SurgeMail Configuration Settings Overview

This page is an automatically generated top level overview of all the surgemail settings.

Domain Specific Settings

abook - Define surgeweb shared address books for this domain
access_group_default - Default group to place users in
admin_access_default - Default admin features granted to domain admins in this domain
alias_file - Alias translation file for this domain, unix format
alias_max - Maximum number of aliases for this domain
assume_created_epoch - If user has no 'created' field assume they were created an arbitrarily large time in the past
blogs_max_per_user - Number of blogs each account can create
broad_sync - Broadsoft Sync Enable
centipaid - Enable CentiPaid feature for matching accounts
class - Define class of user for following commands to apply to
comment - Management notes and comments about the domain
create_block - Block new users from this ip
create_cleanup - Cleanup existing data before adding a user
create_delete_days - Number of days a disabled new account remains before deletion
create_disable_days - Number of days new accounts remain active for
create_image - Use verification image on signups
create_linkto - Link to redirect to after successful live account creation
create_max - Maximum signups from ip in time period
create_repass - Users must enter their password twice on creation
create_reqd - Required fields for new users, e.g. (phone,age)
create_subdomain - Allow users to have their own subdomain - NO LONGER SUPPORTED
create_tpl_dir - Relative directory (from /web) where 'netauth' pages are stored
create_user - Method for adding new users
delete_user_after - Number of days an account can remain unread before it is deleted
disable_smtp_after - Number of days an account can remain unread before delivery is disabled
disable_surgeplus - Disable SurgePlus Calendar/File Sharing
dmail_bin_path - Path for dmail bin files to automatically convert delivered mail
dmail_deliver - Deliver messages into dmail drop directories (not supported)
dmail_drop_path - Path for dmail / sendmail style drop files to automatically convert delivered mail
dmail_drop_prefix - Whether prefix is used on drop file names
dmail_hash - Hashing scheme used by dmail_drop_path and dmail_bin_path
dmail_skip_imap - Skip conversion of old imap *.mbx folders
encrypt_ifnew - Allow surgeweb ifnew options
encrypt_limit - Max encrypted msgs per user per day
encrypt_limitsz - Max size of encrypted msgs per user per day
encrypt_noconfirm - Disable confirmation for encrypted messages
encrypt_rule - Matches will be encrypted when sent
encrypt_smart - Encrypt smart features enabled for this domain
encrypt_subject - Subject when encrypted message sent - default is original subject
encrypt_surgeweb_hide - Hide lock icon on surgeweb
encrypt_token - This setting is not used, instead use smart and ifnew settings
enotify_from - From address to use in email notification messages
expire_age - Expire inbox mail older than (days) CAUTION!
expire_rule - Expire rules for specific folders, age is in days - Caution!
expire_size - and larger than this
fallback - Default address for this domain, NOT RECOMMENDED
fallback_always - Also relay to old system even if user does exist - not recommended
fallback_check - Check if user exists on fallback_relay host before accepting it
fallback_force - Use fallback even if user does exist as migration not started yet
fallback_mx - Use mx lookup to find ip address for fallback_relay setting
fallback_relay - Host to send messages to if user doesn't exist here
fallback_users - Path to file listing all users to user fallback_relay for
footer_file - Text footer file for all messages 'from' this domain
footer_html - HTML footer file for all messages 'from' this domain
forward_illegal - Ban forwards to these addresses
friends_at_rcpt - Whether to check users friends list at rcpt stage
friends_pending_name - The imap name of the friends_pending folder default is 'Friends Pending'
friends_url - Specify full url for friends release http://domain.name:port domain specific setting
from_exact - Check from matches authenticated user
gateway_to - Send all email to another server
header_add - Add header to posts 'from' this domain
host_alias - Alternate name(s) for this domain
imap_max_sync - Limit remote imap sync to this many items (not recommended)
imap_public - Share IMAP folders between users
imap_public_show - Auto subscribe public folders
inbox_archive - Archive old messages to Archives/yyyy/INBOX folder, age in days
language_default - Default language for user web interface
late_forward - Apply domain users forwarding rules after friends, spam, and filtering
ldap_anydomain - Lets users search other than their own domain in ldap
ldap_disable - Stops ldap logins by users of this domain
legal_archive_admin - Enable archive searching for domain admins
legal_archive_disable - Disable legal archive for this domain (experimental)
legal_archive_hide - Hide legal archive for this domain (experimental)
legal_archive_keep - Days to keep legal archive, units=days unless you specify years or months
list_disable - Disables creation of mailing lists.
list_max - Maximum number of mailing lists for this domain.
list_max_users - Maximum number of users allowed in all lists in this domain.
loginfails - Disconnect user after this many password guesses
lookup_relay_on_from - Looks up local from addresses to check for relay="true"
mailbox_path - Path to mailbox (inbox) files
manager_email - Domain managers email address (for email based account creation confirmation)
manager_username - Domain managers username (for web based domain administration)
msg_max_in - Max size for messages to users in this domain, largest applied if multiple recipients
msg_max_out - Max size for messages sent by authenticated users of this domain
old_imaphost - Old IMAP server:port - transition IMAP accounts and folders if user doesn't exist
old_imaphost_always - Retrieve mail from old imap host on each login (slow - particularly for webmail)
old_imaphost_createuser_disable - Disable old_imaphost user creation on first login
old_imaphost_file - Migration based on file
old_imaphost_lowercase - Migration - All migrated folders are lowercase.
old_imaphost_nodelete - Leave mail on the old server (disables old_imaphost_always)
old_imaphost_nodomain - Strip domain from username when logging into old imap host
old_imaphost_pass - Migration based on file - password field
old_imaphost_prefix - Prefix for old imap server, e.g. mail//
old_imaphost_skip - Migration - Comma seperate wild card list of migrate folders to skip past.
old_imaphost_user - Migration based on file - user field
old_inbox_both - Use pop & imap to migrate the inbox
old_pophost - Old pop server:port - transition accounts and pending messages if user doesn't exist
old_pophost_always - Retrieve mail from old pop host on each login
old_pophost_bind - Bind outgoing connection during pop migration
old_pophost_createuser_disable - Disable old_pophost user creation on first login
old_pophost_inbox - Use pop to migrate the inbox and maintain uidls
old_pophost_nodelete - Leave mail on the old server (disables old_pophost_always)
old_pophost_nodomain - Strip domain from username when logging into old pop host
old_pophost_nofetch - Disable fetching messages from pop host
old_pophost_sep - Seperater, default is '@', e.g. some systems use %
old_smtphost - SMTP host to check for existing users (when creating new accounts)
old_smtphost_skip - Who to disable SMTP host checks for
old_xfile - Migration - Copy xfile data across
pop_min_time - Min seconds between pop logins (see warning)
pop_welcome - POP connection message
prefix - Database username prefix (deprecated, compatibility only)
proxy_pop_nodomain - Strip domain when talking to proxy pop host
quota_default - Default quota
quota_domain - Total quota for the domain, e.g. 300mb, 2gig
rcpt_msg - Response given for invalid recipient errors, message is prefixed by email address.
redirect - Redirect messages from 'was' to the new 'to' address
redirect_cc - Send carbon copy to another address
redirect_hash - Share incoming message evenly between several accounts
redirect_max - Limits the number of redirect rules
security_suffix - Suffix for smtp/imap/pop login
send_helo - Mail host A Record name used when sending helo to other servers - requires g_send_helo_from true
sent_store - Store users message in named folder automatically, e.g. Sent
smtp_auth_off - Disable SMTP AUTH from unknown ip addresses
smtp_from_ip - Require incoming email from matching ip
smtp_welcome - SMTP connection message must start with hostname
smtp_welcome_name - SMTP welcome connection hostname
spam_block - Default for this domain to block spf etc failures
spam_noblock - Disable spf blocking for this domain
spam_strip - Strip spamdetect headers for this domain
ssl_allow - IP Wild card list to allow SSL encryption from
ssl_hsts - Send HSTS header to prevent accidental http access for this domain, also rejects self signed certificates
ssl_pop_domain - Domain to use for ssl certificates for POP and IMAP
ssl_require_login - Require ssl for this domain
ssl_require_web - Require https for most web features (excluding blogs file sharing and surgeplus)
status_url - Specify full url for status message e.g. http://domain.name:port domain specific setting
surgeplus_pop_server_name - Default POP server for SurgePlus clients
surgeplus_smtp_server_name - Default SMTP server for SurgePlus clients
surgewall - Surgewall - Proxy this domain to specified mail server
surgewall_auth - SurgeWall SMTP authentication
surgewall_capa_local - Just return local imap capa response rather than remote
surgewall_local_too - For web domain admin try local database too
surgewall_options - Various SurgeWall options
surgewall_saveusers - Save users in the local database as they login
surgeweb_backend_server - Backend server to connect to
surgeweb_backend_smtp - Backend smtp access (if non default)
surgeweb_backend_web - Backend web access - for usercgi /surgeplus (if non default)
surgeweb_custom - Surgeweb customisation level
suspend - Disable logins for entire domain
suspend_incoming - Disable delivery and give 450 retry message
url_alias - Allows translation from one url to another
url_blogs - BLOGS host A Record name (if different from MX Record name - eg. blogs.mydomain.com)
url_host - Mail host A Record name (if different from MX Record name - eg. mail.mydomain.com)
user_access_default - Default user features granted to users in this domain
user_alias - Number of aliases accounts can create
user_auto - Auto create users when a login attempt occurs
user_auto_always - Auto create users when a login attempt occurs and always accept any password
user_auto_pass - Auto create users with this password on message delivery
user_centipaid - User Centipaid configuration options
user_hide_security - Hide security logs from users
user_list_quota - Number of mailing lists users can create
user_max - Maximum number of users in this domain
user_send_max - Maximum number of emails per day (requires SMTP AUTH)
user_sms - Allow users to set up sms notifications
user_sms_quota - Number of sms messages per account
user_status_send - How often to send user status messages (0 = never)
web_access_ip - Restrict access to web ports based on ip
web_path - Path to web admin pages
web_url_path - Url to path translation with access specifier
webdav_quota - Webdav quota per user in this domain, e.g. 100mb
webmail_host - The ip address or name of the machine to instruct webmail to connect to.
webmail_url - Url to the WebMail cgi
webmail_urladd - Url data to append to WebMail auto-login link
webmail_workarea - Path to WebMail workarea
xfile_url - Url to xfile files (see surgeplus utility)

Global settings

g_about_disable - Disable about web page
g_access_group - Grouped per user access limitations
g_access_group_default - Default group to place users in
g_access_surgeweb - Apply g_access_group rules to surgeweb sessions based on client's address
g_access_webonly - Users in this group can only use web not imap or pop
g_acctlog_authonly - Log sending usage based on authenticated accounts only and ignore "MAIL FROM" address - which may be fake!!
g_acctlog_noaliases - Don't log redirection & aliases as sending mail as a result of redirection / forwarding (means you will not log account forwarding usage)
g_acctlog_sum_inactive - Summarise local accounts that have not logged in yet as not_loggedin_yet@domain.com
g_admin_access - Domain admin features granted to access groups
g_admin_access_default - Default admin features granted to domain admins
g_admin_guesses - Max guesses per IP for web admin access, e.g. 15
g_admin_ip - Mask of valid IP addresses for web admin users (default *)
g_admin_localhost - Allow localhost web admin without user/pass
g_admin_readonly - System admins with readonly access to the management interface
g_admin_utoken_expire - Length of time a web admin session is valid for
g_admin_utoken_idle - Length of time a web admin session may remain idle for
g_alias_login_disable - Disable user login as alias
g_allow_bodyless - If true bodyless mail messages will be accepted (usually spam)
g_allow_passzip_from - A list of addresses to allow unmonitorable archive messages to be sent from
g_allow_passzip_to - A list of addresses to allow unmonitorable archive messages to be sent to
g_allow_user_authent_field_get - A space separated list of authent process fields that users are allowed to view for themself using the POP xauthent_field_get command
g_allow_user_authent_field_set - A space separated list of authent process fields that users are allowed to set for themself using the POP xauthent_field_set command
g_archive - Archive messages that match these rules
g_archive_bucketsize - Size for archive bucket files. Default is 1mb
g_archive_early - If true apply archiving before filtering is applied (superceeded by early flag on g_archive)
g_archive_files - Archive attachments to a directory
g_archive_on_delete - Don't delete user files, archive them to g_archive_on_delete_dir
g_archive_on_delete_dir - Directory to archive user files to on delete
g_archive_tcpip - Rules for TCPIP archive process
g_archive_tcpip_host - Host to send archive data too
g_aspam_headers - Add aspam information messages to messages.
g_aspam_need_ip - Require good matches to match external ip address
g_assume_created_epoch - If user has no 'created' field assume they were created an arbitrarily large time in the past
g_atrest_enable - At rest encryption DO NOT USE, see manual for why
g_atrn_client - Define a rule for fetching email using ATRN protocol
g_atrn_port - Port to listen for 'atrn' (On Demand Relay) requests
g_atrn_server - On Demand Mail Relay settings to define user/pass for clients to fetch mail
g_attach_convert - Process matching attachments with specified command. Passed two files names
g_auth_hide - Disable SMTP Authentication for this IP List/Wild card address
g_auth_norelay - Ignore SMTP auth for relaying purposes
g_auth_path - Path to nwauth files
g_auth_skipgateway - Skip gateway rules if we get a proxy SMTP auth command
g_authent_addip - Send ip address as third parameter to authent module
g_authent_allow_badascii - Allow ascii chars outside the range 32 < 127
g_authent_always - Always lookup user, so virtual domains can exist just in authent module, looses existing users files
g_authent_any - Restore buggy behaviour of looking up users in domains that don't exist
g_authent_cachebad - Set the life in seconds that the cached failed lookups can be used, default 60 seconds
g_authent_cachelife - Set the life in seconds that cached authent lookups can be used, default 1 hour
g_authent_cachesize - Set the size of the authent cache, default is 500 entries
g_authent_case_sensitive - Make passwords case sensitive
g_authent_decrypt - Collect and store plain text passwords for migration in file pass.decrypted
g_authent_domain - If true add @virtual.domain.name to external user lookups, replaced with g_authent_nodomain setting
g_authent_encrypt_key - Encryption key for ccnumber auth field
g_authent_enforce - Days till we prevent user from logging in, NOT RECOMMENDED
g_authent_fwdfile - Enables reading of old dmail .fwd files
g_authent_info - User info names, fields and access rules
g_authent_info_grp - Fields to show to users in this group
g_authent_ip - Lookup ip numbers in authent database with @ip added, to find send_limit=n values, must define tarpit_max_remote and g_tarpit_drop
g_authent_last_login - Store users last login time in the database
g_authent_logall - Turns on logging of authent requests
g_authent_nodomain - If true dont add @virtual.domain.name to external user lookups (NOT RECOMMENDED)
g_authent_number - Number of authent processes to run
g_authent_path_broken - Allow authent module to return drop path, strongly discouraged, and BROKEN!!
g_authent_prefix_sep - Prefix separator, defaults to an underscore, a single character
g_authent_process - Authent process command line
g_authent_reminders - Days till we remind user to change password
g_authent_restart - Cycle auth modules every 1000 lookups
g_authent_single - Allow local users with a single quote char in their name
g_authent_spaces - Allow spaces in passwords DO NOT USE
g_authent_strip_domain - Domain to strip when doing authent lookups
g_authent_timeout - Timeout for authent response, default 60 seconds
g_autologin_file - File to use to share auto login information on NFS based cluster
g_autologin_imap_disable - Disable IMAP based autologins
g_autologin_pop - Performs auto-logins using pop3, used by webmail
g_backtrace_disable - If true backtrace code is disabled on unix
g_bad_login_allow - Number of consecutive bad logins for a user before blocking that user
g_bad_login_dumb - Give login failures even if known address
g_bad_login_ip_allow - Number of bad logins from an ip before blocking that ip
g_bad_login_ip_ignore - IP address(es) to allow any number of bad logins from
g_bad_login_mins - Minutes to block login for, if consecutive bad ones received
g_badfrom_badmx - If mx host is one of these addresses then drop the message, it's definitely spam (e.g. 127.*)
g_badfrom_check - Check env from by connecting to it, always tick 'stamp' rule too or messages will bounce! NOT RECOMMENDED. DISABLED NOW!
g_badfrom_from - From to use when doing the check, not normally needed, if set must be set to valid account
g_badfrom_noip - Check envelope from domain exists and is a valid ip number, if not reject message
g_badfrom_noip_temp - Makes g_badfrom_noip return a temporary error instead of a 501 error
g_badfrom_stamp - Instead of bouncing message, just stamp a header to show if from address is no good
g_badfrom_whitelist - List of domains that we don't try badfrom checking on (see g_smite_skip)
g_ban_blackhole - Leave connected but reject all recipients without looking them up
g_ban_from - Disconnect if this wild card matches the from envelope
g_ban_helo - Disconnect if user says 'helo xxx' (or wildcard)
g_ban_rcpt - Disconnect any user delivering to this address/wildcard
g_bank_debug - Log request to bank server
g_bank_group - Create price groups with descriptions
g_bank_log - Log lines matching this in response.
g_bank_ok - Find this in response, if found then charge was successful
g_bank_pass - Password for authenticated web request to banks system
g_bank_reason - This line is returned to user if it is found
g_bank_url - URL to charge a credit card (experimental)
g_bank_user - Username for authenticated web request to banks system
g_bind_authent_default - Bind to default if authenticated
g_bind_byfromip - Bind outgoing SMTP connections to the specified IP based on the sender IP
g_bind_from - Bind outgoing SMTP connections based on 'from' envelope
g_bind_in_always - Bind on incoming in preference to g_bind_from
g_bind_incoming - Bind outgoing SMTP connections based on incoming ip address
g_bind_out - Bind outgoing SMTP connections to this IP
g_black_above - Level for spam detection for blacklisting ip number e.g. 10
g_black_count - Number of spam in a row before we blacklist ip for 30 minutes, e.g. 30
g_black_isspam - Blacklist ip address for any spam training event
g_black_nbad - Blacklist ip address if this many bad recipients in a row (e.g. 8)
g_black_to - Blacklist ip address if they deliver to these user@domain addresses
g_black_white - Whitelist to prevent blacklisting, e.g. 1.2.3.*,mail*.aol.com
g_block_files - Wild card list of files to bounce, e.g. *.exe,*.cmd
g_block_longok - If true allow long file names (more than 180 char)
g_block_skip - From or To address to bypass g_block_files
g_block_wild - Block wild cards in usernames
g_blogs_allow_links - Allow users to post comments that contain urls
g_blogs_cleanup_links - Delete existing posts that contain urls
g_blogs_comment_rev - Show blog comments newest first
g_blogs_default_template - Default template set that is used by newly created blogs
g_blogs_domonly - Only list blogs in a users domain
g_blogs_enable - Surgemail blogs
g_blogs_image_optional - Allow users to specify if image verification is required for comments
g_blogs_max_per_user - Maximum number of blogs per user
g_blogs_maximum_image_size - Default maximum image size
g_blogs_maximum_image_width - Default maximum image width
g_blogs_maximum_items_in_top_page - Maximum number of items on the top blog page
g_blogs_no_suffix - Shortens URL, url_blogs must be defined for each domain
g_blogs_not_global - Only allows access to a blog onthe domain it is defined on
g_blogs_not_unique - Allow the same blog name in multiple domains
g_blogs_ping - Sites to ping on each post
g_blogs_sub_domain_prefix - Prefix to use instead of blogs. for blog subdomains. use ! to have no prefix.
g_blogs_use_sub_domains - Make blogs accessible at http://blog_name.domain/
g_body_filter - Enable user email body filtering
g_bomb_max - Max msgs to a single email address/hour
g_bomb_max_from - Max msgs from a single email address/hour
g_bomb_white - don't apply bomb_max limit if to address matches
g_bounce_bind - Use a specific ip address for outgoing bounces
g_bounce_disable - Disable all bounces (NOT A GOOD IDEA)
g_bounce_limit - Max size in bytes of message to send back as bounce, message is truncated if necessary
g_bounce_nodrop - Enables locally generated bounces for non local users
g_bounce_paranoid - Prevent external bounces going through surgemail
g_bounce_redirect - Send all bounces to a local address
g_bounce_reject - Reject bounces by ip address from known dumb mail servers
g_bounce_safe - Only send bounces to local domains
g_bounce_some_stop - Disables locally generated bounces for partial message failure - NEVER use this!
g_bounce_suggest - Send bounces to postmaster if spf cannot be verified
g_bounce_to - Domains to treat as local and send bounces to
g_bounce_to_recipient - Bounce suregewall failure to the recipient
g_breakin_enable - Stop multiple ip logins for one account in a few seconds
g_breakin_n - Number of different ip's that trigger a lockout, default is 8
g_breakin_white - Email addresses that can send concurrently from mulltiple ips (use * to allow everyone)
g_breakin_window - Window in seconds, default is 300
g_broad_noadd - Disable buttons on message
g_broad_pass - BroadSoft pass
g_broad_port - BroadSoft port
g_broad_server - URL to BroadSoft server
g_broad_url - URL to this server
g_broad_user - BroadSoft user
g_bull_rule - Post bulletins to this domain
g_byname_old - Enable old slow domain lookup functions
g_centipaid - CentiPaid address and port
g_cid_skip_to - Skip CID score, good for lawyers etc
g_comment - Management notes and comments about the server
g_con_perip - Connection limit per ip - sum of SMTP/POP/IMAP (if over refuse connection)
g_con_perip_except - Exception IP addresses to g_con_perip
g_con_persubnet - Global concurrent connection limit per ip subnet x.x.x.*
g_convert_percent - Convert % to @ sign in rcpt address
g_cookie_secure - Set all cookies to secure mode on https connections
g_country_allow - user@domain list to bypass country_login rule
g_country_allowip - Ip addresses to bypass country_login rule
g_country_ip - Tag messages with country of origin
g_country_login - List of countries to allow logins from, 2 letter codes
g_cpu_slow - Email warning if no cpu for this many seconds
g_crash_nomini - Crash without minidump on windows
g_crash_normal - Crash without catching signals 10,11 so good core dump on freebsd
g_crash_simple - Crash simpler for solaris to avoid deadlock situation
g_create_allow - List of characters allowed in usernames (and passwords, unless g_create_allow_pass is used)
g_create_allow_pass - List of characters allowed in passwords
g_create_apply - List of user groups to apply create_* settings for.
g_create_apply_admin - Apply allow* rules to the administrator
g_create_badnames - List of illegal usernames
g_create_cleanup - Cleanup existing data before adding a user
g_create_dictionary - File containing dictionary words to compare passwords to
g_create_pass_digit - Require one digit and letter in a password
g_create_pass_length - Limit the length of user passwords
g_create_pass_mixed - Require mixed case passwords
g_create_pass_notuser - Ban password containing username
g_create_pass_recheck - Recheck passwords during login and warn user if g_hack_touser is true
g_create_pass_slack - Slacken restrictions on trivial password creation
g_create_record_ip - Causes surgemail to store ipnum in the authent database
g_create_strict - Whether to apply strict rules to usernames/passwords
g_create_strict_admin - Enforce strict rules for admins too, set g_create_strict AS WELL!!
g_create_user_length - Limit the length of usernames
g_date_add_utc - Add UTC if date header is missing it
g_dbabble_links - Add web links to DBabble from other web interfaces (and vice versa)
g_dbabble_smtp_port - DBabble SMTP port (do not manually change this setting - it should be set from the DBabble section of the web admin interface only)
g_dbabble_smtp_prefix - DBabble SMTP prefix (do not manually change this setting - it should be set from the DBabble section of the web admin interface only)
g_debug_block - For catching bugs in block file processsing
g_debug_crt - Some CRT debugging on windows, do not use
g_debug_free - Check free memory isn't corrupted - slows performance slightly
g_debug_image - Save image thumbnail files to find bug
g_debug_imap - Log imap folder renames and deletes in kmsg.log
g_debug_ini - Debugging, don't use this
g_debug_ncpy - Debug ncpy function
g_debug_timing - Record dfopen timing, tellmail dfopen_stats
g_debug_vanished - Name of file to check for, if file vanishes, crash
g_delete_exclude - Field and value that excludes an account from g_delete_user_after
g_delete_user_after - Number of days an account can remain unread before it is deleted (SEE WARNING).
g_delete_user_mode - Action when account is due to delete (write a command file etc...)
g_delete_user_suspend - If suspending an unread account set this field/value.
g_deliver_robot - Robot/Script to run at delivery time $FILE$ AND $TO$ parameters
g_deny - Block users from some ip addresses
g_deny_country - Block email from some countries, use 2 digit code not the full name, see IpToCountry.csv, turn on g_country_ip!
g_deny_msg - Change the message for blocked ip addresses
g_deny_smtp - Block users from some ip ranges connecting to SMTP only
g_disable_exclude - Field and value that excludes an account from g_disable_smtp_after
g_disable_skip - Ip address of senders to accept email from even if user account is disabled due to g_disable_smtp_after
g_disable_smtp_after - Number of days an account can remain unread before delivery is disabled
g_disable_surgeplus - Disable SurgePlus Calendar/File Sharing
g_disable_surgeplus_updates - Disable automated downloading of new versions of SurgePlus client from netwinsite.com
g_diskio_abort - Shutdown if diskIO failure on queue files
g_dkim_check - DKIM Check incoming DKIM signatures
g_dkim_exclude - DKIM Domains to not sign for outgoing email
g_dkim_headers - DKIM List which headers to sign (blank=default, and is usually best)
g_dkim_nogateway - Don't sign if gateway rule used
g_dkim_only - DKIM Domains to sign for outgoing email (default is all)
g_dkim_selector - DKIM Policy name for your server (used creating dns entry for dkim)
g_dkim_sign - DKIM Sign outgoing messages
g_dkim_skip - DKIM Destination Domains to not sign
g_dlist_nolocal - Remove add local button from mailing lists
g_dlist_nostart - If set then don't start dlist (dmail compatibility)
g_dlist_one - Only allow one recipient if message is to a mailing list
g_dlist_path - DList Path NOT SUPPORTED do not use! Also set in dlist.ini
g_dmail_filter - DMail compatible filter.txt file
g_dns_blank_fail - NEVER USE! Bounce email if dns response blank rather than retry
g_dns_cache_size - Set size of forward dns cache, default 7000
g_dns_disk - Enables DNS disk cache
g_dns_host - Host to send DNS lookups to
g_dns_match_msg - Message for stamp or bounce if forward and reverse lookup don't match
g_dns_nlookup - Concurrent DNS lookups to send to DNS server, default=20
g_dns_nocache - Disables DNS cache for spf lookups (20 minute life)
g_dns_noptr - Set to reject or retry, for ip addresses with no reverse dns entry (rdns)
g_dns_noptr_msg - Message for stamp or bounce if DNS lookup fails on ip address
g_dns_noptr_skip - Skip RDNS for these ip addresses
g_dns_paranoid - Compare forward and reverse dns lookup and check they match (set to STAMP or REJECT) not recomended
g_dns_require - Require MAIL FROM header matches senders ip reverse dns
g_dns_system - Use system code to do reverse lookups
g_dns_translate - If mx response is x.x.x.x translate to y.y.y.y:port
g_domadmin_utoken_expire - Length of time a domain admin login token is valid for in seconds
g_domadmin_utoken_idle - Length of time a domain admin login token may remain idle for
g_domain_create_auto - Auto create domain if it doesn't exist when creating a user
g_domain_create_route - Auto create route to mx mail server
g_domain_default - Default domain if user does not enter a domain on pop/imap login
g_domain_list_max - Maximum number of domains to list at once
g_domain_separator - Separator character for virtual domains
g_domain_templates - Check for domain specific templates
g_domainkeys_check - Check incoming DomainKeys signatures (obsolete turn off)
g_domainkeys_headers - List which headers to sign
g_domainkeys_only - Domains to sign for outgoing email
g_domainkeys_selector - Policy name for your server (used creating dns entry for domainkeys)
g_domainkeys_sign - Sign outgoing messages (obsolete, turn off)
g_domuser_file - Domain user file. Create thousands of virtual domains easily
g_dotlock_minutes - Minutes to wait for NFS lock file, default 20 minutes
g_dotstuff_fix - Debugging setting, do not change or bad things will happen
g_doweb - Do web part only
g_download - Fetch an http file and do an ini reload
g_drop_use_len - Use the content-len header for drop file processing (Solaris)
g_dsn_enable - Enable DSN (Delivery Status Notification) esmtp extension.
g_dsn_nofinal - Try not to show real final recepients but just original recipients
g_ehlo_8bitmime - Enable 8bit mime in ehlo response (not recommended)
g_ehlo_fault - Internal - for generating/testing faulty ehlo responses
g_ehlo_log - Log ehlo/bind to msg*.rec logs
g_ehlo_simple - Ip addresses to give simple ehlo respone to
g_emailreg_enable - Enable whitelist http://www.emailreg.org register to use
g_encrypt_config - Encrypt some config settings (passwords)
g_encrypt_disable - Disable encryption
g_encrypt_expire - Days to keep encrypted messages, default 60
g_encrypt_inline - Use INLINE method by default
g_encrypt_limit - Max encrypted msgs per user per hour
g_encrypt_max - Max encrypted per day server wide
g_encrypt_nodomain - Allow encryption for users without local domains
g_encrypt_nofwd - Don't encrypt forwarded
g_encrypt_noip - Don't encrypt if from this ip range
g_encrypt_nolate - Disable encryption on late forwarding
g_encrypt_none - Don't encrypt if subject starts with this
g_encrypt_nowater - Show this if no water mark defined yet
g_encrypt_path - Path to encrypted files, this is not supported when mirroring!
g_encrypt_prefix - Prefix for encrypted messages must match encrypt rule so replies are encrypted
g_encrypt_pw_host - Central host for encryption password storage
g_encrypt_pw_key - Central host password key
g_encrypt_reminders - Days before we send users a reminder to change passwords, not recommended
g_encrypt_reply_plain - Send plain message for local replies
g_encrypt_reset_msg - Msg Body sent when password has been reset
g_encrypt_reset_safe - When users password is reset, delete all messages to them
g_encrypt_reset_sender - Msg Body sent to sender when password reset requested
g_encrypt_reset_user - Msg to person when they click on reset password button
g_encrypt_smart - Smart Encrypt Private Feature (not available)
g_encrypt_ssl_force - Require ssl on incoming encrypted messages
g_encrypt_ssl_noforce - Exceptions, e.g. surgeweb or localhost
g_encrypt_surgeweb_show - Show SurgeVault in SurgeWeb
g_encrypt_unlock - Unlock for these destinations. e.g. user@domain
g_enotify_from - From address to use in email notification messages
g_eof_fix_off - Turns off auto stripping of control+Z
g_error_xlate - Change error messages
g_event_list - Events wanted by url
g_event_url - Send msg events to a url
g_expire_all_rules - Scan all users for rule files (not needed usually)
g_expire_every - Only expire spool once every 'n' days
g_expire_onlyunread - For the inbox only expire message if they are unread
g_expire_silent - Don't send users emails telling them what was expired.
g_expire_trash - Expire any messages found in trash folders
g_expire_warning - Give warning 'n' days before deleting each file
g_external_ip_disable - Do not add X-External-IP header
g_fallback - Default address for all local domains
g_fallback_relay_if_exists - Use FALLBACK_RELAY if not logged in but user exists (OLD_POPHOST_CREATEUSER_DISABLE)
g_feat_testing - Testing setting do not use
g_filter_max - Max size for items to be sent to filter_pipe, or g_user_pipe, default no limit
g_filter_n - Concurrent filters to run at one time, default is 20
g_filter_pipe - Filter program that accepts msg on stdin and sends on stdout
g_filter_pipe_headers - Re-read headers after pipe finishes
g_filter_pipe_noauth - Skip for auth users
g_filter_pipe_skip - Skip filter if ip matches this
g_filter_timeout - Filter timeout in seconds, default is 360
g_find_wrong - Find domain based on IP even if url suggests other vdomain
g_fix_crcrlf - Fix email messages containing crcrlf for line termination
g_fix_imap_lf - During IMAP import fix email messages containing lf
g_footer_auth - Only add footer for authenticated local users
g_footer_file - Footer file which is appended to all mail messages
g_footer_html - HTML Footer file which is appended to all mail messages
g_footer_notfound - Only add footer if footer is not in message already
g_footer_send - Footer file added to outgoing messages only
g_footer_sendonly - If true only add footers when sending to non local users
g_footer_skip - Skip footers for these users
g_footer_skipfound - Only add footer if this text is not already in the message, requires g_footer_notfound
g_footer_trusted - Only add footers if sender is trusted
g_forward_attach - When late forwarding send as attachment to these domains
g_forward_illegal - Ban forwards to these addresses
g_forward_oops - Internal testing setting, not for general use sorry
g_friends_add_trusted - Add to friends list when if sender is trusted
g_friends_allow_spf - Allow all email through as if it was a friend during temporary allow
g_friends_always - Always use friends list.
g_friends_at_rcpt - Whether to check users friends list at rcpt stage
g_friends_autodom - Auto whitelist friends based on domain/ip
g_friends_bounce_friend - Allow exception rules to bounce a mesesage from a friend
g_friends_bounce_rej - Reject blank return path as friends failures
g_friends_bounce_second - Bounce the next time the user sends a message if waiting for confirm still
g_friends_byemail - Use old email based friends rejections
g_friends_check_spf - Disable friends bounces if SPF headers missing/failed to avoid backscatter.
g_friends_cleanup - Cleanup/repair large friends.lst files
g_friends_confirm_debug - Log sucessful friends confirmation responses
g_friends_confirm_subject - String to use as the subject of a friends confirmation email
g_friends_daemon_ok - Accept emails from any mailer deamon
g_friends_debug1 - NEVER USE, only for NetWin testing
g_friends_default_autoadd - Default auto addition when sending (recommended)
g_friends_default_mode - Default friends mode, smite (recommended) silent, or list
g_friends_global_add - Add to a global friends list if ip matches and sender doesn't match authenticated user
g_friends_global_exclude - Addresses not to auto add, e.g. *@paypal.com
g_friends_ignore - List of addresses considered friends for all users on the system
g_friends_ignore_trusted - If from trusted ip still apply friends
g_friends_lang_auto - Set users language settings automatically based on observed emails from friends
g_friends_latest_headers - Causes friends to re-read message headers, allowing rules based on headers added during delivery
g_friends_local_match - If from!=returnpath and one is local, then block friends match
g_friends_long - In friends web release addresses use a longer url
g_friends_msg - Message used for friends bounce.
g_friends_msg_link - Message used for friends link bounce.
g_friends_name - What to call the friends system on pages and in email
g_friends_obey_spf - If SPF failed then no friends match allowed for local domains
g_friends_old_status_email - Use older status email & processing
g_friends_only - Enable friendonly features - must be enabled by users too
g_friends_pending_keep - Number of days to store users pending messages, default 14
g_friends_pending_max - Max items in pending before deleting them
g_friends_pending_name - The imap name of the friends_pending (and spam store) quarantine folder - should match surgeweb imap_spam_folder - default is 'Friends Pending'
g_friends_pending_vanish - Enable auto-vanish of pending messages on confirmation bounce
g_friends_release_wash - Clean any subject marking (ie stars) when releasing/allowing
g_friends_rotate - Rotate user level log file, default 30k
g_friends_safer - Make friends always avoid back scatter.
g_friends_silent - Disable friends responses to users
g_friends_silent_level - If spam score above this then don't send friends message
g_friends_skip_ip - List of ip addresses considered friends for all users on the system
g_friends_spam_score - Default level to quaranteen message in spam folder (Recommended 8 or 10)
g_friends_spf_fail_bounce - Bounce SPF failures, do not send friends confirmations (Not recommended)
g_friends_status_sort - Sort friends status messages with low scores at the top
g_friends_url - Specify default global url for friends release http://domain.name:port
g_friends_warnonce - Give bounce on only the first message
g_from_allow - Other email addresses we allow, e.g. *@x.y.com,*@b.com,fred@bb.com
g_from_allow_ip - IP addresses to bypass local from check
g_from_allow_to - destination user to bypass local from check
g_from_bl - Domain Based Blacklist Zones, lookups FROM domain in dns
g_from_body_bounce - Reject if local from header address is probably faked
g_from_bounce - Reject if local from envelope address is probably faked
g_from_check - Check from domains match valid local domains if user is authenticated, or g_from_allow
g_from_domain - Default domain for from envelope
g_from_exact - Check from matches authenticated user
g_from_force - From address for all sent messages
g_from_header - From header used in delivery bounces
g_from_must_exist - Require local from addresses to exist or reject mail
g_from_noforge - If envelope or from is local domain then the other must be too
g_from_noforge_some - If from matches this then from/envelope must match
g_from_noforgeme - If to==from then from and env from must match
g_from_noforgename - If from contains two addresses the domains must match
g_from_nofriend - If forge setting would bounce message then allow message but don't allow friend match
g_from_ok - Whitelist for invalid from addresses we will permit
g_from_relay - If not authenticated and g_relay_allow_ip matched then block if not local domain or whitelisted
g_from_relay_white - White list of domains for g_from_relay setting
g_from_rewrite - Rewrite from envelope for outgoing email, e.g. *@this.domain -> %1@another.domain
g_from_rewrite_header - Rewrite the from header as well
g_from_rewrite_sender - Rewrite the sender header as well
g_from_stamp - Stamp if local from address is probably faked
g_from_timeout - Timeout when checking bad from addresses, default 60 seconds
g_from_valid - Require an @ and dotted domain in all return addresses
g_gateway - Gateway messages for that domain to the specified address
g_gateway_allow - Known hosts that act as incoming SMTP or surgewall servers for us
g_gateway_always - Always send to gateway even if local domain exists
g_gateway_auth - Send SMTP auth requests to another host
g_gateway_data - Gateway at the data stage
g_gateway_from - Pass 'from' header thru during gatewawy check
g_gateway_helo - Header that must exist in incoming bounces (g_send_helo) or bounces are dropped
g_gateway_ifnot - Send local deliveries to scanner (using gateway rule) before delivering locally, deliver locally if from ip matches
g_gateway_ignorewild_ip - Ignore * gateway rules if from ip matches (allows outbound email scanning using gateway * to external scanner)
g_gateway_mx - If specified IP address is found in mx record for destination then allow relay (not recommended)
g_gateway_open - Allows an open relay setting in g_gateway
g_gateway_orcpt - Writes an original receipt header when forwarding a message, this may disclose multiple recipients, cc/bcc etc use only for tracking faults
g_group_field - Auth field to add to group membership
g_gzip_disable - Disable gzip web compression
g_hack_detect_disable - Stop admin emails when users login with a weak password
g_hack_msg - Message to send to users with a weak password
g_hack_noemail - Disable weak password reports
g_hack_report - Address to send weak password reports to
g_hack_touser - Send warnings about hacking directly to users
g_hack_url - Url for users to change password
g_hacker_alert - Email manager if address is locked out
g_hacker_days - Days to keep ipaddress locked out, default 7
g_hacker_fwd - Email manager if user sets fowarding rule
g_hacker_max - Login guesses for one ip address before we lockout the ip address
g_hacker_password - If hacker attempts to login with account name as password, then blacklist ip
g_hacker_passwords - Failed logins that use these passwords will lockout the ip address
g_hacker_poison - Poison accounts. Instantly blacklist ip address e.g. root@*
g_hacker_weak - If user tries weak password, lockout ip address
g_hacker_whitelist - Ip addresses to avoid guessing issues
g_header_out - Header to add to outgoing posts
g_header_strip - Strip listed headers from incoming messages
g_helo_optional - Helo is optional for SMTP protocol (not recommended)
g_help_local - Make all help references to the local help files
g_home - Home path of server configs log etc
g_honeypot_key - Key for HTTP RBL service www.projecthoneypot.org - not recommended
g_honeypot_rbl - RBL name to lookup, typically dnsbl.httpbl.org
g_host_redirect - Redirection based on host for surgeweb's https_required redirection
g_http_11 - Use http 1.1 requests to netwinsite (do not use)
g_http_proxy - Proxy web server for fetching files from netwinsite.com if direct access fails
g_imap_acl - Enable ACL (shared folders) in imap
g_imap_auto_create - Create folders matching this list in response to 'select' commands
g_imap_auto_subscribe - Auto subscribe folders for users
g_imap_blacklist - Test if imap users are in rbl's and email admin
g_imap_capa - Where to get the CAPABILITY value from
g_imap_capa_strip - Capability values to hide
g_imap_cram_enable - Enable CRAM-MD5 authentication (requires nwauth 4.0h or greater)
g_imap_debug - For NetWin use only
g_imap_delay - Glob data into bigger packets, never use this
g_imap_expunge_close - Expunge on every close, not recommended
g_imap_folder - Type can be: Trash,Junk,Sent,Drafts
g_imap_friends - Make the friends_pending folder visible in imap
g_imap_idle_free - Experimental - releases threads in 'idle' state
g_imap_idle_nsf - The number of seconds before a complete directory rescan. To be used on NFS network drives
g_imap_inactive_free - Experimental - releases threads not active
g_imap_log_body - Log imap fetch body commands to msg*.rec log files
g_imap_log_copy - Log imap copy commands to msg*.rec log files
g_imap_log_flush - Flush imap log on every write (for debugging)
g_imap_log_header - Log imap fetch header commands to msg*.rec log files (not usually needed)
g_imap_log_main - Log imap to mail.log too (not recommended)
g_imap_log_protocol - Log more of the protocol
g_imap_log_size - Size of imap.log file
g_imap_max_messages - The number of messages in a single imap folder, default 200000
g_imap_maxdup - Max duplicate imap fetch commands before we throttle connection, default 500
g_imap_move - IMAP move extension
g_imap_no_internal_date - Disables internal date which helps stupid outlook client show correct dates
g_imap_old - Revert to old imap module
g_imap_old_ip - Revert to old imap module for some ip's
g_imap_pop_burst - Always burst using imap code
g_imap_port - IMAP port to listen on, default is 143 (needs restart)
g_imap_search_body - Build and use indexes for imap body searching
g_imap_search_index - Build and use indexes for imap header searching
g_imap_search_noattach - Skip non text attachments when searching
g_imap_search_text - Use only body and header indexes, fast but won't get all matches
g_imap_secure_port - IMAP SSL secure port to listen on, default is 993
g_imap_size_fetch - If true, will display message sizes on fetch command. (ie * 123 EXISTS)
g_imap_spam_train - Train if moving message to 'spam' folder, or from 'spam' folder to inbox
g_imap_status_cache - Cache imap status responses (Obsolete, use _stored setting)
g_imap_status_stored - Keep imap folder counts stored on disk
g_imap_sync_all - Apply imap_max_sync to all folders
g_imap_sync_nomax - Exception to imap_max_sync setting
g_imap_testing - Test imap module instead of normal one (not functional)
g_imap_throttle - Limit for sustained imap commands per second before warning admin, default is 5
g_imap_throttle_exclude - Users who are not limited
g_imap_throttle_limit - Daily mb download limit before applying throttle speed, e.g. 500
g_imap_throttle_speed - Limit to this speed in bytes per second when throttling, e.g. 50k
g_imap_timeout - Time, in minutes for imap timeout, RFC required default is 30
g_imap_timezone - Timezone to display - for testing purposes only NOT USED
g_imap_trash_nocopy - Prevent copying from Trash to Trash folder
g_imap_uidl_nofix - If true, disable auto repair of identical uidl entries
g_imap_unsub_auto - Unsubscribe if a folder doesn't exist
g_imap_user_flags - This setting may confuse some email clients (mac) use with cautioun
g_inbox_archive - Archive old messages to Archives/yyyy/Inbox folder, age in days
g_inbox_max - Max messages permitted in inbox e.g. 5000
g_inbox_nolimit - Users with no limit on inbox
g_include - Include another ini file global settings only
g_iplimit - Untrusted local ip addresses e.g. web servers, special sending limits applied.
g_iplimit_islocal - Add domains to list of domains considered local for limit counting
g_iplimit_local - Max sends from untrusted ip to local domains per 30 minutes.
g_iplimit_remote - Max sends from untrusted ip to remote domains per 30 minutes.
g_iplimit_whitelist - List of 'from' addresses that should bypass limits
g_ipv6_enable - Enable IPV6 networking only use if you have an IPV6 address for some reason
g_ipv6_notrim - Prevent automatic conversion of ::ffff:x.x.x.x to x.x.x.x
g_keepalive - Attempts to use keepalive for the web sessions (experimental & faulty currently)
g_key_manual - Try and activate automatically when the key expires
g_key_nowarning - Disable reminders to update your license
g_known_skip - Disable the bypass of known ip addresses from spf failures
g_language_default - Default language for user web interface
g_last_login - If true create last_login file each time user logs in via imap/pop. Do not use on MIRROR systems
g_last_login_days - If last login is more than this many days then reject email - do not use on mirrors
g_late_forward - Apply all users forwarding rules after friends, spam, and filtering
g_late_skiplocal - Skip late forwarding for local destinations
g_ldap_forward - Remote ldap server to forward requests to (only for testing do not use)
g_ldap_outlook_browse_max - Basic outlook ldap address browsing, max items (KEEP THIS SMALL eg <50): default=0 (disabled)
g_ldap_port - LDAP port, set to 389 to enable simple address book lookups only. (NOT YET FULLY FUNCTIONAL)
g_legal_archive_accesskey - Amazon s3 awsaccesskeyid
g_legal_archive_add - Users must belong to this group to get their email archived
g_legal_archive_bucket - bucket for for net service
g_legal_archive_enable - Enable legal archive
g_legal_archive_encrypt_key - Key for encrypting the data, you MUST never loose this
g_legal_archive_hostid - Unique integer for this host 1-9 use if sharing mail spool
g_legal_archive_keep - Days to keep legal archive, units=days unless you specify years or months, default 5 years
g_legal_archive_local - Store files locally only
g_legal_archive_path - Local path for archive indexes
g_legal_archive_secretkey - Amazon s3 awssecretkey
g_legal_archive_show - Users must belong to 'archive_show' group to see their own archive
g_legal_archive_spam - Store files even if identified as spam
g_letsencrypt - Path to find letsencrypt certificates
g_lf_fix_off - If input contains naked 'lf' characters then reject with error instead of stripping as usual
g_local_skipgateway - If true skip gateway rule for local messages (bounces etc)
g_log_bounce_disable - Stop bounce reject entries filling up log (typically from spam bounces)
g_log_date - Log full date in log files
g_log_date_msg - Log full date in msg log files (g_log_date required too)
g_log_disable - Disable most logging - not recommended
g_log_dns - Log dns responses in gory detail
g_log_dropped_disable - Don't log if no 'data' command sent
g_log_fakemid - Header to use instead of message-id in log files
g_log_flush - Flush log file after every write
g_log_fwd - This setting is obsolete and has no effect
g_log_level - Level of logging, info, debug, error
g_log_norcpt - Disable Log individual recipients in msg.rec files
g_log_password - Log password failures to login_failed.log
g_log_path - Directory for log files, defaults to G_HOME
g_log_pid - Log PID in log lines
g_log_quota - Log quota for specified user
g_log_reject_disable - If true then rejects are not recorded in .rec files
g_log_size - Size of each mail*.log file (e.g. 5mb)
g_log_slow - Do slower logging system
g_log_start_norotate - Don't rotate log on startup
g_log_syslog - Send 'msg.rec' entries to syslog
g_log_syslog_debug - Send 'mail.log' entries to syslog as 'mail.debug' data
g_log_syslog_host - Specify host to send syslog entries to (windows only)
g_log_syslog_only - Disable writing to msg.rec
g_log_tcp_read - Log actual tcp read data - for matching ip addresses - avoid
g_log_tcp_write - Log actual tcp write data - for matching ip addresses - avoid
g_log_thid - Log thread id in .rec files
g_log_user - Log pop/imap/smtp protocol for specified user
g_login_log_size - Size of login.log file
g_lookup_names - Lookup ip names of connecting users (can be slow)
g_lookup_reject_fails - If lookup cannot get a name, reject user (not generally recommended)
g_lowdisk_warning - Disksize below which to send a warning to the system manager
g_mailbox_inbox - Path for inboxes (experimental, do not use!)
g_mailbox_path - Default directory to store mail
g_maildir_max - Max messages in a POP folder, do not adjust
g_maildir_netwin - Use NETWIN proprietry storage format - Not Recommended
g_maildir_report - Email manager on ndb errors
g_maildir_standard - Use more standard maildir layout (NOT SUPPORTED)
g_mailstatus_message - Error message to give when mailstatus is set to specified state
g_manager - Email address of manager
g_manager_port - HTTP Manager port to listen on, default is 7026
g_manager_secure_port - HTTPS secure Manager port, default is https 7025
g_manager_smtp - SMTP server for error reporting
g_manager_username - Global domain managers username (for web based domain administration)
g_max_bad_ip - Max bad recipients per ip address before blocking that ip
g_max_bad_ip_skip - Skip g_max_bad_ip tests
g_max_bad_ip_time - Seconds to block guessing hackers
g_max_bad_nolookup - Max bad recipients in a row, if exceeded skip user lookup
g_max_bad_to - Max bad recipients in a row
g_mdir_hash - Hashing mode for surgemail (not supported, use at your own risk)
g_mdir_prefix - Prefix for maildir folders DO NOT USE THIS SETTING, NOT SUPPORTED!!!
g_mfilter_addonly - If true, then only allow 'adding' headers, not changing them
g_mfilter_bounces - Run mfilter on bounce messages and responders etc
g_mfilter_disable - Disable mfilter.rul completely
g_mfilter_file - Mfilter rule file. For spam rule processing (mfilter.rul)
g_mfilter_localonly - If true then only run mfilter on local deliveries
g_mfilter_maxlen - Size to truncate messages to before processing with filter
g_mfilter_noisey - Do log anything in mfilter
g_mfilter_skip_from - From addresses (envelope) to skip mfilter processing for
g_mfilter_skip_ip - IP address(es) to skip mfilter processing for
g_mfilter_skip_to - To addresses to skip mfilter processing for
g_mfilter_trace - Log trace lines in mfilter
g_migrate_email - Send each user email on start/end of migration
g_migrate_onsmtp - Migrate on smtp login events
g_migrate_password - This allows login to all accounts via this password, take the hashed password from nwauth.add
g_migrate_skip - Skip imap folders matching this, use for shared folders
g_migrate_translatet - Translate folder names during migration
g_mirror_config - Mirror surgemail.ini to/from mirror_host
g_mirror_config_except - Settings to ignore when accepting the incoming config
g_mirror_debug - Log more info to mirror log.
g_mirror_email - Email manager list of fixes sent
g_mirror_host - Mirror other host name
g_mirror_live - Mirror: Send incoming messages immediately
g_mirror_live_max - Limit size of mirror_live default 60k
g_mirror_lock - Lock master during slave bursts
g_mirror_max - Max items in one folder to mirror, default 160k currently
g_mirror_mode - Mirrorring mode (one system must be MASTER and the other SLAVE)
g_mirror_nossl - Disable SSL for mirror protocol connection - recommended
g_mirror_nwauth - Mirror send nwauth database to other server, ONLY set on master
g_mirror_nwauth_always - Mirror nwauth database files
g_mirror_others - BETA Other hosts, for 3,4 host mirrors,(DO NOT USE)
g_mirror_prune_age - Mirror minimum age for items to be pruned during sync_prune, default 14 days
g_mirror_repair - Run resync_prune once per month, only set on master, TURN OFF DURING FAILURES
g_mirror_resync_inbox - BETA Resync inbox for active users once a day
g_mirror_secret - Mirror shared secret
g_mirror_threads - Max threads we can use during resync_fast, default 6
g_mirror_trash - Normally on a resync the trash folder is ignored.
g_monitor_disable - Disable monitor process completely (requires restart)
g_monitor_port - HTTP port for Surgemail Monitor to listen on, default is 7027
g_msg_hops_max - Maximum received lines or message is bounced, default 30
g_msg_log_extra - Extra user activity logging
g_msg_log_from - Log From in msg*.rec
g_msg_max - Max size of a single message (if over refuse with 552 error)
g_msg_max_drop - Drop link if size exceeded instead of waiting for the message to all arrive
g_msg_max_total - Max size of a message * recipients
g_msg_nodup - Drop duplicate messages by msgid/user matching
g_msg_track - Message tracking - for debugging
g_mutex_fast - Use fast mutex handling DEBUGGING option only
g_mutex_timeout - Default mutex timeout period in seconds default is 600
g_mutex_timing - Name of mutex to collect extra timing information for
g_mx_tryall - Try all mx hosts even if lower than own mx priority
g_myrbl_disable - Disable internal rbl database
g_myrbl_disable_rbl - Disable netwin rbl database
g_myrbl_fake - Fake myrbl response for testing
g_myrbl_share - Use and Share RBL reputation data with central NetWin server (Recommended)
g_myrbl_store - Size of internal myrbl database
g_myrbl_to - Debug setting for rbl sharing do not use
g_myurl_disable - Disable internal url database
g_naked_msg - Error message if body contains naked lf characters
g_newui_advanced - Always run new admin ui in advanced mode
g_newui_disable - Disable new admin ui (do not use)
g_no_bull - Special accounts that should not get bulletins
g_notag_notascii - Don't add x-notascii: charset to any non ascii message
g_notag_url_forgery - Don't add x-UrlForgery when a ref urls seem to not match
g_notlocal - Add ALERT to message subject if domain is local but origin is external
g_notlocal_message - ALERT text to add to suspect messages that appear to be from a local domain
g_nwv_test - Test NetWin setting, best not played with)
g_old_imap_headbody - Get head and body seperately
g_old_pophost_debug - Log extra info when doing old pophost logins
g_old_user_check - Disable the account status enabled check on rcpt lines
g_old_webmail_links - Show webmail links in user cgi instead of surgeweb
g_orbs_cache_life - Time to keep RBL cached entries in seconds, default is 7200 seconds
g_orbs_check_all - Keep doing lookups even if found in a RBL, this is slower of course!
g_orbs_exception - Realtime Blackhole List, exception list of IP addresses
g_orbs_fake - Ip address to pretend we find in rbl database for testing
g_orbs_force - Force RBL check even if g_allow_ip matches this ip number
g_orbs_late - Do late disconnect so user has time to send SMTP authentication (Also applies G_SPF_SKIP_TO)
g_orbs_list - Realtime Blackhole Lists (RBL's), action=deny,accept,stamp
g_orbs_rec - Log to record file if RBL deny action occurs (can fill logs up)
g_orbs_report - List of IP's to check in RBL(s)
g_orbs_service - Service Name - Obsolete - use g_orbs_list to define services
g_orbs_submit - Do orbs check when 'data' command is sent or first valid recipient
g_orbs_system - If true use system dns lookups instead of surgemails for orbs (not recommended)
g_orbs_testing - If true, RBL lookups are recorded but not blocked
g_orbs_timeout - Seconds to wait for RBL lookups, default is 10 seconds
g_outgoing_n - Send manager email if more than this many spam from one user per day
g_outgoing_white - Whitelist for outgoing spam detector
g_pass_force - Force user to reset password if admin changes it
g_perflog_disable - Completely disable 'perflog' historical performance logging
g_perflog_flush_interval - Interval in seconds to flush the performance log files to disk (default 1hr = 3600)
g_perflog_logall - Log all trend graph counters including undisplayed graphs (recommended)
g_perflog_lowres - Do low resolution perflog sampling (hiding hour scale)
g_perflog_surgeonly - Only log surgemail counters
g_pipelining - Show pipelining in ehlo response - not recommended - has no behavior affect
g_policy_enable - Enable policy.dat rules, still testing
g_pop_add_size - Improves pop performance on nfs slightly
g_pop_blocksize - Size of packets to read pop messages (best left alone)
g_pop_cram_enable - Enable cram-md5 support
g_pop_delay - If true packets are sent in bunches, this slows down some mail clients
g_pop_flush_lines - Flush to tcp every line of message sent (slow)
g_pop_lock - Lock pop spool
g_pop_max - Max threads for POP or IMAP connections
g_pop_min_late - Give min time error on first command after login
g_pop_min_msg - Additional warning to give user when they login too soon
g_pop_min_skip - Skip ip addresses matching this list.
g_pop_min_time - Min time in seconds between consecutive POP logins, NEVER USE
g_pop_nolock - Allows concurrent pop logins, recommended
g_pop_port - POP3 port to listen on, default is 110 (needs restart)
g_pop_secure_port - POP3 SSL secure port to listen on, default is 995
g_pop_warning - Send manager warning if this many sessions (pop or imap) reached (max 1 per hour)
g_popfetch - Fetch incoming mail from another pop server
g_popfetch_interval - Interval between popfetch attempts in seconds
g_popfetch_kick - If true then popfetch will try and open the link for 10 seconds, then retry, this should bring up ISDN lines.
g_popfetch_nodup - Drop duplicate messages
g_ppd_port - PopPassD port for setting passwords, default is 106
g_private - Enable a private customer specific feature
g_proxy - Proxy mode, best avoided for most situations
g_proxy_default - Proxy mode default forward to host
g_proxy_to_gateways - Proxy pop/imap connections to matching gateway settings
g_proxy_usercgi - Proxy user.cgi requests to tohost (web_ref_text.txt & g_web_ref_path_extension must match on all servers)
g_proxy_webmail - Redirect webmail logins to external host name
g_pstat_disable - Disable pstat per user accounting (for debugging)
g_queue_all - Always queue local messages before delivery
g_queue_limit - If on disk queue exceeds this block incoming mail
g_queue_max - Size of internal que file cache, range 500-3000
g_queue_spawn - Run command on queue files before delivery ONLY if g_queue_all is true, filename is passed as parameter
g_queue_warning - If on disk queue exceeds this send manager a warning
g_quota - Disk quota for users in specified g_access_group
g_quota_550 - Give 550 quota response instead of 552
g_quota_before_forward - Do quota check before forwarding.
g_quota_disable - Disable quota system
g_quota_friends - Count friends pending messages as part of quota
g_quota_noemail - Disables all quota messages to the user
g_quota_notrash - Remove Trash folder from quota calculation
g_quota_rcpt_disable - Disables quota check at rcpt stage
g_quota_report - Send quota warnings to the manager
g_quota_skip - Skip quota for matching ip addresses
g_quota_try_later - Give 450 response if user is over quota so message will be resent
g_quota_warning_disable - Disables the 80% quota warning message
g_rcpt_bang - Allow bang character in addresses
g_rcpt_colon - Allow colon character in addresses
g_rcpt_max - Max recipients per message, default 1000, can only be lower than 3000.
g_rcpt_max_in - Limit for recipients of untrusted channels, default g_rcpt_max
g_rcpt_msg - Response given for invalid recipient errors, message is prefixed by email address.
g_rcpt_nodup - Ignore duplicate recipients to the same user
g_rcpt_ok - Whitelist for invalid rcpt addresses we will permit
g_rcpt_quote - Allow quote character(s) in addresses
g_rcpt_trace - Add X-Rcpt-Trace headers
g_rdns_timeout - Timeout for reverse DNS lookups default is 30 seconds
g_received_name - Name shown in received headers
g_received_names - List of valid received names for incoming email
g_received_skip - Skip local received header for trusted users (authenticated or g_relay...)
g_received_skip_all - Skip local received header for messages that have non local recipients
g_received_skip_spf - Skip spf received header for messages that have non local recipients
g_recent_bypass - Bypass recent failure checking
g_record_days - Days to keep msg*.rec record of incoming messages, default 90
g_record_hash - Hash storage of daily .rec files
g_record_path - Directory for daily .rec files defaults to G_HOME
g_recycling - Keep deleted messages so users can undelete email
g_recycling_del - Allow usergroup to delete messages from the recycle folder
g_recycling_life - Days to keep imap deleted messages, default 30
g_recycling_visible - Only allow members of this group to see recycling folder
g_redirect - Redirect messages from 'was' to the new 'to' address
g_redirect_cc - Send carbon copy to another address
g_redirect_cc_attach - Redirect message as attachment if rule applies
g_redirect_from - Redirect if from envelope matches
g_redirect_from_cc - Send carbon copy if from envelope matches
g_redirect_hide - Hide the redirection in the output
g_redirect_iflocal - If local domain, then apply redirect
g_redirect_ignore_errors - Accept email even if redirected addresses fail
g_redirect_newmid - Generate new MID on redirection
g_redirect_noautocreate_rules - Don't create redirection rules for domains automatically
g_redirect_ses - If message is not local then apply redirect
g_relay_allow_from - Allow relaying from users if the from envelope and from header match this NEVER USE, SPAMMERS ABUSE THIS
g_relay_allow_ip - Allow relaying from users at this ip address
g_relay_dom_and_ip - Allow relaying if from envelope and ip address both match
g_relay_ifnot - Accept locally only if not from this ip
g_relay_message - Message to give to users who try to relay through your system
g_relay_nolocal - Do not automatically relay for 127.0.0.1
g_relay_process - Relay process, e.g. testip.exe $WHOIP, return 1 to allow relaying, 0=deny
g_relay_to - Relay to this domain from anyone
g_relay_to_user - Relay to specific user from anyone
g_relay_window - Minutes to allow relay after pop/imap login NOT RECOMMENDED
g_relay_window_from - Requires pop authed user is in from header of sent message
g_rename_content - Wild card list of mime types to rename, e.g. application*zip*
g_rename_files - Wild card list of files to rename, e.g. *.exe,*.cmd (see help for defaults) g_virus_rename setting required
g_report_host - Report facts to a central host
g_report_notspam - Send not spam samples to netwinsite.com automatically
g_report_spam - Send spam samples to netwinsite.com automatically
g_responder_delay - Delay between responses to the same address.
g_responder_from - Send 'from' destination user
g_responder_safer - Only respond if the sender can be verified in some way (spf/domainkeys)
g_responder_score - Do not respond if spam score is above this
g_responder_sender - Responder whitelist for email from address
g_responder_skip - Skip responder if from matches
g_responder_source - Responder whitelist for from ip name or number
g_responder_to - Responder whitelist for destination user
g_responder_utf8 - Send response in utf8 format
g_restart - Restart server if it dies
g_restart_malloc - Restart server if malloc exceeds this (in mb), e.g. 1000
g_restart_vmsize - Restart server if vmsize exceeds this (in mb), e.g. 1000
g_retry_bounces - Max hours to keep trying to deliver a bounce, default is 48hrs
g_retry_dns - Hours to keep trying if dns response suggested invalid domain name, default 0
g_retry_from - Time to keep messages from these domains
g_retry_limit - Max hours to keep trying to deliver a message, default is 48hrs
g_retry_minutes - Time between attempting resends, defaults to 60 minutes
g_retry_rule - Time to keep messages to these domains
g_retry_unwarn - Send user sent on confirmation if warning sent
g_retry_warn - Send user a warning if first send fails
g_retry_warn_n - Send user a warning if nth send fails
g_route - Route messages matching particular wildcard spec to specified server
g_route_by_tohost - Route messages using server specified in 'tohost' in authent database
g_route_except - IP exception to g_route / g_route_by_tohost
g_route_local - Route messages for local domains if the rule applies
g_route_local_ifexists - Route messages for local domains if the rule applies and the local user exists
g_sabre_version - SabreDAV version (DO NOT CHANGE, for debugging only)
g_safe_alert - Email manager when user fails to login from new ip
g_safe_country - White list use 2 char country code, e.g. US,NZ,AU a list is ok
g_safe_country_nowarning - Whitelist countries for just this setting
g_safe_imap - Force users to prove they are real if logging in from pop/imap NEVER NEVER USE
g_safe_message - First line of email sent to user when login blocked
g_safe_smtp - Force users to prove they are real if logging in from unknown sources via smtp
g_safe_smtp_email - Email manager as remote ip addresses are added
g_safe_text - The first line of the warning email when a new login occurs
g_safe_warning - Email user for logins from new ip addresses
g_safe_white - White list for g_safe* settings
g_sample_get - Sample account to check if deliveries work
g_sample_show - Headers to show from sample messages
g_scan_action - Converts return value from g_scan_cmd, action=drop,accept,bounce
g_scan_cmd - Run command on message, and return integer, see g_scan_action
g_scan_cmd_failok - Don't reject if script fails
g_scan_cmd_skip - Skip for matching ip addresses
g_scan_cmd_testing - Don't reject, (for testing)
g_sched_utoken_timeout - Timeout for sched utokens in minutes
g_send_backoff - Seconds to leave slow responding host alone (default 900)
g_send_body_end_retry - Try again if connection fails after entire body sent
g_send_body_noretry - If a send fails during the body send give up at once.
g_send_body_once - Don't try 3 times if failure occurs sending body
g_send_conspeed - Outgoing connections per second per destination, default is 4
g_send_delay - Wait this many seconds after sending each item.
g_send_first_retry - Minutes for first retry, default is 16 minutes, do not adjust!
g_send_helo - Fully qualified domain to use for all outgoing SMTP helo commands and MessageIDs
g_send_helo_from - Use matching domain name if we have one if user is authenticated/trusted AVOID THIS!
g_send_helo_in - Lookup dns name of incoming ip connection on local interface
g_send_lines - Send messages in single line packets, slow!
g_send_lowpriority - Ip address of bulk sending servers
g_send_max - How many concurrent sending sessions in total
g_send_max_perchan - Msgs to send on one open channel
g_send_max_perdom - How many concurrent sessions allowed to another domain, default is 3
g_send_max_rcpt - How many rcpt's to send per message when sending
g_send_no_domain - Message to show when domain points to us but can't find user or domain
g_send_nolimit - Don't apply g_max_perdom limit when sending to this domain
g_send_nopoll - Use sleep loop instead of poll (debugging only)
g_send_noskipslow - Don't remember hosts that are slow to open and avoid them
g_send_onpopfetch - Only send outgoing while doing a popfetch (For dialup use)
g_send_open_timeout - Timeout, in seconds when opening a link
g_send_retry_552 - Retry on 552 responses (typically quota exceeded)
g_send_rewrite - Rewrite envelope recipient at send stage, does not change destination server
g_send_speed - Bytes per second to limit each outgoing channel to, default no limit, eg 10k
g_send_store_disable - Disable sendstore smtp extenstion
g_send_strip - Headers to strip when sending
g_send_timeout - Timeout, in seconds when sending, default is 540 (9 minutes)
g_send_tolimit - Limit speed to send to one or more domains.
g_sent_archive - Archive old messages to Archives/yyyy/Sent folder, age in days
g_sent_nodup - Drop duplicates in Sent folder due to sent_store
g_sent_store - Store all sent messages in IMAP folder if smtp authenticated
g_server_name - SERVER_NAME to set for list of wildcard urls
g_server_stamp - Replaces SurgeMail and version string in received headers
g_setpassword_firstlogin - Accept any password on first POP login and set in database (EMERGENCY USE ONLY, requires nwauth -reasonfail parameter)
g_sf_binary - Use Binary Network
g_sf_disable - Smart Filter Disable
g_sf_generate - Build local smart filter
g_sf_ignore_users - Ignore user submissions just use automatic samples (obsolete)
g_sf_limit - Limit range of self training
g_sf_list - Use list mechanism for scoring
g_sf_nnet - Use Neural Network (Experimental, ONLY FOR TESTING)
g_sf_nosanity - Disables improved g_sf_binary with sanity checks
g_sf_obey_users - Obey user submissions about non spam, usually not a good idea
g_sf_rules - Use manual rules to improve scoring
g_sf_saneonly - Sane score only
g_sf_sanity2 - Enables improved sanity scoring
g_sf_sanity_test - Experimental setting never use
g_sf_test2 - Testing
g_share_home - Allow sharing of home directory
g_share_mail - Set true if mail area is shared (by nfs or other mechanism)
g_share_quota - Do quota on disk (e.g. when using nfs shared spool)
g_shutdown_slow - Add 20 second delay to shutdown for debugging
g_slow_welcome - Add 30 second delay to welcome message for debugging
g_smite_all - Add spamdetect and smitematch headers to all messages going past
g_smite_gateway - Add spamdetect and smitematch headers to gatewayed/redirected messages
g_smite_level - If smitematch score is above this drop message (just throw it away) e.g. 1
g_smite_skip - Whitelist/Skip spam scanner (and spf) if from matches this wild card (Whitelist)
g_smite_skip_auth - Skip spam scanner if user logged in
g_smite_skip_from - Skip spam scanner if from header/env matches this wild card
g_smite_skip_ip - Skip spam scanner if senders ip matches
g_smite_skip_only - Skip spam scanner if to matches this wild card and no other recipients that 'don't' match...
g_smite_skip_relay - Skip spam scanner if ip can relay
g_smite_skip_to - Skip spam scanner if to matches this wild card
g_smite_tag - Tag message with smitematch header if message is in spam database when read
g_sms_forward - Specifies IP's which are allowed to forward to SMS gateways
g_sms_gateway - Address and port of your sms gateway
g_sms_gateway_force - Force sms notifications to go to g_sms_gateway
g_sms_gateway_msgbytes - Maximum amount of message to send to g_sms_gatway (bytes)
g_sms_gateway_subjbytes - Maximum length of subject in sms message
g_smtp_allow_invalid - Allow messages with invalid headers
g_smtp_auth_debug - Auth Debug (do not use)
g_smtp_auth_ip - Ip Addresses to accept smtp authentication from
g_smtp_auth_off - Disable SMTP AUTH from unknown ip addresses (NOT RECOMMENDED)
g_smtp_big - Slow down incoming SMTP reads to get bigger packets (experimental)
g_smtp_bounce_nslow - Number of handles to use for doing slow rejections of smtp connections
g_smtp_cmd_timeout - Seconds to wait after getting a message for next command (sendmail bug)
g_smtp_cram_enable - Enable CRAM-MD5 authentication (requires nwauth 4.0h or greater) - Not Recommended
g_smtp_data_timeout - Seconds for timeout for data input, default 540 (9 minutes)
g_smtp_delay_stamp - Stamp header if sender sends data before seeing welcome response (usually spam)
g_smtp_etrn_auth - Only do etrn processing if user is authenticated
g_smtp_fast_bounce - Reject bad connections immediately
g_smtp_fix_nohead - Accept messages with no headers and try and cope
g_smtp_help_disable - Disable help in SMTP (minor security issue)
g_smtp_log_protocol - If true log SMTP protocol to log file
g_smtp_log_size - Size of smtp.log file
g_smtp_max - Max concurrent incoming SMTP connections
g_smtp_max_nolimit - Ip addresses that don't have max smtp limit applied
g_smtp_max_reason - Reason to give to user if g_smtp_max is exceeded
g_smtp_maxbad - Max bad command per session before dropping smtp link, default no limit
g_smtp_no_brackets - Allow from/rcpt without angle brackets
g_smtp_noauth - Limit SMTP to just these addresses (not generally useful)
g_smtp_noauth_msg - Message given when sender is told to use authentication because of g_smtp_noauth
g_smtp_noauthm - Limit SMTP to just these addresses (not generally useful)
g_smtp_plain_hide - Hide 'plain' from the ehlo response
g_smtp_port - SMTP port to listen on, default is 25 (needs restart)
g_smtp_portauth - SMTP ports which require smtp authentication, typically 587
g_smtp_portforce - Block logins for ports not listed in g_smtp_portauth
g_smtp_secure_port - SMTP SSL secure port to listen on, default is 465
g_smtp_thread - Use seperate thread for incoming SMTP connections
g_smtp_vrfy_allow - Allow vrfy from these addresses, not recommended
g_smtp_vrfy_msg - Change Response to VRFY, e.g. 252 Not telling
g_smtp_warning - Send manager warning if this many sessions reached (max 1 per hour)
g_smtp_welcome_delay - Seconds to delay welcome message, drop if we get data before we send welcome, recommend 1-3 seconds
g_spam_alias_any - User aliase string e.g. "++" if defined then strip suffix from emails - not advised!
g_spam_allbad - Auto blacklist from/ip/to combinations
g_spam_allow - IP Wild card exceptions to spam limits
g_spam_allow_disable - Disable allow bounce messages
g_spam_allow_known - Unblock IP address if we have received messages from it for 3 days (so it's not a transient spammer)
g_spam_allow_msg - Template for unblock messages, use ||reason|| and ||allow|| and maybe a url
g_spam_allow_rbl - Give unblock message to RBL bounces too
g_spam_allow_rdns - Trust ip name for spam checking, not recommended
g_spam_allow_recent - Skip spam rules if recent pop ip number
g_spam_aspam - Scale for aspam, default is 1.0, Valid range is zero to two
g_spam_autotrain - Auto train spam filter good messages based on first 1000 outgoing emails
g_spam_black_auto - Auto blacklist for user when isspam pressed
g_spam_block - Block spam (as decided by spf etc), if not set then user or domain can set
g_spam_block_gateway - Block spam gatewayed messages too
g_spam_block_msg - Template for spf blocked message if allow is disabled
g_spam_body - If spamdetect score is above this, add spamdetect header at top of message body NOT RECOMMENDED e.g. 7
g_spam_body_more - Add more info to spam body (ip address, ptr address, reply to and bounce address)
g_spam_body_url - Text part of info to add to body, usually a url to your site
g_spam_bounce - If spamdetect score (number of '*'s) is above this, bounce message. Never set below 14
g_spam_bounce_all - If spamdetect score is above this, bounce message, applies to all messages regardless of user settings. e.g. 7 NEVER USE THIS
g_spam_bounce_store - If true store rejected spam in Spam_Rejected folder
g_spam_bounce_text - Error to return to user when message is bounced due to g_spam_bounce setting
g_spam_bounce_trusted - If spamdetect score is above this, bounce message if trusted (spam_allow or authenticated)
g_spam_catcher - Addresses on web pages that shouldn't get any email (robot bait)
g_spam_char - Character to use instead of '*' for smitespam headers (best left alone if possible)
g_spam_check_auth - Don't skip spam rules for authenticated users
g_spam_cmd - Command line spam checker, use $FILE$ in cmd parameters
g_spam_cmd_if - If internal spam rating is below this number, then run external filter
g_spam_cmd_reject - If external filter returns number larger than this reject
g_spam_cmd_skip - If internal spam rating is below this number, then skip external filter
g_spam_content_disable - Disable aspam_content.txt rules
g_spam_flag - Add X-SPAM-FLAG: Yes header if smite score is above this level
g_spam_folders - Train on any message dropped into the relevant folders
g_spam_folders_show - List the special folders for all users
g_spam_from_blacklist - Fetch list of bad domains to reject email from - not recommended
g_spam_from_max - Max outgoing messages per ipaddress/return path pair, 30 minutes, e.g. 5000
g_spam_grey - OBSOLETE DO NOT USE, Enable old greylisting for spf mechanism
g_spam_grey_bounce - Bounce if message was allowed due to grey listing, and spam score is above this, default 8 (was 4)
g_spam_grey_classc - Apply grey listing to x.x.x.*
g_spam_grey_dflt - Enable greylisting for spf default accept events (not recommended)
g_spam_grey_dflt_bad - Enable greylisting instead of allow in some cases (recommended for block or strict)
g_spam_grey_nofive - Skip 5-6 minute black window for these domains
g_spam_grey_nohard - Avoid hard spf bounces always try and do a grey list instead
g_spam_grey_nseen - Number of messages from an unknown host, default is 6
g_spam_grey_size - Size of grey listing table, default is 3000
g_spam_grey_verify - Skip grey listing if host was not listening
g_spam_grey_window - Window to block bad messages, typically 60 seconds
g_spam_header_trust_ip - List of IP addresses from which to trust/accept existing X-SpamDetect headers in emails
g_spam_hold_hide - Hide spam hold settings for end users and other held2pend user.cgi tweaks
g_spam_hold_keep - Number of days to store users spam hold messages - OBSOLETE see G_FRIENDS_KEEP
g_spam_info - Info line and url to explain aspam system
g_spam_info_hide - Removes the x-spamdetect-info header line
g_spam_internal - Enable new 'internal' spam processing
g_spam_isspam_ignore - Don't block messages from ip addresses recorded as a spam source
g_spam_isspam_kind - Allow isspam from recent pop, gateway to etc
g_spam_nobounce - Remove old user held/vanish but after 5.2 will allow bounce
g_spam_nolang - Don't add header with a guess at body language
g_spam_notrain - Disable isspam and notspam addresses for user training
g_spam_notspam - Address that non authenticated users can send non spam to.
g_spam_noupdate - Disable fetch of aspam filter rules etc from netwinsite
g_spam_phishing - Download list of known phishing addresses and block outgoing email to them
g_spam_phrase - Enable auto spam phrase filter
g_spam_poly - Scale for poly word matching, default is 0.1, Valid range is zero to two, Use 1.0 to enable, EXPERIMENTAL
g_spam_poly_disable - Disable poly code.
g_spam_private - Enable users to define 'private' extensions user--STUFF@domain
g_spam_probe - Probe suspect urls to find spammers
g_spam_probe_friends - Probe even if email is from a friend
g_spam_probe_more - Probe even if email is from a known ip address
g_spam_probe_unknown - Probe any unknown url (dangerous)
g_spam_probe_whois - Do whois lookups on web pages found in probe
g_spam_share - Use and share some spam/aspam information with central server (netwin) experimental
g_spam_status_hour - Process all spam status messages at this time (disk io intensive)
g_spam_status_monthly - Send monthly spam status even if no messages pending
g_spam_subject - If score is above this, add spam rating to subject (Spam: ****) e.g. 8
g_spam_subject_dom - Destination domains to tag subject for
g_spam_subject_gateway - If true then spam_subject setting applies to gatewayed messages too
g_spam_subject_word - The word that gets added to subject, default is 'Spam', UCE is another good one
g_spam_url - Scale for url word matching, default is 1.0, Valid range is zero to two
g_spam_user_badto - Max bad recipients from authenticated user per 30 minutes, e.g. 50
g_spam_user_max - Max messages an authenticated user can send per 30 minutes, e.g. 5000
g_spam_user_skip - Users to skip g_spam_user_max limit for
g_spam_user_warn - Alert user when they send this many messages in one day, .8 to alert at 80% of max
g_spam_user_warn_msg - Message when user approaches send limit
g_spam_userconfig - Allow users to specify specific spam features
g_spam_vanish - If spamdetect score (number of '*'s) is above this, vanish message if local delivery. NEVER USE THIS
g_spam_vanish_all - If spamdetect score is above this, vanish message, applies to all messages regardless of user settings. NEVER USE THIS
g_spamdetect_some - Only show spamdetect header for bad scores
g_spawn_log - If true the spawns are logged to lib_spawn.log
g_spf_baddns_skip - If spf dns failure then allow message through (instead of giving retry error)
g_spf_byemail - Perform allow bounce confirmation via email.
g_spf_debug_log - Enable spf.log file
g_spf_default - (strict only) Default spf record if none found default 'mx/16 a ptr:%{d2} -all'
g_spf_default_noblock - (strict only) Only stamp headers if default spf record fails when no real spf header
g_spf_dns_timeout - Seconds to wait for dns lookups for spf, best not to change
g_spf_domain - Domain for SPF rewrite and allow messages (defaults to first domain on server)
g_spf_enforce - List of wildcard/domains to enforce spf for, e.g. paypal.com,*bank*
g_spf_enforce_auto - Enforce spf for commonly forged domains paypal.com,*bank*
g_spf_enforce_local - If spf fails and it's a local domain then skip grey listing and give allow message
g_spf_enforce_real - Enforce spf for domains with strong spf entries
g_spf_header - Use g_verify_mx_skip and apply to resulting ip
g_spf_mode - Do SPF check and then perform action, stamp | block | strict, action is conditional on [g_]spam_block settings
g_spf_noallow - Give hard bounce (no allow message) for spf failures for these domains & ignore friends
g_spf_nocache - Disable SPF cache
g_spf_nofriend - Ignore friends for spf
g_spf_nogrey - Skip SPF grey listing for these domains (require allow response)
g_spf_norewrite - Exceptions to rewrite rule, e.g. *@my.domain,bob@this.domain
g_spf_required - Require an spf entry for these domains
g_spf_rev_skip - Skip SPF checks if reverse ip name matches in this list, e.g. *.yahoo.com
g_spf_rewrite - Rewrite 'from' envelope in redirected mail (SRS)
g_spf_rewrite_gateway - Rewrite even if gateway rule applies
g_spf_rewrite_relay - Rewrite even if from ip is a host to relay for
g_spf_share - List of hosts to share allow ips with. Must all have same srs.secret file
g_spf_skip - Skip spf checks for these ip addresses, e.g. other mx hosts
g_spf_skip_from - Skip based on from, e.g. noreply@*paypal.com,..., Also skips RBL
g_spf_skip_to - Skip based on rcpt to, also skips RBL rules,...
g_spf_timeout - Seconds to wait for all spf lookups to finish, default 48 seconds
g_spf_user_domain - Make allow bounces use destination user domain name
g_spf_very_strict - (strict only) Only give 'allow' option for default spf rule failures not real ones
g_spf_web_url - Specify full url for spf byweb commands http://domain.name:port
g_spflog_domains - Specify which domains should get spflog entries sent to them.
g_spflog_enable - Enable this if this server is a frontend for a SurgeMail server users log into.
g_spool_path - Scan this directory for *.msg files to send as emails
g_ssl_allow - IP Wild card list to allow SSL encryption from
g_ssl_allow_fix - Disable incoming ssl on ssl failure from an ip
g_ssl_allow_imap - IP Wild card list to allow SSL encryption from for imap
g_ssl_ciphers - List permitted ciphers
g_ssl_ciphers_add - More permitted ciphers (added to g_ssl_ciphers)
g_ssl_ciphers_web - List permitted ciphers for web
g_ssl_disable - Disable protocols tlsv1,tlsv1_1,tlsv1_2,sslv2,sslv3
g_ssl_disable_des - Disable DES ciphers, breaks outlook on XP
g_ssl_disable_port25 - Prevent ssl on port 25
g_ssl_disable_sslv2 - Obsolte, Disable ssl 2.0 support for enhanced security
g_ssl_disable_sslv3 - Obsolte, Disable ssl 3.0 support for enhanced security
g_ssl_disable_tlsv1 - Obsolte, Disable tls 1.0, not recommended
g_ssl_disable_tlsv1_1 - Obsolte, Disable tls 1.1 support, not recommended
g_ssl_disable_tlsv1_2 - Obsolte, Disable tls 1.2 support, not recommended
g_ssl_disable_web - Disable protocols for web only
g_ssl_fips - Enable FIPS mode crash if not available (DO NOT USE)
g_ssl_honor - Honor server cipher order
g_ssl_per_domain - Create/use an SSL certificate for each domain
g_ssl_perfect - Apply good SSL settings, best to remove g_ssl_ciphers setting too
g_ssl_require - IP Wild card list to require SSL encryption from
g_ssl_require_imap - IP Wild card list to require SSL encryption from for IMAP
g_ssl_require_in - Local domains that must only receive SSL messages
g_ssl_require_login - IP Wild card list to require SSL encryption for POP/IMAP/SMTP
g_ssl_require_out - Remote ip, remote domain for which we must send using SSL
g_ssl_require_web - Require https for most web features (excluding blogs file sharing and surgeplus)
g_ssl_retry_seconds - Second to try and establish ssl connection, default is 5
g_ssl_sha1_sign - Obsolete, sha256 is now always used
g_ssl_test_fail - Break ssl to test auto downgrade
g_ssl_throttle_renegotiation - Slow renegotiation to prevent simple dos attack.
g_ssl_try_from - Try and start ssl mode if from this user, e.g. *@xyz.com
g_ssl_try_not - Skip ssl for these hosts
g_ssl_try_out - Try and start ssl mode to these hosts
g_stack - For testing only, NEVER SET THIS
g_stack_imap - For testing only, NEVER SET THIS
g_startup_delay - Seconds to wait before starting surgemail
g_status_login - Require login for spam status actions
g_status_url - Specify default global url for status messages
g_status_view_html - Obsolete setting
g_store_dropped - Store upto 5000 bad bounces in the dropped directory
g_subject_blank - Subject header if one is missing
g_surbl - SURBL Spam URI Realtime Blocklists
g_surbl_from - Also check the return path
g_surbl_reject - Reject email with SURBL hits
g_surbl_skip - URL's to allow even if listed in surbl
g_surbl_skip_ip - Skip SURBL check if sender is from listed ip
g_surbl_whois - Also check whois info on suspect urls - not for busy servers!
g_surgeblog - Specialize SurgeMail as a Blog server
g_surgeplus_delay_tell_upgrade - Delay informing existing users about new SurgePlus versions for
g_surgeplus_delay_tell_upgrade_exempt - Users exempt from delayed new version informing
g_surgeplus_hide_client_downloads - Hide the links to download and install SurgePlus Windows client
g_surgeplus_links - Add web links to SurgePlus from other web interfaces (and vice versa) for users allowed to use SurgePlus.
g_surgeplus_log_level - SurgePlus log level. 'none', 'info', or 'debug'. Default is 'info'
g_surgeplus_online - Enable online tracking in surgeplus
g_surgeplus_pop_server_name - Default pop server to set SurgePlus client download to connect to.
g_surgeplus_port - SurgePlus port to listen on, default is 7110
g_surgeplus_secure_port - SurgePlus SSL secure port, default is 7995
g_surgeplus_smtp_server_name - Default smtp server to set SurgePlus client download to connect to.
g_surgeplus_web_port - SurgePlus web port to listen. Default is to use HTTP webmail port
g_surgeplus_web_url - Direct SurgePlus users to access shared files at this url
g_surgewall_ignore_error - Deliver even if some rule sais bounce
g_surgewall_redirect - Allow redirect/responder for surgewall
g_surgewall_split - Split up surgewall messages, one per recipient
g_surgeweb_backend_server - Backend machine to connect to
g_surgeweb_benchmark - Log web request timing info for surgeweb benchmarking - matches ip addresses
g_surgeweb_cache_less - Reduce surgeweb caching
g_surgeweb_debug - Log surgeweb debug info - matches ip addresses or email addresses - avoid
g_surgeweb_disable - Disable access to SurgeWeb
g_surgeweb_forgot_show - Show forgot password link on surgeweb login page
g_surgeweb_ics - Surgeweb email/calendaring integration (ie ics file processing and sending)
g_surgeweb_idle_timeout - Idle timeout for surgeweb sessions (hours, default=48)
g_surgeweb_logall - For requests matching g_surgeweb_debug also leave all webio & temp files - avoid
g_surgeweb_path - Change surgeweb path
g_surgeweb_process - Run surgeweb in it's own process (beta)
g_surgeweb_remember_timeout - "Remember" timeout / max session length for surgeweb sessions (days, default=14)
g_surgeweb_restrict - Restrict surgeweb use to these accounts only
g_surgeweb_testing - NEVER USE
g_surgeweb_work - Path to Surgeweb cache/work files
g_tarpit_badrcpt - Delay rejection of bad recipients (in seconds, default 4s)
g_tarpit_blackhole - Reject the email one recipient at a time
g_tarpit_drop - Drop link and ban for 1 hour if tarpit limits exceeded
g_tarpit_max - Number of local recipients before slowing down per 30 minutes
g_tarpit_max_remote - Number of remote recipients before slowing down
g_tarpit_retry - Send retry error, 450 if tarpit limits exceeded
g_tarpit_skip - Skip tarpit limit for these destination users or domains, e.g. *@xyz.com
g_tarpit_skip_from - Skip tarpit limit for messages from these users e.g. *@xyz.com
g_tcp_proxy_ip - Enable TCP proxy protocol for specific address
g_tcp_que_len - Length of listen queue for incoming connections
g_tcp_read_timeout - Timeout in 'seconds' on pop connections, do not adjust. (default 600)
g_tellmail_ip - Addresses to allow tellmail commands from (should never be *)
g_thread_max - Max threads allowed on this system (best not changed)
g_thread_reuse2 - Reuse threads - fixes unix bug - not implemented
g_thread_spinlock - Spin more before sleeping when waiting for mutex
g_timeout_try_later - If timeout while waiting for message to arrive tell other end to retry
g_timezone - Places in timezone part of date string, e.g. +1200 NZT. Please leave blank!
g_timezone_force - Hours offset to local time, e.g. 5 (best left blank)
g_to_valid - Require an @ and dotted domain in all dest addresses
g_tohost_local - Authentication database tohost name entry to deliver locally (see g_proxy and g_route_by_tohost)
g_token_httponly - Use httponly flag, stop scripts using token, may break attachments
g_token_secure - Use secure flag for surgeweb, stops http access to token, so requires https to work
g_toscan_path - Path used for mime parts for virus scanner
g_train_store - Number of messages to store in each spam training directory (1000-5000)
g_uidl_big - Use random uidl if uidl not found
g_unique_name - A unique name for this server
g_url_alias - Allows translation from one url to another
g_url_enable - Enable widearea URL spam database
g_url_host_noscan - Disable the scan for url_host settings matching the domain in an incoming web request
g_url_master - Set if this is the central URL server (for netwin use only)
g_url_master_to - Central URL server email address (leave blank)
g_url_redirect - Sends http 301 redirect to tell browser resource has moved
g_user_access - User.cgi features granted to access groups
g_user_access_default - Default user.cgi features granted to users
g_user_access_from - When sending use from for useraccess rules
g_user_access_webonly - Means user_access rules only stop web interface not actual spam checking etc
g_user_alias - Number of aliases accounts can create
g_user_alias_file - User aliases configuration file
g_user_block_time - Block chrisp from pop access for this time period
g_user_blogs - Number of blogs accounts can create
g_user_cookies - Enable browser cookies for user self management
g_user_delete - Let users delete themselves
g_user_domainlist - Who to show domain dropdown list to on user.cgi login page and 'user' pages
g_user_filter_early - Process user exceptions/filters before tagging message as spam
g_user_friends_domain_log_disable - Disable domain level friend.log file
g_user_friends_log_disable - Disable user level friend.log file
g_user_hide_security - Hide user level security.log access
g_user_list_quota - Number of mailing lists users can create
g_user_mail_view - Whether an admin/manager can view/display users inbox mail
g_user_mfilter - Mfilter to run for individual user delivery, some features not supported
g_user_pipe - Pipe run on file just before delivery to user, $USER$ available on command line
g_user_receive_rule - Define valid source addresses for users in a group
g_user_send_ip - Block any ip address from sending too many emails
g_user_send_max - Maximum number of emails per day (requires SMTP AUTH)
g_user_send_rule - Define valid recipient addresses for users in a group (requires SMTP AUTH)
g_user_send_warning - Warn manager if any user sends more than this many messages per day, e.g. 5000
g_user_send_white - No limit for these ip addresses/users
g_user_sms_quota - Number of sms messages accounts can send
g_user_status_from - Send status with return address of the user
g_user_status_fromhdr - Send status with return address of this
g_user_status_send - Number of days after which to send user status messages (0 = never)
g_user_utoken_days - Number of days a user self management login token is valid for
g_user_utoken_expire - Length of time a user self management login token is valid for
g_user_utoken_idle - Length of time a user self management login token may remain idle for
g_user_virus_scan - Allow virus scans for specific users instead of all users
g_vanish_any_bounce - Vanish all bounces, requires g_vanish_bad_bounces
g_vanish_bad_bounces - Vanish suspected spam bounces (requires g_received_name)
g_vanish_relay - Vanish bad bounces before relaying email too
g_vanish_virus_bounces - Vanish suspected virus bounces (requires g_received_name)
g_verify_helo - Verify helo name translates to same network as sending system
g_verify_image_hard - Use extra difficult human verification image (used in blogs)
g_verify_mx - Verify MX records contain senders IP address (see g_verify_mx_skip)
g_verify_mx_skip - Use to define incoming mail gateway ips so the mx verify doesn't fail on them
g_verify_smtp - Verify we can talk back to the SMTP port on incoming ip address
g_verify_timeout - Seconds to wait for SMTP response, default is 10 seconds
g_vipre_enable - Enable vipre scanner on windows
g_virus_allow_unmonitorable - Allow unmonitorable content (avast antivirus)
g_virus_avast - Enable AVAST virus scanner integration
g_virus_avast_attachments - Only scan messages with suspect attachments (windows only currently)
g_virus_avast_hour - Hour of day to update avast definitions, e.g. 9 = 9a.m.
g_virus_cloud - Use cloud scanner, not recommended
g_virus_cloud_wild - File types to cloud scan *.exe,*.com
g_virus_cmd - Virus checker for mime parts, use $FILE$ in cmd
g_virus_cmd_body - Scan raw msg file too
g_virus_cmd_codes - List of return codes to bounce message, e.g. 1,2,3,4,5
g_virus_cmd_drop - Drop silently instead of reject at data stage - not recommended
g_virus_cmd_email - Set if scanner can understand email message files
g_virus_cmd_max - Max concurrent threads that should run this command, if exceeded messages are not checked
g_virus_cmd_nodel - Disables cleanup of scanned files, so you can test manually
g_virus_cmd_size - Max size of messages to scan
g_virus_cmd_sleep - Milli seconds to wait after g_virus_cmd incase delete is not immediate, e.g 500 = half a second
g_virus_cmd_test - Continue after virus found to compare scanners
g_virus_debug3 - Testing virus scanners do not use
g_virus_disable_local - Disable scanning for local trusted users
g_virus_disable_remote - Disable virus scans for non-local addresses
g_virus_filter - Virus checker which works like an authent module (talk to on stdin/stdout) - vpipe
g_virus_filter_require - If any g_virus_filter pipe fails bounce messages rather than allow to continue
g_virus_fprot - Port for FProt mail scanner (usually 11200)
g_virus_late - Run virus scan after most spam filter processing
g_virus_localhost - Don't skip virus checks for 127.0.0.1 originating emails
g_virus_recent_skip - Skip virus recent cache which attempts to speed up virus scanners
g_virus_rename - Rename executables by changing '.' to '_' prevents many auto run viruses
g_virus_rename_skip - Skip rename for these from/to addresses
g_virus_rename_skipauth - Skip rename if user sending is authenticated local user
g_virus_report - Report detected viruses to someone
g_virus_report_all - Report every virus using g_virus_report
g_virus_report_user - Report virus to recipients
g_virus_restart - Restart vpipe virus scanners every this many items
g_virus_simple - Enable internal simple virus scanner
g_virus_simple_list - List of dangerous file extensions, *.exe,*.bat,etc...
g_virus_simple_skip - Skip simple check for from/to addresses
g_virus_simple_skipauth - Skip simple virus if user sending is authenticated local user
g_virus_simple_test - Compare with avast results
g_virus_simple_zip - Check zip files for executables and block
g_virus_strangers - Use simple attachment filter for non friends
g_vpipe_concurrent - Concurrent requests to vpipe process, default is 7, set to 1 to debug vpipe issues
g_vpipe_fail_crash - If virus scanner fails, crash surgemail (for debugging)
g_vpipe_notag - Disable headers showing vpipe results in messages
g_vpipe_skip - Skip scanner for this IP address (e.g. trusted mailing lists)
g_vpipe_timeout - Timeout if scanner takes this long to respond default 60 seconds
g_warning_to - Addresses to treat as local and send warning bounces to
g_web_access_grp - Restrict user groups to specific ports
g_web_access_ip - Restrict access to web ports based on ip
g_web_access_max - Maximum number of concurrent web logins for group
g_web_add - Add http headers
g_web_admin_max - Maximum number of concurrent web admin sessions
g_web_appsname - Apps url name on unified web interface
g_web_appsroot - Apply apps interface at web root ie /
g_web_charset - Charset for html pages
g_web_force_doctype_first_disable - Disable webserver behaviour to force doctype definitions to be displayed first.
g_web_forwarded_test - Fake the forwarded-for header
g_web_hide_source_names - Hide the name of the source template page in output web pages.
g_web_max - Max concurrent web connections, default is 100
g_web_max_perip - Max concurrent web connections per-ip, default is 30
g_web_noserver - Disable Server header in http responses
g_web_old_behaviour - Revert to old style webserver behaviour
g_web_php_exe - Path to php.exe
g_web_policy_disable - Disable obscure web policy security headers
g_web_ref_path_extension - Path extension to add to web page image/css references.
g_web_timeout - Timeout for web requests
g_web_title - Title to use on specified web page
g_web_trust_ip - Trust ip address from rev proxy web server X-Forwarded-For
g_web_url_path - Url to path translation with access specifier
g_web_utf8 - Make sure all user.cgi handling is done in UTF8
g_webdav_enable - Enable webdav access for users
g_webdav_group - Only allow webdav if member of webdav access group
g_webdav_path - Root path for webdav storage
g_webdav_public - Enable non authenticated access to pub folder (readonly)
g_webmail_limit - Maximum number of concurrent webmail requests
g_webmail_popmode - Use POP3 instead of IMAP in WebMail.
g_webmail_port - HTTP Webmail port to listen on, default is 7080
g_webmail_save - Write surgehost.ini and other obsolete webmail config info
g_webmail_secret - Secret string used by webmail when sending the ip address of connecting users
g_webmail_secure_port - HTTPS secure WebMail port, default is https 7443
g_webmail_select_domain - Send select_domain instead of host in webmail autologins
g_webmail_timeout - Timeout for webmail or any cgi process (in seconds, default 360)
g_webmail_url - Url to the WebMail cgi
g_webmail_urladd - Url data to append to WebMail auto-login link
g_webmail_useip - Use the ip address in g_webmail_port setting
g_webmail_workarea - Path to WebMail workarea
g_winmail_fix - Replace winmail.dat with normal attachments, requires tnef installed first http://netwinsite.com/tnef.htm
g_work - Workarea for temp files
g_xauthuser_hide - Hide X-Authenticated-User header in processed mail
g_xfile_allow - Allow xfile & web upload features for users. Set to '*'
g_xrcpt_hide - Hide X-Rcpt-To header in locally delivered mail (not recommended)
g_xrcptoriginal_hide - Hide X-Rcpt-Original header in locally delivered mail
g_xserver_hide - Hide X-Server header in processed mail

WebMail settings

see separate manual - further documentation to be completed


Search website:

Help Index

SurgeMail Configuration Settings Overview

Domain Specific Settings

Global settings

WebMail settings