP exception to g_route and g_route_by_tohost

IP exception to g_route and g_route_by_tohost.

Syntax: g_route_except string

g_route_local - Route messages for local domains if the rule applies

This setting has no further documentation currently available

Syntax: g_route_local bool

g_route_local_ifexists - Route messages for local domains if the rule applies and the local user exists

g_route_local is also required.

Syntax: g_route_local_ifexists bool

g_route_tous - Route messages back to our own ip

This setting has no further documentation currently available

Syntax: g_route_tous bool

g_rules_msgtime - Use msg time rather than file time for expire rules

This setting has no further documentation currently available

Syntax: g_rules_msgtime bool

g_rules_old - Never use

This setting has no further documentation currently available

Syntax: g_rules_old bool

g_run_cmd - Run command on all messages use $FILE$ in cmd parameters

This setting has no further documentation currently available

Syntax: g_run_cmd string

g_sabre_version - SabreDAV version (DO NOT CHANGE, for debugging only)

This setting has no further documentation currently available

Syntax: g_sabre_version string

g_safe_alert - Email manager when user fails to login from new ip

Useful to keep an eye on users and hackers

Syntax: g_safe_alert bool

g_safe_country - White list use 2 char country code, e.g. US,NZ,AU a list is ok, use with g_safe_smtp

This whitelists your entire country, which can help prevent user confusion by blocking logins while still blocking logins from the rest of the world

Syntax: g_safe_country string

g_safe_country_nowarning - Whitelist countries for just this setting

This setting has no further documentation currently available

Syntax: g_safe_country_nowarning string

g_safe_imap - Force users to prove they are real if logging in from pop/imap NEVER NEVER USE

This feature is intended to prevent spamers/hackers from harvesting accounts on your system and then using them to send out spam. This setting should never be used as users often never see the error and just get prompted for a new password.

Syntax: g_safe_imap bool

g_safe_message - First line of email sent to user when login blocked

The default is 'Sorry logins are not permitted from unknown ip addresses'

Syntax: g_safe_message string

g_safe_smtp - Force users to prove they are real if logging in from unknown sources via smtp

This feature is intended to prevent spamers/hackers from harvesting accounts on your system and then using them to send out spam, the user is sent an email to enable logins

Syntax: g_safe_smtp bool

g_safe_smtp_email - Email manager as remote ip addresses are added

This feature is intended to prevent spamers/hackers from harvesting accounts on your system and then using them to send out spam

Syntax: g_safe_smtp_email bool

g_safe_text - The first line of the warning email when a new login occurs

This lets you explain to the user what this email is about.

Syntax: g_safe_text string

g_safe_warning - Email user for logins from new ip addresses

Helps alert users if their account has been hacked, will also cause confusion though. This is not the same as g_safe_smtp which also generates user level warnings...

Syntax: g_safe_warning bool

g_safe_white - White list for g_safe* settings

These ip addresses are always considered to safe, typically internal networks, 10.*.*.* .

Syntax: g_safe_white string

g_sample_get - Sample account to check if deliveries work

The idea is to create several accounts on various public mail servers. Then send a test message using a mailing list or g_redirect rule to these test accounts, then use the command tellmail sample_get CODE DELETE to check if the messages have arrived. The first paramter of tellmail sample_get is a code it expects to find in the message headers (or subject) and the second paramter should be the keyword 'delete' if you want it to delete the sample messages.

Syntax: g_sample_get host=string user=string pass=string

g_sample_show - Headers to show from sample messages

Typicall you will list headers that are added by spam filters

Syntax: g_sample_show string

g_scan_action - Converts return value from g_scan_cmd to action on email

Converts return value from g_scan_cmd, action=drop,accept,bounce.

Syntax: g_scan_action code=int action=string reason=string

g_scan_cmd - Run command on message, and return integer

Run command on message, and return integer, see g_scan_action.

Syntax: g_scan_cmd string

g_scan_cmd_failok - Don't reject if script fails

This setting has no further documentation currently available

Syntax: g_scan_cmd_failok bool

g_scan_cmd_skip - Skip for matching ip addresses

This setting has no further documentation currently available

Syntax: g_scan_cmd_skip string

g_scan_cmd_testing - Don't reject, (for testing)

This setting has no further documentation currently available

Syntax: g_scan_cmd_testing bool

g_sched_utoken_timeout - Timeout for sched utokens in minutes

Timeout for sched utokens in minutes. 

Syntax: g_sched_utoken_timeout int

g_send_backoff - Backoff slow hosts

Seconds to leave slow responding host alone (default 900).

Syntax: g_send_backoff int

g_send_body_end_retry - Try again if connection fails after entire body sent

This setting will tend to result in 'duplicate' messages being received, so should not be used, but strictly speaking it is valid to retry in this situation, the trouble is the receiving mail server 'may' have a real copy of the message so may deliver it even though the connection was dropped.

Syntax: g_send_body_end_retry bool

g_send_body_noretry - Don't try and resend if failure during body send

By default SurgeMail retries to send messages if the tcp connection is lost during the body send part of sending an email message. In rare situations this may cause problems, for example while sending a large file if the receiving software is faulty and is dieing rather than responding with 'don't try again' error code. This behaviour was reversed before version 2.0h (e.g. it never retried)

Syntax: g_send_body_noretry bool

g_send_body_once - Don't try 3 times if failure occurs sending body

This setting disables the new feature where the server tries harder to deliver a message even if it 'might' result in duplicates being delivered.

Syntax: g_send_body_once bool

g_send_bug1 - Fail while sending messages

Debugging feature.

Syntax: g_send_bug1 bool

g_send_conspeed - Outgoing connections per second per destination, default is 4

This helps prevent surgemail exceed tarpit throttles common in unix mail servers, adjust at your own risk. This won't generally limit outgoing email speed so you don't need to touch it. A value of '1' means surgemail can make one connection each second.

Syntax: g_send_conspeed int

g_send_delay - Wait this many seconds after sending each item.

This is a simple throttle to limit sending speed to any single domain, a value of 2 seconds is probably reasonable. In general you would also set G_SEND_MAX_PERDOM to 1.

Syntax: g_send_delay int

g_send_first_retry - Minutes for first retry, default is 16 minutes, do not adjust!

It's best not to change this generally, if you set it too low then grey listing may fail, if you set it higher then email is delayed.

Syntax: g_send_first_retry int

g_send_helo - Domain to use for all outgoing SMTP helo commands

Fully qualified domain to use for all outgoing SMTP helo commands.

Syntax: g_send_helo string

g_send_helo_from - Use the sending domain for the helo command

If the senders domain name (in return path envelope) is a valid local domain, then it is used in the 'helo' command.

Not generally recommended. The correct use of the helo is to identify the sending machine, not the domain, so although this makes the headers look pretty it doesn't make them more correct in my opinion.

Syntax: g_send_helo_from bool

g_send_helo_in - Lookup dns name of incoming ip connection on local interface, UNSAFE

So this is the local ip name it looks up not the remote ip address name. Unsafe because dns may fail then it will say helo with invalid string

Syntax: g_send_helo_in bool

g_send_lines - Send single line packets

Send messages in single line packets, slow! (for debugging)

Syntax: g_send_lines bool

g_send_lowpriority - Ip address of bulk sending servers

This limits the impact from mailing lists that would otherwise clogg the server and prevent normal individual emails going through quickly, typically set to *bounce@* to lower mailing list priority

Syntax: g_send_lowpriority string

g_send_max - Max concurrent sending sessions

Maximum concurrent outgoing SMTP connections . You should not have to change this. The default is 100.

Syntax: g_send_max int

g_send_max_perchan - Msgs to send on one open channel

This may help delivery if a server is incorrectly identifying your server as a spam source. A value of 1-5 would be reasonable

Syntax: g_send_max_perchan int

g_send_max_perdom - Max concurrent sending sessions to a single domain

Maximum concurrent outgoing SMTP connections to a single domain. The default is 2. This can be set higher and the default used to be 6 however there are a few servers out there that don't like more than 2 channels being opened to them.

Syntax: g_send_max_perdom int

g_send_max_rcpt - How many rcpt's to send per message when sending

Default is unlimited, Setting this to a small value like 10 may help some mail servers.

Syntax: g_send_max_rcpt int

g_send_no_domain - Message to show when domain points to us but can't find user or domain

Most useful when using g_authent_always, as this error will be shown to local users when sending to local users that don't exist.

Syntax: g_send_no_domain string

g_send_nolimit - Don't apply g_max_perdom limit when sending to this domain

Use this on incomng mx severs for the local domain so it can use lots of channels to send the data through.

Syntax: g_send_nolimit string

g_send_nopoll - Use sleep loop instead of poll (debugging only)

This is to try and find an elusive fault on some systems sending large emails, not for general use

Syntax: g_send_nopoll bool

g_send_nosize - Don't send size with from envelope

Revert to old style sending, no known reason for doing this

Syntax: g_send_nosize bool

g_send_noskipslow - Don't skip slow hosts

Normally surgemail remembers hosts that are slow to open, fail and doesn't retry for 60 minutes.

Syntax: g_send_noskipslow bool

g_send_onpopfetch - Only send outgoing while doing a POPfetch

Only send outgoing while doing a POPfetch (For dialup use).

Syntax: g_send_onpopfetch bool

g_send_open_timeout - SMTP link open timeout

Timeout, in seconds when opening an SMTP link.

Syntax: g_send_open_timeout int

g_send_retry_550 - Retry on 550 responses (general failure)

Might be useful to stop messages bouncing when destination server is temporarily rejecting everything

Syntax: g_send_retry_550 bool

g_send_retry_552 - Retry on 552 responses (typically quota exceeded)

Some faulty hosts return a 552 error when a user is over quota, this means that by the RFC SurgeMail must not try again to deliver the message. However this is clearly not a permanent error and so it's often wise to retry in this situation, This setting makes SurgeMail attempt retries when faced with this odd response.

Syntax: g_send_retry_552 bool

g_send_rewrite - Rewrite envelope recipient at send stage, does not change destination server

This rewrites the recipient envelope, you can use wild cards, e.g. *@this.domain %1@another.domain, to rewrite 'from' addresses use g_from_rewrite

Syntax: g_send_rewrite was=string to=string

g_send_speed - max outbound bandwidth

Bytes per second to limit each outgoing channel to. eg: 10k

Syntax: g_send_speed int

g_send_sslheader - Add x-encrypted header when sending via ssl

This setting has no further documentation currently available

Syntax: g_send_sslheader bool

g_send_store_disable - Disable sendstore smtp extenstion

This setting disables the ability to save the message to the sent folder as part of the smtp command (only used by SurgeAlert)

Syntax: g_send_store_disable bool

g_send_strip - Headers to strip when sending

This setting has no further documentation currently available

Syntax: g_send_strip string

g_send_timeout - Send timeout

Timeout, in seconds when sending mail, default is 540 (9 minutes)

Syntax: g_send_timeout int

g_send_tolimit - Limit speed to send to one or more domains.

Some large providers will assume you are a spammer if you send too many messagse in an hour. If you have a large mailing list it's easy to break these limits, in which case some rules like this can prevent this problem.

Syntax: g_send_tolimit domain=string perhour=int

Example: g_send_tolimit domain="hotmail.com,*hotmail.com" perhour="60"

g_sent_archive - Archive old messages to Archives/yyyy/Sent folder, age in days

Trigger with tellmail mail_rules (or it will run once a week)

Syntax: g_sent_archive int

g_sent_nodup - Drop duplicates in Sent folder due to sent_store

This setting has no further documentation currently available

Syntax: g_sent_nodup bool

g_sent_store - Store all sent messages in IMAP folder if smtp authenticated

If user is authenticated then store message in a folder, note that duplicates may occur if the client is also doing this (disable in the client) or use a name like System_Sent to avoid confusion

Syntax: g_sent_store string

g_server_name - Wildcard "SERVER_NAME" translation for domain identification

The vdomain a user connects on is normally identified automatically for "user account self management" and for "webmail". In the event that the domain name is not the same as the host name (eg hostname = mail.domain.com, domainname = domain.com) the WebMail web server can automatically translate the SERVER_NAME variable.

This setting specifies a wild card list of URLs 'URL' with associated translated host name for "SERVER_NAME". If the URL matches then SERVER_NAME is set to the second part of this setting 'name'. eg: to host the domains domain.com and mail.domain.com on host mail.domain.com:

g_server_name url="*.domain.com" name="domain.com"

Note: If your server name is not the same as your domain name also check the per domain setting URL_host.

Syntax: g_server_name url=string name=string

g_server_stamp - Replaces SurgeMail and version string in "Received" headers

Replaces SurgeMail and version string in Received headers of process mail

Syntax: g_server_stamp string

g_setpassword_firstlogin - Accept any password on first POP login and set in database (EMERGENCY USE ONLY, requires nwauth -reasonfail parameter)

This setting has no further documentation currently available

Syntax: g_setpassword_firstlogin bool

g_sf_binary - Use Binary Network

Binary tree for scoring - this mechanism scores based on finding the sample or samples with the closes matching features, and counting how many are spam/not spam. This method is the best choice (currently)

Syntax: g_sf_binary bool

g_sf_disable - Smart Filter Disable

This setting has no further documentation currently available

Syntax: g_sf_disable bool

g_sf_generate - Build local smart filter

Creates feature_gen.dat from sf_mfilter.txt (instead of using feature_gen.net downloaded from netwinsite.com). This requires your server to have a reasonable sample of spam in the train... folders, this is collected automatically over a few days.

Syntax: g_sf_generate bool

g_sf_ignore_users - Ignore user submissions just use automatic samples (obsolete)

This setting has no further documentation currently available

Syntax: g_sf_ignore_users bool

g_sf_limit - Limit range of self training

This setting has no further documentation currently available

Syntax: g_sf_limit bool

g_sf_list - Use list mechanism for scoring

A new mechanism to score more rationally based on the known data.

Syntax: g_sf_list bool

g_sf_nnet - Use Neural Network (Experimental, ONLY FOR TESTING)

Experimental setting

Syntax: g_sf_nnet bool

g_sf_nosanity - Disables improved g_sf_binary with sanity checks

This smoothes out the nonsense a bit if g_sf_binary over-reacts to training or small samples

Syntax: g_sf_nosanity bool

g_sf_obey_users - Obey user submissions about non spam, usually not a good idea

This setting has no further documentation currently available

Syntax: g_sf_obey_users bool

g_sf_rules - Use manual rules to improve scoring

Use additional manual rules

Syntax: g_sf_rules bool

g_sf_saneonly - Sane score only

Experimental setting

Syntax: g_sf_saneonly bool

g_sf_sanity2 - Enables improved sanity scoring

This second sanity check improves scores over 8 to be a bit more useful.

Syntax: g_sf_sanity2 bool

g_sf_sanity_test - Experimental setting never use

Test another spam scoring method

Syntax: g_sf_sanity_test bool

g_sf_test2 - Testing

Experimental setting

Syntax: g_sf_test2 bool

g_share_home - Allow sharing of home directory

This allows sharing of the home directory in the unlikely situation that you might want to run separate surgemail processes. eg one process to cope with SMTP and another to cope with POP access.

Syntax: g_share_home bool

g_share_mail - Allow sharing of mail directory

Set true if mail area is shared (by nfs or other mechanism)

Syntax: g_share_mail bool

g_share_quota - Do quota on disk (e.g. when using nfs shared spool)

Normally SurgeMail keeps track of quota for all users in memory, this is efficient, but means if your are using a shared mail spool the quota figures are completely wrong, so use this setting to make surgemail keep track of quota's on disk, it increases disk load a bit of course but not too much.

Syntax: g_share_quota bool

g_show_senders - Show top senders in domain admin pages

This setting has no further documentation currently available

Syntax: g_show_senders bool

g_shutdown_ifmissing - Shutdown if specified file doesn't exist

Intended to make server die rather than to pretend to keep running when a major disk fault has occurred

Syntax: g_shutdown_ifmissing string

g_shutdown_slow - Delay shutdown

Add 20 second delay to shutdown for testing purposes only.

Syntax: g_shutdown_slow bool

g_skip_return - Skip return path

This setting has no further documentation currently available

Syntax: g_skip_return bool

g_slow_welcome - Delay the welcome message

Add 20 second delay to welcome message for testing purposes only.

Syntax: g_slow_welcome bool

g_smite_all - Add smite headers to all messages passing through server

Normally SmiteSpam headers are only added for locally delivered messages. This setting to all messages passing through this server. 

Syntax: g_smite_all bool

g_smite_gateway - Add smite headers to gatewayed messages

Normally SmiteSpam headers are only added for locally delivered messages. This setting adds the headers for gatewayed messages too. This also adds headers to messages that are redirected by forward rules as well.

Syntax: g_smite_gateway bool

g_smite_level - Smite level to discard message

If SmiteSpam gives a message a "smite score" above this, throw it awayl. This setting is best never used. If used it should be set to '1 or 2'. A value of 1 = "has been reported", 2 = "has been reported multiple times". If smite match score is above this drop message. This is applied when the user downloads the email not at delivery time.  What you probably want is 'g_spam_bounce' described elsewhere on this page.

Syntax: g_smite_level int

g_smite_skip - Skip smitecrc processing for messages from these domains

This will skip running SmiteCRC for messages whose from address matches these domains. This is the mail from envelope header NOT the from header in the message (you can check the return path header in the message to check what you need to add for this setting).

Note this is a wildcard field so to match any mail claiming to be from safedomain.com you would have to set:

g_smite_skip "*@safedomain.com" 

Syntax: g_smite_skip string

g_smite_skip_auth - Skip spam scanner if user logged in

Skips spam checks and spam header generation for any authenticated local user.

Syntax: g_smite_skip_auth bool

g_smite_skip_from - Skip spam scanner if from header/env matches this wild card

This setting has no further documentation currently available

Syntax: g_smite_skip_from string

g_smite_skip_ip - Skip smite based on sender IP

Skip smite scanner if sender IP matches this wild card list.

Syntax: g_smite_skip_ip string

g_smite_skip_only - Skip spam scanner if to matches this wild card and no other recipients that 'don't' match...

This setting has no further documentation currently available

Syntax: g_smite_skip_only string

g_smite_skip_relay - Skip spam scanner if ip can relay

Skips spam checks and spam header generation for any local user.

Syntax: g_smite_skip_relay bool

g_smite_skip_to - Skip smite based on <to>

Skip smite scanner if to matches this wild card to <address>.

Syntax: g_smite_skip_to string

g_smite_tag - Tag message if in SmiteSpam database

If set to true will tag messages already in the SmiteSpam database.  A value of 1 = "has been reported", 2 = "has been reported multiple times".

Syntax: g_smite_tag bool

g_sms_forward - Specifies IP's which are allowed to forward to SMS gateways

Normally sms gateways are restricted to authenticated users (SMTP authentication) this allows you to specify IP's which can send without authentication. For example you may want your dlist server to send SMS, in which case you might add 127.0.0.1 to this setting.

Syntax: g_sms_forward string

g_sms_gateway - Address and port of your SMS gateway

This is the ip and port of an 'email to sms gateway'. The gateway should accept SMTP messages on this port and convert the email into an sms message then deliver to the phone number in the 'to' address. SMSGate is our 'email to sms gateway' and is FREE with SurgeMail. Setting user_sms to "true" for a domain allows users to specify a phone number (or email address) and rules for when to notify them.

Syntax: g_sms_gateway string

g_sms_gateway_force - Force sms notifications to go to g_sms_gateway

If a user sets their sms number to an email address, perhaps to make use of an existing gateway, then surgemail will send the message to the domain in that address. If you set this you can force the email to go to g_sms_gateway. NOTE: It is possible to configure SMSGate with 'send_mode smtp', 'recv_mode none' and no GSM modem. In this setup it simply reformats messages passing them on to the configured smtp_outserver for delivery as email messages.

Syntax: g_sms_gateway_force bool

g_sms_gateway_msgbytes - Maximum amount of message to send to g_sms_gatway (bytes)

Defines the maximum number of bytes of 'body' text to send to the g_sms_gateway. All headers are sent, then the defined number of bytes of 'body' text. Defaults to 160. May be set larger than the default if you have a lot of html messages or multipart html and text messages. Should not be set too large as there is no point sending binary attachments and the like to an sms gateway.

Syntax: g_sms_gateway_msgbytes int

g_sms_gateway_subjbytes - Maximum length of subject in sms message

Defines the maximum number of bytes of 'subject' text to send to the g_sms_gateway.

Syntax: g_sms_gateway_subjbytes int

g_sms_recover_text - Sent to users when SMS password recovery msg sent

Normally sms gateways are restricted to authenticated users (SMTP authentication) this allows you to specify IP's which can send without authentication. For example you may want your dlist server to send SMS, in which case you might add 127.0.0.1 to this setting.

Syntax: g_sms_recover_text string

g_smtp_allow_invalid - Allow messages with invalid headers

This setting has no further documentation currently available

Syntax: g_smtp_allow_invalid bool

g_smtp_auth_debug - Auth Debug (do not use)

This setting has no further documentation currently available

Syntax: g_smtp_auth_debug bool

g_smtp_auth_ip - Ip Addresses to accept smtp authentication from

This prevents a hacker sending out spam by cracking a users account details, users must login from an address specified in g_smtp_auth_ip or g_relay_allow_ip

Syntax: g_smtp_auth_ip string

g_smtp_auth_off - Disable SMTP AUTH from unknown ip addresses (NOT RECOMMENDED)

This prevents a hacker sending out spam by cracking a users account details, users must login from an address specified in g_smtp_auth_ip or g_relay_allow_ip, NEVER USE THIS!

Syntax: g_smtp_auth_off bool

g_smtp_big - Slow down incoming SMTP reads to get bigger packets (experimental)

This setting tries to prevent thrashing by making the server slow down the speed it reads data in an attempt to get larger packets. This seemed to have no affect when I tested it, but play with it if you want, It is only intended to be useful when you have hundreds of incoming connections all very slowly sending in data, and the server is short of CPU.

Syntax: g_smtp_big bool

g_smtp_bounce_nslow - Number of handles to use for doing slow rejections of smtp connections

If external servers are over loading your server so much that it ends up in a cpu loop rejecting connections then increaseing this might help. But beware your system must not run out of file handles so don't set it too large, The default is 100

Syntax: g_smtp_bounce_nslow int

g_smtp_chunking - Protocol Extension, never use

Testing feature.

Syntax: g_smtp_chunking bool

g_smtp_cmd_timeout - SMTP command timeout

Seconds to wait after getting a message for next command (workaround for sendmail bug)

Syntax: g_smtp_cmd_timeout int

g_smtp_cram_enable - Enable CRAM-MD5 authentication (requires nwauth 4.0h or greater) - Not Recommended

Please note that CRAM-MD5 does have security implications, specifically it means that the local users password must be stored in a semi reversable state in the authent database. Also you must be using the new version of the NWAuth module. Also Cram-md5 cannot be used with Migration from an old server (since by definiton the old password is never sent)

Syntax: g_smtp_cram_enable bool

g_smtp_data_bug - Fail on incoming emails for debugging

This setting has no further documentation currently available

Syntax: g_smtp_data_bug bool

g_smtp_data_timeout - SMTP data timeout

Seconds to wait for SMTP data input.

Syntax: g_smtp_data_timeout int

g_smtp_delay - Seconds to wait before responding to rcpts, 1-20, this reduces load on bulk senders

Only applies if more than 2 connections from the same ip address, so it only throttles bulk senders not people

Syntax: g_smtp_delay int

g_smtp_delay_stamp - Stamp message if sender doesn't wait for welcome

If true then if any smtp commands arrive before the 'helo' greeting is sent then a header is added to messages which will result in a higher spam score.

Syntax: g_smtp_delay_stamp bool

g_smtp_etrn_auth - etrn if authenticatd

Only do etrn processing if user is authenticated.

Syntax: g_smtp_etrn_auth bool

g_smtp_fast_bounce - Reject bad connections immediately

Normally SurgeMail waits 1-10 seconds before rejecting a bad connection (rbl/limits,...), this reduces cpu usage and prevents some DOS attacks, this setting disables this behaviour.

Syntax: g_smtp_fast_bounce bool

g_smtp_fix_nohead - Accept messages with no headers and try and cope

This setting tries to cope if the message contains no headers at all, it is not recommended of course but may be needed on occasion for bad scripts

Syntax: g_smtp_fix_nohead bool

g_smtp_help_disable - disable smtp help command

Disable SMTP help command (minor security percaution).

Syntax: g_smtp_help_disable bool

g_smtp_log_protocol - Log SMTP protocol

If enabled, the SMTP protocol is logged to the mail.log file as "smtp: In" and "smtp: Out" entries.

Syntax: g_smtp_log_protocol bool

g_smtp_log_size - Size of smtp.log file

This sets the smtp.log file size, default is 2mb

Syntax: g_smtp_log_size int

g_smtp_max - Max total incoming SMTP connections

This limits the channels that will be used at any one time for incoming SMTP connections. The purpose of this setting is to prevent a sudden burst of spam from using up all available channels. Generally you do not need to change this. (Default = 250). Use the related setting g_smtp_max_reason to over-write the detailed error if you don't want spammers to know what your limits are set to.

Syntax: g_smtp_max int

g_smtp_max_nolimit - IP based exceptions to g_smtp_max

This lets you specify IP based exceptions to g_smtp_max, so if you need a certain IP to open up many connections you would add that IP here.

eg. g_smtp_max_nolimit "10.0.0.50"

Syntax: g_smtp_max_nolimit string

g_smtp_max_reason - Reason to give to user if g_smtp_max is exceeded

This is most useful when the host in question is being used for the wrong purpose (incoming when it's intended for outgoing etc), or simply to advise the user of a potential solution

Syntax: g_smtp_max_reason string

g_smtp_maxbad - Max bad SMTP commands

The maximum number of bad commands accepted per session before SurgeMail will drop the connection.

Example: g_smtp_maxbad "10"

Syntax: g_smtp_maxbad int

g_smtp_no_brackets - Allow from/rcpt without angle brackets

Some faulty mail clients forget to put the brackets <> around the recipient, this setting allows such faulty behavior. Not generally recommended.

Syntax: g_smtp_no_brackets bool

g_smtp_noauth - Limit SMTP to just these addresses (not generally useful) always include 127.0.0.1

Mail sent from other IP addresses is only accepted if user is authenticated. Typically used if your server is behind a firewall of some kind and should only allow incoming email from a particular IP address. Users will be able to send as from any IP address if they use smtp authentication. This setting is only useful if your incoming email always comes through a gateway or filter, it's not a normally useful setting

Syntax: g_smtp_noauth string

g_smtp_noauth_msg - Message given when sender is told to use authentication because of g_smtp_noauth

Message sent to sender when they try and send to the server but are required to authenticate because of g_smtp_noauth

Syntax: g_smtp_noauth_msg string

g_smtp_noauthm - Limit SMTP to just these addresses (not generally useful)

Mail sent from other IP addresses is only accepted if user is authenticated. Typically used if your server is behind a firewall of some kind and should only allow incoming email from a particular IP address. Users will be able to send as from any IP address if they use smtp authentication.

Syntax: g_smtp_noauthm string

g_smtp_noclear - Disable smtp buffer clear after starttls command

Testing feature.

Syntax: g_smtp_noclear bool

g_smtp_plain_hide - Hide 'plain' from the ehlo response

This is to keep stupid scanners happy, for security you should disable non SSL logins, disabling plain is pointless and annoying.

Syntax: g_smtp_plain_hide bool

g_smtp_port - Port to listen for SMTP connections (default 25)

Typically you won't need to change this however you can specify an IP address to bind to or a list of alternate ports, eg: 10.3.2.3:25 or 110,2110 etc... By default the mail server listens to port 25 on all adapters/addresses.  Use the keyword 'disabled' to disable this part of the SurgeMail service.

Syntax: g_smtp_port int

g_smtp_portauth - SMTP ports which require smtp authentication, typically 587,465

It is recommended (by some) that users send email to port 587, and it requires smtp authentication, and port 25 be blocked from client ip addresses to prevent viruses etc using email servers. Be sure to add ,587 to the g_smtp_port setting too!

Syntax: g_smtp_portauth string

g_smtp_portforce - Block logins for ports not listed in g_smtp_portauth

Use this to prevent local users logging into port 25, this also stops many spammers abusing your system as they will try and send on port 25

Syntax: g_smtp_portforce bool

g_smtp_secure_port - Port to listen for secure SMTP connections (default 465)

Port to listen on for dedicated SSL SMTP connections.

Syntax: g_smtp_secure_port int

g_smtp_thread - Use seperate thread for incoming SMTP connections

This makes the server run a seperate thread just to process incoming smtp connections, this can help on a busy system to stop a huge load of smtp connections clogging up the pop/imap connection processing, it is rarely needed.

Syntax: g_smtp_thread bool

g_smtp_vrfy_allow - Allow vrfy from these addresses, not recommended

This setting is rarely a good idea, vrfy is best left disabled

Syntax: g_smtp_vrfy_allow string

g_smtp_vrfy_msg - VRFY response

Change Response to VRFY, e.g. 252 Not telling.

Syntax: g_smtp_vrfy_msg string

g_smtp_warning - Send manager warning if this many sessions reached (max 1 per hour)

This setting has no further documentation currently available

Syntax: g_smtp_warning int

g_smtp_welcome_delay - delays welcome message

Syntax: g_smtp_welcome_delay "seconds"

This delays the welcome message sent by SurgeMail to a connecting server. If the server sends data to SurgeMail during this waiting time SurgeMail will drop their connection. The theory is that any well behaved server will wait for prompts and check them, but a lot of spamming software never takes any notice of prompts/responses and sends blindly. We believe a value of 1-3 seconds is ideal. You can also exempt ip's from this setting by using g_spam_allow "ip". Settings too high will cause real mail to be lost.

Examples:
g_smtp_welcome_delay "3"
g_spam_allow "127.0.0.1"

So above, delay giving the welcome message for 3 seconds, anyone that sends data in that 3 seconds will be dropped, but anything connecting from 127.0.0.1 will be able to send immediately (you should make sure webmail is exempt).

Syntax: g_smtp_welcome_delay int

g_spam_alias_any - User aliase string e.g. "++" if defined then strip suffix from emails - not advised!

This allows each user an infinite number of aliases of the form user+extension@domain.name, this can cause problems so only enable with caution. Usually set to "++" but can be set to a single plus, but this will break any email address that contains a plus so not normally recommended. If used avoid defining it as a single character at least!

Syntax: g_spam_alias_any string

g_spam_allbad - Auto blacklist from/ip/to combinations

Makes blacklisting automatic

Syntax: g_spam_allbad bool

g_spam_allow - IP wild card of sites to exempt from spam limits

Typically use this to allow known mailing list servers that use your system to send messages in without being tarpitted. e.g. "127.0.0.1,local.ip.number". This same setting is an exception to the other spam rules. 

Syntax: g_spam_allow string

g_spam_allow_disable - Disable allow bounce messages

Normally when SurgeMail detects an SPF failure it will give the sending an opportunity to send an email to a special address, If the sender does this then their IP address is permitted in future, this saves a lot of hassle generally, in rare situations you may not want this system, this setting will just simply bounce the message instead.

Syntax: g_spam_allow_disable bool

g_spam_allow_known - Unblock IP address if we have received messages from it for 3 days (so it's not a transient spammer)

This setting makes the SPF strict settings much softer, basically it says any IP address we've known about for 3 days, is considered safe. This will still stop most spammers, particularly when used in combination with RBL lists which will block the 'repeat' offenders.

Syntax: g_spam_allow_known bool

g_spam_allow_msg - Template for unblock messages, use and and maybe a url

This lets you tailor the 'allow' bounce message given to incoming messages that fail the SPF checks. becomes the reason for the failure and is either the allow email to send to, or a link to use (if using g_spf_byweb "TRUE").

Syntax: g_spam_allow_msg string

Example: g_spam_allow_msg ", to fix send an email to then resend original email."

g_spam_allow_rbl - Give unblock message to RBL bounces too

This setting extends the 'allow' email system used by SPF to the RBL style of failures. This makes it much safer to use RBL lists is block mode instead of stamping mode. You really must have g_spam_block enabled for this setting to work, otherwise the 'allow' mechanism lets everything through so this becomes pointless :-)

Syntax: g_spam_allow_rbl bool

g_spam_allow_rdns - Trust ip name for spam checking, not recommended

Spammers can trivially forge a reverse dns name, so it's very unwise to use it for bypassing spam checking except for rare/local domain names that spammers won't know to use

Syntax: g_spam_allow_rdns bool

g_spam_allow_recent - Exempt recent POP from spam limits

Skip spam rules if recent POP IP number (see g_relay_window). 

Syntax: g_spam_allow_recent bool

g_spam_aspam - Aspam rating

Scale for Aspam default is 1.0. Valid range is zero to two.

The aspam matching based on it's database of known spam and non spam produces a score in the range -5 --> 5. Tthe g_spam_aspam setting lets you 'scale' this score to increase/decrease the importance of the aspam rating. The result is then applied (added to) the spamdetect header.

Syntax: g_spam_aspam string

g_spam_autotrain - Autotrain "good" filter

Auto train spam filter good messages based on first 1,000 outgoing emails.

Syntax: g_spam_autotrain bool

g_spam_black_auto - Auto blacklist for user when isspam pressed

Changes blacklist handling to only place in spam folder (not auto reject) and to automatically blacklist when isspam button pressed

Syntax: g_spam_black_auto bool

g_spam_black_tospam - Put blacklist matches in spam folder

Place in spam rather than bouncing hard.

Syntax: g_spam_black_tospam bool

g_spam_block - Block spam (as decided by spf etc), if not set then user or domain can set

This setting is critical, without it, all the spam is let through to the user, with it set to true, 95% of spam is blocked before it enters your server. So, generally you want this turned on, it should result in very few false positives as messages are 'grey list' bounced.

Syntax: g_spam_block bool

g_spam_block_gateway - Block spam gatewayed messages too

Use this setting on incoming mail servers or servers that relay to servers that implement SPF. Without this SPF blocking will not work as the back end server cannot perform the SPF checks/blocking.

Syntax: g_spam_block_gateway bool

g_spam_block_msg - Template for spf blocked message if allow is disabled

This error is given for SPF failures when the allow system is disabled. You are probably looking for the setting g_spam_allow_msg, as it is the one that is normally used when a user is 'blocked' by spf.

Syntax: g_spam_block_msg string

g_spam_body - Add SpamDetect header in body

If spamdetect score is above this, add spamdetect header at top of message body (in addition to the header). This allows mail clients that are not able to filter mail based on headers to filter out spam email. This can be set on a per user basis too. A value of 3 or 4 would be reasonable. The only real reason for this setting is some common mail clients are unable to scan non standard headers so cannot automatically file spam in a folder unless this is used. My recommendation is for such users to use the web interface to set actions individually.

Syntax: g_spam_body int

g_spam_body_more - Add more info to spam body (ip address, ptr address, reply to and bounce address)

This can help the user decide if the message really is spam

Syntax: g_spam_body_more bool

g_spam_body_url - Text part of info to add to body, usually a url to your site

On this page you should explain to your users why this tag was added to their message, and how they can adjust their spam settings etc.

Syntax: g_spam_body_url string

g_spam_bounce - Bounce local delivery based on spamdetect score

If spamdetect score (number of '*'s) is above this, bounce message if local delivery. 14 is a reasonable value, never set below 10.

Syntax: g_spam_bounce int

g_spam_bounce_all - Bounce local and remote delivery based on spamdetect score

If spamdetect score (number of '*'s) is above this, bounce message, this applies to all messages regardless of user settings. e.g. 7 or 8 would be reasonable, 3 would be very strict, and less than 3 would certainly bounce real emails. I recommend you don't set this below 5. This rule is applied as soon as the message is submitted, user spam settings do not override it.

Syntax: g_spam_bounce_all int

g_spam_bounce_store - If true store rejected spam in Spam_Rejected folder

This setting enables rejected spam to be saved in the spam_rejected folder, this makes it safe to use the spam rejection level again.

Syntax: g_spam_bounce_store bool

g_spam_bounce_text - Error text when message is bounced due to g_spam_bounce setting

As per description. Default is: "554 Failure Message looks like spam, sorry not wanted here q=311", where q is the message queue id.

Syntax: g_spam_bounce_text string

g_spam_bounce_trusted - If spamdetect score is above this, bounce message if trusted (spam_allow or authenticated)

Normally trusted users (spam_allow or smtp authenticated users) are never bounced due to spam content, this setting forces those users to also be checked for spam content.

Syntax: g_spam_bounce_trusted int

g_spam_catcher - Spam catcher addresses

Addresses on web pages that shouldn't get any email (robot bait), only for use with Aspam.
Any email going to the specified address will be sent to the isspam address for processing and the message will also be dropped. If the message has multiple rctp's and some are valid users, but one matches the catcher address, it is not delivered to anyone. If you need to enter a lot of spam catcher addresses then the best way is to just setup a single spam catcher address and then use g_redirect to redirect other addresses to the spam catcher address.

eg
g_spam_catcher "johnsmith@mydomain.com"

Syntax: g_spam_catcher string

g_spam_char - Character to use instead of '*' for smitespam headers (best left alone if possible)

Changing this will cause no end of problems, so only do this when initially installing SurgeMail

Syntax: g_spam_char string

g_spam_check_auth - Enable spam rules for authenticated users

Normally authenticated users are exempt from spam rules when sending mail. This enables all spam checking rules for authenticated users.

Syntax: g_spam_check_auth bool

g_spam_cmd - Command line spam checker, use $FILE$ in cmd parameters

This allows you to run a simple external spam filter the return value is added as a header, X-SpamCmd: r=N, Is Spam/Not Spam, use local.rul file to translate this return value to a spam score. e.g. G_SPAM_CMD "snfrv2r3.exe xnk05x5vmipeaof7 $FILE$" if used with http://www.armresearch.com/message-sniffer/. If the program returns 0 then the words Not Spam are added, if the value is non zero then Is Spam is added, this makes filtering rules easier to add to local.rul, see http://netwinsite.com/surgemail/help/spam.htm#external

Syntax: g_spam_cmd string

g_spam_cmd_if - If internal spam rating is below this number, then run external filter

This allows you to only scan messages with an external filter if the message is not obviously spam

Syntax: g_spam_cmd_if int

g_spam_cmd_reject - If external filter returns number larger than this reject

Filters based on return code of external spam filter program

Syntax: g_spam_cmd_reject int

g_spam_cmd_skip - If internal spam rating is below this number, then skip external filter

This allows whitelisting to work

Syntax: g_spam_cmd_skip int

g_spam_content_disable - Disable aspam_content.txt rules

The file aspam_content.txt is fetched from netwinsite and used to identify certain common spam messages based on content. Each line in the file gives a list of words or phrases, if most of the words are found, then the rule matches. You can add your own rules to aspam_content_local.txt. In a message that matches a rule you will see in the spamdetect header, Content: cid=NNN cid=NNN, you can then match the NNN with the unique id of each rule in aspam_content.txt

Syntax: g_spam_content_disable bool

g_spam_flag - Add X-SPAM-FLAG: Yes header if smite score is above this level

Some filters and servers like to see this header, a good value for this might be 7. Valid range would be 1-15, with 1 marking almost everything as spam, and 15 marking almost nothing.

Syntax: g_spam_flag int

g_spam_folders - Train on any message dropped into the relevant folders

This allows a user to create two folders '-Train Is Spam-' and '-Train Not Spam-' and then run the aspam training mechanism by dropping messages into those folders, items are expired ffrom train is spam folder after 30 days if G_EXPIRE_TRASH is TRUE

Syntax: g_spam_folders bool

g_spam_folders_show - List the special folders for all users

Without this setting the user must create the folder name correctly for training to work from imap folders

Syntax: g_spam_folders_show bool

g_spam_from_blacklist - Fetch list of bad domains to reject email from - not recommended

This feature fetches the file http://www.sa-blacklist.stearns.org/sa-blacklist/sa-blacklist.current and then uses it efficiently to block senders, it is a huge file (26mb). Not currently recommended, we don't think the hit rate of this filter method is high enough to be useful. url used is http://www.sa-blacklist.stearns.org/sa-blacklist/sa-blacklist.current

Syntax: g_spam_from_blacklist string

g_spam_from_max - Max outgoing messages per ipaddress/return path pair, 30 minutes, e.g. 5000

This limit is useful where a local machine is sending on behalf of many users without authentication and you want to limit potential abuse

Syntax: g_spam_from_max int

g_spam_grey - OBSOLETE DO NOT USE, Enable old greylisting for spf mechanism

The grey listing mechanism relies on the principle that spammers are not using real mail servers but using dumb robots that won't 'retry'. So if all incoming messages are asked to 'retry' then the spam will not be received but the non spam will get in eventually. This does create a delay on all incoming mail, and may stop some stupid mail servers from successfully delivering. I would tend not to use this setting myself.

Syntax: g_spam_grey bool

g_spam_grey_bounce - Bounce if message was allowed due to grey listing, and spam score is above this, default 8 (was 4)

Since messages which are allowed in due to grey listing generally can't accept friends bounces (as the sender is unverified) it's important to bounce them with an allow message instead if they look like spam

Syntax: g_spam_grey_bounce string

g_spam_grey_classc - Apply grey listing to x.x.x.*

In theory this broadens slightly what grey listing will accept.

Syntax: g_spam_grey_classc bool

g_spam_grey_dflt - Enable greylisting for spf default accept events (not recommended)

If a message is going to be accepted due to the spf default rule (so there was no real spf record), then this comes into play. If the message is not from a trusted person, or a domain that we have previously checked using grey listings. Then the message is bounced. If the sender then tries again to send the same message (from/to pair) within a few hours, but not within 1 minute, then that ip address is marked as 'good' and future messages from them are accepted. This setting will result in some real email bouncing but slightly reduce spam, we no longer recommend this setting.

Syntax: g_spam_grey_dflt bool

g_spam_grey_dflt_bad - Enable greylisting instead of allow in some cases (recommended for block or strict)

This setting enables grey listing for spf default failure events only, and only if it's the first message from that ip address if more arrive before the grey listing succeeds then allow bounces are sent instead

Syntax: g_spam_grey_dflt_bad bool

g_spam_grey_nofive - Skip 5-6 minute black window for these domains

Use this for domains that retry at 5 minute intervals, e.g. (*@cs.com,*@xyz.com), this skips a test used to detect a particularly virrulent spammer who uses a robot that retries at exactly 5 minute intervals

Syntax: g_spam_grey_nofive string

g_spam_grey_nohard - Avoid hard spf bounces always try and do a grey list instead

This avoids the hard bounce you would normally get for failed real spf records.

Syntax: g_spam_grey_nohard bool

g_spam_grey_nseen - Number of messages from an unknown host, default is 6

When a host is unknown if it sends more than this many messages before the grey listing resend occurs then it's considered to be a spammer.

Syntax: g_spam_grey_nseen int

g_spam_grey_size - Size of grey listing table, default is 3000

On busy servers set this to a larger figure, e.g. 9000 so it can remember more grey listing events

Syntax: g_spam_grey_size int

g_spam_grey_verify - Skip grey listing if host was not listening

Skips the grey listing if the host didn't resond to the g_smtp_verify probe for g_spam_grey_dflt_bad

Syntax: g_spam_grey_verify bool

g_spam_grey_window - Window to block bad messages, typically 60 seconds

This prevents a fast retry by a stupid robot, some robots now wait 5-6 minutes but some mail servers may retry that fast too :-)

Syntax: g_spam_grey_window int

g_spam_header_trust_ip - List of IP addresses from which to trust/accept existing X-SpamDetect headers in emails

Use this setting to specify the filter machines which perform spam scanning for this machine. Use this on the filter machine, to specify itself so that mailing list messages do not get scanning/tagged twice. Ensure your users are sending messages via the filter machine.

Syntax: g_spam_header_trust_ip string

g_spam_hold_hide - Hide spam hold settings for end users and other held2pend user.cgi tweaks

This setting has no further documentation currently available

Syntax: g_spam_hold_hide bool

g_spam_hold_keep - Spam hold timeout

How many days to store users spam hold messages before deleting them.
Default is 14 days.
eg. g_spam_hold "14"

Syntax: g_spam_hold_keep int

g_spam_info - Info line explaning aspam system

Info line and url to explain aspam system.

Syntax: g_spam_info string

g_spam_info_hide - Remove x-spamdetect-info header line

Removes the x-spamdetect-info header line.

Syntax: g_spam_info_hide bool

g_spam_internal - Enable internal Aspam spam processing system

Enable new 'internal' spam processing system, note this disables SmiteCRC too!

Syntax: g_spam_internal bool

g_spam_isspam_ignore - Don't block messages from ip addresses recorded as a spam source

This bounces all email from an address recorded as a spam source until it is recorded as a 'notspam' source, the blocking message allows the sender to bypass the block.

Syntax: g_spam_isspam_ignore bool

g_spam_isspam_kind - Allow isspam from recent pop, gateway to etc

Allow ASPAM training messages to (isspam) from any trusted source (e.g. any source that would be allowed to relay/send outgoing email). This setting is recommended.

Syntax: g_spam_isspam_kind bool

g_spam_nobounce - Remove old user held/vanish but after 5.2 will allow bounce

This removes the old spam settings that should never be used. In version 5 this disabled hold/vanish/bounce, now it only disables hold/vanish but allows 'bounce', the bounce behaviour has been made considerably safer by tuning the spam filter and changing the actual bounce to allow the sender to bypass via captcha

Syntax: g_spam_nobounce bool

g_spam_nolang - Don't add header with a guess at body language

This adds a header which makes a best guess at the contents of the message, it should not be assumed to be 100 percent reliable! Also note that empty messages or messages containing only images may be classified as 'Unknown (English)'

Syntax: g_spam_nolang bool

g_spam_notrain - Disable isspam and notspam addresses

Disable isspam and notspam addresses for user training.

Syntax: g_spam_notrain bool

g_spam_notspam - Spam collection address

Address that non authenticated users can send non spam to.

Example: g_spam_notspam "notspam@domain.com"

Syntax: g_spam_notspam string

g_spam_noupdate - Disable aspam updates

Disable fetch of aspam filter rules etc from netwinsite.

Syntax: g_spam_noupdate bool

g_spam_phishing - Download list of known phishing addresses and block outgoing email to them

Use this to stop your users resonding via email to a known phishing address. See http://code.google.com/p/anti-phishing-email-reply/

Syntax: g_spam_phishing bool

g_spam_phishing_ok - Allow to these addresses even if phishing database blocks them

Use this to stop your users resonding via email to a known phishing address. See http://code.google.com/p/anti-phishing-email-reply/

Syntax: g_spam_phishing_ok string

g_spam_phrase - Enable auto spam phrase filter

Enables a Bayesian word and phrase filter to enhance spam filtering. The filter auto trains based on the train folders each night

Syntax: g_spam_phrase bool

g_spam_poly - Scale for poly word matching

Scale for poly word matching, default is 0.1, Valid range is zero to two, Use 1.0 to enable.

Syntax: g_spam_poly string

g_spam_poly_disable - Disable poly code.

Disables the poly statistical scoring feature which is part of Aspam. Poly tries to analyze the frequency of word combinations in spam and not spam to identify if a message is likely to be spam or not. We don't consider the poly system to be very useful, it has two faults, it's behaviour is not 'understandable' and it is 'content based', SPF is a much superior system!

Syntax: g_spam_poly_disable bool

g_spam_private - Enable private email addresses for users to avoid spam

Note: The user will define these settings, after turning on this global setting the user can use the Web Self administration interface, press the 'Spam' button and the private email address is defined on that page.

This setting adds the ability for each user to create a private email address to bypass SPF/ Spam filters. The user would then typically increase the spam settings for their non private account to 'friends mode' and enable SPF. So only known friends will be able to contact them via the old address.

This allows the user to live 'spam free' without the risk of blocking email from real people.

The user must be careful with their new private address, it should only be used with humans, when entering an address in a web form or mailing list a special variant should be used e.g. user--from-WEBDOMAINNAME@users.domain

The user defines their private address, in the form user--PRIVATE@domain.com, e.g. if the users public address is joe@cool.com, and the user defines a private extension of "juggle" then the private address would be:

joe--juggle@cool.com

Email addressed to joe--juggle@cool.com is delivered without SPF or SPAM filtering / tagging.

In addition the user can enable 'from' matching which must look like this: username--KEYWORD-STRING@cool.com, the user specifies a keyword e.g. "match". Then anything addressed to the user in this form:

joe--match-STRING@cool.com

Will only be delivered if 'STRING' is found in the 'from' envelope address, otherwise it will bounce. So when entering an email address in a web page called "toys.com" the user would enter:

joe--match-toys@cool.com

Any -- extension that is not recognized will return a bounce suggesting they remove the extension and try again.

Syntax: g_spam_private bool

g_spam_probe_enable - Probe suspect urls to find spammers - can cause RBL

This setting searches email messagse from dodgy/unknown sources for urls, then looks at the page those urls refer to to see if those pages in turn point to a listed SURBL. Only domains matching a specific list of rules are scanned so there is almost no risk of this feature clicking on a page that might do something bad.

Syntax: g_spam_probe_enable bool

g_spam_probe_friends - Probe even if email is from a friend

Generally not advised

Syntax: g_spam_probe_friends bool

g_spam_probe_more - Probe even if email is from a known ip address

Generally not advised

Syntax: g_spam_probe_more bool

g_spam_probe_unknown - Probe any unknown url (dangerous)

This setting increases the remote chance of probing a web page that might have some action (like a confirmation signup request, unsubscribe etc...), in practice there are a bunch of tests we perform so it would be most unusual for this problem to occur but it's safer not to use this option.

Syntax: g_spam_probe_unknown bool

g_spam_probe_whois - Do whois lookups on web pages found in probe

Some spammers register new domains each day, this probe checks the whois data to find if the new web site is owned by a known spammer

Syntax: g_spam_probe_whois bool

g_spam_share - Use and share some spam/aspam information with central server (netwin) experimental

This setting enables some features which let surgemail share information about spam and non spamming ip addresses with a central netwin server.

Syntax: g_spam_share bool

g_spam_status_hour - Process all spam status messages at this time (disk io intensive)

Normally the spam status emails are sent in response to incoming messages at undefined times, this allows all spam status emails to be sent at a predefined time.

Syntax: g_spam_status_hour int

g_spam_status_monthly - Send monthly spam status even if no messages pending

This is good to make sure all users know about their spam settings and how to change them.

Syntax: g_spam_status_monthly bool

g_spam_subject - Modify message subject line based on spam rating

If spamdetect score is above this add spam rating Spam:**** to subject.

Syntax: g_spam_subject int

g_spam_subject_dom - Destination domains to tag subject for

Note that g_spam_subject_gateway and G_SMITE_GATEWAY or G_SMITE_ALL must also be set to true for this to work. If this setting is blank then all gatewayed domains would get tagged. Tagging won't occur if the message is not sent through a g_gateway rule or redirect rule

Syntax: g_spam_subject_dom string

g_spam_subject_gateway - Modify message subject lime based on spam rating for gatewayed messages

If true then spam_subject setting applies to gatewayed messages too

Syntax: g_spam_subject_gateway bool

g_spam_subject_word - Allow arbitrary modification of message subject line

This is a string that is prefixed to the subject of incoming mail caught by g_spam_subject. You can use and which will contain the actual spam rating. Good examples might be: "[SPAM]" or "SPAM(), "

Syntax: g_spam_subject_word string

g_spam_url - Scale for url word matching

Scale for URL word matching, default is 0.3, Valid range is zero to two (recommend 1.0)

Syntax: g_spam_url string

g_spam_user_badto - Max bad recipients from authenticated user per 30 minutes, e.g. 50

Whitelist using G_SPAM_USER_SKIP, limits bad recipients for an authenticated user, if exceeded then sending is paused for 30 minutes.  A value of 50 might be reasonable as normal users would never exceed that.  A value as low as 10 might be workable.  Whitelist accounts using: G_SPAM_USER_SKIP. An email is sent to the manager account when this limit is hit

Syntax: g_spam_user_badto int

g_spam_user_lockout - Lockout user until released with unlock_all command

This setting has no further documentation currently available

Syntax: g_spam_user_lockout bool

g_spam_user_max - Max messages for authenticated users

Max messages an authenticated user can send per 30 minutes, eg: 5000

Syntax: g_spam_user_max int

g_spam_user_skip - Users to skip g_spam_user_max limit for

Set this for special known users who send lots of email

Syntax: g_spam_user_skip string

g_spam_user_warn - Alert user when they send this many messages in one day, .8 to alert at 80% of max

This setting has no further documentation currently available

Syntax: g_spam_user_warn string

g_spam_user_warn_msg - Message when user approaches send limit

This setting has no further documentation currently available

Syntax: g_spam_user_warn_msg string

g_spam_userconfig - Enable per user spam settings

Allow users to opt in / out of specific anti spam features. If this is enabled this will add a "Spam" button on the users account self management pages.

The most useful antispam feature is that user's mail that is suspected spam, can be stored on the server so that these messages do not need to be downloaded to your normail email client over what could well be a low bandwidth connection.

Syntax: g_spam_userconfig bool

g_spam_vanish - Vanish local delivery based on spamdetect score

If spamdetect score (number of '*'s) is above this, vanish message if local delivery. eg: 12 would be reasonable.

Syntax: g_spam_vanish int

g_spam_vanish_all - Vanish local and remote delivery based on spamdetect score

If spamdetect score (number of '*'s) is above this, drop message, applies to all messages regardless of user settings. e.g. 14. This rule is applied as soon as the message is submitted, user spam settings do not override it.

Syntax: g_spam_vanish_all int

g_spamdetect_some - Only show spamdetect header for bad scores

This setting has no further documentation currently available

Syntax: g_spamdetect_some bool

g_spawn_log - If true the spawns are logged to lib_spawn.log

Useful for finding obscure problems with spawned modules of various kinds, webmail, nwauth, virus checkers etc.

Syntax: g_spawn_log bool

g_speech_cmd - Command to convert sound file to text (append .txt to filename)

This setting has no further documentation currently available

Syntax: g_speech_cmd string

g_speech_end - End text after the converted text

This setting has no further documentation currently available

Syntax: g_speech_end string

g_speech_from - Only attempt conversion if from this email address

This setting has no further documentation currently available

Syntax: g_speech_from string

g_speech_group - Only attempt conversion if user is memeber of 'speech' group

This setting has no further documentation currently available

Syntax: g_speech_group bool

g_speech_info - Intro text above the converted text

This setting has no further documentation currently available

Syntax: g_speech_info string

g_speech_size - Default 10mb, will not convert larger files

This setting has no further documentation currently available

Syntax: g_speech_size int

Example: 10mb

g_speech_to - Only attempt conversion if to this email address

This setting has no further documentation currently available

Syntax: g_speech_to string

g_spf_baddns_skip - If spf dns failure then allow message through (instead of giving retry error)

This setting is not normally needed as lookups generate retry failures so the sending server tries again and the dns failure (which is usually temporary) won't occur the second time. Normally on a DNS failure SPF should give a 'retry' message, this is because spammers often have faulty DNS servers so that SPF checks always fail for their domain, so letting the message through will let some spam into your system. But in some situations the normal behavior might loose you real email so then using this setting at least until your dns problems are resolved might be wise.

Syntax: g_spf_baddns_skip bool

g_spf_byemail - Perform allow bounce confirmation via email.

This gives an email to the sender in the allow bounce message instead of aa url.

Syntax: g_spf_byemail bool

g_spf_debug_log - Enable spf.log file

By default this log is not generated as it's not usually needed.

Syntax: g_spf_debug_log bool

g_spf_default - (strict only) Default spf record if none found default 'mx/16 a ptr:%{d2} -all'

The example shown isn't entirely true, we adjust the 'd2' depending on the domain, so it's usually unwise to change this.

Syntax: g_spf_default string

g_spf_default_noblock - (strict only) Only stamp headers if default spf record fails when no real spf header

This setting makes blocking occur only for REAL spf records, not for the default one applied to domains that have no SPF record defined.

Syntax: g_spf_default_noblock bool

g_spf_dns_timeout - Seconds to wait for dns lookups for spf, best not to change

Generally a ten or twenty second timeout is reasonable. Adjusting the default is probably not necessary.

Syntax: g_spf_dns_timeout int

g_spf_domain - Domain for SPF rewrite and allow messages (defaults to first domain on server)

When SurgeMail relays/forwards a message the 'from' address is rewritten (g_spf_rewrite should be true). The new address is 'from' your domain and this setting tells surgemail which local domain to use for these from addresses.

Syntax: g_spf_domain string

g_spf_enforce - List of wildcard/domains to enforce spf for, e.g. paypal.com,*bank*

This enforces spf for domain that must be trusted.

Syntax: g_spf_enforce string

g_spf_enforce_auto - Enforce spf for commonly forged domains paypal.com,*bank*

If enabled this will enforce spf for some common domains that get forged.

Syntax: g_spf_enforce_auto bool

g_spf_enforce_known - Enforce spf even if we think this ip address is safe

This setting has no further documentation currently available

Syntax: g_spf_enforce_known bool

g_spf_enforce_local - If spf fails and it's a local domain then skip grey listing and bounce

This settings stops spammers who fake your own email domains, but it may upset users who are not authenticating or are using their own mail servers, so you will have to expect a few minor issues like that when you turn this on. This setting over-rides the 'users' spf and friends settings for local domains. (was miss documented as give allow message)

Syntax: g_spf_enforce_local bool

g_spf_enforce_real - Enforce spf for domains with strong spf entries

Enforces spf if the domains spf record ends with -all

Syntax: g_spf_enforce_real bool

g_spf_fake - Fake spf record to use for testing

This enforces spf for domain that must be trusted.

Syntax: g_spf_fake string

g_spf_header - Use g_verify_mx_skip and apply to resulting ip

If the sending host matches g_verify_mx_skip, then spf tests are performed on the first received header not listed in that setting. Only stamping is possible though since this indicates a front end gateway and a reject would cause a 'bounce' which would not be safe

Syntax: g_spf_header bool

g_spf_mode - Sender Permitted From

See https://netwinsite.com/spf.htm for details.

Syntax: g_spf_mode string

g_spf_noallow - Give hard bounce (no allow message) for spf failures for these domains & ignore friends

This toughens spf for critical domains (banks etc) where you don't want any forged messages leaking through. This setting over-rides the users spf/friends settings for these domains (so should be used with some caution)

Syntax: g_spf_noallow string

g_spf_nocache - Disable SPF cache

There is a small cache used for SPF results, This setting disables it.

Syntax: g_spf_nocache bool

g_spf_nofriend - Ignore friends for spf

This toughens spf so friends matches don't bypass it

Syntax: g_spf_nofriend bool

g_spf_nogrey - Skip SPF grey listing for these domains (require allow response)

This toughens spf for the domains in question, requiring that they really pass an 'allow' test rather than simply a grey listing test. Good for commonly forged domains which do normally obey spf.

Syntax: g_spf_nogrey string

g_spf_norewrite - Exceptions to rewrite rule, e.g. *@my.domain,bob@this.domain

Where you allow users to send through your server you may want to stop rewriting for their domains so that their from address is not munged. Local domains are automatically excempt from 'rewriting'. Specify *@domain.name not just domain.name

Syntax: g_spf_norewrite string

g_spf_required - Require an spf entry for these domains

Used to make select domains add spf to talk to you :-)

Syntax: g_spf_required string

g_spf_rev_skip - Skip SPF checks if reverse ip name matches in this list, e.g. *.yahoo.com

Where you identify a domain that does not support SPF and is often used in a manner which breaks SPF default rules this setting can safely allow the problem domain. This setting is probably not needed now most large mail systems are using SPF.

Syntax: g_spf_rev_skip string

g_spf_rewrite - Rewrite 'from' envelope in redirected mail (SRS)

When messages are redircted/forwarded to another server from you server, the 'from' address of the existing message envelope will no longer obey SPF rules as it will be coming from your server rather then the original server. So to fix this enable this rewrite setting and then the from envelope is rewritten to point to your system using a short life token. The 'from' header of the message is not modified.

Syntax: g_spf_rewrite bool

g_spf_rewrite_gateway - Rewrite even if gateway rule applies

In some cases you will want SRS rewriting for relay hosts, In which case you should turn this on.

Syntax: g_spf_rewrite_gateway bool

g_spf_rewrite_relay - Rewrite even if from ip is a host to relay for

In some cases you will want SRS rewriting for relay hosts, In which case you should turn this on.

Syntax: g_spf_rewrite_relay bool

g_spf_share - List of hosts to share allow ips with. Must all have same srs.secret file

List your other incoming mail servers (which must be running surgemail). This lets SurgeMail share the list of known IP addresses which have sent 'allow' emails. You must copy your srs.secret file across all of the servers in question so they can verify each other correctly.

Syntax: g_spf_share string

g_spf_skip - Skip spf checks for these ip addresses, e.g. other mx hosts

List the ip addresses of your other MX servers so SPF checks wont fail when a message comes in via an mx host instead of directly. The SPF checking must therefore be done on all the MX servers.

Syntax: g_spf_skip string

g_spf_skip_from - Skip based on from, e.g. noreply@*paypal.com,..., Also skips RBL

Good for skipping SPF checking if a domain is in some way incompatible with SPF checking

Syntax: g_spf_skip_from string

g_spf_skip_to - Skips SPF checks based on rcpt address and RBL checks.

Syntax: g_spf_skip_to "user@domain.com"

This setting can be used to skip spf checks based on the rcpt address, if used with g_orbs_late "true" then it can also be used to skip rbl checks if the rcpt matches this setting.

Syntax: g_spf_skip_to string

g_spf_timeout - Seconds to wait for all spf lookups to finish, default 48 seconds

Best not to change

Syntax: g_spf_timeout int

g_spf_trust_local - Skip spam checking for local domain that passes spf

This setting has no further documentation currently available

Syntax: g_spf_trust_local bool

g_spf_user_domain - Make allow bounces use destination user domain name

This can be useful if you need to ensure emails bounce with an address that is similar to the destination

Syntax: g_spf_user_domain bool

g_spf_very_strict - (strict only) Only give 'allow' option for default spf rule failures not real ones

In this mode real SPF failures are hard failures, but if there is no SPF record for a domain then the friendly 'allow' system is used to let the user send mail with only mild difficulty.

Syntax: g_spf_very_strict bool

g_spf_web_url - Specify full url for spf byweb commands http://domain.name:port

Normally the default will work.

Syntax: g_spf_web_url string

g_spflog_domains - Specify which domains should get spflog entries sent to them.

If some of your backend servers are not surgemail then this setting will be needed to turn off the spflog messages to the non surgemail servers

Syntax: g_spflog_domains string

g_spflog_enable - Enable this if this server is a frontend for a SurgeMail server users log into.

Enable this if this server is a frontend for a SurgeMail server users log into.

Syntax: g_spflog_enable bool

g_spool_path - Allows SurgeMail to scan a directory for messages to send.

Syntax: g_spool_path "directory of spool"

SurgeMail will scan this directory every few seconds and check for any messages in this directory if found SurgeMail will then send them the messages (must end in the extension .msg). The format of the messages is as follows (without the quotes).

filename: test.msg

"
To: you@domain.com
From: blah@domain.com
Subject: blah blah

This is a test
"

Syntax: g_spool_path string

g_ssl_allow - IP Wild card of connections to allow to use SSL

This setting controls which connecting IP numbers are permitted to use SSL on POP and IMAP. They will see TLS in the protocol extension command (ETRN for SMTPor CAPA for POP). Typically, to enable SSL you set this to "*" after getting a certificate. If you don't have a valid certificate then turning this on can cause problems as mail clients will try to use SSL and fail. 

Syntax: g_ssl_allow string

g_ssl_allow_fix - Disable incoming ssl on ssl failure from an ip

This setting has no further documentation currently available

Syntax: g_ssl_allow_fix bool

g_ssl_allow_imap - IP Wild card list to allow SSL encryption from for imap

This setting controls which connecting IP numbers are permitted to use SSL on IMAP.

Syntax: g_ssl_allow_imap string

g_ssl_auto - Generate letsencrpt ssl certificates automatically for all domains

This setting has no further documentation currently available

Syntax: g_ssl_auto bool

g_ssl_ciphers - List permitted ciphers, DANGEROUS

This can be used to enhance security, not recommended but is useful if you are trying to pass a security audit of some kind. A value of MEDIUM:HIGH is probably what you want to set it to. It is case sensitive. If your list exceeds 800 bytes use g_ssl_ciphers_add for the second half

Syntax: g_ssl_ciphers string

g_ssl_ciphers_add - More permitted ciphers (added to g_ssl_ciphers) DANGEROUS

This can be used to enhance security, not recommended but is useful if you are trying to pass a security audit of some kind. A value of MEDIUM:HIGH is probably what you want to set it to. It is case sensitive.

Syntax: g_ssl_ciphers_add string

g_ssl_ciphers_web - List permitted ciphers for web, DANGEROUS

This list is for web connections only, restart surgemail after changing

Syntax: g_ssl_ciphers_web string

g_ssl_disable - Disable protocols tlsv1,tlsv1_1,tlsv1_2,sslv2,sslv3 (restart surgemail)

This setting has no further documentation currently available

Syntax: g_ssl_disable string

g_ssl_disable_des - Disable DES ciphers, breaks outlook on XP

This setting has no further documentation currently available

Syntax: g_ssl_disable_des bool

g_ssl_disable_port25 - Prevent ssl on port 25

May help virus fire walls to detect viruses, that's the theory anyway...

Syntax: g_ssl_disable_port25 bool

g_ssl_disable_renegotiation - Disable SSL renegotiation.

GEnerally this shouldn't be used unless you have to keep some paranoid security scan happy

Syntax: g_ssl_disable_renegotiation bool

g_ssl_disable_sslv2 - Disables ssl 2.0 support for enhanced security (obsolete use g_ssl_disable)

Disables one of the older ssl protocols which slightly increases security and decreases compatibility with older clients. Use g_ssl_disable and g_ssl_disable_web instead

Syntax: g_ssl_disable_sslv2 bool

g_ssl_disable_sslv3 - Disables ssl 3.0 support for enhanced security (obsolete use g_ssl_disable)

Disables one of the ssl protocols which slightly increases security. Use g_ssl_disable and g_ssl_disable_web instead

Syntax: g_ssl_disable_sslv3 bool

g_ssl_disable_tlsv1 - Disables tls 1.0, not recommended (obsolete use g_ssl_disable)

Use g_ssl_disable and g_ssl_disable_web instead

Syntax: g_ssl_disable_tlsv1 bool

g_ssl_disable_tlsv1_1 - BROKEN: Use g_ssl_disable setting instead

Use g_ssl_disable and g_ssl_disable_web instead

Syntax: g_ssl_disable_tlsv1_1 bool

g_ssl_disable_tlsv1_2 - Disables tls 1.2 support, breaks LETSENCRYPT, NEVER USE

Use g_ssl_disable and g_ssl_disable_web instead

Syntax: g_ssl_disable_tlsv1_2 bool

g_ssl_disable_web - Disable protocols for web only (restart surgemail)

This setting has no further documentation currently available

Syntax: g_ssl_disable_web string

g_ssl_dmalloc - Enable dmalloc tracking in ssl

This setting has no further documentation currently available

Syntax: g_ssl_dmalloc bool

g_ssl_fips - Enable FIPS mode crash if not available (DO NOT USE)

For future use

Syntax: g_ssl_fips bool

g_ssl_guess_domain - Guess domain using SSL hostname to allow login without @domain.name

The certifictes must be coppied from the ssl to the lets folder manually!

Syntax: g_ssl_guess_domain bool

g_ssl_honor - Honor server cipher order

Maybe useful to force certain types of security/encryption

Syntax: g_ssl_honor bool

g_ssl_lets_exclude - Domains urls to not update, user must copy from ssl to lets folder

The certifictes must be coppied from the ssl to the lets folder manually!

Syntax: g_ssl_lets_exclude string

g_ssl_lets_path - Path to webservers /.well-known folder for letsencrypt

Use this if you have a webserver that is running on port 80 but you still wish to generate ssl certificates automatically. Folder must be writeable by user 'mail' on linux

Syntax: g_ssl_lets_path string

g_ssl_lets_slave - Run letsencrypt on SLAVE too

Also exclude url_host on the mirroring exclude settings

Syntax: g_ssl_lets_slave bool

g_ssl_per_domain - Create/use an SSL certificate for each domain

SurgeMail can be set to use a single SSL certificate for the server or individual certificates on a per domain basis.

SurgeMail will create private key / certificate pairs if required on startup. Alternatively these can be created using the 'SSL Config' link on the global settings page. These can be replaced with your own trusted signed certificates using the web admin interface or by placing the appropriate private key and certificate pem files in the following location: <surgemail>/ssl for a single certificate for the whole server and under <surgemail>/ssl/<vdomain> for per vdomain certificates.

Some mail clients and web browsers will complain if the certificate domain does not match the domain they are connecting to.

Changing g_ssl_per_domain will require surgemail to be restarted to take affect. Changes to certificates using the web admin interface now take affect immediately.

Syntax: g_ssl_per_domain bool

g_ssl_perfect - Apply good SSL settings, best to remove g_ssl_ciphers setting too

Just an easy way of setting the ciphers etc for perfect forward secrecy

Syntax: g_ssl_perfect bool

g_ssl_require - IP Wild card of connections to require to use SSL

This forces all matching IP addresses to use SSL for SMTP, POP and IMAP connections. Typically you would use this for non local connections to increase security local connections might be comparatively safe in un-encrypted mode. 

Syntax: g_ssl_require string

g_ssl_require_imap - IP Wild card of connections to require to use SSL for IMAP

This forces all matching IP addresses to use SSL for IMAP connections.

Syntax: g_ssl_require_imap string

g_ssl_require_in - Local domains that must only receive SSL messages

This setting has no further documentation currently available

Syntax: g_ssl_require_in string

g_ssl_require_login - IP wildcard of connections fur users needing to use SSL

This setting forces all matching IP addresses to use SSL for any action that requires a user login. eg: POP, IMAP and SMTP authentication but not plain SMTP. So this is ideal if you want all users to use SSL but still want email to come in from non SSL SMTP servers.

Syntax: g_ssl_require_login string

g_ssl_require_out - Other machines we only send to using SSL

This forces all matching IP addresses to use SSL for SMTP outgoing connections. Typically you would use this for outgoing connections to increase security. 

Syntax: g_ssl_require_out string

g_ssl_require_smtp - If IP matches then require SSL for incoming SMTP message

This setting has no further documentation currently available

Syntax: g_ssl_require_smtp string

g_ssl_require_web - Require https for most web features (excluding blogs file sharing and surgeplus)

This setting has no further documentation currently available

Syntax: g_ssl_require_web bool

g_ssl_retry_seconds - Second to try and establish ssl connection, default is 5

Best not to change generally

Syntax: g_ssl_retry_seconds int

g_ssl_sha1_sign - Obsolete, sha256 is now always used

This will probably be made the default in the near future

Syntax: g_ssl_sha1_sign bool

g_ssl_test_fail - Break ssl to test auto downgrade

Break ssl for outgoing sends

Syntax: g_ssl_test_fail bool

g_ssl_try_from - Try and start ssl mode if from this user, e.g. *@xyz.com

Must also match the g_ssl_try_out rule, this lets you only do ssl when the email is 'from' certain domains/users

Syntax: g_ssl_try_from string

g_ssl_try_not - Skip ssl for these hosts

If the hosts match then SurgeMail Does not try ssl even if g_ssl_try_out matches.

Syntax: g_ssl_try_not string

g_ssl_try_out - Try and start ssl mode to these hosts

If the hosts match then SurgeMail tries to start SSL security on the SMTP session. Note that this may cause failures if the link is dropped by the receiving server.

Syntax: g_ssl_try_out string

g_ssl_verify - Domains that must have valid ssl certificates

This setting has no further documentation currently available

Syntax: g_ssl_verify string

g_ssl_warn - Send users weekly reminder if they keep using non SSL logins

This setting has no further documentation currently available

Syntax: g_ssl_warn bool

g_ssl_warn_ignore - Don't give warnings if user is from this trusted host

This setting has no further documentation currently available

Syntax: g_ssl_warn_ignore string

g_ssl_warn_text - Last line of email warning sent to user if SSL not used

This setting has no further documentation currently available

Syntax: g_ssl_warn_text string

g_sstat_disable - Disable netwin statistics gathering.

We use this to keep track of which features customers use/like

Syntax: g_sstat_disable bool

g_stack - For testing only, NEVER SET THIS

Never set this, it can make the server unstable

Syntax: g_stack int

g_stack_imap - For testing only, NEVER SET THIS

Never set this, it can make the server unstable

Syntax: g_stack_imap int

g_startup_delay - Startup delay

Seconds to wait before accepting inbound connections when starting SurgeMail .

Syntax: g_startup_delay int

g_status_login - Require login for spam status actions

This setting has no further documentation currently available

Syntax: g_status_login bool

g_status_url - Specify default global url for status messages

Normally the default will work.

Syntax: g_status_url string

g_status_view_html - Obsolete setting

Setting is no longer used.

Syntax: g_status_view_html bool

g_store_dropped - Store upto 5000 bad bounces in the dropped directory

This is useful to check if vanish_bad_bounces is working correctly

Syntax: g_store_dropped bool

g_subject_blank - Subject header if one is missing

Used if the message has no Subject header

Syntax: g_subject_blank string

g_surbl - SURBL Spam URI Realtime Blocklists

This looks up each url found in each mail message and checks it against the SURBL database of your choice, the multi database can be used. See http://www.surbl.org/, adds headers of the form: X-Surbl: stamp urlfound nameofsurbl. PLEASE NOTE: Access to surbl is only provided freely in some conditions, larger ISP's may need to purchase a feed, see http://www.surbl.org/usage-policy

Syntax: g_surbl name=string stamp=string

Example: g_surbl name="multi.surbl.org" stamp="sc.surbl.org,ws.surbl.org,phishing,ob.surbl.org,ab.surbl.org,jp"

g_surbl_from - Also check the return path

Adds return path domain/from check in the surbl database, use with Spamhaus DBL

Syntax: g_surbl_from bool

g_surbl_reject - Reject email with SURBL hits

This can reduce spam on your server by completely rejecting all email containing surbl web links...

Syntax: g_surbl_reject bool

g_surbl_skip - URL's to allow even if listed in surbl

Sometimes you will want to whitelist a url that is listed in one or more surbl databases, use this setting to do that.

Syntax: g_surbl_skip string

g_surbl_skip_ip - Skip SURBL check if sender is from listed ip

Sometimes you will want to whitelist an ip from SURBL checks. Use this setting to do this.

Syntax: g_surbl_skip_ip string

g_surbl_whois - Also check whois info on suspect urls - not for busy servers!

This setting searches whois information and compares what it finds to a list of known persistent spammers who register new domains regularly - if a match is found a surbl header is added. The whois servers don't like getting heavy load so don't use this setting if your server is very busy. A cache is used to minimize the load.

Syntax: g_surbl_whois bool

g_surgeblog - Specialize SurgeMail as a Blog server

This setting causes SurgeMail's interface to specialize itself for the purposes of being a Blog server.

Syntax: g_surgeblog bool

g_surgeplus_delay_tell_upgrade - Delay informing existing users about new SurgePlus versions for

Delay informing existing users about new versions of SurgePlus for this long after the new version is downloaded to your server. SurgePlus clients poll the server once an hour so they won't be informed about the new version for up to an hour longer than the value of this setting. Use this setting combined with the g_surgeplus_delay_tell_upgrade_exempt setting so that only administrator users are informed about new versions at first so you can confirm the new version works fine with your existing server configuration before everyone upgrades. Example values: "3 hours" or "2 days"

Syntax: g_surgeplus_delay_tell_upgrade string

g_surgeplus_delay_tell_upgrade_exempt - Users exempt from delayed new version informing

See the above setting for information. Example value: "user1@domain.name,user2@domain.name"

Syntax: g_surgeplus_delay_tell_upgrade_exempt string

g_surgeplus_hide_client_downloads - Hide the links to download and install SurgePlus Windows client

Use this setting if you don't want your users to know about the SurgePlus Windows client. All this setting does is to hide the download links from the web interface.

Syntax: g_surgeplus_hide_client_downloads bool

g_surgeplus_links - Add web links to SurgePlus from other web interfaces (and vice versa) for users allowed to use SurgePlus.

This causes links to appear in the SurgePlus interface to switch to using WebMail (and DBabble if you have the g_dbabble_links setting on).

Syntax: g_surgeplus_links bool

g_surgeplus_log_level - SurgePlus log level. 'none', 'info', or 'debug'. Default is 'info'

Sets the amount of logging done for SurgePlus. When using 'debug' level, data is logged to surgeplusd.log in addition to surgeplus.log

Syntax: g_surgeplus_log_level string

Example: debug

g_surgeplus_online - Enable online tracking in surgeplus

Not recommended.

Syntax: g_surgeplus_online bool

g_surgeplus_pop_server_name - Default pop server to set SurgePlus client download to connect to.

SurgePlus Windows client downloads are set to connect to this POP server by default. This setting only applies if the user is downloading the client from a URL that does not match a valid domain on the server. If the URL does match a domain on the server, the domain specific version of this setting applies instead.

Syntax: g_surgeplus_pop_server_name string

g_surgeplus_port, g_surgeplus_secure_port - SurgePlus port and SurgePlus secure port.

SurgePlus uses the POP protocol to communicate with SurgeMail. However, some virus scanners running on the clients machine prevent the SurgePlus client from using POP commands that the virus scanner does not know about. In order to avoid this problem, SurgePlus uses port 7110 by default instead of port 110. However, clients not using a virus scanner (or clients using some virus scanners we have made SurgePlus work with - e.g. Norton) can safely use port 110 if they would otherwise be prevented from connecting to SurgeMail by a firewall. The SurgePlus client will quietly switch to using port 110 if it is not able to connect to the server using port 7110.

Syntax: g_surgeplus_secure_port int

g_surgeplus_smtp_server_name - Default smtp server to set SurgePlus client download to connect to.

SurgePlus Windows client downloads are set to connect to this SMTP server by default. This setting only applies if the user is downloading the client from a URL that does not match a valid domain on the server. If the URL does match a domain on the server, the domain specific version of this setting applies instead.

Syntax: g_surgeplus_smtp_server_name string

g_surgeplus_web_port - SurgePlus web port.

If you want your SurgePlus users to view shared files over a different port than WebMail uses give this setting a value.

Syntax: g_surgeplus_web_port int

g_surgeplus_web_url - Direct SurgePlus users to access shared files at this url

Use this to override the default location that users are directed to to view shared SurgePlus web files. If you don't specify a value for this setting then it defaults to using the non-secure webmail port.

Syntax: g_surgeplus_web_url string

Example: https://clay.net:7443

g_surgewall_ignore_error - Deliver even if some rule sais bounce

This setting should never be used we think...

Syntax: g_surgewall_ignore_error bool

g_surgewall_redirect - Allow redirect/responder for surgewall

Allows redirect/responder settings to work for surgewall

Syntax: g_surgewall_redirect bool

g_surgewall_split - Split up surgewall messages, one per recipient

Split up incoming messages so subject tagging should work

Syntax: g_surgewall_split bool

g_surgeweb_auth_ok - Alow smtp auth for surgeweb even when disabled

This setting has no further documentation currently available

Syntax: g_surgeweb_auth_ok bool

g_surgeweb_backend_server - Backend machine to connect to

This specifies the backend machine where Surgeweb connects for email and to store user settings. Surgeweb will cache data here but store the primary copy of anything on the backend machine.

Syntax: g_surgeweb_backend_server string

g_surgeweb_backend_web - Backend machine to connect to

This specifies the internet resolvable hostnaem or url for all user.cgi access connected to a backend server eg. myserver.com or https://myserver.com:7443

Syntax: g_surgeweb_backend_web string

g_surgeweb_benchmark - Log web request timing info for surgeweb benchmarking - matches ip addresses

Netwin testing use only

Syntax: g_surgeweb_benchmark string

g_surgeweb_cache_less - Reduce surgeweb caching

Reduce the length of time that surgeweb caches message bodies in its g_surgeweb_work folder to save disk space usage

Syntax: g_surgeweb_cache_less bool

g_surgeweb_debug - Log surgeweb debug info - matches ip addresses or email addresses - avoid

Note this setting should be used minimally as it affects performance

Syntax: g_surgeweb_debug string

g_surgeweb_disable - Disable access to SurgeWeb

Completely disable surgeweb access for whatever reason.

Syntax: g_surgeweb_disable bool

g_surgeweb_forgot_show - Show forgot password link on surgeweb login page

Default for forgot password link visibility on surgeweb login page. (note: gets overidden by older showlink_forget_pass surgeweb setting, see g_recover* settings)

Syntax: g_surgeweb_forgot_show bool

g_surgeweb_ics - Surgeweb email/calendaring integration (ie ics file processing and sending)

Enable surgeweb ICS handling smarts to allow calender invites to be replied to and to allow calender invites to be sent

Syntax: g_surgeweb_ics bool

g_surgeweb_idle_timeout - Idle timeout for surgeweb sessions (hours, default=48)

If no manual action is taken during this time the surgeweb session gets logged out

Syntax: g_surgeweb_idle_timeout int

g_surgeweb_logall - For requests matching g_surgeweb_debug also leave all webio & temp files - avoid

Netwin testing use only

Syntax: g_surgeweb_logall bool

g_surgeweb_path - Change surgeweb path

This setting has no further documentation currently available

Syntax: g_surgeweb_path string

g_surgeweb_process - Run surgeweb in it's own process (beta)

Intended to increase resilience

Syntax: g_surgeweb_process bool

g_surgeweb_remember_timeout - "Remember" timeout / max session length for surgeweb sessions (days, default=14)

Maximum time for Remember me and for single sessions

Syntax: g_surgeweb_remember_timeout int

g_surgeweb_restrict - Restrict surgeweb use to these accounts only

Allow surgeweb access to a matching set of email addresses

Syntax: g_surgeweb_restrict string

g_surgeweb_testing - NEVER USE

Not for general use

Syntax: g_surgeweb_testing bool

g_surgeweb_testrig - Disable session cache for testrig

This setting has no further documentation currently available

Syntax: g_surgeweb_testrig bool

g_surgeweb_work - Path to Surgeweb cache/work files

This is where Surgeweb stores it's temporary or working files, default I_G_HOME\surgeweb\work

Syntax: g_surgeweb_work string

g_tarpit_badrcpt - Delay rejection of bad recipients

Delay rejection of bad recipients (in seconds, default 4s).

Syntax: g_tarpit_badrcpt int

g_tarpit_blackhole - Reject email one recipient at a time to make spammers go away

If tarpit_blackhole is true then if it was going to drop the connection to that user. Instead it will keep it and let the user talk and try and send messages, but will reject all recipients, it only does this for a max of 200 channels, any more are dropped.

Syntax: g_tarpit_blackhole bool

g_tarpit_drop - Max recipients per hour from one IP

Drop link and ban for 1 hour if g_tarpit_max or g_max_bad_to has been exceeded.

Syntax: g_tarpit_drop bool

g_tarpit_hacker - Slow DOS attacks in some situations

This setting has no further documentation currently available

Syntax: g_tarpit_hacker bool

g_tarpit_max - Max number of local recipients per hour from one IP

If this limit is exceeded, the offending client is "tarpitted". This means the mail server starts pretending to go slowly. This is better than simply closing the connection as that will not stop the sending system from trying to reconnect rapidly or send to other systems rapidly, but tarpitting jams the sending system and limits the damage they can do to you and others. Cool huh? 

Unlike G_BOMB_MAX, the g_tarpit_max setting counts the total of all recipients to all addresses from this IP address.

A setting of about 200-10,000 is probably good but be careful with mailing lists it will break them. Use an exclusion for IP addresses of known mailing lists or set the limit higher than known mailing lists, eg: 2,000 is probably a good setting just to avoid disasters without disrupting many real users.

Use spam_allow ip.address.list to over-ride the limit for known systems (eg: mailing list servers) that would be exceed the limit.

Syntax: g_tarpit_max int

g_tarpit_max_remote - Max remote recipients from one IP

The maximum number of remote recipients before slowing down.

Syntax: g_tarpit_max_remote int

g_tarpit_retry - Send retry error, 450 if tarpit limits exceeded

This setting has no further documentation currently available

Syntax: g_tarpit_retry bool

g_tarpit_skip - Skip tarpit limit for these destination users or domains, e.g. *@xyz.com

This setting has no further documentation currently available

Syntax: g_tarpit_skip string

g_tarpit_skip_from - Skip tarpit limit for messages from these users e.g. *@xyz.com

This setting has no further documentation currently available

Syntax: g_tarpit_skip_from string

g_tcp_bf_size - Set tcpip snd/rcv buffer sizes, best left blank

This setting has no further documentation currently available

Syntax: g_tcp_bf_size int

g_tcp_proxy_ip - Enable TCP proxy protocol for specific address

Enables the tcp proxy protocol on new connections for this address for pop,imap,smtp.

Syntax: g_tcp_proxy_ip string

g_tcp_que_len - Length of listen queue for incoming connections

Default is 25 or 200 on windows, to reduce non paged pool on windows reduce to 20

Syntax: g_tcp_que_len int

g_tcp_read_timeout - Timeout in 'seconds' on POP connections (do not adjust)

Timeout in 'seconds' on POP connections, do not adjust. (default 600).

Syntax: g_tcp_read_timeout int

g_tellmail_ip - Tellmail IP restriction

Restrict remote tellmail commands to these IP addresses.

Syntax: g_tellmail_ip string

g_thread_log - Enable thread.log

This setting has no further documentation currently available

Syntax: g_thread_log bool

g_thread_max - Total maximum number of threads allowed

Total maximum number of threads allowed on this system. This should not normally be changed. If you do increase it start small, eg: 400 is a safe number on most systems. Generally if you need to increase it more than that then you have a performance problem that needs fixing and increasing it more is unlikely to be a good idea. On Linux if your thread_max setting is above 500 then you must modify surgemail_start.sh to increase the handle limit from 1024 to 2048 (at least twice the g_thread_max value). If you get crashes with 'handle_limit' recorded in the logs then it's likely that your operating system handle limit is too small for your g_thread_max setting. On Solaris you will need the 64 bit build of SurgeMail to increase this limit as the Solaris 32 bit 'c' libraries are limited to 256 file handles (I kid you not :-)

See FAQ section on session limits

Syntax: g_thread_max int

g_thread_max_restart - Crash and restart if max threads exceeded from local ip on smtp

This setting has no further documentation currently available

Syntax: g_thread_max_restart bool

g_thread_pool - Keep all threads in a common pool

This setting has no further documentation currently available

Syntax: g_thread_pool bool

g_thread_reuse_real2 - Thread reuse

If enabled the server will reuse existing threads instead of creating and destroying threads for each incoming/outgoing message. This has no affect on performance but does avoid a bug in some UNIX threading libraries which leak handles and cause problems if threads are not reused. Generally best disabled except on early Linux systems. 

Syntax: g_thread_reuse2 bool

g_thread_smooth - Throttle thread creation as max hit to reduce peaks

This setting has no further documentation currently available

Syntax: g_thread_smooth bool

g_thread_spinlock - Spin more before sleeping when waiting for mutex

This setting has no further documentation currently available

Syntax: g_thread_spinlock bool

g_timeout_try_later - If timeout while waiting for message to arrive tell other end to retry

This 'may' cause faulty servers to endlessly retry a message. But should be ok. Normally this sort of timeout is very rare but can be caused by faulty virus scanner so retrying won't always help

Syntax: g_timeout_try_later bool

g_timezone - Timezone text

Text to be placed in the timezone part of the date string. e.g. +1200 NZT 

Syntax: g_timezone string

g_timezone_force - Hours offset to local time, e.g. 5 (best left blank)

This setting has no further documentation currently available

Syntax: g_timezone_force string

g_tmalloc_log - write tmalloc.log for gd library memory access.

This forces all destination addresses to contain a domain name (breaks cron job emails on unix)

Syntax: g_tmalloc_log bool

g_to_valid - Require an @ and dotted domain in all dest addresses

This forces all destination addresses to contain a domain name (breaks cron job emails on unix)

Syntax: g_to_valid bool

g_tohost_local - Tohost entries to deliver locally

Authentication database tohost name entry to deliver locally. This setting only applies if g_proxy or g_route_by_tohost is enabled. This is useful to allow the configuration of multisite systems using g_route_tohost with a single shared authentication database.

Syntax: g_tohost_local string

g_token_httponly - Use httponly flag, stop scripts using token, may break attachments

This setting has no further documentation currently available

Syntax: g_token_httponly bool

g_token_secure - Use secure flag for surgeweb, stops http access to token, so requires https to work

This setting has no further documentation currently available

Syntax: g_token_secure bool

g_toscan_path - Path used for mime parts for virus scanner

The default is the toscan directory under the home path, using this setting can help sometimes if permissions are a problem

Syntax: g_toscan_path string

g_train_store - Number of messages to store in each spam training directory (1000-5000)

We recommend about 10000 - dont get carried away, more is not necessarily better!

Syntax: g_train_store int

g_twilio_from - Twilio SMS from phone number

This setting has no further documentation currently available

Syntax: g_twilio_from string

g_twilio_sid - Twilio account SID

This setting has no further documentation currently available

Syntax: g_twilio_sid string

g_twilio_token - Twilio account TOKEN

This setting has no further documentation currently available

Syntax: g_twilio_token string

g_uidl_big - Use random uidl if uidl not found

This can avoid uid collisions if uidl files are lost mysteriously

Syntax: g_uidl_big bool

g_unique_name - A unique name for this server

This name is used in place of the machine hostname in message filenames and thus friends confirmation message subjects

Syntax: g_unique_name string

g_url_alias - Allows translation from one URL to another

Allows translation from one URL or beginning of a URL to another. eg:

g_url_alias from="/cgi-bin/" to="/scripts/"

will cause the URL http://localhost:7025/cgi-bin/fred.cgi to reference the same file as http://localhost:7025/scripts/fred.cgi would have, the fred.cgi in the SurgeMail 'scripts' directory. The domain url_alias settings are checked before these, the first matching rule is used, settings are checked in the order specified.

Syntax: g_url_alias from=string to=string ports=string

g_url_enable - Enables widearea url database

Syntax: g_url_enable <true/false>

If set then SurgeMail fetches the url database and updates from netwinsite.com every few hours. Messages which contain matches will get a header X-SpamUrl:... which will be used in the spam score. Once enabled you will contribute to Netwin's central server and also download from their once every couple of days.
Additions to your isspam/notspam training addresses are also sent to netwinsite.com (just the url's for white list/blacklist)

Syntax: g_url_enable bool

g_url_host_noscan - Disable the scan for url_host settings matching the domain in an incoming web request

SurgeMail uses g_server_name and url_host settings to determine the default domain to select for web requests, this setting stops it using the url_host settings (which may be slow on systems with a large number of domains)

Syntax: g_url_host_noscan bool

g_url_master - Not for general use

Used by netwin to manage the master server. Sorry this doesn't allow you to run your own master.
Should be left blank

Syntax: g_url_master bool

g_url_master_to - Not for general use

Not for general use. Used by netwin for testing.

Syntax: g_url_master_to string

g_url_redirect - Sends http 301 redirect to tell browser resource has moved

Typical usage to move users from http to https automatically, e.g. g_url_redirect from="http://*/surgeweb" to="https://%1:7443/surgeweb" ports="80,7080"

Syntax: g_url_redirect from=string to=string ports=string

g_user_access - Allow / Restrict user access to features based on g_access_group

g_user_access group="wildcard" access="list"

This setting matches the g_access_group the user is in to the wildcard specified and applies the specified list to that user, giving / restricting thier access to certain features. The list may include any of the following:

Value Result
alias Access to the "Alias" page and features.
blog Access to the "Blogs" page and features.
centipaid Access to the "Centipaid" page and features.
delete Access to the "Delete" button, which deletes the email account.
enotify Access to the "Email Notification" page and features.
exceptions Access to the "Exceptions" page.
filter Access to filtering of messages. (g_filter_pipe, g_mfilter_file, g_dmail_filter)
friends Access to the "Friends" pages, and system.
fwd Access to the "Forwarding" features, forwarding, auto-responder.
fwdonly Access to the "Forwarding" features. Without this only the auto responder is shown on the forwarding page
lists Access to the "Lists" page and features.
log Access to the "Log" page.
mailbox Access to the "Mailbox" page, view mailbox, setup rules.
main Access to the "Main" page containing user details.
pass Access to the "Password" features, change password, password retrieval.
sms Access to the "Sms" page.
spam Access to the "Spam" page, and SmiteSpam and Aspam processing of messages.
spampriv Access to the "Spam" pages' spam private feature
spf Access to the "Spf" page and features.
surgeplus Able to connect to SurgeMail using the SurgePlus client.
virus Access to virus scanning of messages. (g_virus_cmd, g_virus_filter, g_virus_avast, g_scan_cmd)
webmail Access to the "WebMail" button which logs the user into WebMail.

In addition you can prefix any of the above with ! to deny access. There are two other special case values, "all" and "none" which mean exactly what they say, access to "all" or "none" of the features.

Example:

g_user_access group="simple" access="all,!spam,!virus"

The above setting gives users in the 'simple' group access to all the features except spam and virus features.

Syntax: g_user_access group=string access=string

g_user_access_always - Run spam and filter regardless of access UI settings

This setting has no further documentation currently available

Syntax: g_user_access_always bool

g_user_access_default - Default user features granted to users

This setting is a default access list for all users on the server, it is specified in the same maner as the g_user_access settings 'access' parameter. eg:

g_user_access_default "all,!spam,!virus"

Syntax: g_user_access_default string

g_user_access_from - When sending use from for useraccess rules

When sending a message the user access rules which are applied can be based on the 'from' header, this is not secure but is sometimes useful.

Syntax: g_user_access_from bool

g_user_access_webonly - Means user_access rules only stop web interface not actual spam checking etc

This setting has no further documentation currently available

Syntax: g_user_access_webonly bool

g_user_alias - Number of aliases accounts can create

This setting specifies the maximum number of account aliases an account (optionally in specified group) can create. The format of these aliases is specified in the file specified by the g_user_alias_file setting. eg.

g_user_alias quota="10" group=""
g_user_alias quota="20" group="grp1"
g_user_alias quota="30" group="grp2"

Syntax: g_user_alias group=string quota=int

g_user_alias_file - User aliases configuration file

This setting specifies the configuration file for user aliases. This file is in the following format:

domain alias_domain,access[,access]...

where domain is the domain name eg: email.com, alias_domain is the domain in which aliases can be created, and access specifies who is allowed to create these aliases, it can have one of the following values:

user Users can create these aliases.
domadmin Domain administrators can create these aliases.
admin The Administrator can create these aliases.
private Same as domadmin,admin. The Administrator and the Domain administrators can create these aliases.
public Same as user,domadmin,admin. Everyone can create these aliases.

Example alias.dat file:

email.com *.email.com,public
email.com sport.email.com,public
internal.email.com email.com,private
internal.email.com internal.email.com,admin

Syntax: g_user_alias_file string

g_user_blogs - Number of blogs accounts can create

Specifies blog limit based on user group.

Syntax: g_user_blogs group=string quota=int

Example: g_user_blogs group=premium quota=15

g_user_cookies - Enable browser cookies for user self management

Enable browser cookies for user self management.

Syntax: g_user_cookies bool

g_user_delete - Let users delete themselves

Enables the user delete button in the user self management page, assuming the use access rules also allow it

Syntax: g_user_delete bool

g_user_disable - Filename listing users to disable

This setting has no further documentation currently available

Syntax: g_user_disable string

g_user_domainlist - Show domains list on user pages

This setting decides who will see the drop-down list of domains on the user check, add, login, and management pages. It has three possible values: user, domadmin and admin. A value of 'user' allows everyone to see the list, 'domadmin' allows domain admins and the admin to see the list, and 'admin' allows only the admin to see the domains list.

Syntax: g_user_domainlist string

g_user_filter_early - Process user exceptions/filters before tagging message as spam

Causes the users exception rules to be processed before tagging the message as spam, meaning, if a rule matches to 'accept' a message, that message not to be tagged as spam.

Syntax: g_user_filter_early bool

g_user_friends_domain_log_disable - Disable domain level friend.log file

By default a friend.log file is written to each domain mailbox_path. This file is a collection of all users friends.log entries that rotates when it reaches 2mb in size.

Syntax: g_user_friends_domain_log_disable bool

g_user_friends_log_disable - Disable user level friend.log file

By default a friend.log file and 1 rotation is written for each user. Each log should only be approx 10k in size.

Syntax: g_user_friends_log_disable bool

g_user_hide_security - Hide user level security.log access

This setting has no further documentation currently available

Syntax: g_user_hide_security bool

g_user_list_quota - Number of mailing lists users can create

g_user_list_quota group="" quota="100"

This setting configures the number of mailing lists a user can create on this server. The group field is optional, specifying none effects all users globally, otherwise it matches this against the users access group. See also user_list_quota which can set quota per domain. Also the list_quota authent field can set quota per user.

Syntax: g_user_list_quota group=string quota=int

g_user_mail_view - Whether an admin/manager can view/display users inbox mail

This setting enables the 'view' links on the users mailbox page. These links will show the content of the users email. They also log the access to the users log file, identifying the IP from which the admin viewed the message.

Syntax: g_user_mail_view bool

g_user_mfilter - Local delivery Mfilter rules

Mfilter rules to run late in the delivery process after the email messages have become "user specirfic", In particular this allows filtering based on the output of g_user_pipe.

Syntax: g_user_mfilter string

g_user_pipe - Local delivery filter pipe

Pipe run on file just before delivery to user, $USER$ available on command line. This allows the message to be modified (also see g_filter_pipe).

Syntax: g_user_pipe string

g_user_receive_rule - Define valid source addresses for users in a group

This setting has no further documentation currently available

Syntax: g_user_receive_rule group=string from=string

g_user_report - Daily,Weekly,Monthly, emailed to managers of each domain

This setting has no further documentation currently available

Syntax: g_user_report string

g_user_send_all - Apply all g_user_send_rules that match

This setting has no further documentation currently available

Syntax: g_user_send_all bool

g_user_send_ip - Block any ip that sends more than this many emails per day

This does not apply to g_user_send_white addresses. This will also enable counting of sends for users using g_relay_window. Whitelist ip addresses with g_user_send_white setting. This limit is 'per day'

Syntax: g_user_send_ip int

g_user_send_rule - Define valid recipient addresses for users in a group (requires SMTP AUTH)

This rule allows you to define which domains users in the specified group can send email to.

g_user_send_rule group="wildcard" to="number"

If 'group' is set to '*' then it applies to users who are not in a group (see g_access_group), and/or whose group does not match another g_user_send_rule setting. The 'to' field contains a wildcard list of allowed email addresses.

Syntax: g_user_send_max group=string max=int

g_user_send_rule - Define valid recipient addresses for users in a group (requires SMTP AUTH)

Restricts to whom a user can send email, useful for students who may only be permitted to send to their own domain

Syntax: g_user_send_rule group=string to=string

g_user_send_warning - Warn manager if any user sends more than this many messages per day, e.g. 5000

This setting is useful to detect a spammer sending out bulk email from your system, this setting only applies to authenticated users, so someone who has figured out the password of one of your users (or a virus on their computer) or a registered user of some sort. If g_user_send_ip is defined then warnings will also be sent if an ip address exceeds this limit.

Syntax: g_user_send_warning int

g_user_send_white - No limit for these ip addresses/users

This is a white list for the ip and user send limits.

Syntax: g_user_send_white string

g_user_sms_quota - SMS quota

Number of SMS messages accounts can send.

Syntax: g_user_sms_quota group=string initial=int period=string

g_user_status_from - Send status with return address of the user

Adding a return address can assist with delivery in some situations

Syntax: g_user_status_from bool

g_user_status_fromhdr - Send status with return address of this

Adding a return address can assist with delivery in some situations

Syntax: g_user_status_fromhdr string

g_user_status_send - Number of days after which to send user status messages (0 = never)

When the user enables friends then this setting will send them a regular report on what is pending and what filter rules have done. User Spam report.

Syntax: g_user_status_send int

g_user_utoken_days - Length of time a user self management login token is valid

Length of time a user self management login token is valid for. Length of time a user self management cookie is valid for. After this time period the login token will stop allowing the user access and they will need to login again.

Syntax: g_user_utoken_days int

g_user_utoken_expire - Length of time a user self management login token is valid for

This setting has no further documentation currently available

Syntax: g_user_utoken_expire int

g_user_utoken_idle - Length of time a user self management login token may remain idle for

This setting has no further documentation currently available

Syntax: g_user_utoken_idle int

g_user_virus_scan - Allow users to enable / disable virus scanner for themselves

This setting adds a tickbox to the Spam page in user self administration that allows the user to enable and disable the virus scanner for them selves.

Syntax: g_user_virus_scan bool

g_utf8_case_insensitive - Use case insensitive compare for surgeweb and imap searches

This setting has no further documentation currently available

Syntax: g_utf8_case_insensitive bool

g_vanish_any_bounce - Vanish all bounces, requires g_vanish_bad_bounces

This setting will vanish spam pretending to be a bounce, it is possible it will vanish a real but badly formed bounce (badly formed as it contains no indication that it came from this server). Note: You MUST have g_vanish_bad_bounces true as well!

Syntax: g_vanish_any_bounce bool

g_vanish_bad_bounces - Vanish suspected spam bounces

Vanish suspected spam bounces (requires g_received_name).

Syntax: g_vanish_bad_bounces bool

g_vanish_relay - Vanish bad bounces before relaying email too

Requires g_vanish_bad_bounces too, and g_received_name must be set to something other than the email domain, e.g. bounces.your.domain

Syntax: g_vanish_relay bool

g_vanish_virus_bounces - Vanish suspected virus bounces (requires g_received_name)

This setting gets rid of most of those stupid virus bounces you get from emails you haven't sent. It works by checking incoming virus bounces for the received header that must exist if it was sent with your mail server. If the header is not found, the message is dropped. Recomended.

Syntax: g_vanish_virus_bounces bool

g_verify_helo - Verify helo name translates to same network as sending system.

Syntax: g_verify_helo "true/false"

It will skip this check for any trusted connection (smtp authenticated, or any ip it would allow to forward)

It adds this header:
X-Verify-Helo

It simply takes the helo name, and turns it into a number a.b.c.d, then it checks that the connection is coming from 'a.b.*.*'
if it isn't it adds a header saying as much.

Syntax: g_verify_helo bool

g_verify_image_hard - Use extra difficult human verification image (used in blogs)

This setting has no further documentation currently available

Syntax: g_verify_image_hard bool

g_verify_mx - Verify sender IP by MX

Verify MX records contain senders IP address (also see g_verify_mx_skip).

Syntax: g_verify_mx bool

g_verify_mx_skip - Skip verify sender IP by MX

Use to define incoming mail gateway IPs so the MX verify doesn't fail on them.

Syntax: g_verify_mx_skip string

g_verify_smtp2 - Verify we can talk back to the SMTP port on incoming ip address

This setting has no further documentation currently available

Syntax: g_verify_smtp2 bool

g_verify_timeout - Seconds to wait for SMTP response, default is 10 seconds

As the verification of incoming addresses is done while the message is arriving at the 'data' stage, it is critical that it not take more than 30-60 seconds or the sending server will give up and the message will be lost. Generally this setting should not be changed.

Syntax: g_verify_timeout int

g_vipre_enable - Enable vipre scanner on windows

Enable the vipre scanner module

Syntax: g_vipre_enable bool

g_virus_allow_unmonitorable - Allow unmonitorable content (avast antivirus)

By default messages that cannot be scanned (eg as they contain password protected archive files) are blocked by the avast virus scanner. This setting allows unmonitorable contect to be sent.

Syntax: g_virus_allow_unmonitorable bool

g_virus_avast_attachments - Only scan messages with suspect attachments (windows only currently)

This setting has no further documentation currently available

Syntax: g_virus_avast_attachments bool

Not recommended, now use the anti virus config page to configure surgemail to use your system scanner.

g_virus_avast - Set Avast update time

This is a string based setting that allows you to specify when Avast updates are attempted.

eg: to update at 12 midnight, 6am,12noon and 6 pm.

g_virus_avast_hour "0,6,12,18"

Syntax: g_virus_avast_hour int

g_virus_avast_old - Enable AVAST virus scanner integration, OBSOLETE, DO NOT USE

This setting has no further documentation currently available

Syntax: g_virus_avast_old bool

g_virus_cloud - Use cloud scanner, not recommended

Enables the cloud scanner for inbox delivered messages if clamav is in use, this does send samples to an external system for scanning so may not be appropriate in all situations. It should only be used on systems where 'clamav' is the primary scanner with less than 1000 users.

Syntax: g_virus_cloud bool

g_virus_cloud_wild - File types to cloud scan *.exe,*.com

Best left as default

Syntax: g_virus_cloud_wild string

g_virus_cmd - Command line virus checker to run on MIME parts

If defined the mail server will extract MIME parts in a multi part message and run the virus scanner over the extracted file. The command line can include $FILE$ which will be replaced with the actual file name of the extracted part. An intelligent cache is used so mailing lists, etc, will not require running the virus scanner on every message sent.  If you set this to "do_not_run" then SurgeMail will extract the MIME parts but not actually run any program, some virus scanners scan all files on the system so the file is deleted magically and SurgeMail will notice and bounce the message. If your scanner supports the returning of return codes if a virus is found then you should use g_virus_cmd_codes with this setting as this is more reliable than having to detect if a file is deleted and also means also will work on viruses in archives which a lot of scanners won't delete.

Syntax: g_virus_cmd string

g_virus_cmd_body - Scan raw msg file too

This setting has no further documentation currently available

Syntax: g_virus_cmd_body bool

g_virus_cmd_codes - Return codes to bounce message

Accept return codes from virus scanner as a confirmation that the scanned file is infected, eg: 1,2,3,4,5.

Lets SurgeMail check the return code from g_virus_cmd and if the code matches
one in the above setting assumes its a virus and bounces it.

g_virus_cmd_codes "10,12"

This would assume its a virus if the scanner returns return code 10 or 12 and then will bounce the message.

Syntax: g_virus_cmd_codes string

g_virus_cmd_drop - Drop silently instead of reject at data stage - not recommended

This should only be used when your front end server is not scanning for viruses and your back end server then rejects the message generating back scatter on the front end server.

Syntax: g_virus_cmd_drop bool

g_virus_cmd_email - Set if scanner can understand email message files

If this is set then then the scanner is responsible for extracting the mime parts of a message and scanning them

Syntax: g_virus_cmd_email bool

g_virus_cmd_log - Log stdout of virus command line scanner to vcmd.log

This setting has no further documentation currently available

Syntax: g_virus_cmd_log bool

g_virus_cmd_max - Maximum number of concurrent threads to use for scanning

Syntax: g_virus_cmd_max "number of threads"

This sets the maximum number of threads that be used for running the virus scanner set by g_virus_cmd. Some scanners can take a while to scan a message and if the server is very busy this can tie up many channels and drain the cpu slowing down the entire mail server. When the maximum has been reached any messages coming in will be passed on without being run through the scanner - although this is not the best, it's better than the mail server grinding to a halt.

 

Syntax: g_virus_cmd_max int

g_virus_cmd_nodel - Do not delete scanned files

Disables cleanup of scanned files, so you can test manually. The files are extracted to the "toscan" directory inside the SurgeMail directory. You should never normally need this on unless for debugging purposes.

Syntax: g_virus_cmd_nodel bool

g_virus_cmd_size - Max size of messages to scan

Useful to stop scanning of huge files, e.g. 1mb or bigger

Syntax: g_virus_cmd_size int

g_virus_cmd_sleep - Wait after g_virus_cmd incase delete is not immediate

Milli seconds to wait after g_virus_cmd incase delete is not immediate, eg: 500 = half a second.

Syntax: g_virus_cmd_sleep int

g_virus_cmd_test - Continue after virus found to compare scanners

This setting has no further documentation currently available

Syntax: g_virus_cmd_test bool

g_virus_debug3 - Testing virus scanners do not use

Do not use

Syntax: g_virus_debug3 bool

g_virus_disable_local - Disable scanning for local trusted users

Skip virus scanner for authenticated users and 127.0.0.1

Syntax: g_virus_disable_local bool

g_virus_disable_remote - Disable virus scans for non-local addresses

By default SurgeMail scans incoming messages from non-local senders, this disables that behaviour so scans will only occur if any recipient has virus scan access. You will probably need g_user_virus_scan true as well.

Syntax: g_virus_disable_remote bool

g_virus_filter - Virus checker or filter that takes commands on stdin and response on stdout

Virus filters use the following protocol the process is run continuously and sent on STDIN a command of the form, "nnn CHECK fullfilename envelopefilename\r\n" and in response it must send back is  "nnn OK|REJECT|ERROR reason text\r\n"

It can modify the file directly and then respond with 'ok', however if it does this it must maintain the crlf line terminated and dot stuffed nature of the file.

Here is an example test of a virus filter

		c:\surgemail> vfilter.exe
     	1 check c:\surgemail\work\a.itm c:\surgemail\work\a.hdr
     	1 REJECT Found something bad in that file
     	2 check c:\surgemail\work\a.itm c:\surgemail\work\a.hdr
     	2 OK send message along

a.hdr would contain:

		From: bob@domain.com
     	To: xyz@thisdomain.com
     	To: xyz3@thisdomain.com

Syntax: g_virus_filter cmd=string type=string

g_virus_filter_require - Require filter pipe

If any g_virus_filter pipe fails bounce messages rather than allow to continue.

Syntax: g_virus_filter_require bool

g_virus_fprot - Set F-PROT port for mail scanning

Typically set this to 11200

First install f-prot virus scanner, exact steps will vary depending on platform so follow your F-Prot install instructions, but as an example on Linux we did this:

cd /usr/local
gunzip DISTRIBUTION.tar.gz
tar -xvf DISTRIBUTION.tar
cd f-prot
./install-f-prot.pl
cd tools
# Now start mail scanner as user 'mail'
su mail -c"/usr/local/f-prot/tools/scan-mail.pl -server -daemon"
         

Your will also need to start the scanner as above in your startup scripts (e.g. rc.local)

Then lastly in surgemail.ini set

g_virus_fprot 11200

When a message is scanned a header X-Fprot: ... is added giving some informational status.

Syntax: g_virus_fprot int

g_virus_late - Run virus scan after most spam filter processing

This can reduce load on virus scanner which is often a slow process

Syntax: g_virus_late bool

g_virus_localhost - Don't skip virus checks for 127.0.0.1 originating emails

This setting should not normally be used, it will make it scan locally generated emails, dlist messages etc...

Syntax: g_virus_localhost bool

g_virus_recent_skip - Skip recent virus cache

Skip virus recent cache which attempts to speed up virus scanners.

Syntax: g_virus_recent_skip bool

g_virus_rename - Rename attached executables to prevent autorun

If enabled SurgeMail will rename dangerous executable files by replacing the '.' with an '_'. This will stop many autorun viruses. This is name

Syntax: g_virus_rename bool

g_virus_rename_skip - Skip rename for these from/to addresses

This setting has no further documentation currently available

Syntax: g_virus_rename_skip string

g_virus_rename_skipauth - Skip rename if user sending is authenticated local user

This setting has no further documentation currently available

Syntax: g_virus_rename_skipauth bool

g_virus_report - Report detected viruses to someone

Sends an email report to the specified address when a virus comes in.

Syntax: g_virus_report string

g_virus_report_all - Report every virus using g_virus_report

This setting has no further documentation currently available

Syntax: g_virus_report_all bool

g_virus_report_user - Report virus to recipients

This setting has no further documentation currently available

Syntax: g_virus_report_user bool

g_virus_restart - Restart vpipe virus scanners

Restart vpipe virus scanners every this many items.

Syntax: g_virus_restart int

g_virus_scanner_list - List of files to be virus scanned *.exe,*.bat,etc...

Use this to over-ride the default

Syntax: g_virus_scanner_list string

g_virus_simple - Enable internal simple virus scanner

This scanner simply blocks dangerous attachments, it's fast, and effective.

Syntax: g_virus_simple bool

g_virus_simple_list - List of dangerous file extensions, *.exe,*.bat,etc...

Use this setting to replace the default list

Syntax: g_virus_simple_list string

g_virus_simple_skip - Skip simple check for from/to addresses

This setting has no further documentation currently available

Syntax: g_virus_simple_skip string

g_virus_simple_skipauth - Skip simple virus if user sending is authenticated local user

This setting has no further documentation currently available

Syntax: g_virus_simple_skipauth bool

g_virus_simple_test - Compare with avast results

This scanner simply blocks dangerous attachments, it's fast, and effective.

Syntax: g_virus_simple_test bool

g_virus_simple_zip - Check zip files for executables and block

This can be used to stop many types of viruses

Syntax: g_virus_simple_zip bool

g_virus_skip - Skip virus scanner for matching from envelope

This setting has no further documentation currently available

Syntax: g_virus_skip string

g_virus_skip_ip - Skip virus scanner for matching ip addresses

This setting has no further documentation currently available

Syntax: g_virus_skip_ip string

g_virus_strangers - Use simple attachment filter for non friends, turn off g_virus_simple

This setting can stop zero hour attacks as it blocks any attachment that might be a virus if it's not from a friend

Syntax: g_virus_strangers bool

g_vpipe_concurrent - Concurrent requests to vpipe process

Concurrent requests to vpipe process, default is 7, set to 1 to debug vpipe issues

Syntax: g_vpipe_concurrent int

g_vpipe_fail_crash - Crash if vpipe fails

Crash SurgeMail if vpipe fails. This is for debugging purposes only.

Syntax: g_vpipe_fail_crash bool

g_vpipe_notag - Disable vpipe result headers

Disable headers showing vpipe results in messages.

Syntax: g_vpipe_notag bool

g_vpipe_skip - Skip virus filter checks per IP address

Disable virus and crc checking for known safe bulk mailers that would otherwise overload the server. This setting affects the virus checker.
Example: g_vpipe_skip "20.0.0.2"

Syntax: g_vpipe_skip string

g_vpipe_timeout - Timeout for firus filters (default 60s)

The timeout in second that SurgeMail will wait for a virus filter (defined by g_virus_filter) to complete. If after this time the virus filter has not responded the message will be let through and the following line logged in mail.log:

"Virus filter not responding, stuck on <msg file> allowing message through"

Syntax: g_vpipe_timeout int

g_warning_to - Addresses to treat as local and send warning bounces to

This may cause back scatter to use with caution

Syntax: g_warning_to string

g_web_access_grp - Restrict user groups to specific web ports

Specifies a user group or groups and a list of valid web ports for that group.

Syntax: g_web_access_grp group=string ports=string

g_web_access_ip - Restrict access to web ports based on ip

Specifies a list of ports and a wildcard list of valid ip addresses who can connect to those ports.

Syntax: g_web_access_ip ports=string ip=string

g_web_access_max - Maximum number of concurrent web logins for group

Specifies the maximum number of concurrent web logins for a certain group of users.

Syntax: g_web_access_max group=string max=int

g_web_add - Add http headers

This setting has no further documentation currently available

Syntax: g_web_add string

g_web_admin_max - Maximum number of concurrent web admin sessions

Web admin requests are recorded, the remote IP and local port are used to identify a particular session. This setting places a limit on the number of sessions at any one time.

Syntax: g_web_admin_max int

g_web_api_ip - Allow access to web based API for msg access

This setting has no further documentation currently available

Syntax: g_web_api_ip string

g_web_appsname - Apps url name on unified web interface

This setting has no further documentation currently available

Syntax: g_web_appsname string

g_web_appsroot - Apply apps interface at web root ie /

This setting has no further documentation currently available

Syntax: g_web_appsroot bool

g_web_charset - Charset for html pages

Sets the charset to use for each language i.e. e.g. iso-8859-1

Syntax: g_web_charset lang=string charset=string

g_web_check_host - Check host matches valid domain

This setting has no further documentation currently available

Syntax: g_web_check_host bool

g_web_force_doctype_first_disable - Disable webserver behaviour to force doctype definitions to be displayed first.

Comments displayed on the webpages (including template filenames), mean IE does not use the doctype definiton. Surgemail tries to display doctype first. This setting reverts to old behaviour.

Syntax: g_web_force_doctype_first_disable bool

g_web_forwarded_test - Fake the forwarded-for header

This setting has no further documentation currently available

Syntax: g_web_forwarded_test bool

g_web_forwarded_uselast - Use last address in multiple item forwarded-for header

This setting has no further documentation currently available

Syntax: g_web_forwarded_uselast bool

g_web_hide_source_names - Hide the name of the source template page in output web pages.

To aid tailoring each web page in the web admin shows it's own address so you can find it to modify it. Some admins consider this a security issue, or just a bit ugly, so use this setting to hide this information when you don't need it.

Syntax: g_web_hide_source_names bool

g_web_max - Max concurrent web connections, default is 100

This includes web admin, webmail etc...., The default limit should be sufficient for most systems. Although a limit of 10 would be tons for most systems we had to set the default high as this setting was added recently.

Syntax: g_web_max int

g_web_max_perip - Max concurrent web connections per-ip, default is 60

This includes web admin, webmail etc...., The default limit should be sufficient for most systems unless all your users are coming through a common proxy

Syntax: g_web_max_perip int

g_web_noserver - Disable Server header in http responses

Some security firms require this in order to hide the software application information

Syntax: g_web_noserver bool

g_web_old_behaviour - Revert to old style webserver behaviour

To pass various auditing tests admin interface no longer responds to arbitrary url. This restores old behaviour.

Syntax: g_web_old_behaviour bool

g_web_php_exe - Path to php.exe

Experimental support for php

Syntax: g_web_php_exe string

g_web_policy_always - Break surgeweb with web policy feature :-)

This setting has no further documentation currently available

Syntax: g_web_policy_always bool

g_web_policy_disable - Disable obscure web policy security headers

This setting has no further documentation currently available

Syntax: g_web_policy_disable bool

g_web_ref_path_extension - Path extension to add to web page image/css references.

This setting is used for caching purposes. See SurgeMail template caching for details

Syntax: g_web_ref_path_extension string

g_web_timeout - Timeout for web requests

Timeout for web requests, the default is 180 seconds, generally it should not be set below 61 seconds

Syntax: g_web_timeout int

g_web_title - Title to use on specified web page

This lets you customize the title of each management web page.

Syntax: g_web_title page=string title=string

g_web_trust_ip - Trust ip address from rev proxy web server X-Forwarded-For

This setting has no further documentation currently available

Syntax: g_web_trust_ip string

g_web_url_path - Url to path translation with access specifier

This lets you set up aliases and translations of urls partly based on the access rights of the user.

Syntax: g_web_url_path url=string path=string access=string

g_web_utf8 - Make sure all user.cgi handling is done in UTF8

Make sure user.cgi handlign is all done in UTF8 rather than paged character sets.

Syntax: g_web_utf8 bool

g_webdav_enable - Enable webdav access for users (do not use)

Enable 'webdav' features so users can store data, you must also define g_webdav_path

Syntax: g_webdav_enable bool

g_webdav_group - Only allow webdav if member of webdav access group

Require that users be members of the webdav group

Syntax: g_webdav_group bool

g_webdav_path - Root path for webdav storage

For example c:\surgemail\webdav

Syntax: g_webdav_path string

g_webdav_public - Enable non authenticated access to pub folder (readonly)

This setting enables the user to place web pages (static) up on their email account, the public url would be http://your.server/wd/username/pub/...

Syntax: g_webdav_public bool

g_webmail_limit - Maximum number of concurrent webmail requests

This should not generally be adjusted, it is simply a limit to prevent DOS attacks or overloading from web requests. A value of 10-300 would be reasonable. The default is 200

Syntax: g_webmail_limit int

g_webmail_popmode - Use POP3 instead of IMAP in WebMail.

This results in pophost being passed to webmails domain configuration file, surgehost.ini. If you change this setting you should delete surgehost.ini and run "tellmail surgehost_update" to rebuild it.

Syntax: g_webmail_popmode bool

g_webmail_port - WebMail port (default 7080)

This is the port that WebMail users should connect through (unless you want better security, then use the secure port and HTTPS protocol listed below) By default it is port 7080, but if you are not running a web server you probably want to change it or add port 80, eg:"7025,80" so that people can get to it with a URL like this: http://your.mail.server instead of http://your.mail.server:7080. Use the keyword 'disabled' to disable this part of the SurgeMail service.

Syntax: g_webmail_port int

g_webmail_save - Write surgehost.ini and other obsolete webmail config info

This setting enables writing the webmail surgehost.ini file, it is not needed generally unless your users keep using the old webmail (which they shouldn't)

Syntax: g_webmail_save bool

g_webmail_secret - Secret string used by webmail when sending the ip address of connecting users

This is used with webmail when you want surgemail access rules to apply to webmail users, webmail has a matching setting which makes it pass the ip address through

Syntax: g_webmail_secret string

g_webmail_secure_port - WebMail secure port (default 7443)

This is the port that WebMail users should connect through.. By default it is port 7443, but if you are not running a web server you probably want to change it or add port 443, eg:"443" so that people can get to it with a URL like this: https://your.mail.sever Instead of https://your.mail.server:7443. Use the keyword 'disabled' to disable this part of the SurgeMail service.

Syntax: g_webmail_secure_port int

g_webmail_select_domain - Send select_domain instead of host in webmail autologins

Recommended. This uses the select_domain method of auto-logins with WebMail, it often works where the old method fails.

Syntax: g_webmail_select_domain bool

g_webmail_timeout - Timeout for webmail or any cgi process (in seconds, default 360)

If he webmail cgi fails to respond this limits how long SurgeMail will wait before killing the process.

Syntax: g_webmail_timeout int

g_webmail_url - Url to the WebMail cgi

If WebMail is not in the default place and/or is not on the SurgeMail machine then this setting tells SurgeMail where it is so links to WebMail from SurgeMail function correctly.

Syntax: g_webmail_url string

g_webmail_urladd - Url data to append to WebMail auto-login link

This setting allows you to specify additional information and settings which are passed to WebMail when SurgeMail links to it.

Syntax: g_webmail_urladd string

g_webmail_useip - Use the ip address in g_webmail_port setting

By default it will use the same url as the user connects on which is generally better.

Syntax: g_webmail_useip bool

g_webmail_workarea - Path to WebMail workarea

If WebMail is not installed in the default location on this SurgeMail machine this setting tells SurgeMail where to find it.

Syntax: g_webmail_workarea string

g_winmail_fix - Replace winmail.dat with normal attachments, requires tnef installed first http://netwinsite.com/tnef.htm

First install tnef, on unix use: apt-get install tnef, on windows download tnef.exe from our website

Syntax: g_winmail_fix bool

g_winmail_reject - Rejects all winmail.dat files - this is a bit harsh

First install tnef, on unix use: apt-get install tnef, on windows download tnef.exe from our website

Syntax: g_winmail_reject bool

g_winmail_reject_send - Stops your own users sending winmail.dat files so they can fix their email client settings

First install tnef, on unix use: apt-get install tnef, on windows download tnef.exe from our website

Syntax: g_winmail_reject_send bool

g_work - Workarea Path

Work area for SurgeMail temporary work files.

Syntax: g_work string

g_xauthuser_hide - Hide X-Authenticated-User header

The header X-Authenticated-User is added to all local deliveries for users that login using SMTP authentication. This is the most reliable way to determine who actually sent this email. This setting will disable the addition of this header.

Syntax: g_xauthuser_hide bool

g_xfile_allow - IP address to allow xfile and WebMail features from

Allow xfile & web upload features for users. Set to '*' or the WebMail servers IP address.

Syntax: g_xfile_allow string

g_xrcpt_hide - Hide X-Rcpt header

The X-Rcpt header is added indicating which local account this message was delivered to. This setting will disable the addition of this header.

Syntax: g_xrcpt_hide bool

g_xrcptoriginal_hide - Hide X-Rcpt-Original header

The X-Rcpt header is added indicating which local account this message was delivered to. If the mail has been redirected for any reason the original delivery address is added as an X-Rcpt-Original header. This setting will disable the addition of this header.

Syntax: g_xrcptoriginal_hide bool

g_xserver_hide - Hide XServer header

This wil hide the X-Server header.

spamlist - Spam Filter Rules

These rules allow simple filtering of Email messages for common or repetitive spam message.  The form lets you specify whether a string is found in a specified header that all such messages be bounced or redirected.  This form will write or modify your mfilter.rul file to include an auto generated section which obeys the rules you have defined, e.g.
 

D:\>type   \surgemail\mfilter.rul
 # BEGIN_AUTO Generated section do NOT EDIT this bit
 if (isin("Subject","bad words")) accept "fred@remote.domain"
 if (isin("To","bad words")) accept "fred@remote.domain"
 # END_AUTO Generated section do NOT EDIT this bit

You can write much more complex rules yourself manually, see mfilter.htm for more details.

 

Syntax: g_xserver_hide bool