|
|
|
|
|
|
|
| |
|
|||||
| |
|
|
|
|
|
|
| |
||||||
Global settings
Note: Most 'matching' settings take wild card lists as parameters, for example "fred*" will match "freddy" and "Fred@bob". And "1.2.*,2.3.*" will match 1.2.4.4 and 2.3.99.100. Many settings will also accept a ! as a "not", and are processed from left to right. eg "!*,127.*,10.*" would first "deny all" then try and match on any 127.* or 10.* domains. Settings using ip's will take ranges also like 10.0.1-120.5 and also support CIDR notation eg 10.10.1.32/27.
You can read about CIDR notation here http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing and there is an online CIDR calculator here http://www.subnet-calculator.com/cidr.php.g_access_group - Access groups
Access rules defining groups of IP addresses with certain POP, IMAP and SMTP privileges. When a user is authenticated access is checked against group membership defined in the "mailaccess" field in the authentication database. See accounts for more information.
eg. this could allow you to charge webmail users for pop access privileges:
g_access_group group=paid_user access_pop=* access_imap=* access_smtp=*
g_access_group group=free_user access_pop=webmail.svr.ip access_imap=webmail.svr.ip access_smtp=webmail.svr.ipwith "Access type" set to "free_user" on accounts page or equivalently in nwauth authentication database:
marijn@mydomain.com:{ssha}tVANQo...:created="1060034937" mailaccess="free_user" ...To prevent webmail access for some users you would do this:
g_access_group_default "normal"
g_access_group group="normal" access_pop="*" access_imap=*" access_smtp="*"
g_access_group group="nowebmail" access_pop="*,!webmail.ip" access_imap="*,!webmail.ip" access_smtp="*"And put the users you want to limit in a group called 'nowebmail' e.g.
lookup fred@domain
+OK fred@domaing config 0 mailaccess="nowebmail"Syntax: g_access_group group=string access_pop=string access_imap=string access_smtp=string access_incoming=string
See also: g_user_alias, g_user_blogs, g_user_access, g_user_sms_quota, g_user_send_max, g_user_list_quota
g_access_group_default - Access group defaults
Access group defaults for users with no access groups set. (must be used in conjunction with g_access_group)
Syntax: g_access_group_default string
g_acctlog_authonly - Log sending usage based on authenticated accounts only and ignore "MAIL FROM" address - which may be fake!!
This setting has no further documentation currently available
Syntax: g_acctlog_authonly bool
g_acctlog_noaliases - Don't log redirection & aliases as sending mail as a result of redirection / forwarding (means you will not log account forwarding usage)
This setting has no further documentation currently available
Syntax: g_acctlog_noaliases bool
g_acctlog_sum_inactive - Summarise local accounts that have not logged in yet as not_loggedin_yet@domain.com
This setting has no further documentation currently available
Syntax: g_acctlog_sum_inactive bool
g_admin_access - Allow / Restrict domain admin access to features based on g_access_group
g_admin_access group="wildcard" access="list"
This setting matches the g_access_group the admin is in to the wildcard specified and applies the specified access list to that domain admin, giving / restricting thier access to certain features. The list may include any of the following:
Value Result alias Access to domain users "Alias" page and features. aspam Access to the "ASpam" page and features. blog Access to the "Blogs" page and features. bulletins Access to the "Bulletins" page and features. centipaid Access to domain users "Centipaid" page and features. enotify Access to domain users "Email Notification" page and features. exceptions Access to domain users "Exceptions" page. friends Access to domain users "Friends" pages, and system. fwd Access to domain users "Forwarding" features, forwarding, auto-responder. fwdonly Access to domain users "Forwarding" features, forwarding lists Access to the "Lists" page and features. log Access to domain users "Log" page. mailbox Access to domain users "Mailbox" page, view mailbox, setup rules. sms Access to domain users "Sms" page. spam Access to domain users "Spam" page, and SmiteSpam and Aspam processing of messages. spampriv Access to domain users "Spam" pages' spam private feature spf Access to domain users "Spf" page and features. usage Access to the "Usage" button, which shows a domain users usage. users Access to the "Users" page and features. redirect Access to the "Redirect" page and settings. redirect_cc Access to the "Redirect CC" page and settings. In addition you can prefix any of the above with ! to deny access. There are two other special case values, "all" and "none" which mean exactly what they say, access to "all" or "none" of the features.
Example:
g_admin_access group="simple" access="all,!users,!reports"
The above setting gives admins in the 'simple' group access to all the features except the users and reports features.
Syntax: g_admin_access group=string access=string
g_admin_access_default - Default features granted to domain admins
This setting is a default access list for all domain admins on the server, it is specified in the same maner as the g_admin_access settings 'access' parameter. eg:
g_user_access_default "all,!users,!reports"
Syntax: g_admin_access_default string
g_admin_guesses - Number of guesses allowed for admin.
Syntax: g_admin_guesses "number"
This sets the number of guesses allowed for the admin username/password. Once this has been reached the ip is banned.
Syntax: g_admin_guesses int
See also: g_admin_ip, g_admin_localhost, g_admin_access, g_admin_access_default, g_admin_utoken_expire, g_admin_utoken_idle
g_admin_ip - Admin IP access
Mask of valid IP addresses for admin users (default *), this is a security setting you can use to restrict remote web admin access to trusted IP addresses. One is always allowed to use manage SurgeMail using 127.0.0.1 regardless of whether this is explicitly specified.
eg. To restrict to local network as per net mask
g_admin_ip "10.0.0.*,10.1.2.*"Syntax: g_admin_ip string
g_admin_localhost - Allow localhost web admin without user/pass
Allows a localhost connection to access the web admin port without using the administrator username / password. This is good if you keep forgetting the admin password like I do.
Syntax: g_admin_localhost bool
See also: g_admin_ip, g_admin_guesses, g_admin_access, g_admin_access_default, g_admin_utoken_expire, g_admin_utoken_idle
g_admin_utoken_expire - Length of time a web admin session is valid for
This setting has no further documentation currently available
Syntax: g_admin_utoken_expire int
g_admin_utoken_idle - Length of time a web admin session may remain idle for
This setting has no further documentation currently available
Syntax: g_admin_utoken_idle int
g_allow_bodyless - Allow bodyless email
This will allow bodyless email to be accepted. These are usually spam. In particular Norton Antivirus in autoprotect mode closes the POP link which makes it appear that SurgeMail has terminated the connection when a bodyless email is encountered.
Syntax: g_allow_bodyless bool
g_allow_passzip_from - A list of addresses to allow unmonitorable archive messages to be sent from
These may of course contain viruses as they cannot be scanned, but some people still need to be able to accept such files.
Syntax: g_allow_passzip_from string
g_allow_passzip_to - A list of addresses to allow unmonitorable archive messages to be sent to
These may of course contain viruses as they cannot be scanned, but some people still need to be able to accept such files.
Syntax: g_allow_passzip_to string
g_allow_user_authent_field_get - A space separated list of authent process fields that users are allowed to view for themself using the POP xauthent_field_get command
This provides limited access to the user database for applications like webmail and surgeplus.
Syntax: g_allow_user_authent_field_get string
See also: g_webmail_limit, g_webmail_port, g_webmail_secure_port, g_webmail_timeout, g_webmail_useip, g_webmail_popmode, g_webmail_url, g_webmail_urladd, g_webmail_workarea, g_webmail_select_domain, g_webmail_secret
g_allow_user_authent_field_set - A space separated list of authent process fields that users are allowed to set for themself using the POP xauthent_field_set command
This provides limited access to the user database for applications like webmail and surgeplus.
Syntax: g_allow_user_authent_field_set string
See also: g_webmail_limit, g_webmail_port, g_webmail_secure_port, g_webmail_timeout, g_webmail_useip, g_webmail_popmode, g_webmail_url, g_webmail_urladd, g_webmail_workarea, g_webmail_select_domain, g_webmail_secret
g_archive - Archive delivered mail
Archive rules allowing all mail delivered to be archived to either:
- Fixed size rotating archive - use this if you want to be able to get back a particular message that has recently passed thorugh the server but you do not want the mail archives to be able to grow too large
- History archive of a fixed (or unlimited) duration that can grow as much as the disk space available. Use this if you need to archive say all mail sent to / from a particular customer for the last year.
The archive is stored as a directory containing bucket files. This allows you to retrieve messages that have been delivered if you need to retrieve a particular message for any reason. To retrieve a message this needs to be extracted manually from the archive files manually using a text editor or your own script. The maximum bucket size (default if 1Mb) of the archive and the maximum individual message size can be set.
Filtering is done based upon wildcard destination and source addresses and subject. These fields provide a logical AND, with a blanks filed matching the default "*". A specific email may match multiple archive rules, and will be archived in each archive in this case. Also note that if a match is part of a larger string the match string should have wildcards surrounding it. eg: to match "important business" in the subject "Very important business for you" you should specify "*important business*".
eg. To catch all email delivered from domain.com you would specify:
g_archive to="*" from="*@domain.com" subject="" path="c:\mailarchive" size="10mb" maxitem="10k"You can also select whether the archiving rule is triggered before or after any filtering that is applied such as virus or spam filtering using the early flag. This can be useful to capture the original source of viruses or spam for testing purposes.
Syntax: g_archive to=string from=string path=string subject=string size=string maxitem=string keep=string early=bool
g_archive_bucketsize - Size for archive bucket files. Default is 1mb
Sets the size of the archive buckets used by the circular archives. If set too large then editing the buckets manually is awkward.
Syntax: g_archive_bucketsize int
See also: g_archive, g_archive_early, g_archive_on_delete, g_archive_on_delete_dir, g_archive_files
g_archive_early - Apply all archive rules before content filtering is applied (obsolete)
This will apply the archive rules before content filtering is applied. This can be user to capture the source message if it is getting stored or bounced unnecessarily by any of the SurgeMail filters. The early flag on individual archive rules should be used instead of this setting.
Syntax: g_archive_early bool
g_archive_files - Archive attachments to a directory
Each message to the named account will have it's attachments removed and placed in the named directory. The path can contain the symbols $month$ $year$ $day$ $second$. The 'second' is only within this day. Together these variables can be used to ensure a unique path is used for each file if the names might conflict. Use g_redirect_cc to archive email going to an existing account because if you set 'to' equal to a real account then the real account will stop receiving messages!
Syntax: g_archive_files path=string to=string files=string
g_archive_on_delete - Don't delete user files, archive them to g_archive_on_delete_dir
When deleting a user, archive the users files in the g_archive_on_delete_dir archive directory.
Syntax: g_archive_on_delete bool
g_archive_on_delete_dir - Directory to archive user files to on delete
Directory to archive deleted users files to. Defaults to 'archive' in the SurgeMail installation folder.
Syntax: g_archive_on_delete_dir string
g_aspam_headers - Add aspam information messages to messages.
Adds informational aspam headers to all messages.
Syntax: g_aspam_headers bool
See also: g_aspam_need_ip
g_aspam_need_ip - Require good matches to match external ip address
This prevents poluted bad messages in aspam_good causing spam to bypass the filters, but reduces effectiveness of the notspam address.
Syntax: g_aspam_need_ip bool
See also: g_aspam_headers
g_assume_created_epoch - If user has no 'created' field assume they were created an arbitrarily large time in the past
This setting effect the g_disable_smtp_after and g_delete_user_after settings which, by default, ignore users who have not logged in and have no created field.
Syntax: g_assume_created_epoch bool
g_atrn_client - Define a rule for fetching email
This is the setting for clients to define to fetch mail from an upstream server. Typically this is done on the special port 366, to specify another port use host:port in the host setting. E.g. host="smtp.upstream.com:25"
Syntax: g_atrn_client domain=string user=string pass=string host=string
See also: g_atrn_server, g_atrn_port
g_atrn_port - Port to listen for 'atrn' (On Demand Relay) requests
See g_atrn_server for more details, the default is port 366, atrn is not obeyed on port 25
Syntax: g_atrn_port string
See also: g_atrn_server, g_atrn_client
g_atrn_server - On Demand Mail Relay settings to define user/pass for clients to fetch mail
This allows a client on a dynamic IP to connect and request mail for a specific domain after authenticating by using the ATRN command. Typically this is done on the special port 366
Syntax: g_atrn_server domain=string user=string pass=string
See also: g_atrn_client, g_atrn_port
g_auth_hide - Disable SMTP Authentication
Per default SMTP authentication is enabled. If a user matches this IP range/list they will NOT be shown the ESMTP extension for SMTP authentication. This will usually stop the mail client from prompting the user for authentication. We STRONGLY recommend you do NOT use this feature. It is much better to let users authenticate when sending email.
Syntax: g_auth_hide string
g_auth_norelay - Ignore SMTP auth for relaying purposes
This means relaying only occurs if g_relay_allow_ip matches
Syntax: g_auth_norelay bool
g_auth_skipgateway - Skip gateway rules if we get a proxy SMTP auth command
Skip gateway rules if we get a proxy SMTP auth command. This is not for general use. It can be used if you are using SurgeMail in front of another mail server with a wild card gateway to gateway all domains to a back end mail server. Then an authenticated user is a local user trying to send out so the gateway rules are ignored. (this is strongly not recommended)
Syntax: g_auth_skipgateway bool
g_authent_allow_badascii - Allow ascii chars outside the range 32 < 127
By default ascii characters < 32 and >= 127 are blocked as invalid. If you require these characters set this to TRUE.
Syntax: g_authent_allow_badascii bool
g_authent_always - Always lookup user, so virtual domains can exist just in authent module
Always lookup user, so virtual domains can exist just in authent module. This allows you to support 10,000 domains on one system without a 'huge' ini file. Be careful to not create/remove real domains with the same name as existing domains that only exist in the authent database as the 'drop files/inboxes' will move when this occurs and existing mail will vanish.
Syntax: g_authent_always bool
g_authent_cachebad - Cache life of failed authent lookups
Set the life in seconds that the cached failed lookups can be used, default 60 seconds. Best left alone unless your server is being hit by thousands of failed lookups and your authent module is slow.
Syntax: g_authent_cachebad int
g_authent_cachelife - Cache life of successful authent lookups
Set the life in seconds that successful cached lookups can be used, default 2 hours. Best left alone.
Syntax: g_authent_cachelife int
g_authent_cachesize - Size of the authent cache
Set the size of the authent cache, default is 500 entries. Generally best left alone.
Syntax: g_authent_cachesize int
g_authent_domain - Authent domain
If this is 'true', the virtual domain name is appended to the username before it is passed to the authent process. This lets the authent process deal with virtual domains. As a general rule, this should ALWAYS be true.
Syntax: g_authent_domain bool
g_authent_info - Authent info
Defines a piece of information to store about the user in the user database (phone number, name, address etc). Each piece of information is given a name, a field, an access mode, a default and a type. The name defines what appears in the web management display. The field is what is sent to the authent_process. The access mode can be one of the following: user, domadmin, or admin, createonly, none. The default is what value is assigned upon creation of a new user. The type can be one of: date, readonly, encrypt or any custom string which you want to check for or match on the na_details.htm page with a template function like: ||ifequal||user_info_type||custom|| .. do things .. ||endif||
An access mode of 'admin' means that only the system admin can see the information, 'domadmin' means the sysadmin and any domain admin can see the information, 'user' means the user can see the information, 'createonly' means the user sets the information at creation time but cannot see it after that and 'none' ensures that no-one can see or modify the information (used for information that is handled by SurgeMail itself, either through the interface or otherwise)
e.g. g_authent_info name="Phone Number" field="phone" access="user" default="" type=""See here for a complete list of default settings.
Syntax: g_authent_info name=string field=string access=string default=string type=string
g_authent_info_grp - Fields to show to users in this group
Specifies the authent fields this user group is allowed to see and change. This applies only to the fields visible on the account properties page and the domain admin "Users" page it cannot be used to prevent access to fields which are managed by the web interface i.e. 'fwd'
Syntax: g_authent_info_grp group=string fields=string tag=string
g_authent_ip - Authent Lookup IP numbers via authent modules - enables relaying
If enabled each connecting IP address will be looked up in your user database as x.x.x.x@ip eg: "127.0.0.1@ip" and if the user is found then relaying is allowed and if 'send_limit="nn"' is defined then that will set the tarpit send limit for that user.
For per IP tarpit limits to work you need to define the g_tarpit_max and g_tarpit_max_remote settings. And g_tarpit_drop to make the limit effective.
Syntax: g_authent_ip bool
g_authent_last_login - Store users last login time in the database
This setting will cause the authent field 'last_login' to be updated when a user logs in. The field is set to a timestamp which is 'the number of seconds since midnight January 1, 1970'. This field is updated 'at most' once every 24 hours. Other features i.e. delete_user_after and disable_smtp_after will look for this field.
Syntax: g_authent_last_login bool
g_authent_logall - Turns on logging of authent requests
If enabled, authentication requests are logged in mail.log as "<day> <time> Authent[<action> <info>]".
Syntax: g_authent_logall bool
g_authent_number - Authent number
The number of concurrent authent processes to run. If you are using a slow external authent module (e.g. sql) then it is probably worth running 3-4, there is no need to have more than 1 when using nwauth.exe. (Default = 1)
Syntax: g_authent_number int
g_authent_process - Authent process
The command line of a NetWin authentication module. You can use one of our standard modules for LDAP, ODBCAuth, MySQL etc or write your own. For more information on these modules see the authentication section of the manual .
This will typically be something like:
g_authent_process "E:\surgemail\nwauth.exe -path E:\surgemail"
or
g_authent_process "/usr/local/surgemail/nwauth -path /usr/local/surgemail"
Syntax: g_authent_process string
g_authent_restart - Cycle auth modules every 1000 lookups
This is useful if there are resource allocation issues in the authentication module. Eg OBDCAuth
Syntax: g_authent_restart bool
g_authent_single - Allow local users with a single quote char in their name
This let's users exist who contain the single quote ' character. It is not supported with some authent modules though, nwauth does allow it.
Syntax: g_authent_single bool
g_authent_strip_domain - Strip domain for authent lookups
Use when your database expects one 'primary' domain to do lookups without a domain name then SurgeMail will strip that domain only from lookups. Typically this is only necessary with old DMail authent modules.
Syntax: g_authent_strip_domain string
g_authent_timeout - Timeout for authent response
Timeout for authent response, default 60 seconds.
Syntax: g_authent_timeout int
g_autologin_file - File to use to share auto login information on NFS based cluster
This allows webmail to autologin when using an nfs based cluster and a load sharing device.
Syntax: g_autologin_file string
g_autologin_pop - Enables WebMail Autologin using POP when on another server
Webmail needs the ability to automatically login to SurgeMail to changes passwords etc. This setting will do this via an extension to the pop protocol allowing WebMail to autologin whilst running on another server. (Normally this is done using a temporary file)
Syntax: g_autologin_pop bool
g_bad_login_allow - Number of consecutive bad logins for a user before blocking that user
Number of consecutive bad logins for a user before blocking that user.
Syntax: g_bad_login_allow int
g_bad_login_ip_allow - Number of bad logins from an IP before blocking that IP
Number of bad logins from a single IP before blocking that IP.
Syntax: g_bad_login_ip_allow int
g_bad_login_ip_ignore - IP address(es) to ignore bad logins from
Use for webmail system or other local gateway to stop bad login counter from locking out all users.
Syntax: g_bad_login_ip_ignore string
See also: g_bad_login_mins, g_bad_login_allow, g_bad_login_ip_allow, g_badfrom_noip, g_badfrom_check, g_badfrom_stamp, g_badfrom_badmx, g_badfrom_from, g_badfrom_whitelist
g_bad_login_mins - Minutes to block login for, if consecutive bad ones received
Minutes to block login for, if consecutive g_badlogin_allow or g_badlogin_ip_allow bad logins received=.
Syntax: g_bad_login_mins int
g_badfrom_badmx - Drop message if this MX
If mx host is one of these addresses then drop the message, it's definitely spam (e.g. 127.*).
Syntax: g_badfrom_badmx string
g_badfrom_check - Check if 'from' envelope can be delivered to
If this is set to "true" then SurgeMail will connect back to the envelope 'from' address and check that the address is valid, a cache is used to improve performance, if it cannot connect then the message is bounced as probable spam. It's nicer to use the following setting "g_badfrom_stamp" as well, then if SurgeMail cannot connect back or the user is invalid then a header is added to indicate this, and our SmiteSpam rules will use this to increase the spam weighting.
You can use g_spam_allow to exempt an IP from this check as well as g_badfrom_whitelist for a domain. Please note that by default SurgeMail uses a blank mail from to do its check.
MAIL FROM: <>
Some servers might reject this, though they shouldn't because its a standard bounce, however if they do you can use g_badfrom_from to set a mail from address to be used for this check.Syntax: g_badfrom_check bool
g_badfrom_from - Mail from account for g_badfrom_check
From to use when doing the g_badfrom_check check, not normally needed, if set must be set to valid account.
Syntax: g_badfrom_from string
g_badfrom_noip - Check envelope from domain exists and is a valid IP number
Check envelope from domain exists and is a valid ip number, if not bounce message.
Syntax: g_badfrom_noip bool
g_badfrom_stamp - If 'g_badfrom_check' is bad then stamp a header on the message
g_badfrom_check must also be set to true. If this is set to "true" then SurgeMail will connect back to the envelope 'from' address and check that the address is valid, a cache is used to improve performance, if it cannot connect then a header is added to indicate this, and our SmiteSpam rules will use this to increase the spam weighting.
Syntax: g_badfrom_stamp bool
g_badfrom_whitelist - Whitelist of domains to skip from checks
Whitelist of "from" address domains to skip g_badfrom_* checks.
eg.
g_badfrom_whitelist "specialdomain.com"Syntax: g_badfrom_whitelist string
g_ban_blackhole - Leave connected but reject all recipients without looking them up
Leave connected but reject all recipients without looking them up. This is good of dealing with high volume spammers without wasting resources doing user lookups.
Syntax: g_ban_blackhole bool
g_ban_from - Ban any matching MAIL FROM: envelope
Same as 'ban_helo' but applies to the from (return address) part of the mail envelope. This is NOT the same as the from/sender header in the message itself!!! This equates to the 'Return-path:' header that the mail server adds.
Syntax: g_ban_from string
g_ban_helo - Ban any machine that gives a matching 'helo' string
This is a simple spam protection system to block known spam/problem users based on the 'helo' name they send to your system. This name is recorded in the 'received' header along with the IP address. This name is very easy to 'fake' so is not a high security level of protection, but it is simple for stopping stupid robots etc, that have gone insane.
Example: *junkmail.com
Syntax: g_ban_helo string
g_ban_rcpt - Ban any matching RCPT TO: envelope
Same as 'ban_helo' but applies to the recipient part of the envelope (destination users) this is NOT the same as the 'To:' header in the message itself!!! This can sometimes be used to block really simple spamming programs that always send to the same invalid users.
Syntax: g_ban_rcpt string
g_bank_debug - Log request to bank server
Use when trying to debug the g_bank_url post/response
Syntax: g_bank_debug bool
See also: g_bank_url, g_bank_user, g_bank_pass, g_bank_ok, g_bank_reason, g_bank_log, g_bank_group
g_bank_group - Create price groups with descriptions
See g_bank_url for details
Syntax: g_bank_group group=string price=string desc=string
See also: g_bank_url, g_bank_user, g_bank_pass, g_bank_ok, g_bank_reason, g_bank_log, g_bank_debug
g_bank_log - Log lines matching this in response.
See g_bank_url for details
Syntax: g_bank_log string
See also: g_bank_url, g_bank_user, g_bank_pass, g_bank_ok, g_bank_reason, g_bank_debug, g_bank_group
g_bank_ok - Find this in response, if found then charge was successful
See g_bank_url for details
Syntax: g_bank_ok string
See also: g_bank_url, g_bank_user, g_bank_pass, g_bank_reason, g_bank_log, g_bank_debug, g_bank_group
g_bank_pass - Password for authenticated web request to banks system
See g_bank_url for details
Syntax: g_bank_pass string
See also: g_bank_url, g_bank_user, g_bank_ok, g_bank_reason, g_bank_log, g_bank_debug, g_bank_group
g_bank_reason - This line is returned to user if it is found
See g_bank_url for details
Syntax: g_bank_reason string
See also: g_bank_url, g_bank_user, g_bank_pass, g_bank_ok, g_bank_log, g_bank_debug, g_bank_group
g_bank_url - URL to charge a credit card (experimental)
This allows automated monthly charging of users
Syntax: g_bank_url string
See also: g_bank_user, g_bank_pass, g_bank_ok, g_bank_reason, g_bank_log, g_bank_debug, g_bank_group
g_bank_user - Username for authenticated web request to banks system
See g_bank_url for details
Syntax: g_bank_user string
See also: g_bank_url, g_bank_pass, g_bank_ok, g_bank_reason, g_bank_log, g_bank_debug, g_bank_group
g_bind_byfromip - Bind outgoing SMTP connections to the specified IP based on the sender IP
This setting has no further documentation currently available
Syntax: g_bind_byfromip fromip=string bindip=string
g_bind_from - Bind outgoing SMTP connections based on 'from' envelope
Bind outgoing SMTP connections based on the IP of the virtual domain in 'from' envelope. This is only useful if you are using IP based virtual domains.
Syntax: g_bind_from bool
g_bind_incoming - Bind outgoing SMTP connections based on incoming ip address
So if the incomnig mail came in on interface address 1.2.3.4 then that same address is used to send the email
Syntax: g_bind_incoming bool
g_bind_out - Bind outgoing smtp connections to IP
Bind outgoing smtp connections to this IP number.
Syntax: g_bind_out string
g_black_above - Level for spam detection for g_black_count
Level for spam detection for blacklisting IP number e.g. 7.
Syntax: g_black_above int
g_black_count - Blacklist sender IP based on spam sent
Number of spam in a row before IP blacklisted for 30 minutes eg: 30 (default = disabled)
Syntax: g_black_count int
g_black_to - Blacklist sender IP based on catch addresses
Blacklist senders IP address for 30 minutes if they deliver to these spam catch email addresses.
eg. g_black_to "smith@mydomain.com,catcher@myotherdomain.com"
Syntax: g_black_to string
g_block_files - Block certain attachments
Allow you to block any mail with certain files attached.
g_block_files "*.exe,*.cmd,*.com"
Syntax: g_block_files string
See also: g_block_wild, g_block_skip, g_block_longok, g_debug_block
g_block_longok - If true allow long file names (more than 180 char)
By default files names over this length are ALWAYS blocked if g_block_files is used, in rare situations these are not just viruses attempting to get around the filter.
Syntax: g_block_longok bool
See also: g_block_wild, g_block_files, g_block_skip, g_debug_block
g_block_skip - From or To address to bypass g_block_files
Some users will need to send various attachments, these users are excempt to the g_block_files rule
Syntax: g_block_skip string
See also: g_block_wild, g_block_files, g_block_longok, g_debug_block
g_block_wild - Block wildcards in usernames
Block the '*' wildcard character in usernames.
Syntax: g_block_wild bool
g_blogs_allow_links - Allow users to post comments that contain urls
Due to widespread abuse of blogs this is not recommended.
Syntax: g_blogs_allow_links bool
g_blogs_cleanup_links - Delete existing posts that contain urls
This setting will help cleanup existing spam postings to your users blogs.
Syntax: g_blogs_cleanup_links bool
g_blogs_default_template - Default template set that is used by newly created blogs
This setting can have a value of the name of any directory in the SurgeMail blogtpl directory
Syntax: g_blogs_default_template string
g_blogs_domonly - Only list blogs in a users domain
By default all blogs in all domains are listed/shown to the user. This setting causes it to only list blogs in the users domain.
Syntax: g_blogs_domonly bool
g_blogs_enable - Surgemail blogs
Allow users to create blogs
Syntax: g_blogs_enable bool
g_blogs_image_optional - Allow users to specify if image verification is required for comments
By default image verification is now required, this prevents spammers from abusing the many 'test' blogs setup by your users.
Syntax: g_blogs_image_optional bool
g_blogs_max_per_user - Maximum number of blogs per user
Maximum number of blogs per user, default is 5
Syntax: g_blogs_max_per_user int
See also: blogs_max_per_user, g_user_blogs
g_blogs_maximum_image_size - Default maximum image size
Images larger than this (in largest dimension) that are posted to blogs are scaled down, default is 390, per blog setting can overide this.
Syntax: g_blogs_maximum_image_size int
g_blogs_maximum_image_width - Default maximum image width
Images larger than this that are posted to blogs are scaled down, default is 390, per blog setting can overide this.
Syntax: g_blogs_maximum_image_width int
g_blogs_maximum_items_in_top_page - Maximum number of items on the top blog page
Maximum number of post bodies to appear on a blog top page, default is 10
Syntax: g_blogs_maximum_items_in_top_page int
g_blogs_no_suffix - Shortens URL, url_blogs must be defined for each domain
This shortens http://a.com/blog/juggling to http:/a.com/juggling, but does require that you define a specific name for the blogs in the domain based url_blogs setting
Syntax: g_blogs_no_suffix bool
g_blogs_not_unique - Allow the same blog name in multiple domains
If set you can create different blogs with the same name in different virtual domains, this is not recommended.
Syntax: g_blogs_not_unique bool
g_blogs_ping - Sites to ping on each post
Host and path to ping on each blog post. eg: host=rpc.weblog.com path=/RPC2
Syntax: g_blogs_ping host=string path=string
g_blogs_sub_domain_prefix - Prefix to use instead of blogs. for blog subdomains. use ! to have no prefix.
Experimental feature do not use
Syntax: g_blogs_sub_domain_prefix string
g_blogs_use_sub_domains - Make blogs accessible at http://blog_name.domain/
If you're DNS entry supports it, turn on this setting to make blogs accessible at http://blog_name.blogs.domain/ instead of http://domain/blogs/blog_name
Syntax: g_blogs_use_sub_domains bool
g_body_filter - Enable user email body filtering
Allows the user to configure filters which filter the body of incoming messages
Syntax: g_body_filter bool
g_bomb_max - Max messages to a single address per hour
Simple system to prevent intentional or more likely, accidental mail loops or mail bombs where thousands of Emails are sent to a single user. A setting in the range of 100-1000 is generally good depending on your sensitivity to incorrectly blocking real mail. We suggest 1000 is a good setting if you are unsure.
This counts the messages from a single IP address to a single recipient. If a single IP sends more than this many messages to any single recipient then they will be tarpitted (slowed down and rejected).
Use spam_allow ip.address.list to over-ride the limit for known local systems that might exceed this limit (unlikely anything will).
Syntax: g_bomb_max int
g_bomb_max_from - Max msgs from a single email address/hour
Max msgs from a single email address/hour.
Syntax: g_bomb_max_from int
g_bounce_bind - Use a specific ip address for outgoing bounces
Some RBL sites blacklist machines for sending bounces, which is probably a good thing. But even with spf running your server may occasionally send a bounce to a forged address, and so you can use an alternate ip address for these bounces to avoid blacklisting your main mail server address. First you must assign the ip address to your network interface etc
Syntax: g_bounce_bind string
g_bounce_disable - Bounce Disable
Disable all bounces. This is particularly useful when under spam attack. This is for outgoing bounces it stops SurgeMail generating bounces it won't affect incomming bounces from other servers.
example:
g_bounce_disable "true"Syntax: g_bounce_disable bool
g_bounce_limit - Max size of bounce messages
Max size in bytes of message to send back as bounce message is truncated if necessary.
Syntax: g_bounce_limit int
g_bounce_nodrop - Enables locally generated bounces for non local users
This setting makes bounces occur normally, the reason bounces are normally dropped for non local users is that they are almost always spam bouncing off another server due to forwarding settings, and as such sending a bounce email will get your server black listed, so we decided it was best to drop them by default since they are rarely useful. Turn this setting on at your own risk :-). Instead use g_bounce_to to list domains that it is safe to bounce to.
Syntax: g_bounce_nodrop bool
g_bounce_redirect - Send all bounces to a local address
This can be used to avoid 'back scatter' which can get your server listed in various black listed sites. In general your server should not generate bounces so if you get lots you may find changing config settings can stop them. Note this only redirects bounces to non local recipients, so your users sending outgoing mail will still get their own bounce messages.
Syntax: g_bounce_redirect string
g_bounce_reject - Reject bounces by ip address from known dumb mail servers
Some mail servers (exchange) will accept email, then bounce it, this is now considered a 'crime' and will get your server black listed, so if you have surgemail running as a gateway for such servers you can tell it to reject any bounce that server is foolish enough to send you.
Syntax: g_bounce_reject string
g_bounce_some_stop - Disables locally generated bounces for partial message failure
This can decrease back scatter, but it has other bad effects, it can result in duplicate messasges arriving
Syntax: g_bounce_some_stop bool
g_bounce_suggest - Send bounces to postmaster if spf cannot be verified
This may help stop black listing for backscatter while still alerting the sending domain admin that one of their users emails to your server bounced, You can specify a template file suggest.eml if you don't like the default message suggesting the postmaster add spf records for their domain
Syntax: g_bounce_suggest bool
g_bounce_to - Domains to treat as local and send bounces to
This setting makes bounces occur normally, the reason bounces are normally dropped for non local users is that they are almost always spam bouncing off another server due to forwarding settings, and as such sending a bounce email will get your server black listed, so we decided it was best to drop them by default since they are rarely useful. Turn this setting on at your own risk :-). Instead use g_bounce_to to list domains that it is safe to bounce to. e.g. *@a.com,*@b.com
Syntax: g_bounce_to string
g_centipaid - see CentiPaid.htm
Authentication server and port for CentiPaid.
Syntax: g_centipaid string
g_cid_skip_to - Skip CID score, good for lawyers etc
Some users will trigger CID matches due to the nature of their business (accountants/lawyers) for these people you may want to list them here. CID is content matching, usually scams which often use legal language.
Syntax: g_cid_skip_to string
See also: g_spam_allow, g_spam_allow_disable, g_spam_allow_rbl, g_spam_allow_msg, g_spam_block_msg, g_spam_allow_known, g_spam_allow_recent, g_spam_autotrain, g_spam_block, g_spam_block_gateway, g_spam_check_auth, g_spam_content_disable, g_spam_body, g_spam_body_url, g_spam_body_more, g_spam_folders, g_spam_folders_show, g_spam_flag, g_spam_from_blacklist, g_spam_grey, g_spam_grey_classc, g_spam_grey_dflt, g_spam_grey_dflt_bad, g_spam_grey_verify, g_spam_grey_size, g_spam_grey_bounce, g_spam_grey_window, g_spam_grey_nofive, g_spam_grey_nseen, g_spam_grey_nohard, g_spam_subject, g_spam_subject_dom, g_spam_subject_gateway, g_spam_subject_word, g_spam_userconfig, g_spam_user_max, g_spam_user_skip, g_spam_bounce, g_spam_bounce_text, g_spam_bounce_all, g_spam_bounce_trusted, g_spam_cmd, g_spam_vanish, g_spam_vanish_all, g_spam_info_hide, g_spam_info, g_spam_internal, g_spam_noupdate, g_spam_notrain, g_spam_isspam_kind, g_spam_aspam, g_spam_poly, g_spam_poly_disable, g_spam_private, g_spam_url, g_spam_catcher, g_spam_char, g_spam_notspam, g_spam_hold_keep, g_spam_header_trust_ip, g_spam_share
g_comment - Management notes and comments about the server
This is a dummy setting that lets you store information in the ini file that will survive setting changes from the web admin tool.
Syntax: g_comment date=string name=string comment=string
g_con_perip - Connections per IP
Maximum number of connections allowed per IP address. Primarily this is used to prevent simple denial of service attacks where one user could otherwise use up all the channels your system can support and then do nothing with them.
Syntax: g_con_perip int
g_con_perip_except - Connections per IP exception
IP list of exception addresses to g_con_perip.
Syntax: g_con_perip_except string
g_con_persubnet - Maximum concurrent connections per subnet
Maximum number of concurrent connections per subnet. This limits concurrent connections from a sub net, great for automatically stopping professional spammers who use multiple addresses. A typical setting might be 20. Subnet is /24.
Syntax: g_con_persubnet int
g_convert_percent - Convert % signs top @ in recipient addresses
Some Spam tests send mail user%spamdomain.com@localdomain.com to see if a server is an open relay. If a default address is set up for the local domain this will be delivered to this local address and the test assumes the mail server is an open relay. This setting prevents this.
Syntax: g_convert_percent bool
g_create_allow - List of characters allowed in usernames/passwords
Defaults to A-Za-z0-9\-_. meaning usernames/password may contain letters, numbers, -, _ and . and nothing else.
Syntax: g_create_allow string
g_create_allow_pass - List of characters allowed in passwords
Settting overriding g_create_allow just for passwords.
Syntax: g_create_allow_pass string
g_create_apply - List of user groups to apply create_* settings for.
This setting allows you to apply create_* settings to domain admin accounts. Specify g_access_group names and domain admins in these groups will have create_* settings applied to them when adding users in the domain admin interface.
Syntax: g_create_apply string
g_create_badnames - List of illegal usernames
Comma separated list of illegal usernames, may contain wild cards, if username contains part of a non-wild card or matches a wildcard it is disallowed.
Syntax: g_create_badnames string
g_create_cleanup - Cleanup existing data before adding a user
This causes a delete to be actioned for a user before/as they are created. This ensures the new user does not end up with any files, on any mailing lists, with any aliases etc from a previous user of the same name/address. If you delete users from the authent database directly i.e. not using the surgemail web admin or calling 'tellmail delete_user' then this setting will cleanup the users files when their address is re-used.
Syntax: g_create_cleanup bool
g_create_dictionary - File containing dictionary words to compare passwords to
Text file containing one word per line, passwords are compared to all words longer than 4 characters in this file, if a username or password contains a word in this file it is not allowed. Only takes effect if g_create_strict is checked.
Syntax: g_create_dictionary string
g_create_pass_length - Limit the length of user passwords
This is applied during user self creation and when users change passwords. Set admin to true to restrict the domain and global admin also.
Syntax: g_create_pass_length min=int max=int admin=bool
g_create_record_ip - Causes surgemail to store ipnum in the authent database
This setting has no further documentation currently available
Syntax: g_create_record_ip bool
g_create_strict - Whether to apply strict rules to usernames/passwords
Checking this causes surgemail to check passwords do not contain words longer than 4 characters from g_create_dictionary as well as requiring the password to be 6+ characters, and usernames/passwords to contain more than 1 character.
Syntax: g_create_strict bool
g_create_user_length - Limit the length of usernames
This is applied during user self creation. Set admin to true to restrict the domain and global admin also.
Syntax: g_create_user_length min=int max=int admin=bool
g_dbabble_links - Add web links to DBabble from other web interfaces (and vice versa)
This causes links to appear in the DBabble interface to switch to using WebMail (and SurgePlus if you have the g_surgeplus_links setting on).
Syntax: g_dbabble_links bool
See also: g_dbabble_smtp_port, g_dbabble_smtp_prefix
g_dbabble_smtp_port - DBabble SMTP port (do not manually change this setting - it should be set from the DBabble section of the web admin interface only)
This setting specifies the port that DBabble listens on. DBabble looks at surgemail.ini and if it sees this setting, overrides it's own setting with this value. When you save changes to this setting from within the SurgeMail DBabble admin interface, SurgeMail automatically sets appropriate values for the g_redirect_iflocal and g_gateway settings.
Syntax: g_dbabble_smtp_port int
See also: g_dbabble_smtp_prefix, g_dbabble_links
g_dbabble_smtp_prefix - DBabble SMTP prefix (do not manually change this setting - it should be set from the DBabble section of the web admin interface only)
This setting is used in conjunction with the dbabble_smtp_port setting to forward all mail with the specified prefix on to DBabble.
Syntax: g_dbabble_smtp_prefix string
See also: g_dbabble_smtp_port, g_dbabble_links
g_debug_ini - Debugging, don't use this
This is a temp setting used for testing
Syntax: g_debug_ini bool
g_debug_vanished - Name of file to check for, if file vanishes, crash
This is for tracking a particular bug, not for general use
Syntax: g_debug_vanished string
g_delete_exclude - Field and value that excludes an account from g_delete_user_after
If the authent response includes this field/value pair then the user account will not expire
Syntax: g_delete_exclude field=string value=string
Example: field="noexpire" value="true"
See also: g_acctlog_authonly, g_authent_always, g_authent_allow_badascii, g_authent_prefix_sep, g_authent_process, g_authent_cachelife, g_authent_cachebad, g_authent_cachesize, g_authent_domain, g_authent_number, g_authent_info, g_authent_info_grp, g_authent_ip, g_authent_path_broken, g_authent_single, g_authent_strip_domain, g_authent_restart, g_authent_logall, g_authent_fwdfile, g_authent_timeout, g_authent_last_login, g_auth_hide, g_auth_norelay, g_auth_skipgateway
g_delete_user_after - Number of days an account can remain unread before it is deleted
DO NOT USE THIS SETTING IN A MIRROR/CLUSTER SETUP
Number of days an account can remain unread before it is deleted. This setting cannot be used on an authent_domain FALSE domain unless it has a prefix setting.
Syntax: g_delete_user_after int
g_delete_user_mode - Instead of deleting an unread account you can perform another action
DO NOT USE THIS SETTING IN A MIRROR/CLUSTER SETUP
You can set this to "file" or "suspend". "file" causes accounts to be written to the users_delete.rec file, which you can action by running "tellmail delete_user FILE" or "tellmail delete_user FILE users_delete.rec" (optionally specify the file). "suspend" causes accounts to be suspend, it does this by setting the field and value specified in the g_delete_user_suspend setting.
Syntax: g_delete_user_mode string
g_delete_user_suspend - If suspending an unread account set this field/value
DO NOT USE THIS SETTING IN A MIRROR/CLUSTER SETUP
Set the field and value to use when suspending an account due to g_delete_user_after and the g_delete_user_mode "suspend" settings.
Syntax: g_delete_user_suspend field=string value=string
g_deny - Deny users from some IP ranges
Block known spammers etc by IP address. You can use wild cards and 'not' signs, e.g. "!*,127.*,10.*"
Syntax: g_deny string
g_deny_msg - Deny message
Message to give to users who are disconnected due to the above 'deny' setting.
Syntax: g_deny_msg string
g_deny_smtp - Deny SMTP based on IP address
Block users from some IP ranges connecting to SMTP only.
Syntax: g_deny_smtp string
g_disable_exclude - Field and value that excludes an account from g_disable_smtp_after
If the authent response includes this field/value pair then the user account will not be disabled from receiving messages
Syntax: g_disable_exclude field=string value=string
Example: field="noexpire" value="true"
See also: g_disable_smtp_after
g_disable_skip - Ip address of senders to accept email from even if user account is disabled due to g_disable_smtp_after
Useful to ensure delivery for important company notices
Syntax: g_disable_skip string
g_disable_smtp_after - Number of days an account can remain unread before delivery is disabled
DO NOT USE THIS SETTING IN A MIRROR/CLUSTER SETUP
Number of days an account can remain unread before delivery is disabled.
Syntax: g_disable_smtp_after int
g_disable_surgeplus - Disable SurgePlus Calendar and File Sharing client
Disable users from logging in using the SurgePlus Calendar and File Sharing client. See SurgePlus
Syntax: g_disable_surgeplus bool
See also: old_xfile, xfile_url, disable_surgeplus, surgeplus_pop_server_name, surgeplus_smtp_server_name, g_xfile_allow, g_surgeplus_links, g_disable_surgeplus_updates, g_surgeplus_log_level, g_surgeplus_port, g_surgeplus_secure_port, g_surgeplus_web_port, g_surgeplus_web_url, g_surgeplus_hide_client_downloads, g_surgeplus_pop_server_name, g_surgeplus_smtp_server_name, g_surgeplus_delay_tell_upgrade, g_surgeplus_delay_tell_upgrade_exempt
g_disable_surgeplus_updates - Disable automated downloading of new versions of SurgePlus client from netwinsite.com
New versions of the SurgePlus client are automatically downloaded from netwinsite.com and made available for download form your server by your users. See SurgePlus
Syntax: g_disable_surgeplus_updates bool
See also: disable_surgeplus, g_disable_surgeplus, g_surgeplus_delay_tell_upgrade, g_surgeplus_delay_tell_upgrade_exempt
g_dlist_nostart - Disable dlist
If set disable (do not attempt to start) dlist for DMail compatibility mode..
Syntax: g_dlist_nostart bool
g_dlist_path - Path for dlist
DList Path normally defaults to $g_home/dlist.
Syntax: g_dlist_path string
g_dns_cache_size - Set size of forward dns cache, default 7000
Best not to change this normally
Syntax: g_dns_cache_size int
See also: g_dns_paranoid, g_dns_match_msg, g_dns_noptr, g_dns_noptr_skip, g_dns_noptr_msg, g_dns_nocache, g_dns_system, g_dns_host, g_dns_nlookup, g_dns_require, g_dns_translate, g_dns_old, g_dns_new, g_spf_dns_timeout
g_dns_host - DNS host(s) for MX lookups
This setting can normally be left blank as the mail server will find your system DNS settings. However, you can specify one or more DNS servers for the mail server to use instead to lookup names.
DNS lookups are cached to disk so SurgeMail will generally continue to work even if your dns server is temporarily unavailable.
Test your dns server with this command. If working it should return two ip addresses for that domain.
tellmail dns_test "netwinsite.com"Prior to SurgeMail 2.0h dns lookups were done using tcp instead of udp, they are now down with UDP unless the response exceeds UDP packet size (as per RFC).
NOTE: All dns servers listed in this setting must be fully recursive, a non recursive dns server will create many dns lookup failures!
Syntax: g_dns_host string
See also: g_dns_paranoid, g_dns_match_msg, g_dns_noptr, g_dns_noptr_skip, g_dns_noptr_msg, g_dns_nocache, g_dns_cache_size, g_dns_system, g_dns_nlookup, g_dns_require, g_dns_translate, g_dns_old, g_dns_new, g_spf_dns_timeout
g_dns_match_msg - Message for stamp or bounce if forward and reverse lookup don't match
The message given to the user when the forwar/reverse dns lookup doesn't match
Syntax: g_dns_match_msg string
Example: "Sorry your ip address doesn't translate into a name that translates into your ip address"
See also: g_dns_paranoid, g_dns_noptr, g_dns_noptr_skip, g_dns_noptr_msg, g_dns_nocache, g_dns_cache_size, g_dns_system, g_dns_host, g_dns_nlookup, g_dns_require, g_dns_translate, g_dns_old, g_dns_new, g_spf_dns_timeout
g_dns_nlookup - Concurrent MX lookups
Concurrent DNS lookups to send to DNS server (Default=20) (not used after version 2.0h)
Syntax: g_dns_nlookup int
See also: g_dns_paranoid, g_dns_match_msg, g_dns_noptr, g_dns_noptr_skip, g_dns_noptr_msg, g_dns_nocache, g_dns_cache_size, g_dns_system, g_dns_host, g_dns_require, g_dns_translate, g_dns_old, g_dns_new, g_spf_dns_timeout
g_dns_nocache - Disables DNS cache for spf lookups (20 minute life)
This setting disables the small cache used for SPF lookups to improve performance.
Syntax: g_dns_nocache bool
See also: g_dns_paranoid, g_dns_match_msg, g_dns_noptr, g_dns_noptr_skip, g_dns_noptr_msg, g_dns_cache_size, g_dns_system, g_dns_host, g_dns_nlookup, g_dns_require, g_dns_translate, g_dns_old, g_dns_new, g_spf_dns_timeout
g_dns_noptr - Set to reject or retry, for ip addresses with no reverse dns entry (rdns)
If the ip number of a connecting user has no associated name in the reverse dns database then the connection is rejected or told to retry later.
Syntax: g_dns_noptr string
Example: "retry"
See also: g_dns_paranoid, g_dns_match_msg, g_dns_noptr_skip, g_dns_noptr_msg, g_dns_nocache, g_dns_cache_size, g_dns_system, g_dns_host, g_dns_nlookup, g_dns_require, g_dns_translate, g_dns_old, g_dns_new, g_spf_dns_timeout
g_dns_noptr_msg - Message for stamp or bounce if DNS lookup fails on ip address
See short description.
Syntax: g_dns_noptr_msg string
See also: g_dns_paranoid, g_dns_match_msg, g_dns_noptr, g_dns_noptr_skip, g_dns_nocache, g_dns_cache_size, g_dns_system, g_dns_host, g_dns_nlookup, g_dns_require, g_dns_translate, g_dns_old, g_dns_new, g_spf_dns_timeout
g_dns_noptr_skip - Skip RDNS for these ip addresses
This is an over-ride for local addresses which you trust.
Syntax: g_dns_noptr_skip string
Example: "retry"
See also: g_dns_paranoid, g_dns_match_msg, g_dns_noptr, g_dns_noptr_msg, g_dns_nocache, g_dns_cache_size, g_dns_system, g_dns_host, g_dns_nlookup, g_dns_require, g_dns_translate, g_dns_old, g_dns_new, g_spf_dns_timeout
g_dns_paranoid - Compare sender forward and reverse dns lookup and see if they match
Does a forward DNS lookup on the sender's domain and matches this with a reverse lookup of the senders IP address. If these do not match the message is either bounced or stamped with the header "X-DNS-Paranoid: <explanation>". Valid values for this field are "STAMP","RETRY" and "REJECT".
STAMP = Add the X-DNS-Paranoid header if it fails
RETRY = Bounce the message with a 450 error. (so if the failure was temporary the sending server will retry)
REJECT = Bounce the message with a 550 error
Set g_dns_lookup_msg or g_dns_match_msg to define the reject/stamp strings respectively.
g_dns_require - Require reverse DNS names match
Require MAIL FROM header to match the reverse dns lookup based of the sender based on the sender's IP.
eg. from=*@hotmail.com hosts=*hotmail.com
Syntax: g_dns_paranoid string
See also: g_dns_match_msg, g_dns_noptr, g_dns_noptr_skip, g_dns_noptr_msg, g_dns_nocache, g_dns_cache_size, g_dns_system, g_dns_host, g_dns_nlookup, g_dns_require, g_dns_translate, g_dns_old, g_dns_new, g_spf_dns_timeout
g_dns_require - Require MAIL FROM header matches senders ip reverse dns
This setting predates SPF which does the same sort of thing on a grander scale, no longer needed.
Syntax: g_dns_require from=string hosts=string
Example: from=*@hotmail.com hosts=*hotmail.com
See also: g_dns_paranoid, g_dns_match_msg, g_dns_noptr, g_dns_noptr_skip, g_dns_noptr_msg, g_dns_nocache, g_dns_cache_size, g_dns_system, g_dns_host, g_dns_nlookup, g_dns_translate, g_dns_old, g_dns_new, g_spf_dns_timeout
g_dns_system - Use system code to do reverse lookups
If all channels hang in a state 'lookup' then turn this on so it will use the surgemail code for reverse dns lookups. This setting used to be g_dns_lookup and had the opposite meaning, we reversed it because the system dns code was faulty so often
Syntax: g_dns_system bool
See also: g_dns_paranoid, g_dns_match_msg, g_dns_noptr, g_dns_noptr_skip, g_dns_noptr_msg, g_dns_nocache, g_dns_cache_size, g_dns_host, g_dns_nlookup, g_dns_require, g_dns_translate, g_dns_old, g_dns_new, g_spf_dns_timeout
g_dns_translate - If mx response is x.x.x.x translate to y.y.y.y:port
Useful for translating ip numbers inside a local intranet and doing other fancy routing of various sorts.
Syntax: g_dns_translate from=string to=string
See also: g_dns_paranoid, g_dns_match_msg, g_dns_noptr, g_dns_noptr_skip, g_dns_noptr_msg, g_dns_nocache, g_dns_cache_size, g_dns_system, g_dns_host, g_dns_nlookup, g_dns_require, g_dns_old, g_dns_new, g_spf_dns_timeout
g_domadmin_utoken_expire - Length of time a domain admin login token is valid for
This setting has no further documentation currently available
Syntax: g_domadmin_utoken_expire int
g_domadmin_utoken_idle - Length of time a domain admin login token may remain idle for
This setting has no further documentation currently available
Syntax: g_domadmin_utoken_idle int
g_domain_default - Default domain when POP/IMAP user does not specify one
This is probably not what you think it is, generally the 'first' domain in surgemail.ini is used in this situation, but in some instances, when using domuser.dat for example to translate users back to virtual domains, you will want the default domain to be a 'generic' made up domain that doesn't really exist.
For example lets say you have users fred@a.com, bob@b.com, then in domusers.dat you have
fred@a.com fred@a.com
bob@b.com bob@b.com
bob@xxx bob@b.com
fred@xxx fred@a.comAnd the result is that users who login to pop as bob or fred, will be correctly mapped to the correct virtual domain user even though the actual domain is different in those two cases.
Clear as mud I expect?
Syntax: g_domain_default string
g_domain_list_max - Maximum number of domains to list at once
Maximum number of domains to list at once in the admin user interface.
Syntax: g_domain_list_max int
g_domain_separator - Separator characters for virtual POP
For POP logins where your virtual domain is NOT distinguished by IP address users can login with 'user@domain' or user/domain.name etc and the mail server will pickup the domain name correctly. By default only 'user@domain.name' is accepted unless this setting is used which can be useful for brain dead mail clients which don't allow the user to specify 'user@domain.name' as the username eg:
g_domain_separator "/"
Syntax: g_domain_separator string
g_domainkeys_check - Check incoming DomainKeys signatures (beta may be unstable)
See domainkeys.htm
Syntax: g_domainkeys_check bool
g_domainkeys_headers - List which headers to sign
This will help get the message through gateways without breaking the signature, try a single header, e.g. from
Syntax: g_domainkeys_headers string
g_domainkeys_only - Domains to sign for outgoing email
Normally all local domains are signed, but if this setting exists then it is used instead so you must list local domains as well as non local ones you want to sign messages for. G_domainkeys_sign must also be set to true!
Syntax: g_domainkeys_only string
g_domainkeys_selector - Policy name for your server (used creating dns entry for domainkeys)
This defines the dns entry name for your policy record and public key entry in your dns. See domainkeys.htm for details
Syntax: g_domainkeys_selector string
g_domainkeys_sign - Sign outgoing messages (create a key first using web admin)
To turn off domainkeys for some domains see the per domain setting, domainkeys_disable. See domainkeys.htm for more info.
Syntax: g_domainkeys_sign bool
g_domuser_file - Domain users to thousands of virtual domains easily
Specifies a file which contains lines that translate an email address to the username that should be looked up in the database. This file can contain a domain name not previously specified in surgemail.ini allowing you to create unique sub-domain addresses. eg:
g_domuser_file "c:\surgemail\domuser.dat"
Example entries...
*@domain.com postmaster@domain.com
userA@domain.com userB@domain.com
firstname@lastname.domain.com firstname@lastname.domain.comSyntax: g_domuser_file string
g_dotlock_minutes - NFS lock waits
Minutes to wait for nfs lock file, default 20 minutes.
Syntax: g_dotlock_minutes int
g_dotstuff_fix - Convert the way mail is stored on disk from dotstuffed to non dot stuffed (beta)
In the dotstuffed format any attachments that have content (in encoded format) starting with a . get corrupted, as all single '.' characters at the start of a line are converted to '..'. This is only very seldomly an issue as encoded text doesn't usually have . characters. This feature can only be enabled and still need furhter production level testing to make sure there are no side effects... so if you play with it consider yourself adequately warned :-)
Syntax: g_dotstuff_fix bool
g_download - Fetch an http file and do an ini reload
Can be used with g_include to have settings fetched from a central location, the file is fetched once an hour.
Syntax: g_download url=string user=string pass=string local=string
g_drop_use_len - Use the content-len header for drop file processing
For use on Solaris when using sendmail for incoming mail delivery.
Syntax: g_drop_use_len bool
g_dsn_enable - Enable DSN (Delivery Status Notification) esmtp extension.
Not recommended. Delivery Status Notification is used by spammers to find addresses to spam to.
Syntax: g_dsn_enable bool
See also: g_dsn_nofinal
g_dsn_nofinal - Try not to show real final recepients but just original recipients
This setting helps hide internal addresses in bounce messages (after forwarding etc). Not recommended.
Syntax: g_dsn_nofinal bool
See also: g_dsn_enable
g_ehlo_simple - Ip addresses to give simple ehlo respone to
This is a debugging setting, do not use.
Syntax: g_ehlo_simple string
g_encrypt_key - Encryption key for ccnumber auth field
Not for general use currently, used to partially obscure credit card info when stored in the authent module.
Syntax: g_encrypt_key string
g_enotify_from - From address to use in email notification messages
This setting has no further documentation currently available
Syntax: g_enotify_from string
g_eof_fix_off - Turns off auto stripping of control+Z
These characters can break some mail clients and should not appear in normal emails
Syntax: g_eof_fix_off bool
g_expire_silent - Don't send users emails telling them what was expired.
Some users get upset when they find messages have expired, this setting makes the expiration silent so the users don't even notice. I think this is a bit nuts myself but some admins prefer it
Syntax: g_expire_silent bool
See also: expire_age, expire_size, expire_rule, g_expire_trash, g_expire_warning, g_user_utoken_expire, g_admin_utoken_expire, g_domadmin_utoken_expire
g_expire_trash - Expire any messages found in trash folders
Expires any messages more than 7 days old found in the 'trash' folder.
Syntax: g_expire_trash bool
See also: expire_age, expire_size, expire_rule, g_expire_silent, g_expire_warning, g_user_utoken_expire, g_admin_utoken_expire, g_domadmin_utoken_expire
g_expire_warning - Give warning 'n' days before deleting each file (not implemented)
This will help warn users before a file is actually deleted.
Syntax: g_expire_warning int
See also: expire_age, expire_size, expire_rule, g_expire_trash, g_expire_silent, g_user_utoken_expire, g_admin_utoken_expire, g_domadmin_utoken_expire
g_external_ip_disable - Disable adding of external IP to message headers
As subject says :-)
Syntax: g_external_ip_disable bool
g_fallback - Fallback address
Default address for all local domains. If a local delivery is not to any valid user Emails will be delivered to this address. There is also a per domain default.
We want to stress that this is a dangerous setting, you use at your own peril.
Spammers will turn up to your server and test sending to accounts, they will just run through a dictionary of names, with a fallback setting you will be telling the spammer that all these accounts exist. The spammer will then deliver spam to these addresses in volumes that can cripple a server almost.Syntax: g_fallback string
g_fallback_relay_if_exists - Use FALLBACK_RELAY if not logged in but user exists (OLD_POPHOST_CREATEUSER_DISABLE)
This can be used to relay users where you have a user database that can be checked on the front end system directly (odbcauth, tcpauth, etc)
Syntax: g_fallback_relay_if_exists bool
See also: surgewall, surgewall_auth, surgewall_options, surgewall_capa_local, g_surgewall_split
g_filter_max - Max size of messages to send through the filter pipe
Messages over this size (in bytes) are skipped. default = no limit
Syntax: g_filter_max int
g_filter_n - Number of filters to run simultaneously
Default is 20, when this limit is reached the incoming thread waits a few seconds then skips the filter if necessary, this is intended to prevent a log jam/melt down effect.
Syntax: g_filter_n int
g_filter_pipe - Filter pipe allowing external message processing
This allows external applications to filter and modify incoming messages. Example: Integration with Spam Assassin (on UNIX) could be achieved as follows:
g_filter_pipe "/usr/local/bin/spamassassin -P"
it expects a normal unix 'filter' so, read the message on 'stdin' and write the identical (or modified) message to 'stdout'.
The input will be 'crlf' terminated and so should the output file.
That's all you can do with this mechanism, if you want to bounce the message or flag it as spam you 'add' a header and then use something in surgemail to detect and act on the header you've added (mfilter)
Syntax: g_filter_pipe string
g_filter_pipe_skip - Skip filter if ip matches this
Set this for local servers that don't need filtering, e.g. mailing list servers, local trusted robots.
Syntax: g_filter_pipe_skip string
g_filter_timeout - Filter pipe timeout
Filter timeout (g_filter_pipe) in seconds, default is 360.
Syntax: g_filter_timeout int
g_fix_crcrlf - Fix email messages containing crcrlf for line termination
This is best not used, it's best to fix the faulty email application, results are not gauranteed.
Syntax: g_fix_crcrlf bool
g_fix_imap_lf - During IMAP import fix email messages containing lf
This is best not used, it's best to fix the faulty email server, results are not gauranteed.
Syntax: g_fix_imap_lf bool
g_footer_file - Footer file
Footer file which is appended to all plain text mail messages.
Syntax: g_footer_file string
g_footer_html - Footer file (HTML mail)
Footer file which is appended to all HTML mail messages.
Syntax: g_footer_html string
g_footer_send - Footer file (outbound only)
Plain text footer file which is appended to all outbound mail messages only.
Syntax: g_footer_send string
g_footer_sendonly - Enable outbound footer
Add g_footer_send to all messages when sending to non local users.
Syntax: g_footer_sendonly bool
g_footer_skip - Skip footers for these users
This skips the footer for matching users (e.g. cell phones etc)
Syntax: g_footer_skip string
g_forward_attach - When late forwarding send as attachment to these domains
Useful with hotmail.com, aol.com etc so that forwarded messages are not mistaken for spam
Syntax: g_forward_attach string
g_forward_illegal - Prevents users setting forward rules to certain addresses
Syntax: g_forward_illegal to="address" apply="user type "
This setting allows you to specify some addresses as being illegal for certain users. This stops users setting up forwarding rules to these addresses. They can still send mail to these addresses manually with their email client. These rules _ONLY_ apply to non local domains.
Some examples:
If you want to stop your users setting up forward rules that redirect to aol.com.
g_forward_illegal to="*@aol.com" apply="user"If you want to stop your users setting a forward to all domains except aol.com
g_forward_illegal to="*,!*@aol.com" apply="user"Stop domain admins sending to aol.com
g_forward_illegal to="*@aol.com" apply="domadmin"Stop admins sending to netwinsite.com
g_forward_illegal to="*@netwinsite.com" apply="admin"Syntax: g_forward_illegal to=string apply=string
g_forward_oops - Internal testing setting, not for general use sorry
Testing setting, please do not use.
Syntax: g_forward_oops string
g_friends_always - Always use fr