Also see the dedicated surgemail website https://surgemail.com with knowledge base and ticketing system

SurgeMail Change History - Detailed!

Note: For documentation on changes related to SurgeWeb and documentation on all individual specials / beta / release builds see: SurgeWeb Change History. If you find a bug please report it to surgemail-support@netwinsite.com.

8.0h-3 SurgeWeb Reply fix - With a search across multiple folders active, and replying to a message in the message list located a folder type different from the folder displayed at the top of the message list (Sent vs Inbox) own address would be place in the To field instead of address of recipient one was "communicating with"
8.0h-2 Tweaks to the sms notification Twilio integration - can be used for arbitrary sms notification of inbound mail (and part of password reset features). Notably, the notification rules now allow for 5 different formatting options in terms of From / Subject / Body text.

8.0g Beta - July 2025

8.0f-8 Removed g_dkim_rfc_headers setting so surgemail always signs using all headers RFC recommends. To restore pre 8.0f-1 behaviour set g_dkim_legacy_only (NOT RECOMMENDED).
8.0f-7 Important DKIM signing fix: Messages directly sent to destination servers were correctly signed. If the first send failed for some reason, once messages were reloaded from the disk queue they were not getting correctly signed with their domain, as a result these DKIM signatures were invalid.
8.0f-5 Added "feedback-id" header to full g_dkim_rfc_headers list to keep google happy
8.0f-4 Minor mirroring fix: If a message was in the middle of being renamed (most notably a delivery burst) during restart of the mirroring connection to remote server, there was a small chance the message would not get mirrored. note: previously this was getting automatically fixed primary -> secondary the next g_mirror_repair (or "tellmail resync") got run, but not secondary -> primary
8.0f-3 Added g_msg_max_in, a global version of the domain setting msg_max_in
8.0f-2 Added a "from" wildcard (in addition to the existing "to" wildcard) in the g_forward_illegal and forward_illegal settings to be able to make rules more specific and apply to individual users
8.0f-1 Support for all 21 headers suggested by RFC for DKIM signing. Until now only to, from, subject, reply-to, date had been used. Enable using g_dkim_rfc_headers. Probably will make this the default in the future.

8.0e Release - July 2025

8.0e Beta - June 2025

8.0d-10 Allow oauth (password workflow using g_oauth_* settings) to be primary source of authentication validation (as opposed to existing "import only" version) - enable using g_oauth_propagate_pass
8.0d-9 Allow domain (wildcards allowed) to be specified as part of tellmail mirror_analyze (eg "tellmail mirror_analyze mydomain.com")
8.0d-7 Support longer SPF records. Up to 2kB now (with error logged if truncated) - previously records were silently truncated at 1kB
8.0d-6 Additional Surgeweb UTF8 handling fixes. Should result in fewer messages with "broken characters". Also for messages with no Content-Type header defining charset, now defaults to Windows-1252 (default can be defined per user in _user.dat using say "default_charset utf-8")
8.0d-5 Surgeweb character set conversion to UTF8 fix. For legacy encoded messages (eg iso-2022-jp), if a multicharacter glyph spanned a quoted printable encoding EOL line boundary, the utf8 conversion failed and displayed broken.
8.0d-4 Only show the AtRest recovery code on the change password page if AtRest encryption is enabled
8.0d-3 Allow recovery email to be cleared (field validation since 7.8b-2 prevented clearing once set)
8.0d-2 Surgeweb per additional account option to set default folder to open when account is selected
8.0d-1 Surgeweb 2FA tweaks: Don't show auth code field in relogin dialog if server does have g_pass_twofactor and user does not have 2FA enabled. Option to always show 2FA code on login page ( surgeweb config_*.dat: twofactor_loginshow true)

8.0c Release - June 2025

8.0c Beta - May 2025

8.0b-12 Fix crash if a mailing list message got caught in a redirect loop (introduced in a 7.8l-4 feature)
8.0b-11 Fix g_route for outbound deliveries to the internet via another server could deliver additional pending mail queue messages that matched by just domain to the server specified in g_route rule
8.0b-9 Save the output of "tellmail mirror_analyze" (analyze.log) in a sorted format (analyze_LCL.log) to pass directly into a diff tool with the same file from the mirror server.
8.0b-8 Fix dot stuffing bug in g_phish_block - rarely triggered and only on modified outbound email
8.0b-7 Fix bug in SmartFilter spam handling resolved that could resulted in a surgemail restart
8.0b-6 Added easy enable configuration for proxying surgemail behind Apache, using ProxyHost settings for all client accessible surgemail urls
8.0b-5 If late forwarding was being used without any forwarding addresses defined but responder defined, the "Delete original message" was not getting applied. Now it does.
8.0b-4 Added default token in spf record to the Received-SPF header
8.0b-3 Fixes in the g_oauth_* handling

8.0a Release - May 2025

8.0a Beta - April 2025

7.8n7 Added setting g_dlist_spam list=string user=string, Used to link a dlist mailing list to a specific account for 'spam' handling, if a message is identified as 'spam' it goes into the 'Spam' folder for the nominated account, then if/when the user releases the message by moving it to the inbox then it is also sent to the mailing list. The message will also appear in the users inbox as a duplicate (but only when it's released, not if it is recognized as not spam initially). The Subject header gets a [DList] prefix in this situation.
7.8n6 Increased smtp response buffer size so we can see entire gmail error messages.
7.8n4 Fix bug 'canon.dat' giant file being created, now auto deleted… only occurred if g_arc_check or g_arc_sign was enabled.
7.8n3 Added tellmail report_unused_nomsgs 99 to report on accounts with no logins or received messages in the last 99 days.
7.8n2 Added code to allow quarrantine dmarc failed messages to be stored in spam folder. New setting g_dmarc_quarantine, requires g_dmarc_use is also set.

7.8m Release - April 2025

7.8m Beta - December 2024

7.8m Added code to remove old *.raw files in the work area. Added env_from and env_to environment variables for the speech_cmd script to use. Increased max mlink check from 10,000 to 100,000
7.8j … Increased size of mfilter header buffer to 13k. Fixed issue with dns using 'a' name incorrectly if 'retry' dns code returned.
7.8j … Fixed rare crash with s_feat null due to missing sbin_feat.dat
7.8l7 Added guess limit to new admin login.
7.8l6 Added g_admin_login "true" to enable form based login, to block the old style logins from set g_admin_ip "localhost,127.0.0.1"
7.8l5 Fixed XSS issues with blogs
7.8l4 Added required list-unsubscribe headers now required by google.
7.8… Added settings for disabling redundant http verbs
7.8… Added g_log_dns_only and g_log_dns_mx for more controlled dns logging..
7.8j1 ssl updates are now coppied to the slave automatically unless g_ssl_lets_slave is 'true'…
7.8k6 added exp.log for clear record of expire process… dns lookups added ID checking to prevent cross talk in responses…
7.8k5 Added G_DNS_RETRYRETRY setting to force retry on next 'host' if dns server returns 'retry' code.
7.8k4 ,I_G_THREAD_POOL disabled, as causes crash.. disable fixfrom if destination is local domain.
7.8k3 fixed crash if email_original null, caused by relay always.
7.8k2 Fixed late fwd giving this error on local account BAD: (550 No such user ($$late) Cached lookup) introduced in 7.8k1
7.8k… Late fwd to local accounts can no longer bounce off the 'second' address, friends will accept the message as from a 'friend'.

7.8k Release - November 2024

7.8i4 Fixed (removed) 'nil' response to make IOS 18 happy, an empty variable response is sent instead. Added quotes around 'From via' address in dlist.
7.8i3 Fixed 'tellmail outgoing_spam' potential to kill server.
7.8i2 Fixed EICAR test string which was corrupted. Fixed other incorrect string replacements (virus handling issue)
7.8h16 Fixes for combination of atrest and pop migration and mirroring to all work.
7.8h15 Added warning if g_timezone contains a space. (Breaks IOS 18 email client)
7.8h14 Added user 'group' "ssl", (add to g_access_group too) members of that group will be required to use ssl when logging in. Also note: G_SSL_WARN "true" setting to warn users who don't use ssl periodically.
7.8h13 Fixed issue with nwauth where it could read a partially written database if the system failed during a rewrite. nwauth version 4.3n
7.8h12 changed key handling to avoid doing host to ip translation more than once… (possible intermittent delay issue on pop login)…
7.8h11 Fixed issue with surgemail 'start' from web monitor not working.
7.8h10 Fixed log_path for login.log. Fixed a bunch of issues with s_fopen handles…
7.8h9 Fixed fault with migration not doing atrest encryption.
7.8h8 Made fixfrom not apply if the from domain is the same or if it's a local domain, change format of from header to include original from 'via'…… (late forwarding setting)
7.8h7 Made g_spf_norewrite apply to g_forward_fixfrom; Fixed bounce domain from address to match authenticated user (if there is an authenticated local user)
7.8h5 Added G_ACCESS_SURGEWEB_IP which if set limits surgeweb access to those specific ip addresses listed (or wildcards)… added setting g_dmarc_allow "user@xyz.com" to bypass dkim dmarc blocking…
7.8h4 Fixed issue with certificate being coppied even when g_ssl_lets_slave is enabled for systems with g_ssl_per_domain false…
7.8h3 Added fprintf testing on startup. Fixed fault with windows 32bit builds new fprintf handling.
7.8h2 Added keep alive noop to mirror live channels, and added emsg if bad mirror commands.
7.8h1 Added g_dmarc_allow to bypass dmarc errros for specific domains, failed files are stored in debug_message folder.
7.8h1 Added extensive FILE handle checking. (many of the fixes above are just corrections for this extensive change)
7.8? tweaked mirror analyze again…
7.8g fixed fault with file handle issue.

7.8g Release - August 2024

7.8d6 Fixed rare crash in msg_log_raw due to mutex issue. Logging FILE handle fault introduced Thu Apr 16 2020 version 7.4l4
7.8d5 Fixed a couple of XSS issues
7.8d4 Improved mirror resync so always shows progress, and mirror_analyze so gives reliable response from slave. (still some issue to resolve)
7.8d3 Added G_LOG_SSL_FAIL to enable logging of ssl failed connections to msg.rec. Fixed unixauth binary on linux 64bit builds.
7.8d2 Updated dlist to remove dkim header when from list is true.
7.8d2 Added details to dkim errors.
7.8d1 Fixed g_deny_country issue with letsencrypt…

7.8c2 Release - July 2024

7.8b31 Added G_FROM_DOMAIN_MATCH to check from and return path domain matches when sending outgoing email…
7.8b30 Fixed curious bug with duplicates OK response after idle command if g_imap_idle_free used.
7.8b29 Changed service type to 'non interactive' to avoid warnings… (windows issue)
7.8b28 Added G_SUFFIX_REPORT_USER/ADMIN, if enabled, if security suffix used, if login with right password blocked, then user/admin is informed. Throttled to 1 message per hour.
7.8b27 Fixed fault with status messages regarding messages with no To header having a random 'to' address in the report.
7.8b26 Fixed calendar invite crlf issue, improved crashing for strncmp strncmpnc functions…
7.8b25 Fixed obscure crash in ncpy handling, fixed backtrace code on windows, broken 6 weeks ago.
7.8b20 Commited arc() fix :-), Minor fixes to futureproof time handling.
7.8b19 Fixed crash in arc() code. Fixed bug in G_ORBS_MULTI_THREAD
7.8b18 Fixed bug in proxy code.
7.8b15 Added threading to g_orbs_list lookups.
7.8b14 fixed crash issue introduced in 7.8b
7.8b10 Added G_PROXY_SMTP to allow proxying directly through to backend server to allow bounces without backscatter. Requires g_webmail_secret to match.
7.8b9 Fixed OSX issue with RAID arrays (see online docs on how to grant access to the surgemail app - seems unpredictable - basically osx doesn't allow access to an external drive by default)
7.8b9 Improved ini handling/speed for systems with many thousands of domains.
FIXED: int abook_map_path_rel(Imap *im, char *addressbook, char *fname)
7.8b8 added g_cpu_notest setting, added _G_DKIM_NOFORCE
7.8b7 limited length of phishing replacements… 700 char…
7.8b6 Added g_dkim_force_from "you@your.domain" to allow gateway dkim signing, if g_dkim_only matches the domain e.g. *, and it's not a local domain, then the from and return path are replaced.
7.8b5 Improved handling of mirroru.dat so it rescyles more reliably (mirror issue). Moved phishing rewrite to 'after' archive, apply dkim signing to alias domains.
7.8b4 - Fixed handling of friend matches for mfilter isfriend() to include g_friend_ignore settings. Added G_LEGAL_ARCHIVE_EXCLUDE
7.8b3 - Improved randomness of simple release links so they won't conflict.

7.8a Release - January 2024

7.7n4 Added default // if url is missing it in g_phish_block…
7.7n3 Fixed bug in ssl_update which caused intermittent failures with letsencrypt, introduced in 7.7m1
7.7n2 Fixed Locked out hacker manager report that contained a naked lf ??

7.7m1 Release build.

7.7l3 Fixes for crlf message injection issue. As temporary fix set g_lf_fix_off "true".
7.7l2 Allow responder if valid dkim.

7.7j (New Release Candidate)

7.7j11 Fixed acme.c status buffer over-write code causing rare crash. ??
7.7j10 Addec x- to received-spf headers.
7.7j9 Added support for auth.spamrats.com with setting: G_RBL_LOGIN, this blocks logins from known hacking ip addresses.
7.7j8 Fixed bug in g_phish_block. Fixed crash if g_phish_block turned off and on and then whitelist occurs.
7.7j7 Added g_spam_user_lockout setting. Fixed installer when creating systemd unit file on non default path.
7.7j6 Minor security fix for web injection issue. Corrected match for ssl_alias domains in sni handling if domain name matches
7.7j5 Fixed dmarc handling of sub domains. Fixed problem with spaces added in long dkim dns entries.
7.7j4 Made 'block' button from spam report add both from and return path to blacklist.
7.7j3 Fixed crash in only osx/arm build regarding mirror_send nwauth.
7.7j2 Added some logging of msg size to track msg corruption issue.
7.7j1 Removed confusing 'domain' selection from global settings in vlist pages (web admin).

7.7i (New Release Candidate)

7.7h Changes

7.7h6 Fixed spf_check crash.
7.7h5 Fixed possible bug in nightly training crash
7.7h4 Fixed response if g_imap_max_limit exceeded which could cause smtp out of sync issue with dlist. fixed mutex uimit
7.7h3 Fixed g_spam_userconfig so it applies to surgeweb too.

7.7f changes

7.7f9 Added logging for slow commands and disconnections to 'slow.log'…
7.7f8 Note: that windows 2003 server is not compatible with the latest ssl, please update your operating system, or use 7.7a1 or earlier.
7.7f7 Fixed some missing stdarg strings. mulog crash fixed.
7.7f6 fixed rbl stats to show more than 10, fixed bounce of spam reports due to dmarc, added setting to expire bulletins after 'n' days.
7.7f5 Fixed manager dlists showing lists from other domains than the one selected. Added ssl error to user command line response for pop3, nwauth ping added so it cleans things up…
7.7f4 Fixed bug in lists not showing for admin account after fix below. Fixed fault in 77e (dlist) with max_size triggering randomly.
7.7f2 Fixed BFSZ in fgets in msg_send_template. Fix in variable replace function length limit.
7.7f1 Fix for two factor authentication with always set to true will now stop asking on surgeweb logins correctly.

7.7e Release 1 July 2023

7.7d changes

7.7d20 tightend up dns name limits and encoding/decoding.
7.7d19 Added g_speech_to and g_speech_group settings.
7.7d17 Added stack corruption detection on win64 build. Fixed stack corruption in ssl_update code. Fixed prune_allow command. Fixed bug in sw search if trailing slash. Moved speech convertion into first txt part.
7.7d16 Fixed bug in mirroring related to more than 10,000 domains causing cpu and mutex issues during config merge.
7.7d15 Fixed ical memory leak again ?? Fixed issue with .ini_temp files being 'left' around.
7.7d14 Fixed UI handling of domain specific settings so the admin can select the domain. Added G_SPF_TRUST_LOCAL, Fixed bug with recovery username given without domain name.
7.7d13 Fixed ssl_update_test to correctly deal with 'processing' status from letsencrypt. This issue only affected the test version of the command.
7.7d12 Fixed memory leak in ical, added ciphers :AES256-GCM-SHA384:AES256-SHA256:.
7.7d11 Fixed rare crash just after midnight after log entry: daily: task phrase_train-done
7.7d10 Added some support for smtputf8, this should never never be used (it is a broken concept - email clients should always perform the translations)
7.7d9 Fixed crash if sf_mfilter file missing. Fixed bug introduced in 7.7d6 showing wrong mailing lists.
7.7d8 Fixed fault with g_imap_user_flags mixing up the flags.
7.7d7 Minor logging additions for friend.lst changes.
7.7d6 Fixed display of mailing lists if user is domain admin and owns a list in another domain.
7.7d5 possible fix for crash in mirroring.
7.7d4 Changed default log date format to include year/month/day, and change setting to g_log_date_old to switch back.
7.7d3 Elapsed imap/pop time in prec was overflowing, changed units to 'seconds', and zeroed existing counters.
7.7d2 Fixed shared folders with IOS which refuses to show a folder prefixed with ~, Add this setting, g_imap_acl_prefix "true" and the prefix will be chaned from ~ to ^
7.7d1 Fix to use g_ssl_disable_web when g_ssl_per_domain is false.

7.7c 25 Jan 2023 New Beta

7.7b5 Added code to automatically disable resync_prune and repair feature if downtime exceeds 24 hours. (since that can indicate this server doesn't have real data).
7.7b4 Fixed serious login delay if G_SAFE_WARNING setting enabled in some situations. Remove this setting or upgrade.
7.7b3 Fixed inbox max handling such that it will be correct on the slave
7.7b1 Fixed log display of startstop.log on windows. Increased proxy imap timeout to 30 minutes.

7.7a1 21-Dec-2022 New Beta…

7.6v6 Prevent creation of folders with trailing or leading dot or space at any point not just final section of path.
7.6v6 Fixed crash in mfilter.rul related to cc actions, bug introduced in version. 7.6k2 Made mfilter multi threaded. Fixed crash logging on windows.
7.6v5 Fixed display of mailing lists for users not in the primary domain.
7.6v4 Added reason for popfetch rejections… Added code to prevent mirror password dictionary attacks.
7.6v2 Changed imap body caching to cache a body even if 'from' is not zero… it should still work just the same…
7.6v2 Fixed imap idle update for more flags.
7.6t6 Fixed bug in lhist code, could cause misc mutex lockup, or crash or file handle run out (due to lockup) Bug added: Fri Mar 4 01:58:54 2022 UTC 7.6n-4
7.6t5 Fixed issue with ssl certificates failing to match after restoring a domain.
7.6t4 Added ssl support for fallback_relay

7.6t October 2022

7.6t3 Fixed crash in status on solaris, fixed g_smtp_noauth blocking internal messages (status)
7.6t2 Made dkim sign based on the 'from' header if the from domain is local instead of the return path.
7.6r8 Made labels automatically vanish if all deleted.
7.6r7 Fixed crash in select on solaris due to moreflags bug on some systems.
7.6r6 Added support for unlimited labels with setting: G_IMAP_USER_MOREFLAGS, the g_imap_user_flags setting is also required.
7.6r5 Fixed fault with nwauth web api not clearing cache when user fields changed.
7.6r4 Fixed fault in dkim handling introduced in 7.6r3, Added override so if g_from_forge would reject message and spf of from header would allow the message is accepted. Added quota rec logging.
7.6r3 Fixed fault with from_must_exist and aliases. Fixed dkim handling so dmarc fails if from header domain does not match dkim signed domain.
7.6r2 Fixed fault with new responder if 'friend' feature not working, fixed fault with G_BAD_LOGIN_DUMB not being properly obeyed. Added handling so g_Route can be used to send queued messages to a local domain, only if g_route_tous "true" is also set! and g_route_local must be false.

7.6q

7.6q2 Fixed fault with corrupt subject in surgevault messages. (ending in &)
7.6o2 Tweaked tagging of external messages. Added responder options to start on a specific date. Fixed strtok crashes maybe.

7.6n

7.6n25 Moved order of adding ip's so duplicate log entry removed… added prefix '0' back into dates.
7.6n24 Fixed file leak in maildb_checkfile maildir.c:7173, triggered by file protection issues.
7.6n23 Made dmarc not on by default (g_marc_use "true"), fixed problem with local messages getting caught by dmarc.
7.6n22 Fixed g_external feature again ?? Do not use prior to this version! Updated some mutexes to avoid m_misc. Fixed dkim failing to sign dom_and_ip forwarding. Fixed mfilter report emails.
7.6n21 Added g_external_dlist setting, if true external tragging will occur to messages as they are delivered to a dlist mailing list.
7.6n20 Fixed crash in dkim logging, fixed app password login issue. Fixed fault in external message warning which could remove/corrupt attachments.
7.6n19 Added tellmail temp_password user@domain.name password, to allow admin access to an account for testing, cannot be used with at rest encryption.Fixed g_orbs_report to only report after a failure…
7.6n18 Added tellmail dkim_test_both domain.name to test dkim signature handling using local and dns lookup.
7.6n17 Fixed domain level quota warning which failed if user level quota disabled
7.6n16 Improved malloc debugging with G_DEBUG_FREEPC "100" G_DEBUG_PADPC "100", 100=all the time, 10=10% of the time…
7.6n15 added g_dkim_allow and exceptions for trusted addresses.
7.6n14 fixed G_DMARC_ENFORCE so it doesn't apply to local internal messages. Fixed windows crash handling to avoid crashes with no log info.. Added detection of spamhaus failure.
7.6n14 Added G_HOST_ALIAS_SNI to fix fault where host_alias fails to match to it's own ssl certificate.
7.6n13 Added support for smtp chunking (don't use it), and fixed crash in sw_json_partial_update_real
7.6n13 Some fix to inbox_count handling in 7.6n
7.6n12 Added g_run_cmd, Updated getmyip to use netwinsite. Cleaned up mirroring of lists.dat/locking etc.

7.6n March 2022

7.6n11 Added tellmail resync_pruneall which will run a prune that 'also' removes folders from the remote system that don't exist locally.
7.6n10 Moved recycling_imap setting to the domain settings in ui. Added search to security log page. Tweaked (reduced) timeouts during installer start/stop
7.6n9 Fixed recycling folder usage so messages appear in imap/surgeweb correctly without needing to rebuild index.
7.6n8 Fixed file handle leak in mirroring if legal archive mirror is enabled and other host is not upgraded.
7.6n7 Reduced re-entrant loop on spf to 6 levels (new beta needed) Added istrusted to vmail geneated messages.. Added logins to users security log.
7.6n6 Added code to detect extra end if or else statements in mfilter.rul
7.6n5 Improved g_safe_country code so it does a second check to be sure. Added tellmail geo_test x.x.x.x

7.6m Jan 2022

7.6m4 Added g_dmarc_enforce and modified default dmarc handling (improved)
7.6m3 reduced logging of 'PRE' failures (DOS)
7.6m2 Fix for mfilter.rul missing issue causing crash

7.6k

7.6k12 prevent url redirect rules from applying to well-known paths.
7.6k11 Fixed bug in loginip code (g_smtp_safe etc) was failing sometimes to match correctly.
7.6k10 Fixed url links from admin pages to new website.
7.6k9 fixed lets.log, fixed sms recovery code without email recovery address
7.6k8 Fixed auto language so it doesn't create friend.ini files. Improved 'resync_config' so it jumps past the queue. Fixed user level imap.log
7.6k7 Fixed fault whereby when deleting an imap folder it wouldn't delete the folder itself unless it was empty.
7.6k6 Fixed fault with atrest encryption not sending recovery code to users on the non primary domain.
7.6k5 stack usage minor fixes.
7.6k4 Increase mirror user send rate. Fixed issue with G_AUTH_NORELAY_WEBOK
7.6k3 Added generic stack checking code to abort if stack is close to limit. Misc changes to reduce stack usage.
7.6k2 Made mfilter multi threaded.

7.6j Release version

(Note release versions usually have no minor changes as we immediately update the numbering - it's the stable version of 7.6i).

7.6i

7.6i9 Fixed installer freeze if bad key date.
7.6i8 Added code to allow spf: prefix on header from if same domain as spf verified address.
7.6i7 tellmail expire_attached and domain level settings: EXPIRE_ATT_AGE EXPIRE_ATT_SIZE which will remove attachments from old messages in any folder.
7.6i6 tellmail simple_dump and other malloc tracking changes… Updated logging to include full date for security log
7.6i5 Fixed imap delete so it now allows a folder with sub folders to be deleted, the sub folders are not affected.
7.6i4 Fixed windows build issue introduced in 7.6i2 with blank messages caused by fprintf macro.
7.6i3 Fixed memory leak in cipublic_add_entry. Fixed crash in parts.c with 10 deep mime parts.
7.6i2 Fixed memory leak. , Removed some excessive disk io and logging. Added function name to some logging, may cause compiler errors on any old compilers.
7.6i1 Added g_hacker_timeout and g_hacker_star for locking out suspect ip addresses that appear to be blocking smtp sessions (only use when DOS issue)
Fixed g_smtp_max so it applies if proxy is being used.

7.6i October 2021

7.6i2 Fixed memory leak. , Removed some excessive disk io and logging. Added function name to some logging, may cause compiler errors on any old compilers.
7.6i1 Added g_hacker_timeout and g_hacker_star for locking out suspect ip addresses that appear to be blocking smtp sessions (only use when DOS issue) Fixed g_smtp_max so it applies if proxy is being used.

7.6g October 2021

7.6g13 Fixed crash in acme getting directory if it fails to get it.
7.6g12 Fix G_USER_SEND_RULE too allow a list of wildcards. Phishing rewriting moved to after archiving.
7.6g11 Added g_legeal_archive_trim "10mb" to limit the size of files written to the archive, default 20mb.
7.6g10 Fixed spf issue with dns timeout errors being reported when none occurred.
7.6g9 Moved attachment detacher to sooner. Reduced dns timeouts to 10 seconds.
7.6g8 Improved msg mutex handling. Removed excessive logging. Added setting to enable imap logging.
7.6g7 Multiple fixes to attachment quota/detaching feature. Run tellmail expire_att_rebuild to repair existing issues if already using cloud attachment feature.
7.6g6 Fixed osx install by removing binaries before copying new ones into place. Fixed dot stuffing issue with surgeweb. Fixed issue with attachment list incomplete.
7.6g2 Large memory leak fixed. (only added recently).
7.6g1 Fixed lists.dat reading on windows whereby it could fail to read the whole file due to crlf issues. Fixed fault in att config settings page
7.6g1 Fixed issue with cloud attachment quota wrong.
7.6g1 Adjusted timeout handing in mirror_add… and tcp_read_timed()

7.6e

7.6e14 Added fiddle factor to attachments if the entire message is larger than the attachment size then it will remove smaller attachments. If a message has more than 5 attachments it may still exceed the limit.
7.6e13 Fixed dot stuffing. Fixed mta-sts handling so it won't fail on a testing domain that doesn't support starttls, changed freespace functions.0
7.6e12 Added X-Dmarc-White header and scoring for msgs which come from verified sources with good reputation.
7.6e12 Fixed DNS error handling so timeouts and failures are reported correctly. fixed mfilter report to include all headers.
7.6e12 Fixed bug that could cause mysterious, msg.log: Failed: "OK Worked", entries (caused by dns_fail response from bad dns server)
7.6e11 Fixed crash in imap_proxy, lockout_guess_add
7.6e10 Fixed spf issue with long txt records, added X-FakeURLl: header when url appears to point to the wrong domain.
7.6e9 Made mirroring auto 'resync' if the updates get too far behind. Added warning not to use g_ssl_disable_tls1_2 as it breaks letsencrypt, fixed warning emails for sending on multiple ip's.
7.6e8 Fixed attachment detacher failing to add link, added in 7.6e…
7.6e7 Added code to auto detect hacker searching for gift certificates, fixed ssl_update xxx.domain.name so it will allow non domains to update.
7.6e6 Fixed attachment quota and rebuild handling on non windows. ADded X-FromHasTo if The from user contiains the 'to' domain. Fixed bug in 7.6e5 with att index.
7.6e5 Fixed issue with attachment quota being wrong if user logged in with alias domain
7.6e4 ADded g_migration_domain setting which can be "*" but should be the name of the domain being migrated. Added resending all ssl certificates to resync_config
7.6e3 nwauth 4.3h fixes a fault where updates would in rare circumstances not be sent to the other system. Issue 'tellmail resync_nwauth' to resend any missing accounts.
7.6e3 Fixed handling of 'subject' with charset encoding in surgevault messages. Improved nw.log which records mirror events related to nwauth changes.
7.6e2 Made g_dns_threaded on by default.

7.6c

7.6c8 Fixed issue with srs approved messages being bounced by g_From_bounce rules
7.6c7 Added better logging of DOS issues with incoming smtp connections. Added g_winmail_reject_send to stop local users sending winmail.dat files by mistake.
7.6c6 Added g_show_senders to show top_senders for domain admins, and fixed modern user interface display of mailing lists.
7.6c5 Fixed bug with mail.log logging failure, and potential resulting lockup behaviour. Added "topsend" access class,
7.6c4 Fixed crash in msg_maildir_unique(). (patch).
7.6c3 Increased dns cache to 2 hours for non isorbs caching.
7.6c2 Fixed cdb mutex calling imsg.
7.6a9 Fixed attachment to multiple local users now gets added to all local account indexes. Fixed expire_att_rebuild to correctly deal with multiple recipients.
7.6a8 Fixed expire handling so if folder is defined as "*" it will match all folders (previously ** was required)
7.6a7 Fixed resync_config command to also do an nwauth resync by default. Made expire run daily by default.
7.6a6 Fixed bug with duplicate attachment handling, it now correctly doesn't store multiple duplicate attachments.
7.6a5 Improved attachment extractor handling of quoated printable imbedded images. Added g_msg_max_send setting.

7.6 June 2021

7.6a4 Implemented attachment detaching features… Fixed utoken being lost on legal archive search by user/domuser.
7.6a3 Fixed domain quota msg was not being sent to users when over domain quota.
7.6a2 Added setting G_ENCRYPT_RESET_EASY to send password reset to recipient directly.

7.5d April 2021

7.5d25 If the new attachment extractor is used, the mirror server must also be upgraded to match
7.5d24 Enabled tcp keepalive timer(s) by default (2 minutes, then 30 second polls for 5 times).
7.5d23 Fixed bug with vdomain address being lost in gui.
7.5d22 fixed utf display of subject for surgevault messages. Fixed auto purge of deleted users to only delete files older than 60 days.
7.5d21 changed g_spam_allow_known to not bypass spf enforce for local domains. (change reverted in 7.6a5)
7.5d20 Added Twilio SMS interface for easy SMS integration of notifications and password recovery feature.
7.5d19 Improved mutex crash, Disabled adding * in blocklist addresses.
7.5d18 Made g_orbs_report enabled by default, set to 'Disabled' to stop it, added a check for all positive matches as well.
7.5d17 Updated the help links to go direct to the relevant surgemail.com manual section.
7.5d16 Fixed x64 crash and snippet processing bug. Increased list of accepted default characters for passwords.
7.5d15 Fix for g_spam_user_max applying when no user actually logged in.
7.5d14 Added minor changes to improve chances of backtrace.
7.5d13 removed gettickcount64 to avoid windows xp issue.
7.5d12 Added auto silent drop if the same messageid/user message arrives 5 times in a row
7.5d11 Added 'test or run' options to exception processing page.
7.5d10 Updated mail_rules (nightly mailbox rules) to use cdb functions, also uses the message arrival date not file system date.
7.5d9 Updated letsencrypt code to use post as get and refetch nonce if invalid, all logging is now in 'lets.log'
7.5d8 Fixed infinite forward loop caused if G_FORWARD_FIXFROM was used.
7.5d7 Fixed dlist bug caused by fault in osx 64bit clibrary implementation of strncpy
7.5d6 Added g_virus_skip_ip g_virus_skip settings.
7.5d5 Reversed default and renamed t for g_acctlog_onlyonly and noaliases to g_acctlog_noauth and g_acctlog_aliases as pstat shouldn't be maintaining non local account data.
7.5d4 Added command: tellmail dlist_make domain.name maillist@domain.name, writes all users in that domain to the users.lst entry for the mailing list named.
7.5d3 Fixed surgewall issue with surgewall domains releasing messages if the primary domain is not surgewalled.
7.5d2 Fixed surbl incorrectly finding urls of the form 2fdomain.com in msgs. Added g_old_imaphost_dom, domain for logins, and g_fallback_dom, domain to send to.
7.5d1 Fixed bug where g_auth_norelay would also break sending on port 587 to local domains from authenticated users.

SurgeMail 7.5c1 - Beta Build (rename of 7.5b28)

SurgeMail 7.5b March 2021

7.5b28 Fixed problem with g_msg_nodup and messages with no message id.
7.5b27 Fixed crash in new teststuff button…
7.5b26 Fixed timeout in imap fetch handling so channels close correctly.
7.5b25 Fixed crash in win64bit build due to memory alignment.
7.5b25 Updated zlib library to version 1.2.11, libpng updated to version 1.6.37
7.5b24 Made cleanup and inbox/sent archive all use the same code (which is msg date not file date based)…
7.5b23 Fixed crash in pop import., fixed crash in etext msg.c:16300 ncpy issue.
7.5b22 Increased stack on windows 64 bit builds. Added test stuff page for testing ports/spf after installation.
7.5b21 Fixed crash in user mlink_merged_pass added in 7.5b??
7.5b20 Fixed crash in user_login_generic_ip due to merged two factor login code.
7.5b19 Added api to allow admin to enable/disable atrest encryption on a per user basis.
7.5b17 g_imap_maxbusy - change to default to 8, and stopped it from counting throttled channels.
7.5b16 Fixed fault if g_surgeweb_process enabled added in 7.5b6
7.5b15 Fixed ipv6 name lookup when failing back to ipv4 on address that has ipv6 dns entry.
7.5b14 Fixed potential buffer overrun in tcp_error code if not passed full BFSZ string.
7.5b13 Reduced default perip max for web connections to 30 after fixing tcp connection sslread-sslsleep in status.
7.5b12 Improved time() functions on windows and linux.
7.5b11 Caldav update fixes for upgrading safely. Fixed rare crash in web_run_exe_real if handle -1
7.5b10 Fixed domainkeys config page to clearly show when thumbprint is set incorrectly.
7.5b9 Fixed password reminders so they are sent automatically.
7.5b8 Fixed twofactor login changes.
7.5b7 Fixed longjmp bug in png code on windows 64bit build. Added support for +code for two factor login via imap/pop etc.
7.5b6 Made osx use detach, moved detach code in all linux builds to sooner.
7.5b5 Made legal archive search run in the background.
7.5b4 Fixed bug with deleting messages from mailbox via admin screen, was failing if mailbox was older.
7.5b2 win64 changes… bulletin expire times fixed. Added setting to allow letsencrypt on the slave to work independently, Fixed spam_rejected handling again.
7.5b2 Added error information to dkim failures. Added feature to add dlist mailing list names to domain authent based contact list. add_dlist true in abook config file.
7.5b3 Memory leak fix in cimap_read_msg. Modified pingall to only test http ports not https even if specified in friends_url
7.5b2 Remove lib_detach() code from osx due to broken osx fork().
7.5b2 Removed g_smtp_verify setting as it can break gmail for some reason.
7.5b2 Added g_bind_to settings.
7.5b Fixed friend_delete so it would always remove the generic user even if the spf prefix user was being removed.
7.5t2 Fixed rare crashing bug in mirror code (resync_send) (will require new beta - introduced in 7.4p22 )
7.5t2 Fixed decode_base64 return -1 in contacts import causing rare crash with ncpy -1…

SurgeMail 7.5a Nov 2020 - Release

SurgeMail 7.4r

7.4r13 Improved skipping of domains that are slow to connect to (and failing) so they don't jam the queue.
7.4r12 Added little 50ms delay after logout or timeout to flush tcp better?
7.4r11 Fixed append-readmsg busy issue.
7.4r9 Fixed imap issue: "Found crlf in output string *ERR lockout"
7.4r8 Increased default perip max for web connections to 60.
7.4r7 Fixed busy user counting (g_imap_maxbusy)
7.4r6 Fixed bug in counting files in folders.
7.4r5 Fixed if g_inbox_limit is used but not G_INBOX_MAX the counter was not rechecking.
7.4r4 Added G_IMAP_MAXBUSY with default value of 3, if user exceeds 3 concurrent imap commands for 30 seconds, then a warning email is generated to manager and user is throttled.
7.4r3 Fixed issue with IOS uploading messages with bad appl content-length header causing loop.
7.4r2 Made G_VIRUS_STRANGERS over-ride g_virus_simple so it works.
7.4r2 Improved error handling/logging for maildb_rename errors.
7.4r2 Remove imap loop email as default.

SurgeMail 7.4p24 5 Aug 2020

7.4p28 Added LISTNAME-testing@YOUR.DOMAIN variant which sends only to the moderator of the mailing list. (For testing before sending to everyone). Requires new dlist binary.
7.4p27 Fixed IOS mime issue with lines starting --…
7.4p27 Fixed g_quota_default (not stored correctly in config file)
7.4p26 Made encrypt_rule header matches decode mime before searching header.
7.4p25 Fixed bounce with "no reason" caused by imap max code
7.4p24 Added imap unauthenticate command.
7.4p23 fixed handling of leading trailing spaces for imap folders and subscribe.lst (auto remove them and remove empty entries)
7.4p22 Improved mirroring with multiple threads and improve mirror_analyze output.
7.4p21 Fixed ipv6 orbs/rbl lookups. Removed rdns lookup before smtp thread created which could prevent smtp from responding.
7.4p20 Fixed duplicate uid detection with seen flags. Cleaned up logging for blacklist rejections.
7,4p19 Fixed DOS smtp issues which could use up smtp ports in some situations. nblogin and hacker handling with known ips.
7.4p18 Added g_blogs_https "true" setting to force blogs to use https. Fixed another IOS fetch issue with body part lengths for corrupt mime messages (missing end of part line causing IOS loop).
7.4p17 Fixed crashing bug in apple ios bug fix added in 7.4p14. Made g_webmail_secret still work if it contains spaces. Added locking to quota_counts.dat
7.4p16 Fixed bug in quota count handling added in 7.4p12 - fixed another g_gateway_ignorewild_ip issue.
7.4p15 Upgrading to openssl 1.1.1, Improved mailbox view from admin interface to use uidl's so msgs don't move underneath.
7.4p14 Fixed endless loop from IOS phones trying to fetch past the end of the message by stripping apple length header.
7.4p13 Fixed issue with G_GATEWAY_IGNOREWILD_IP inconsistency.
7.4p12 Added imap_max_limit with default of 200k, so imap folders cannot grow larger than the size that can be read. (BUG INTRODUCED)
7.4p11 Moved spam_rejected folder back to mdir.
7.4p10 Added experimental g_inbox_notfriends features, Added stop command for freebsd startup scripts.
7.4p9 Fixed rare tellmail crash in delete_user…
7.4p8 Fixed domuser and user.abk rewrite functions for full disk situations.
7.4p7 Fixed dmarc/dkim policy checking/enforcement. If Dmarc policy is reject or quarrantine and dkim files then message is quarrantined.
7.4p6 Added lockout counter for nblogin failed logins… so it does contribute to lockout handling if user keeps trying.
7.4p5 Fixed issue with some log entries having milliseconds when others didn't. (suirgeweb imap long line uid change), Cleaned up user level logging.
7.4p4 Fixed fault with virtual domain ip not displaying in domain level settings when using 'modern' interface settings.
7.4p4 Added g_authent_require "90" which would require user to change password when logging into surgeweb after 90 days, not recommended.
7.4p4 Added G_RECYCLING_IMAP "true" setting, without that normal imap users won't see the recycling folders (as they are confusing in other email clients and rarely needed)
7.4p3 Made mirror'ing resend modified files even if destination file exists for some user mdir files, e.g. friend.lst
7.4p2 Fixed tellmail ssl_update domain.name so it works if url_host is not defined.
7.4p2 Update the help url links to use the new website. Added g_help_url
7.4p2 Trimed trailing slash of urls for allow messages if extra slash found .
7.4p2 Added some more paranoid code to prevent full disk on master sending blank surgemail.ini to slave.
7.4n9 Fixed g_spam_bounce_store to function if the user has no spam.dat settings.
7.4n8 Fixed intermittent DNS Blank response issue caused by intermittent upper case responses from google's mx records.
7.4n7 Improved vanish bounce handling to accept messages with matching in-reply-to header.
7.4n6 Added g_archive_on_delete_off setting to disable the archive when a user account is deleted.
7.4n5 Fixed bug in atrest encryption, do not use atrest settings prior to this version as it is unstable when used with POP.
7.4n4 Added command tellmail test_spf_dkim and tellmail test_port25
7.4n3 Fixed crash in spamc_retrain if file was unreadable (due to virus scanner)
7.4n3 Fixed issue where search ini setting would fail based on other ini settings.
7.4m3 added mfilter function set_returnpath("cats@here.com")
7.4m2 Fixed dns lookup of mx to double indirect cname.

SurgeMail 7.4m 30 April 2020

7.4l-10 Performance issue, stoped ssl from loading the root ca on every connection.
7.4l-9 Added g_quota_default "100mb" a system wide quota default to make adding domains with good defaults easier.
7.4l-8 Fixed mirror fault whereby a mirror master will send nwauth.txt to the slave on startup, if the master was restored from an old backup this could remove new accounts.
7.4l-7 Added user level imap protocol log G_IMAP_LOG_USER "true"
7.4l-6 Fixed inbox_quota (count) handling. 554 Failure g_inbox_max exceeded 63/60 messages…. Fixed mirror issue whereby if one server down one messgage would fail to mirror after it came back.
7.4l-5 Fixed bug with imap security suffix introduced in version… ? 7.4d-3
7.4l-4 made g_from* errors first check for spf pass for the account name. so if spf passes it doesn't bounce the msg.
7.4l-3 Got rid of some msg_f mutex locks that are not required.
7.4l-1 fixed domain level setting, SSL_REQUIRE_LOGIN to work as expected.

SurgeMail 7.4j 30 April 2020

7.4j-5 added code so bull_max auto corrects if user setting higher.
7.4j-5 Minor change to TLIST mutex incase of deadlock.
7.4j-5 marijn fixed that crash in the csvimport code?
7.4j-4 Fixed fwd settings invisible for admin account if disabled for default user.
7.4j-3 Fixed dns-threaded implementation for ipv6 addresses.
7.4i-4 Added tellmail atrest_set_user_pass user@email newpassword adminsecret, fixed atrest_admin command so it won't permit the code to be changed.
7.4i-3 Added user download feature so users can download their mailbox data easily if needed. Visible in user.cgi/mailbox page, requires new tempaltes.

SurgeMail 7.4i - 26 Feb 2020

7.4i-2 Fixed g_send_helo suggestion so it won't suggest an ip address beginning in numbers…

SurgeMail 7.4h

7.4h-9 Reinstated ini_yymmdd.rec files but moved to 'oldini' sub folder, the changes are still logged to admin_yyyymm.rec
7.4h-8 Fixed memory mixup in spamc free call.
7.4h-7 Fixed fault with g_dns_threaded sorting 'mx' hosts incorrectly in some situations.
7.4h-6 SurgeWeb session bug fixed.
7.4h-5 Improved gmail import handling…
7.4h-4 Fixed g_send_helo suggestion reverse ipname lookup was wrong.
7.4h-3 Added fix for blank response from gmail for some messages during import.

SurgeMail 7.4f

7.4f-8 Fixed issue with g_encrypt_ssl_force applying to surgeweb by mistake.
7.4f-7 Fixed crash in int prcc_snippet_from_text snippet handling issue.
7.4f-6 Added feature to convert sound files to text (for voicemail) https://surgemail.com/knowledge-base/speech-to-text-conversion/
7.4f-5 If fallback-relay destination is found in g_route settings then user/pass is applied to the smtp sending.
7.4f-4 Fixed issue with folders consisting of single space " "
7.4f-3 Added tellmail fix_trailing and code to rename any folder on linux with leading or trailing spaces in the name.
7.4f-2 Fixed mirroring so large mirroru.dat file will be removed rather than causing crashing if slave dead..
7.4f-2 Tweaked mirror logging and sending of junk files too often (release stuff).

SurgeMail 7.4e

7.4e-4 Added tellmail mirror_analyze, which counts domains,users,messages on both hosts, the figures are displayed as lcl,rmt in tellmail mirror_status output.
7.4e-3 Remove non spf: friend when address is blocked by spf message.
7.4e-2 Added g_disk_warning setting, which warns based on % usage, defaults to 95%.

SurgeMail 7.4d

7.4d-5 Changed g_spam_probe to g_spam_probe_enable to turn it off for most customers, the setting can in rare cases cause a RBL listing due to faulty trojan detectors. Also fixed fault in 'add domain' where it would erase the existing first domain from the config file. If you are using 7.4d with NEW modern admin interface enabled urgently do a full update to 7.4e
7.4d-4 Fixed g_ssl_require_in, g_ssl_require_imap,g_ssl_require_login, added g_ssl_require_smtp to require SSL for incoming messages from a particular IP address.
7.4d-3 Added G_IMAP_FOLDER_CREATE setting so default folders are not auto created unless you also add this setting.
7.4d-3 Added g_spam_black_tospam to make blacklisted addresses go to spam folder.
7.4d-3 Addel ssl_alias sni mapping so web requests go to correct backend domain.
7.4d-3 Auto fixes old .$$tmp files, and correctly doesn't leave them around so often. This may result in some old messages re-appearing which could confuse users. (Windows only issue)
7.4d-3 Improved logging of config file changes to admin_yymm.rec files.
7.4d-3 Added code to restore caldb data if mirror is changed to master.
7.4d-3 Improved imap text search performance.

SurgeMail 7.4b

7.4b-9 Fixed mirror merge bug where global settings on only one host would vanish from the other host.
7.4b-8 Auto fixes old .$$tmp files, and correctly doesn't leave them around so often. This may result in some old messages re-appearing which could confuse users. (Windows only issue)
7.4b-7 Improved logging of config file changes to admin_yymm.rec files.
7.4b-6 Added code to restore caldb data if mirror is changed to master.
7.4b-5 Improved imap text search performance.
Corrected implementation of imap default folders g_imap_folder and added recommended settings.
Added code to make smtp commands more resilient to naked 'cr' characters
Added command tellmail pingall to test external urls used for friends and status etc, also added setting to auto test these once a month and report failures.
Added timeout setting for imap before login occurs so it can be set to a much lower figure, e.g. 30 seconds instead of 30 minutes.
Fixed bind related crash in send_connect_one
Fixed lets encrypt domain specific update to use correct url_host name
Fixed history.log creation to still work if file handles allused up.
Fixed crash in netauth_account_list related to search_size setting.
Loginip g_safe_smtp now works correctly with master/slave.
Minor fix for mx lookups that point to ip address instead of hostnames in new dnsx code.

SurgeMail 7.4a Release - October 2019 (Beta Release)

SurgeMail 7.3p

7.3p-67 Fixed crash in netauth_list_folders if more than 1000 folders.
7.3p-66 Removed lockout_add for all_fail event as it's not correct. Made archive on delete always true when deleting an email account. Improved logging of failure if destination system fails to accept entire message but also sends a response/error code to the data command.
7.3p-65 Minor change to avoid null pointer in ssl_protocol calls.
7.3p-64 Fixed imap search with imap index enabled for blank string which should match all messages containing header.
7.3p-63 Fixed non hashed lookup for domains in some situations.
7.3p-62 Added command: delete_inbox_msgs STRINGTOFIND, it searches all users, all domains, for messags containing that string. Useful for cleaning up after a disaster of some sort :-)
7.3p-59 Fixed faults in SurgeVault hint/watermark set/hint features.
7.3p-58 Fixed rare incorrect bounce: "Failed msg_write failed, No error"
7.3P-57 Added g_dkim_alt_domains... "xyz.com" use this to specify which domains should use the seletor 'alternate', ideal for forwarding msgs for another domain. Also DKIM will now use a domain sepecific private key if one exists. (surgemail/ssl/domain.name/domainkey.pem)
7.3p-56 Possible minor bug fix in: release_via_imail(). free(bf) over-write end of string issue.
7.3p-55 Mirror fix if file exists in users path that is mirrored and is greater than 2gig.
7.3p-54 Added global g_encrypt_rule, used if no domain level rule(s)
7.3p-53 Added G_RECOVER_REMINDER "true" setting, which if enabled reminds users once a month to configure their password recovery address, so that they can login again if they forget their password.
7.3p-52 Improved mutex handling for FEAT mutex. File handle leak in sw code fixed.
7.3p-51 Added basic MTA-STS support (settings g_mtasts...) g_mtasts "true", g_mtasts_report "true"
7.3p-50 Improved handling of corrupt nwauth entries containing quotes. Added log (setlog.log) for a clear record of authent changes.
7.3p-49 Fixed imap protocol fault (thunderbird subscribe issue)
7.3p-47 Fixed issue where quota would go wrong if imap append failed due to quota issue.
7.3p-46 Added null checking to mlink state updates in sw_free() (debugging fix). Added decoding to encoded filenames for simple virus scanner matching rules. login_failed.log now uses g_login_log_size setting.
7.3p-43 Changed loast login so it doesn't update on a failed imap login.
7.3p-42 Added uid-inbox.dat to files always sent on a resync to reduce the chance of re-downloading occurring.
7.3p-41 Atrest encryption fault with mirroring fixed.
7.3p-40 Fixed DKIM body hashing issue with some messages caused by crlf handling inserting a blank line at top of message body in some cases. Fixed $everyone to match secondary domain admins. Added g_bad_login_lockout, useful when DOS attack in progress. Added SSL skipping for lockedout addresses when under load (again for DOS protection)
7.3p-39 Fixed combination of modern admin gui with old user gui. Made list messages not skip forge tests if spf fails.
7.3p-38 Fixed rare corruption caused by g_external_warn feature.
7.3p-37 Added setting g_everyone "true", if set then $everyone@domain.name and $alldomains@domain.name exist but only for the domain admins defined by manager_username and g_manager_username.
7.3p-36 g_friends_spf added to make friends matches require spf usually.
7.3p-35 Adjusted quota write to avoid quota issues.
7.3p-34 Fixed g_encrypt_config key handling so settings are not lost.
7.3p-33 Fixed quota warnings intermittently failing to send. Added qnotify="user@sxxx.com" setting to send email to notify user if quota issue.
7.3p-32 Added G_EXTERNAL_WARN "true" and related settings, use to warn users about external email from non friends.
7.3p-31 Fixed crash in cimap temp file code, probably caused by file protection issue with imap_temp folder or contents.
7.3p-30 Added support for tellmail password_change "*" to force all users to change passwords (only works for surgeweb users).
7.3p-29 Added additional http api for changing config file settings, ini_get and ini_set, see http://netwinsite.com/surgemail/help/accounts.htm
7.3p-28 Fixed issue with mfilter replace function acting on folded headers dropping the space at the start of wrapped lines.
7.3p-27 Fixed g_ssl_warn so it also triggers on smtp logins without ssl.
7.3p-26 Updated iptocountry database from a better source. The new database is only used by new surgemail builds! g_ssl_warn Improved so warnings not sent for surgeweb logins.
7.3p-25 Fixed formatting fault with message types of Message/delivery-status in imap bodystructure response. Fixes java mail api issue.
7.3p-24 Added setting G_RESTART_KILL "true" to allow windows swatch to force kill surgemail if it's not responding (very rarely needed)
7.3p-23 Fixed .docx false positive files from strangers.
7.3p-21 Fixed connection issue with open-c (host->ip) 0s failed Socket Timeout 0 sec, 0 wsec connection issues in early 7.3p builds
7.3p-20 Modified g_breakin_n so it doesn't ignore subnets when counting msgs from a single user from mulitple addresses.
7.3p-19 Fixed some issues with g_virus_rename and improved logging.
7.3p-18 Added checks for two domains in from header and disable friends matching. Fixed in 7.3p-25 :-)
7.3p-17 Fixed fault in g_dns_threaded related to mx hosts defined using aliases.
7.3p-16 Fixed rare crash in netarchive_search_anindex
7.3p-15 Fixed crash in dnsx_lookup (lprintf).
7.3p-14 Added g_deny_login to block logins from specific ip addresses (incoming email is still permitted).
7.3p-13 Fixed some faults with g_hacker_max auto lockout of guessing ip addresses. Introduced in patch on 2018/04/20 03:12:34 7.3h-7, all customers running versions AFTER 7.3h-7 should upgrade to latest build. 7.3i-4 has also been patched to fix this.
7.3p-12 Fixed dkim memory leak.
7.3p-11 Implemented (fixed) file deletion for deleting a domain on a mirror.
7.3p-10 Fixed handle in wrong state, introduced in 7.3p-6 ipv6 code. Fixed g_ssl_auto so it issues the ssl_reload command automatically too! :-)
7.3p-9 Fixed at rest encryption issue where some file would loose the .enc extension.
7.3p-7 Added ssl_wildcard "*.xyz.com", use this if you are using a wildcard ssl certificate and want surgemail to find this certificate for all options.
7.3p-6 Fixed some ipv6 connection issues. Added admin recovery features to atrest encryption.
Two factor authenticaton note: You must add two fields to your user database (if not nwauth) twomode and twocode (both text fields 50 chars).
And to get admin access to the new fields:
g_authent_info name="Twomode" field="twomode" access="admin"
g_authent_info name="Twocode" field="twocode" access="admin"

SurgeMail 7.3j

7.3j-11 Fixed cleanup_users command
7.3j-10 Fixed incorrect display of SSLV2 protocol in list when it's actually disabled. (Costmetic)
7.3j-9 Fixed memory leak introduced in 7.3j-7 related to pop sessions.
7.3j-8 Fixed hung long timeout issue.
7.3j-7 Fixed memory leak in mygethostname modification.
7.3j-7 Trimmed name from 'from' header for g_from_allow matching.
7.3j-6 Sorted folder display in user self management, and added folders to menu on left for users.
7.3j-6 Added G_VIRUS_SCANNER_LIST and default list of file types to run the virus scanner on (reduces load and false positives).
7.3j-6 Added ssl_alias setting which can be used to add alternate ssl hostnames for a domain, like mail.xyz.com, smtp.xyz.com, do there where you want to create a separate ssl certificate for each of those alternate names.
7.3j-6 Fixed migration so account settings (like quota) are not lost if the account is configured before migration.
7.3j-6 Added setting g_ssl_auto "true", and command tellmail ssl_update, this completely automates ssl certificate creation/signing. The only requirement is that your server is accessible on port 80, so it cannot do this if you are also running a web server on the same mail server.
7.3j-6 Added command tellmail resync_folder FOLDERNAME, useful for copying folders to the mirror when first setting it up, typically the train folder or ssl folders or surgeweb templates that you may wish to replicate.
7.3j-6 Added g_ssl_warn setting that alerts the user if they are using non SSL to login to IMAP/POP/SMTP. The alert is limited to once per week.
7.3j-6 Fixed crash in /surgemail(spamc_process_filemem)

SurgeMail 7.3h

7.3h-2 Improved sigterm shutdown handling on linux. Fixed a few remaining memory leaks.
7.3h-3 Fixed legal archive extract if g_manager has a list of accounts.
7.3h-4 Fixed fault with dates in surgeweb displaying in wrong timezone in message body. Fixed problem with messages to self being rejected as a virus from a stranger even when authenticated.
7.3h-5 Fixed crash in letsencrypt_copy.
7.3h-6 Fixed crash in domainkeys related to ssl library changes.
7.3h-7 Added back support for missing/obsolete ciphers removed when upgrading SSL library to OpenSSL version 1.1
7.3h-8 Added lip.dat login ip data to reduce false positives with login failures. Remove AVG from virus options (as command line tool removed by avg).
7.3h-9 Made hostname sticky on OSX to prevent issues with the key if it randomly changes due to dns issues. Made orbs always happen later in the process so it can be cleanly/easily skipped for authenticated users, avoiding a delay when sending email.

7.3g-1 Beta build.

SurgeMail 7.3g Features

7.3f-39 Fixed miconv memory leaks.
7.3f-38 Fixed some more memory leaks related to surgevault. Added tellmail command restore_deleted for easily restoring messages/folders for an email account that was archived to the archive_deleted folder.
7.3f-35 Reduced memory footprint caused by ssl, and fixed some memory leaks.
7.3f-34 Added g_con_peruser which limits pop/imap sessions by user rather than ip address. Suggested limit should be relatively high, e.g. 20 or 30, as some imap clients use a lot of sessions and will behave strangely when the limit is hit.
7.3f-33 Fixed imap range list handling to correct copyuid output, which should fix Duplicate messages in Trash issue. Added missing response codes to netauth_delete
7.3f-32 Fixed fatal g_rename_files bug locking up smtp introduced in 7.3f-28, Fixed fault in status email release links.
7.3f-31 Improved domain level over quota reporting so end users are notified consistently.
7.3f-30 Specials build...
7.3f-28 Fixed crashes related to mlist/malloc changes in 73.f-21 Added setting g_recycling_pop to make recycling occur for messages deleted via POP3 as well as IMAP. To restore files the user needs to use IMAP though.
7.3f-27 Fixed http authorization to permit wrong case header. Fixed crash in imap xget extension, fault added in 7.3f-21
7.3f-26 Increased max buffer size for imap ok responses from move/copy commands (may prevent duplicates in trash folder)
7.3f-23 Fixed issue with search accounts failing to show 'next' button.
7.3f-22 Added setting g_imap_warn_big "20000" which can be used to warn users if their inbox or sent folders are excessively large. The warning can be tailored by modifying warn_big.eml which is created if it doesn't exist.
7.3f-21 Improved mutex/malloc/thread/logging code to reduce thread contention on multi processor systems. Fixed memory leak.
7.3f-17 Improved default for g_send_helo to prevent CBL/RBL issues. Removed requirement for g_mirror_config setting on slave. Added dlist setting "check_spf true" to enforce spf checks before allowing a member to send to a list. Added email warning if mirror host is down for more than one hour.
7.3f-13 Cleaned up tellmail mirror_status output so it's easy to see progress of a resync.
7.3f-8 Added two factor authentication, enable with g_pass_twofactor "true" (not yet implemented in surgeweb). Users enable this feature via user.cgi password setting page. The google authentication app available on IOS and Android is then needed to login.
7.3f-7 Added days setting to user settable cleanup options for inbox and sent folders.
7.3f-3 Updated pstat.dat to pstat.v6 to support ipv6 addresses.
7.3f-2 Added g_recover_noquestions setting to remove password reset questions, instead the password recover email address is a better option.

SurgeMail 7.3f Bug fixes.

7.3f-23 Changed msg_write failed to report system error string too.
7.3f-22 Fixed issue where a non critical error while deleting a folder would prevent the folder being removed on the slave.
7.3f-18 Fixed 'upload chain file' to append it to the surge_cert.pem file (after removing any other chain certificates).
7.3f-17 Fixed fault in forgot password code.
7.3f-16 Fixed issue with rename_user updating mirror when renaming between domains.
7.3f-14 Fixed DKIM signing issue with multi line from headers. Fixed tellmail rename_user command which failed if the original domain was not the primary domain.
7.3f-12 Fixed bug in g_imap_inactive_free.
7.3f-11 experiment with removing dkim mutex.
7.3f-10 Fixed bug in tcp code related to gethostbyname structure.
7.3f-9 Fixed some xss issues.
7.3f-8 Improved mirror/imap burst handling for systems where users login to both systems at the same time.
7.3f-6 Fixed g_imap_search_index so it corrects finds utf encoded strings. Fixed email notify settings to allow a list of addresses.
7.3f-5 Fixed fault in legal archive retrieval if domain was defined as mixed case in surgemail.ini. Fixed random named log files appearing related to surgevault. Removed some logging from ex_auth to avoid any possible deadlocks. Removed some logging from myssl.c to avoid mutex locks.
7.3f-4 smgr_cmd_search strcpy/strcat fixes. Fixed default ciphers g_ssl_perfect and disabled sslv3 for g_ssl_perfect. Fix surgemail.ini line length issue for settings over 500 characters, limit is now 900 chars for most settings.
7.3f-3 Tightened up checks for tellmail delete_user so it will fail if the domain is not found rather than choosing the default domain

SurgeMail 7.3d Features

7.3d-33 New setting g_friends_local_match "true" which prevents friend matches for some common forgeries where from/to are both local domains but the spf sender is not local.
7.3d-23 Clarified spam log entries so initial entry is 'UNDECIDED' rather than 'ALLOWED' for non friends. Added QNUM to the log entries. Added g_ban_From to msg*.rec log entries, bounced the default tcp queue length on linux from 25 to 128.
7.3d-22 Added domain admin bulk account creation/modification in the admin tool. See 'bulk' tab after logging into user.cgi as a domain admin.
7.3d-21 Added DES/CBC3 ciphers back again :-)... If you really want to break windows XP users using outlook, then add this setting. g_ssl_disable_des "TRUE"
7.3d-20 Added email warning when thread limit is approached and automatic saving of details to status.threads file.
7.3d-19 Added setting g_quota_notrash "true", if set, this means the 'Trash' folder does not count against the users quota. Use tellmail quota_resetall after changing this setting. This can make it easier for users to understand quota handling. g_expire_trash "true" should probably be used as well.
7.3d-18 Added G_DELIVER_ROBOT, this can be used to run a script at delivery time. e.g. "c:\surgemail\test.exe $FILE$ $TO$ $FROM$" the two variables are replaced with the file that can be modified/rewritten and the recipient's email address.
7.3d-17 Added setting g_notlocal, if enabled then if a message is from a local domain but is not an authenticated user or spf pass then the subject is prefixed with [UnTrusted Origin], this can help to alert users of forgeries.
7.3d-17 Added setting g_status_login "true", this modifies the spam status message handling so that users must login (once per session) to perform actions, e.g. release or view messages. This 'may' prevent google from miss classifying user.cgi and report.cgi urls as unsafe.
7.3d-13 Renaming a user now attempts to rename the users directory rather than copying it (much faster). Also improved to work with mirror correctly. Added nwauth_mod to account interface to simplify programmatically modifying user fields.
7.3d-12 Added G_ACCESS_WEBONLY "webonly", to limit some users who are in the 'webonly' group to surgeweb (no imap or pop).
7.3d-9 Added g_mirror_resync_inbox and g_mirror_lock, these settings should be used if you are using automatic load sharing between master/mirror (which we don't recommend :-).
7.3d-8 Removed user level aliases.txt files, the domuser.dat file is now used in all situations for user level aliases.
7.3d-4 To address obscure DOS issuse, reduced HTTP header read timeouts to 1/3 of g_web_timeout, and reduced g_web_timeout from 3 minutes to 30 seconds.
Note: DES CBC3 ciphers were removed prior to this build, if you have trouble with old versions of outlook/xp then upgrade to resolve.

SurgeMail 7.3d Bugs

7.3d-?? There was a bug with G_AUTHENT_PREFIX_SEP if undefined then accounts with underscore '_' in the name would be missing from search results and generally behave strangely. Upgrade to latest release to resolve.
7.3d-34 Fixed compiler warnings... :-)
7.3d-33 Fixed issue with surbl code extracting a subset of the real domain name by mistake. e.g. xyz-int.com --> int.com
7.3d-31 Fixed bug related to users with '_' in the name, in the web admin interface.
7.3d-30 Fixed issue where ssl fails to load if surge_chain.pem exists but doesn't contain the correct certificate even when surge_cert.pem does. Note the surge_chain.pem file should never be used except for letsencrypt. In reality the chain must always be prefixed by the real certificate, and this should be done in surge_cert.pem file. Sometimes your Registrar will provide what they call a chain file. But that must be appended to your certificate file and cannot be used by itself.
7.3d-25 Made imap channel data counter a double int to avoid overflows.
7.3d-24 Added g_access_surgeweb setting, if enabled surgeweb access obeys g_access rules based on client's address, if not set then it uses the surgeweb servers ip address. This restores the behavior to what it was prior to 7.2f4 which follows our policy of avoiding changes that modify existing behavior even in obscure ways - as this makes upgrades much safer.
7.3D-23 Fixed dns caching for mx lookups.
7.3d-22 Increased max spam messages searchable in the friend pending list from 10,000 to 30,000.
7.3d-21 Fixed issues with admin tool showing user.cgi info and allow link (related to 7.3d-17 feature). Fixed all mirror resync commands to all send the same misc top level config files.
7.3d-17 Archive and Status html message viewing was previously disabled to avoid a google classification issue, this didn't help so we have enabled viewing again. For earlier builds set G_STATUS_VIEW_HTML "true" to fix this issue. (so in all cases, set that setting)
7.3d-16 Tightened url handling for report.cgi. Fixed handing of surge_chain.pem (so it works :-). For earlier versions place the chain certs at the end of surge_cert.pem. If both files exist surge_chain.pem will be used instead so make sure that is up to date (if it exists).
7.3d-15 Fixed bug in imap handling of ranges whereby it would respond with the last message in the folder if the range was outside the range of messages that exist. This could confuse the thunderbird email client and result in a message that couldn't be deleted.
7.3d-14 Fixed fault with uidnext not updating in all cases when g_imap_status_stored enabled, fault introduced in 6.9, symptoms would include some email clients not showing new messages reliably until checking email with another email client.
7.3d-12 Note only: Due to a bug in the latest Centos 7 Kernal you may need to remove the 'ulimit' command from surgemail_start.sh
7.3d-12 Fixed mirroring bug if g_recycling is used, introduced in 7.2f-12 (when recycling was added). Added G_ACCESS_WEBONLY "webonly", to limit some users to only 'web' access (no imap or pop)
7.3d-11 Fixed rare crashing bug in mirror decoding.
7.3d-10 Fixed crashing bug introduced in 7.3d-6 to fix handle leaks.
7.3d-9 Possible obscure/rare user cache entry crash fix.
7.3d-8 Corrected nwauth issue in 7.3c beta.
7.3d-7 Added setting to enable secure flag for all ssl cookies. Corrected letsencrypt path construction for systems with surgemail in non standard folder.
7.3d-6 Tightened up rules for matching cgi prefix in madmin for domadmin and user cgi's. Fixed file handle leak if ssl certificates miss configured.
7.3d-5 Fixed multi line manager settings for non default domain.

SurgeMail 7.3b Features

SurgeMail 7.3b Bugs

7.3b-3 Simplified about_mail.htm to avoid triggering weird warnings in google.

SurgeMail 7.2m Features

7.2m-10 Modified urls for spam status report and view message to narrow affects of google phishing false positives. Also disabled html view by default due to remote risks of phishing.

SurgeMail 7.2m Bug Fixes

7.2m-11 Fixed manager_username setting to work if on multiple lines.
7.2m-9 Fixed critical user.cgi bug with non default domains introduced in version 7.2m-4
7.2m-6 Improved g_virus_rename to handle some other mime variations.
7.2m-5 Fixed mutex deadlock with misc/vini mutexes.
7.2m-4 Fixed mutex deadlock and improved deadlock detection. Improved performance with large number of domains. Minor change to virus scanning in case file briefly locked. Improved handling of G_SPAM_USER_MAX and user level send max so the user level takes precedence.

SurgeMail 7.2j Features

7.2j-17 Added g_friends_cleanup setting, which if enabled will over time trim friend.lst files that contains more than 10,000 entries to the ones actually used by the user.
7.2j-15 Implemented Proxy TCP protocol version 1 (not version 2) for smtp,imap,pop, use the setting g_tcp_proxy_ip "1.2.3.4", see: http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
7.2j-14 Stopped virus scanning of internal msgs. Auto create recycling root folder. Ignore drafts folder for recycling purposes.
7.2j-14 Removed recent cipher addition from g_ssl_perfect !DES-CBC3-SHA:!ECDHE-RSA-DES-CBC3-SHA:!ECDHE-ECDSA-DES-CBC3-SHA as this creates outlook issues, if desired add it using g_ssl_ciphers_add "!DES-CBC3-SHA:!ECDHE-RSA-DES-CBC3-SHA:!ECDHE-ECDSA-DES-CBC3-SHA"
7.2j-13 Autodiscover/autoconfig for email clients (outlook, thunderbird, IOS) https://netwinsite.com/surgemail/help/autodiscover.htm
7.2j-12 Added basic functionality of policy.dat feature, full UI will be added in a later build.
7.2j-11 Added domain level sent_store setting
7.2j-7 Added setting to prevent user copying messages from Trash folder to Trash folder (or case variants). g_imap_trash_nocopy
7.2j-6 Added IPV6 country code handling.
7.2j-5 Added simple user level setting to auto archive inbox/sent folders to keep email tidy.

SurgeMail 7.2j Bug fixes

7.2j-19 Cleaned up xcmd status information.
7.2j-18 Improved spam_block handling to block from,return path and reply-to.
7.2j-17 Fixed issue with friend_pending messages being sent to recycling folder when deleted.
7.2j-16 Improved g_webmail_secret handling so it will work if not set (but should be set still).
7.2j-12 Fixed from_rewrite so it will work with a wildcard list of the form *@a.com,!fred@a.com
7.2j-10 Made g_sf_list work correctly if g_sf_binary is not enabled.
7.2j-9 Fixed issue with slow mail processing of messages containing many attachments on systems using do_not_run virus scanning method. This fault could cause duplicate messages! Also improved logging to detect similar issues in future.
7.2j-8 Added !DES-CBC3-SHA to g_ssl_perfect cipher rules. Improved the code to ignore bad login guessing of duplicate passwords.
7.2j-7 Fixed memory leak in feat.c if train folders empty but g_sf_binary enabled.
7.2j-5 Fixed default ssl context if ssl_pop_domain is defined and points to an invalid domain it was defaulting to the last rather than first domain.
7.2j-4 Made spam folder comparison case insensitive so notspam button will move messages even if folder has wrong name.
7.2j-3 Made password retrieval questions case insensitive. Removed extra questions for existing password when not needed.
7.2j-2 Fixed fault with G_SMITE_SKIP_FROM so it now applies to the header as well as the envelope From.
7.2j-1 Fixed bug with confirm emails (when g_friends_byemail is enabled)

SurgeMail 7.2i Release candidate.

SurgeMail 7.2h Features

7.2h-5 Added setting G_DLIST_ONE, to prevent a message being sent to a mailing list 'and' another address.
7.2h-4 New settings skips late forwarding feature for local addresses: g_late_skiplocal "true"
7.2h-3 Added sf_rules.txt to allow for fine tuning of spam handling. Enabled with setting: g_sf_rules "true", not recommended yet.
7.2h-2 Added 'upload private file' to SSL upload page.
7.2h-2 Spam handling tuning. Moving a message from spam to inbox now removes blacklist entries.

SurgeMail 7.2h Bugs/Fixes.

7.2h-5 Change virus scanning so it doesn't try and scan the raw msg body by default.
7.2h-4 Fixed issue with surgeweb logins requiring SSL incorrectly due to change in IP address handling for surgeweb sessions.
7.2h-3 Made g_friends_obey_spf only apply to local domains.
7.2h-2 Fixed SSL certificate upload page so you can choose which domain the certificate is for, doh!. In the mean time copy to the ssl/domain.name folder manually.
7.2h-3 Reversed 7.2f-19 spam scoring changes.

SurgeMail 7.2f Features (fixes in separeate list below)

7.2f-19 Implemented Outlook plugin for POP3 users who still wish to train the server easily (IMAP users can just move the message to the spam folder), two buttons are added to the 'home' menu. See https://netwinsite.com/surgemail/help/outlook.htm
7.2f-17 Modified G_SPAM_STATUS_HOUR so it now allows a list of hours, e.g. "9,10,12,15,17"
7.2f-12 Added undelete feature to cope with users who accidentally delete messages (or entire folders). When messages are purged from imap folders (excluding the trash) the message is moved to a separate user level readonly folder (-System Recycling-), and stays their for g_undelete_life days. Messages can be restored by copying them from this folder using any normal imap client.
In some cases users will not wish to have this folder visible, in which case use the group setting to restrict visibility, the default is all users can see it.
Enable with these settings:
   g_recycling "true"
   g_recycling_life "30"
(Optional, not normally needed settings)
   g_recycling_visible "staff" # Allows members of group 'staff' to see the System Recycling folders (without this setting, all users can see the folders, with this setting, ONLY members of that group will see these folders)
   g_recycling_del "staff" # Allows members of 'staff' to delete messages from the System Recycling folders (not normally recommended)

Note: this will use additional disk space that doesn't count for the users quota. On most systems this extra disk usage will be insignificant, e.g. 5%.
Note: Normally the visible and del settings are not required, but may be useful if users complain about being able to see 'deleted' messages, or about not being able to fully delete deleted messages. One could imagine if a user has been having secret discussions they might wish to be able to delete 'all' evidence visible from the email client at least. Normally this should not be permitted as it allows a hacker to delete the backup of a users email which is one of the reasons for having this feature!
7.2f-9 Added G_SPAM_ALLBAD to improve handling of simple repetitive spam if a specific user has trained a message and the from/to/ip remains the same.
7.2f-8 Added g_imap_folder setting to specify common use folders for IMAP LIST exension, this setting just names the folders so Imap client's can use the correct/common folder name. It doesn't have any operational meaning. Typical settings to use:
    g_imap_folder name="Spam" type="Junk"
    g_imap_folder name="Sent" type="Sent"
    g_imap_folder name="Drafts" type="Drafts"
    g_imap_folder name="Trash" type="Trash"
7.2f-5 Added g_friends_autodom to auto whitelist domain/ip pairs for all users.

SurgeMail 7.2f Fixes

7.2f-19 Adjusted spam scoring slightly. (spf is now not a limiting factor on the score)
7.2f-18 Improved cached imap part handling to ensure it is reliable. Fixed G_SPAM_ALLBAD crash bug. Made portforce prevent login attempts on smtp.
7.2f-16 Fixed create 'CSR' page so it does not replace the certificate file. Added buttons to allow replacing the private and certificate files if wanted.
7.2f-15 Fixed G_FRIENDS_OBEY_SPF also consider the default spf if there is no real spf entry for the sending domain.
7.2f-7 Fixed relay bug introduced in 7.2f-5 build. Added error if old_pophost_always and nodelete are both set (only valid for imap settings)
7.2f-6 Slightly increased spam score if verybad and good scores both present...
7.2f-4 Auto define g_webmail_secret, and changed surgeweb to log ip address of user.
7.2f-3 Fixed authent corruption issue in netauth_update_user code. Improved logging of deleted messages.
7.2f-2 Fixed issue with x-spamdetect header in filter exception rules. Also added popfetch page to admin gui.
Made g_user_send_max apply if group is missing (should be set to "*")

SurgeMail 7.2e Release build.

Surgemail 7.2d Features

7.2d-17 Added g_virus_cloud setting to enable cloud scanning (primarily for use on smaller systems using clamav, note that this setting does send the samples over the internet so may not be appropriate in all situations).
7.2d-16 Improvements to virus handling to allow easy integration with your choice of system level virus scanners (Windows Defender and ClamAV etc). Legacy support for avast will continue for 12 months but we recommend using the new virus config page to change to one of the above scanners after updating surgemail. Avast support is being phased out due to multiple long standing support/performance issues and tests that show we can achieve better results with system provided scanners and other new features.
7.2d-10 Added more letsencrypt support. Setting g_letsencrypt to define the path to the certificates (which are auto coppied and loaded once a day), the domain name is automatically added so one global setting is sufficient. tellmail letsencrypt command added, to generate sample commands to generate certificates. See https://netwinsite.com/surgemail/help/letsencrypt.htm
7.2d-10 Added email based password reset handling. Users can define a recovery email address, and then request a reset link via that email account when trying to login. tellmail question_reminders modified to send to users who have no password recovery questions or recovery email defined. user.cgi user settings modified to allow users to define their recovery email. Add this entry to allow users to do this:
g_authent_info name="Password Recovery" field="pass_recover" access="user"
and ensure your user database supports that field (nwauth does automatically)
7.2d-9 Added tellmail question_reminders to send emails to users who have not configured their password recovery questions. This command should be run once a year or so. It will send to all users found in the user database (that have not already configured the questions). The template file question_reminder.eml will be used (or created) if it doesn't exist, use this variable inside the template for the usercgi url: ||user_url||
7.2d-5 Added g_hacker_days to adjust the time that ip addresses are locked out for, the default was 7 and is now 30.
7.2d-2 Added/fixed g_authent_enforce setting (not recommended)
Added support for 64 bit build on windows.

Surgemail 7.2d Fixes

7.2d-19 Modified crash handling to prevent deadlock. Added g_smite_skip_from
7.2d-18 bug fix g_smtp_noauth wasn't showing correct log message.
7.2d-15 Fixed issue with imap idle command on mirror not seeing new messages immediately.
7.2d-14 Minor fix to imail_inherit
7.2d-13 Fixed rare nwauth race condition on unix which could miss an update from the master occasionally. Issue tellmail resync_nwauth on master to ensure authent matches on the slave.
7.2d-12 Minor fixes to bind'ing to incoming ip address for bounces etc if g_bind_incoming used
7.2d-11 Fixed mapping of url to vdomain where multiple vdomains have the same matching vdomain ip address but only one matches the url.
7.2d-8 Fixed fault with imap literal decoding if more than one sent by client in a single command.
7.2d-6 Made tellmail ssl_reload create new domain certificates without needing a restart. Reduce burst logging if uid already set.
7.2d-4 atrest fixes, added clear logging for responder not responding to msg.log. Added spam settings changes to security log.
7.2d-3 Fixed crash in atrest feature.
7.2d-1 Changes required for 64bit vs12 build. Some general corrections for time_t usage. Fixed windows backtrace code.
If using windows 64bit build and avast then you will need to use the avastpipe external module, like this:

    Extract this file and place in surgemail folder: https://netwinsite.com/ftp/misc/apipe.zip
    In surgemail.ini set:
            g_virus_filter cmd="avastpipe" type="" (add)
            g_virus_avast "false" (change from true to false)
            g_virus_restart "1000"

    And restart surgemail

Surgemail 7.2c - Tagged build

Surgemail 7.2b

7.2b-15 Minor change to avoid repeated quota warning messages when user is at 80% usage. Added g_spf_enforce_real setting, this enforces spf behaviour strictly for domains that have a strong spf rule. Also note G_DOMAIN_TEMPLATES was enhanced to work with normal pages in www folder.
7.2b-14 Added g_safe_warning which alerts users when they login from a new location. It also obeys the whitelists g_safe_white and g_safe_country so you can limit it to only warn about logins from outside your own country.
7.2b-13 Added G_CREATE_APPLY_ADMIN, fixed crashing issue in new calendar features.
7.2b-12 Fixed bug in imap Move extension when used with mirroring, it was not correctly expunging the files on the mirror, also quota was incorrectly handled.
7.2b-11 Fixed crash in save user settings introduced in 7.2b-9.
7.2b-10 Added setting(s) to allow spf to over-rule friends more cleanly: Use g_spf_nofriend "true" g_friends_obey_spf "true" and possibly g_known_skip "true"
7.2b-9 Added domain setting suspend_incoming to temporarily block incoming email to a domain while moving it etc... (also use the suspend setting to block logins)
7.2b-8 Fixed handling of obsolete ssl settings, and cleaned up wweb.log issue with url admin requests. Corrected stopped spf/srs rewriting for surgewall domains. Added handling of surge_chain.pem
7.2b-7 Added g_imap_search_text, fixed smtp_from_ip to ignore authenticated users,
7.2b-6 Added sha2 support to nwauth, add command line switch -sha2 in g_authent_process setting to enable. Also requires nwauth 4.3a
7.2b-5 Added g_country_login and related settings to block all logins from outside your geographic region, e.g. "us,nz,au" ideal for smaller systems where most users are local. Use g_country_allow to list users that are travelling... Added auth plain to gateway login mechanisms. Fixed cpu loop in rare web requests.
7.2b-4 Improved tellmail ssl_reload and certificate handling code, and added error messges to the ssl certificate form. Added setting g_msg_nodup which can prevent duplicates when a message is sent to a user directly and via a mailing list.
7.2b-3 Fixed log entries for user filters to log the reason.
7.2b-2 Split g_ssl_ciphers,g_ssl_ciphers_web and g_ssl_disable,g_ssl_disable_web to adjust protocol and ciphers for web separately, this can be necessary if your security experts want a crazy subset of ciphers or protocols for web access, but that set won't work for older mail servers and email clients. Also moved the individual settings g_ssl_disable* to g_ssl_disable setting that takes a simple list of the protocols to disable: tlsv1,tlsv1_1,tlsv1_2,sslv2,sslv3, if the _web versions are not defined then the non _web setting is used as a default. The g_ssl_disable setting over-rides the older style individual settings g_ssl_disable_sslv2 etc...

Surgemail 7.2a Beta release 1 June 2016 -- Upgraded to Release Build.

Surgemail 7.1f

7.1f-56 fixed duplicates when message is moved from spam folder to inbox.
7.1f-55 nwauth/sync issues completed. Special thanks to Gal Goldshtein for his assistance identifying cross scripting and other related issues.
nwauth 4.2m performance improvements.
7.1f-54 Fixes to nwauth syncing sequence in mirrors. Enhanced logging.
7.1f-53 Fixed issue with frame_page, fixed rare crash in main_thread_store(), added tellmail commands set_global, show_global, set_domain, show_domain.
7.1f-49 Fixed dkim issue with headers in unusual order.e Sent folder if the g_sent_store "Sent" setting is used and then the email client also appends a message44 Fixed issue with long dns packets for spf.
7.1f-48 documented how to use LetsEncrypt with surgemail https://netwinsite.com/surgemail/help/letsencrypt.htm
7.1f-47 added g_mirror_others setting to mirror to a third or more servers, for more just list the other servers in this setting. This setting is experimental. Adjusted breakin detection table size to allow for larger windows. Undocumented recent fix for attachments in encrypt module...
7.1f-46 added .01 whitelist scoring for sf_mfilter.txt
7.1f-45 Added g_sent_nodup which makes surgemail try and avoid duplicate messages in the Sent folder if the g_sent_store "Sent" setting is used and then the email client also appends a message44 Fixed issue with long dns packets for spf.
7.1f-43 Adding g_tarpit_skip_from and g_friends_obey_spf
7.1f-42 Fixes for search_body and added g_tarpit_skip and user_auto settings.
7.1f-41 Fixed g_header_strip if used with multi line headers.
7.1f-40 Fixed bug in g_imap_search_body causing multiple incorrect matches. Delete 'cindex' folder for each user after updating to fully correct.
7.1f-39 Fixed timeout in g_imap_search_body which resulted in false matches.
7.1f-38 Fixed fault in g_imap_search_body index building.
7.1f-36 Added g_virus_simple_skip and g_virus_simple_skipauth.
7.1f-35 Added g_virus_rename_skip and g_virus_rename_skipauth. Fixed la_view_nnn.tmp files being left around.
7.1f-34 Fixed creating of na_1_nnn.tmp files being left around.
7.1f-33 Fixed imap issue reading specific length long header lines.
7.1f-29 Fixed crash in cimap_stats logging of slow events due to cmdline1 being freed in some situations.
7.1f-27 Fix for fakemid handling.
7.1f-26 Added g_mirror_live as recommended setting, fixed url encoding in legal archive view links (and other places)
7.1f-25 Improved mailbox quota warning messages.
7.1f-23 Added g_imap_throttle_limit and speed settings to reduce impact of individual users or faulty clients stuck in a download loop.
7.1f-22 Added 60 day expiration to bulletins sent using a rule rather then with the built in interface.
7.1f-21 Modified ssl read/write to avoid re-using bad socket...
7.1f-20 Added command tellmail la_convert c:\old_archives for converting old style archives to legal_archive files.
7.1f-19 Added migrated.dat to mirror file list. Made license limit handling smoother.
7.1f-17 Added g_queue_all and g_queue_spawn which allows running a background process on messages before they are sent or delivered locally.
7.1f-16 Fixed performance issue in mfilter code on linux systems.
7.1f-13 Fixed fakemid storing so it is logged in sent entries after retry. Added g_imap_move extension
7.1f-12 Fixed spf lookups involving cname entries. Reverted (removed) g_ssl_require_out matching for local domains
7.1f-11 Improved dlist mirror syncing. Added g_imap_log_size
7.1f-10 Added g_bad_login_dumb to allow it to block local trusted addresses (good for testing maybe)
7.1f-9 Fix for g_route_local_ifexists so it allows authenticated senders.
7.1f-8 Fix for issue where g_spf_enforce fails for known addresses. if g_known_skip is true. Added g_route_local_ifexists to prevent rare open relay situations if g_route_local is used on well known domains, both settings are needed. With this setting relaying only occurs if the destination user exists locally too.
7.1f-7 Added g_footer_skipfound which can be used to allow users to send a specific footer instead of a general one. It should be set to something that is in the specific footer. g_footer_notfound must also be set to "true"
7.1f-6 Added setting to allow a script to be run to convert attachments, see example below
7.1f-5 Adjusted g_imap_idle_free behaviour to respond quickly for the first 10 seconds for outlook as it uses it instead of 'noop'. (Fixes slow 'sync folders')
7.1f-4 Made surgemail read dwatch_path from dlist.ini to match dlist process.
7.1f-2 Modified avast mutex handling. Fix for large keep setting on g_archive. Added wsj exception to forgeme.

7.1f-6 attachment conversion feature:

First install the utility to do the conversion, for this example we will convert 'tiff' images to 'pdf' files using the imagemagic utility, install it first:ttp://www.imagemagick.org/script/binary-releases.php (available windows and linux)

http://www.ghostscript.com/download/gsdnld.html

Then find the path to the 'convert' binary you have installed, test it works manually to convert a sample tiff file, then add a setting to surgemail:

g_attach_convert to="" from="" subject="" files="*.tif*" output="%1.pdf" command="C:\Program Files\ImageMagick-6.9.2-Q16\convert.exe"

On linux you might use 'tiff2pdf' instead,

apt-get install libtiff-tools

Create a script cvt.sh in the surgemail folder:

#!/bin/bash
tiff2pdf $1 -o $2

Then add the setting:

g_attach_convert to="" from="" subject="" files="*.tif*" output="%1.pdf" command="/usr/local/surgemail/cvt.sh"

7.1e - release candidate3

7.1d-6 Fixed imap_idle free handling under load.

7.1d-5 Added some logging for imap idle handling.

7.1d-2 fixed g_imap_search_index again :-) (new imap load shown with tellmail erec_show)

7.1d-3 added simple form to add/remove users from a mailing list: see web/dlist_subscribe.htm for example code

7.1d-4 added more legal archive security log entries.

Surgemail 7.1b

7.1b-8 Tweaked sanity checks for nodots feature.
7.1b-7 Fixed bug in zip encoding of multiple attachments for surgevault if old files left hanging. Fixed two faults in zip_add() code too.
7.1b-6 Corrected mutex timeout from 26 seconds back to the normal 3 minutes. (Faulty time was only in 7.1b-5 builds)
7.1b-5 Made mutex handling more resilient to system freezes. Split imap chanels into busy and idle in status output and added kb/sec. Added some mzip logging.
7.1b-4 Added some logging for mzip issue.
7.1b-3 Fixed performance issue related to new g_imap_search_index setting
7.1b-1 Cleaned up avast startup delays. Fixed Avast restart bug. Added g_ssl_ciphers_add for more ciphers if your current list exceeds 800 bytes (unlikely)

Surgemail 7.1a Beta

SurgeMail 7.0f

7.0f-21 Changed mfilter.rul re-write to be 'soft link' friendly.
7.0f-20 Fixed memory leak in png handling for large images.
7.0f-16 Fixed fault with dlist/lists.dat not mirroring properly in some situations which could result in new lists vanishing from the file.
7.0f-15 Fixed missing mutex handling on rarely used zip code. Improved logging of fwd events.
7.0f-14 Added correct locking to imap search indexes.
7.0f-13 Improved g_bad_login errors to include command tellmail nblogin_clear, and to prevent blocking logins on an ip address with good history. Imrproved imap index to correctly cope with headers covering more than 2 lines.
7.0f-12 Added g_imap_search_body setting, to accellerate imap search responses for large folders, there is a storage impact for this setting, but it only indexes folders that are searched.
7.0f-11 Fixed memory leak in thumbnail images.
7.0f-9 Added index option for imap search commands, enable with: G_IMAP_SEARCH_INDEX "true", this should improve search times for the following items: from,to,subject,message-id
7.0f-8 Made 'delete_contains' case insensitive. Fixed another imap issues introduced in 7.0f-6, Disabled avast scan during avast update to prevent timeouts.
7.0f-7 Fixed imap search bug introduced in 7.0f-6
7.0f-6 Fixed memory issue with complex imap commands.
7.0f-5 Added code to track imap memory issue. Adjusted handling of timeout in imap folder read to prevent crash.
7.0f-4 Fixed fault in nwauth/cram_md5 on osx_intel builds, fixed loop in user_auto_always setting...
7.0f-3 Fixed surgeweb sig crash. Added g_crash_nomini setting to disable minidump on windows (may be useful if crash hangs)
7.0f-2 Added setting g_restart_malloc, can be used to force restart, setting is in 'mb's g_safe_country "us,nz,au" to allow whitelisting smtp logins from relatively safe regions.

SurgeMail 7.0e - Beta

SurgeMail 7.0d

7.0d-9 Allowed cookie files in mirroring.
7.0d-8 Added malloc check for massive allocations, and implemented g_restart_vmsize for osx.
7.0d-7 Made g_timezone_force work with fractions for timezones that are offset by 30 minutes.
7.0d-6 Fixed bug with multiple recipients and quota exceeded on one account resulting in repeated deliveries.
7.0d-5 Added g_from_ok and g_rcpt_ok over-rides for invalid addresses, fixed g_max_bad_to response so it's always sent.
7.0d-4 Fixed tellmail binary crash on solaris x86 systems.
7.0d-3 Fixed license key handling for dates after 2019.
7.0d-2 Fixed bug in popfetch related to encoded messages.
7.0d-2 Fixed minor memory leak in thumbnail images in surgeweb.
7.0d-2 Fixed date handling for timezones with 1/2 hour offsets.
7.0d-2 Minor change to malloc logging.

SurgeMail 7.0c 28-8-2015 New beta

SurgeMail 7.0b 28-8-2015

7.0b-8 Fixed logging issue with non users.
7.0b-7 g_received_names now accepts wildcards, e.g. *.xyz.com
7.0b-6 Fixed issue with g_dkim_sign corrupting headers when not signing a message for some reason. Fixed g_allow_passzip_from for linux avast.
7.0b-5 Minor fixes for winmail.dat processing.
7.0b-2 Added setting g_winmail_fix "true", first you will need to install the tnef extractor application, on linux use apt-get install tnef, on windows download from https://netwinsite.com/tnef.htm

SurgeMail 7.0a New Release build

SurgeMail 6.9d

6.9d-56 Fixed thread/crashing bug related to g_imap_idle_free setting.
6.9d-53 Corrected issue with calendars disabled by mistake by removal of extra http methods.
6.9d-52 Removed legacy thread handling code.
6.9d-51 Bug hunting.
6.9d-50 Thread bug again :-)
6.9d-48 More threadlist bugs fixed.
6.9d-47 Fixed threadlist struct bug, and added setting to enable new spam handling code G_SF_SANITY2 "true"
6.9d-46 Fixed bug in smalloc debugging code. :-)
6.9d-45 Experimenting with new spam settings (g_spam_bounce_store "true" which stores rejected spam in Spam_Rejected folder, to enable just set the obsolete setting per use to bounce email above a level of 14 for g_spam_bounce). Trying adding: !ADH-AES128-GCM-SHA256:!ADH-AES256-GCM-SHA384 to remove anon ciphers.
6.9d-44 add !ADH to cipher to remove any anonymous ciphers.
6.9d-43 Fixed slow memory leak in lib_email_getheaders function usage. Fixed thread issue related to main_thread_run structure initialization.
Note: g_ssl_ciphers now 'over-rides' g_ssl_perfect default ciphers, if you set the cipher list manually, then we assume you intended to! :-), added g_imap_status_stored to recommended settings, minor change to lang guess handling, new ssl libraries on most platforms.
6.9d-42 Testing new cipher suite: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
Instead of:
EECDH+AES:EDH+AES:-SHA1:EECDH+RC4:EDH+RC4:RC4-SHA:EECDH+AES256:EDH+AES256:AES256-SHA:!aNULL:!eNULL:!EXP:!LOW:!MD5
6.9d-41 Added support for the spamhaus.net domain rbl (note this is a paid service not a free one and you would need to get 'YUURCODE' to use it, in general the normal surbl settings should be quite sufficient)
g_surbl name="YOURCODE.dbl.dq.spamhaus.net" stamp="2:spam,3:none,4:phish,5:malware,6:botnet,102:xspam,103:xredirect,104:xphish,105:xmalware,106:xbotnet"
g_surbl_from "true"
6.9d-40 Fixed imap unseen counts when g_imap_status_stored setting is used./p>
6.9d-39 Fixed fault with VmSize on linux 64bit showing silly numbers due to linux/malloc/thread handling issue - this may improve performance on linux and or reduce memory usage. Made g_log_user work for ip addresses for smtp sessions. Fixed bug in g_virus_simple_zip and added dmalloc debugging to rest of zlib calls.
6.9d-38 added exceptions for safe_smtp for trusted/relay/gateway addresses.
6.9d-37 re enabled G_RENAME_CONTENT a valid setting would be "*application*zip*" only settings that contain the word "application" will work!!!
6.9d-36 Added g_ssl_disable_tlsv1_1 and g_ssl_disable_tlsv1_2, not recommended.
6.9d-35 Added setting g_restart_vmsize which can be used to auto restart surgemail if/when it's leaking memory, it's not normally needed. A typical value for this steting might be g_restart_vmsize "1200", but check the typical usage on your own system before setting it, a value too low would result in constant restarts.
6.9d-34 Fixed imap crashing issue, maybe.
6.9d-33 Added 90 second startup wait for avast on linux to avoid cpu issue with timeout on slow startup...
6.9d-32 More imap debugging code added to find a fault.
6.9d-31 Fixed g_virus_simple_zip so it will not reject zip files it cannot decode. Possible bug fix for imap crash introduced in 6.9d-28
6.9d-30 Added g_imap_status_stored setting to enable imap performance improvement.
6.9d-28 Improved cpu issue with mirror handling.
6.9d-27 Fixed handling of g_route so it doesn't apply to local domains unless g_route_local "true" is set. Increased imap import timeout to 2 minutes for slow imap servers.
6.9d-26 Restored cipher list to: EECDH+AES:EDH+AES:-SHA1:EECDH+RC4:EDH+RC4:RC4-SHA:EECDH+AES256:EDH+AES256:AES256-SHA:!aNULL:!eNULL:!EXP:!LOW:!MD5 for g_ssl_perfect setting, this cipher list may not be as perfect but it is reasonable and seems to allow sufficient backward compatibility.
6.9d-25 Debugging for aspam issue.
6.9d-23 Fixed fault in imap_import loosing message dates.
6.9d-22 Fixed fault in G_DNS_BLANK_FAIL handling.
6.9d-21 Fixed issue with blog email address giving error while still working introduced in 6.9d-19.
6.9d-20 fixed language guess handling. Improved g_spam_allow disconnections for smtp sessions. Increased dh param to 2048 and improved cipher list used with g_ssl_perfect setting to: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA";
6.9d-19 responder Improved spam scoring for slightly spammy messages.
6.9d-18 Improved spam scoring for slightly spammy messages. Added security.log and log page for user.cgi and admin.cgi
6.9d-18 Main memory leak resolved.
6.9d-17 Added g_token_httponly and g_token_secure settings, may prevent attachments in surgeweb. Also prevents no https usage. Not good settings for general usage
6.9d-17 When user account password changed or suspended any in progress sessions will be stopped.
6.9d-16 Fixed mirroring of loginip.dat data
6.9d-14 Fixed cimap_ok bug. Minor memory leaks fixed. (still leaking memory)
6.9d-13 Increased line length limit on status time settings.
6.9d-12 Fixed handle leak in la_extract, added auto dump.log on crash.
6.9d-11 Removed experimental change in sf_train from 6.9d-8, added more sanity checks to spam score
6.9d-10 Added triplet spam mechanism to use good/bad training folders sanely.
6.9d-9 Added imap code to remove zero length files that can confuse email clients.
6.9d-8 Adjusted sf_train so it ignores user input for rule creation for both good and bad, setting g_sf_obey_users reverses this.
6.9d-7 Performance improvement reduced malloc usage.
6.9d-5 Added tellmail freq command to generate some malloc usage statistics.
6.9d-4 Fix for bug in list_cookies function
6.9d-2 Throttled quota warning emails. Fixed G_FRIENDS_ADD_TRUSTED for multiple recipients.

SurgeMail 6.9c Release Candidate

SurgeMail 6.9b

6.9b-8 Fixed fault in surgeweb wash code.
6.9b-7 Added imap folder delete logging to msg*.rec, added memory use/vmsize to crash reports.
6.9b-6 smtp/user.c crash issue.
6.9b-5 Fixed fault in fallback_force setting handling, improved handling of bad incoming ssl/smtp sessions.
6.9b-4 Logging change.
6.9b-3 Fixed memory leak introduced in 6.9a. :-)
6.9b-2 Modified order of g_from_allow_to handling to fix minor issue.

SurgeMail 6.9a - Release Candidate

SurgeMail 6.8

6.8h-30 Added some more DOS protection to smtp handling.
6.8h-29 Fixed duplicate delivery issue with mirroring and large messages on windows.
6.8h-28 Fixed cpu loop caused by silly range in imap messages and uid search uid request. Added encrypt_surgeweb_hide setting
6.8h-27 Minor template changes to status at specific times for log/status reporting form.
6.8h-26 Fixed build issue with conflicting variables.
6.8h-25 Changed pop/imap file opens on windows to allow rename/delete from other threads.
6.8h-24 Surgeweb index fix again.
6.8h-23 Surgeweb index fix continued.
6.8h-22 Fixes to surgeweb index handling memory issue.
6.8h-21 Made legal archive spam setting also archive messages before rules move the message.
6.8h-20 Fixed bug in proxy handling introduced in version 6.8h-2 (approx)
6.8h-18 Fixed possible fault in thread/mutex handling on linux64.
6.8h-17 Fixed memory leak in surgeweb index handling. Added ssl_hsts "true" setting, not recommended.
6.8h-15 Fixed the new spam hourly reports.
6.8h-14 Fixed user level spam hour settings, added g_bounce_safe and g_quota_before_forward, both of which can help prevent back scatter. (Use these settings if you get unexplained rbl listings)
6.8h-13 Added tellmail command, users_setfield, e.g. to adjust the quota of all users in domain xyz.com who have a username starting 'test' to 400mb, you would use:
tellmail users_setfield test*@xyz.com quota 400mb
6.8h-12 Added user level spam hour setting to specify when spam reports should be sent. Added setting so you can make the legal archive store messages that are classified as spam: g_legal_archive_spam
6.8h-11 removed caching of fallback mx lookups,
6.8h-10 Improved file locking related to friend.lst files.
6.8h-9 Fixed tellmail user_setfield, made avast attempt a second auto restart.
6.8h-8 Fixed unintentional change to spam training in 6.8b-6 for systems with g_sf_binary false, and added g_sf_obey_users (which should not be used normally), fixed missing return-path for surgevault messages.
6.8h-7 Fixed issue with attachments in surgevault containing odd characters being unreadable.
6.8h-6 (Undo 6.8b-4 change) Made sslv3 is no longer disabled by g_ssl_perfect, unless you set g_ssl_diable_sslv3 specifically as too many older clients seem to rely on it.
6.8h-5 Fixed user.cgi cross script issues.
6.8h-4 Fixed tellmail path giving erroneous errors. (INTRODUCED PROXY BUG fixed in 6.8h-19 )
6.8h-2 Fixed missing images for surgevault by copying www\encrypt folder during install.
6.8h-3 Fixed blogs if using g_surgeweb_process true.
6.8h-3 Removed extra blank line added when adding mfilter rules.

Surgemail Beta Build 6.8g

Beta Release

Surgemail 6.8f

6.8-f10 ADded g_virus_strangers, and scan of /var/log/messages on unexpected restarts for 'surgemail' entries.
6.8-f9 Recoded imap migration/import so it can be safely re-used and won't fetch the same items again.
6.8-f8 Fixed hang in windows installer on upgrade (the hang was after the upgrade completes so can be ignored)
6.8-f7 Changes to allow OSX/Yosemite launchd startup to work properly, after upgrading to Yosemite update surgemail to this version or later, then run:
./surgemail -install_startup
6.8-f6 Fixed logging of 'failed' state, and improved handling when no 'mx' host returned and 'a' address used.
6.8-f5 Fixed fault where settings excluded from mirroring would be removed if the other server had 'no' matching setting, the problem did not occur if both servers had 'different' settings.
6.8-f4 Made legal archive user level search also show results for aliases of the user searching.
6.8-f3 Improved tellmail path so it does also report if user account doesn't exist. Also fixed tellmail lookup to correct host aliases to the real domain name so lookups work.
6.8-f2 Improved g_respond_safer to make it more safe :-), Fixed g_hacker_poison so it correctly applies to smtp login attempts now.

Surgemail 6.8e Release Candidate

SurgeMail 6.8d

6.8d-11 Added setting g_login_log_size
6.8d-10 Fixed crash bug caused by tcplib.h erradd LastBytes added in 6.7c-2
6.8d-9 Added *.jar and *.rar to simple virus list, and added setting to replace the default list of dangerous file extensions. Made user_status_send ini settings correctly update when set via the accounts/global/domain spam log page.
6.8d-8 Added g_migrate_password and tellmail migrate_password, useful during migration operations where you need to have a script login to all existing accounts without knowing their passwords. The password is not defined in plain text but by using the tellmail migrate_password command to generate a hash.
6.8d-7 Fixed dfopen handle issue with g_surgeweb_process when exiting.
6.8d-6 Fixed duplicated 'failed' log entries. Made imap max messages send a manager email when a folder exceeds the built in limits. Note if you get this warning increasing the limit is almost certainly the wrong solution :-), it's better for your system performance to get the user to 'organize' their messages.
6.8d-5 Added suspended2 and fallback_mx "true" option.
6.8d-4 Added user_exists command to http interface.
6.8d-2 Made mdir_copy http interface respond with user unknown error if account does not exist. Modified g_deny and g_country to cope with ipv6 prefixed ipv4 addresses.

Surgemail 6.8c Release Candidate...

SurgeMail 6.8b

6.8b-6 Made sf_train ignore the 'bad' folder. Added g_admin_readonly setting, specify system manager accounts that should only have readonly access to the admin interface. Made g_ssl_perfect enforce the good list of ciphers, to over-ride this don't use g_ssl_perfect "true"
6.8b-5 Fixed issue with g_surgeweb_process and releasing quarantined messages.
6.8b-4 Made sslv3 disabled if g_ssl_perfect is true (this may be causing ssl errors with old clients, we may change)
6.8b-3 Added subject to spam verification web page
6.8b-2 Fixed new CSR generation...

Google have announced they are accelerating the move from SHA-1 to SHA-256 hashing so from about November chrome may warn users who visit a website using SHA-1. This probably means you will need to update any signed certificates used with SurgeMail. Self signed ones are not an issue (since they already generate warnings :-)

See https://netwinsite.com/surgemail/help/sha256.htm

Surgemail 6.7f

6.7f-6 minor fix for g_surgeweb_process if used with g_maildir_netwin
6.7f-5 added some logging to resolve mfilter issue
Added g_ssl_disable_sslv3 "true" setting for poodle ssl issue
6.7f-4 netauth mdir_copy will now correctly add files to mirror too.
6.7f-2 Applied g_deny_smtp to surgeweb sessions when sending email.
6.7f-2 Setting to disable SSLv3: g_ssl_disable_sslv3.

Surgemail 6.7d

6.7d-5 Updated image library to fix surgeweb crash issue.
6.7d-4 Added debugging to tcp_read_dot error to help diagnose issues. Added days parameter to netachive_monthly command to expire a longer period, default 90 days.
6.7d-2 Improved legal archive handling so it doesn't lockup delivery during file transfer to s3
6.7d-3 Changed loginip url to default to http, to make https define g_friends_url

Surgemail 6.7c Beta Release

6.7b-45 Fixed 'created' date so it's set correctly when accounts are created.
6.7b-44 Corrected behaviour of smtp/imap/pop to respond with 'logindisabled' capability to signify when ssl will be required for logins to work. Made user specific delivery log work even when friends disabled.
6.7b-43 Improved the password reminder code so it would more reliably send out reminders. (not recommended), template used: password_reminder.eml
6.7b-42 Added created date when accounts created with tellmail add_user command.
6.7b-41 Changed lockout handling so it remembers and shows the cause, and avoids locking out addresses that have had good logins in the past.
6.7b-40 Fixed crash if message is trained on with g_surgeweb_process true.
6.7b-39 g_rename_content removed as could be easily misused and do the wrong thing (resulting in corrupt messages).
6.7b-38 Added imap auth plain handling for compatibility with 'odd/faulty' applications.
6.7b-37 Tweaking ssl takeover handling for some timing issue with some ssl connections...
6.7b-36 Applied g_friends_url to user status reports.
6.7b-35 Fixed auto detection of starttls when sending.
6.7b-34 Tweaked trace mutex handling so it can't cause deadlocks.
6.7b-33 Tweaked spam sanity checks for improved scoring with g_sf_binary.
6.7b-32 Added setting G_RENAME_CONTENT which can be used with g_rename_files to modify mime types as well, typical setting would be: "application*zip*" (DISABLED LATER, DO NOT USE, and NEVER SET TO * !!)
6.7b-31 Adjusted g_from settings to permit message if sender==from
6.7b-30 Added X-Mash header to detect duplicate messages from different sources.
Improved logging in mail.err if/when ssl certificates fail. Made sure sha256 was always used for CSR requests.
6.7b-28 More changes for SurgeWeb in it's own process.
6.7b-27 Experimental setting to move surgeweb to a separate process, g_surgeweb_process
6.7b-25 Modified burst behaviour to be more resilient in the face of rename errors and avoid creating uid gaps.
6.7b-24 Fixed g_bounce_paranoid so it obeys g_bounce_to setting.
6.7b-23 Made g_user_send_white a multi line setting
6.7b-22 tweaked msleep to no less than 20ms in most cases to avoid strange osx wakeup limits
6.7b-21 minor changes to thread comparison and mutex code.
6.7b-20 turned dmalloc off again due to performance issue.
6.7b-18 turned dmalloc on
6.7b-17 Added country information to g_safe_smtp email if g_country_ip is enabled. Minor change to imap idle thread handling
6.7b-16 Fixed fault in g_hacker_max handling of password guessing in some situations.
6.7b-15 Added setting to give return address for friends status messages. g_user_status_from.
6.7b-14 Minor logging change to friend release to track duplicate issue.
6.7b-12 Added daily quota limit for encrypted messages, domain level setting, encrypt_limitsz "100mb"
6.7b-11 Memory leaks and change to na_accounts if 'show' field is set then username field is not used as search field.
6.7b-9 Fixed memory leak (only relevant if you had g_dns_disk "true") introduced in 6.6d-13 approx.
6.7b-8 Minor changes to surgevault forms.
6.7b-7 Changed wording for attached files in surgevault
6.7b-6 Added some info to mutex crash logging.
6.7b-5 Set viewed encrypted messages to no cache in surgevault.
6.7b-4 Changed some error responses in surgevault.
6.7b-3 Fixed g_breakin_n behaviour.
6.7b-2 Fixed legal archive so it can activate without a usertoken if not previously activated.

SurgeMail Beta Build

Surgemail 6.6d

6.6d-32 fixed g_to_valid to reject empty recipient, added reason field to g_event_url, made surgevault attachments download rather than open.
6.6d-31 Fixed fault in user_auto_always setting.
6.6d-30 New SSL libraries. Fixed change watermark.
6.6d-29 Improved security of reset password question mechanism.
6.6d-28 Added setting g_virus_simple_zip "true" if set surgemail will scan zip files for suspect attachments (.exe,.bat etc), can be used with g_virus_simple setting to block dangerous files.
6.6d-27 Added domain level setting user_auto_always, this removes password checking (not for general use!!)
6.6d-26 Improved SurgeVault password handling.
6.6d-25 Fixed rare divide by zero if time goes back one second.
6.6d-23 Fixed replies in surgevault so they will be encrypted unless G_ENCRYPT_REPLY_PLAIN is specified.
*6.6d-20 Made the g_hacker data persistent across restarts, added g_hacker_passwords to list 'bad' passwords which imply guessing. e.g. "password, passw0rd, Passw0rd, 12345678"....
6.6d-19 Fixed g_dns_noptr issue caused by change in dns lookup code. Added date range option to search page. Fixed bad login counts so smtp logins to invalid domains are counted. Fixed webdav bug.
6.6d-18 Fixed vfork performance issue on linux (related to use of g_spam_cmd), Fixed kids safe mode so it rejects the message.
6.6d-16 Fixed possible crash in lprintf in scmd_rcpt_real code (solaris specific)
6.6d-15 fixed bug created by change in 6.6d-13
6.6d-13 Fixed some IO issues with mutex handling for the mutexes FEAT and LOOKUP.
6.6d-12 Added G_FROM_FORCE this can be used to force the From header for all messages to a particular address. The reply-to header is added if it doesn't exist with the original 'from' header.
6.6d-11 SurgeWeb url code.
6.6d-9 Added g_ssl_perfect, if set true then this applies defaults to the ssl settings that should result in perfect forward security, it also fixes a problem talking to exchange 2003 over SSL. 2-May-2014
6.6d-8 Added domain setting old_pophost_nofetch, can be used to migrate accounts without fetching messages from a pop server.
6.6d-7 Fixed handle leak if sf_binary not fully initialized...
6.6d-6 Fixed Android email client issue caused by fix in 6.5b-55 for IOS email client (Ironic).
6.6d-5 Fixed webadmin log search so it will abort if the search button is pressed again.
6.6d-4 Fixed problem with domain specific web page templates.
6.6d-3 Fixed IMAP/IOS fault added in version 6.6b-13
6.6d-2 Fixed crash in imap code.

Surgemail 6.6c New Build for SSL issue. 8-April-2014

Surgemail 6.6b

6.6b-16 OPENSSL bug builds
6.6b-15 Minor change to spf handling so whitelisting is consistent.
6.6b-14 Fixed issue with importing sub folders from lotus notes
6.6b-13 Fixed a rare issue with long lines containing colons on char 1001 in imap
6.6b-12 Improved sanity checks in g_sf_binary
6.6b-11 Fixed handling of long header in imap 'envelope' code.
6.6b-10 Added support for ECDH and DH based ssl cipher keys.
6.6b-9 Experimental build with openssl 1.0.1f libraries for windows.
6.6b-8 Fixed so local failures won't cause retry events... Added sanity checks to g_sf_binary.
6.6b-5 Added g_hacker_fwd, if true then if a user sets a forwarding rule an email alert is sent to the manager (useful as hackers often set a forwarding rule after breaking into an account, so this can help identify hacked accounts early on)
6.6b-2 Fixed fault with dns lookups returning mx entries in the wrong order in some situations (where mx priority > 100 and ipv6 enabled)
6.6b-3 Reduced chance of mutex issue with m_lookup mutex, and disabled dns disk cache by default (enable with g_dns_disk "true")
6.6b-4 Improved handling of ssl failures on outgoing email, it should now correctly try non ssl and log failures nicely.

Surgemail 6.6a - Beta build Wed Mar 5 03:55:43 2014

Surgemail 6.5b

6.5b-67 Added "alert' paramter to expire_rule options, if set to true then the user will receive a log of expired messages.
6.5b-66 Added G_SAFE_ALERT "true" if set then the manager is emailed when a user fails to login due to g_safe_smtp. Also added an email to the manager when an ip address is locked out for suspected hacking (enable with g_hacker_alert "true").
6.5b-65 Added workaround for bug in Windows Live Mail failing to recognize messages with NIL imap response to header.fields request.
6.5b-63 Fixed fault with IOS 6.x failing to read entire messages due to extra blank line in header response introduced in 6.5b-55
6.5b-62 Changed probe to do safe name to ip lookup with timeout. (to avoid g_thread_max issue)
6.5b-61 Added support for return-path in user defined rules
6.5b-60 Fixed issue with avast updater changing the cwd due to MAPI calls.
6.5b-59 Improved handling of no response from myrbl server. Added lookup url for g_safe_smtp events
6.5b-58 Fixed crash in g_from_body_bounce setting.
6.5b-57 Made SNI correctly identify the certificate/domain for host_alias matches.
6.5b-56 Added g_expire_onlyunread, if set then only unread messages are expired in the inbox.
6.5b-55 Improved handling of corrupt messages by imap to not confuse faulty IOS 7 email client.
6.5b-55 Removed code that disables encryption when forwarding a message (you can restore behaviour with the setting g_encrypt_nofwd)
6.5b-54 Fixed fault with popfetch handling messages that exceed normal line length limits.
6.5b-53 Changed behaviour for failing to restart authent process to crash/restart surgemail (as it may unjam the situation)
Made checks for duplicate uid's more detailed.
6.5b-52 added to badto detection list at data stage.
6.5b-52 Added tellmail uid_repair (mailbox path), useful if a user gets duplicates uid's on a mirror.
6.5b-51 Modified g_mirror_repair to only run once per month on the 15th. (Note for safety, this setting should be turned off during a hardware failure of the master system)
6.5b-50 Added G_QUOTA_550 to change quota exceeded response. Added popfetch header to identify messages that were fetched, X-Popfetch: ...
6.5b-49 Increased retry limit on network failures at the data sent stage.
6.5b-48 Added g_imap_inactive_free setting, to reduce imap thread use when imap clients use 'noop' rather than idle...
6.5b-45 Fixed limit on encrypt messages sent per day so it applies 'per day' instead of 'per restart'...
6.5b-44 Added default fallback to ipv4 if 421 response suggests it.
6.5b-43 Added domain level setting ssl_require_login
6.5b-42 Increased subject length in received log entry and removed "Body has arrived"
6.5b-41 Fixed 'inbox' path separator set incorrectly in build 40 below.
6.5b-40 Removed 'noinferiors' flag from inbox, it was ignored by most clients anyway and never enforced.
6.5b-39 Added some logging to make it clear which rules causes encryption of outgoing messages.
6.5b-37 Added G_ENCRYPT_NOIP to allow not encrypting messages relayed by ip. And added code to skip encryption for forwarded msgs
6.5b-36 Added G_FILTER_PIPE_HEADERS to re-read headers.
6.5b-35 Possible fix in cimap_free code.
6.5b-32 Possible fix in cimap_free code.
6.5b-31 Fixed rare deadlock in mfilter if report() function used.
6.5b-30 Changed CSR to use SHA256 instead of SHA1
6.5b-29 Fixed myrbl array bug. Fixed possible crash in imap_idle code.
6.5b-28 Added minor logging addition to track mfilter mutex issue.
6.5b-27 Changed default 'from' address for internal messages from g_manager to postmaster@primary.domain.name
6.5b-26 Fixed issue with friends/spf checking that might fail if the spam comes from an orbs forwarding/trusted host.
6.5B-25 Added no water mark setting, fixed fault in set_authfield handling.
6.4B-24 Fixed rare bug with modifying an access group corrupting some other settings.
6.5b-22 Fixed issue with mirroring /pruning long file paths.
6.5b-21 Increased default stack size for misc threads.
6.5b-20 Fixed memory leak in imap code, added g_friends_silent_level
6.5b-19 Fixed bug with renaming folders in 'mirror' configuration.
6.5b-18 Made friends bounces apply the g_retry_bounces setting.
6.5b-17 Fixed xrealip fault.
Added g_ssl_honor, when used with a cipher list this may result in perfect forward encryption (if the other end supports it)

g_ssl_ciphers "EECDH+AES:EDH+AES:-SHA1:EECDH+RC4:EDH+RC4:RC4-SHA:EECDH+AES256:EDH+AES256:AES256-SHA:!aNULL:!eNULL:!EXP:!LOW:!MD5"
g_ssl_disable_sslv2 "true"
g_ssl_honor "true"

6.5B-16 removed uid log file if greater than 1mb./span>
6.5b-14 Made stack on windows different for each protocol and added support for larger address space.
6.5b-12 Fixed fault with mirroring of domain level friend.ini and friend.rul on systems with unmatching mailbox paths.span>
6.5b-11 Increased stack size slightly on windows.
6.5b-10 Fixed fault with bounces if noencrypt=true feature in use. Fixed issue with status reports arriving every second day.
6.5b-9 Added surgewall setting SURGEWALL_SAVEUSERS to save the users as they login to imap when in surgewall mode.
6.5b-8 Added noencrypt=true option to disable default encryption when useing g_encrypt_smart feature...
6.5b-7 Added logging to smtp sessions to determine cause of disconnection.
6.5b-4 Made g_spam_user_badto stop sending if in the middle of a message to many users when the limit is exceeded. And added some more logging.
Added tellmail command to remove duplicates after accidental repeat migrations, tellmail cleanup_all user@domain.name c:\\duplicates\\user
Security Alert: A bug fixed in 6.3d-29 of SurgeMail might have allowed security credentials to leak from a surgeweb account setup to use multiple accounts such that one of the other accounts in the list would also have access to the group of multiple accounts. If you use multiple accounts and this might be an issue check by logging into the other accounts to see if surgeweb brings up the entire list of accounts. This fault does NOT allow users without credentials to get them.
6.5b-3 Made imap_import obey old_imaphost_skip setting.
6.5b-2 Fixed imap import folder list exceptions to work with folders that contain spaces. Added more logging for nightly rules to help tracking messages.

Surgemail 6.5a Sep 8 06:30:22 2013

Surgemail 6.4b

6.4b-62 Changed crash handling slightly. Added some logging for blog stuff to find performance issue....
6.4b-60 Changed blog lock handling code, added setting g_debug_timing to track disk IO usage. Added g_hacker_weak to automatically block ip addresses of people trying to login with a weak password...
6.4b-59 Changed status display for avastpipe option. Added command to MOVE duplicate mesageid's from a users inbox
(Use if a migration results in multiple coppies of a message in a users inbox) tellmail inbox_cleanup user@xyz.com /var/dups
6.4b-56 Optimized friends_always so it won't append to friend lists that exceed 1mb.. Increased g_thread_max and g_pop_max defaults slightly.
6.4b-55 Added hacker seting G_SPAM_USER_BADTO which limits bad recipients for an authenticated user, if exceeded then sending is paused for 30 minutes. A value of 50 might be reasonable as normal users would never exceed that. A value as low as 10 might be workable. Whitelist accounts using: G_SPAM_USER_SKIP. An email is sent to the manager account when this limit is hit!
6.4b-54 Improved mutex crash handling slightly to avoid a possible deadlock. NFS fix reverted as the real fault was something else probably related to the system in question and this change simply revealed the issue (or made it worse :-)
6.4b-52 Added support for cram-md5 for pop protocol. (Not recommended, in general ssl/tls is a better choice)
6.4b-51 Fixed bug with imap import/migration where it could remove messages that had failed to import. Also fixed fault with handling of timeout reset (keep alive) messages from exchange which could confuse the migration code. Also improved migration code so it would re login if the server disconnects it while it's fetching messages for a migration.
6.4b-50 Made replies to replies to encrypted messages be encrytped by default by surgeweb...
6.4b-49 Fixed fault with nfs drives and burst 'renaming' loop if file size is reported incorrectly by nfs. (REVERTED IN 6.4b-53)
6.4b-47 Fixed fault with 1.00 spam rules.
6.4b-46 Fixed fault with multiple pop sessions reading the same message at the same time.
6.4b-45 Fixed quota for accounts migrated via imap. Added tellmail command tellmail user_setfield user@domain field value
6.4b-44 Added support for g_sf_binary manual rule with value of 1.00 which will mean 'is definitely spam'. Also changed ifnew setting to work for domains.
6.4b-43 Added g_authent_addip to add the ip address as the 3rd parameter to the authent check from imap/pop logins - not for general use.
6.4b-42 Added prefixing for x-myrbl header. (corrects spam handling on messages from surgemail systems)
6.4b-41 improved handling for multi line smtp errors (gmail).
6.4b-40 added encrypt_ifnew setting to enable the verify/trust option in surgeweb.
6.4b-39 Fixed bug in expire rules, if a time greater than about 50 years is specified then it would cause an overflow and expire everything.
6.4b-39 Made surgevault display cc/to correctly matching original message.
6.4b-38 Added g_inbox_archive, g_sent_archive and domain level setting inbox_archive, these specifies the age at which messages should be moved out of the inbox/sent folder into the appropriate Archives/YYYY/Inbox (or Sent) folder. This can dramatically improve system and perceived performance as imap email clients waste a lot of resources and time dealing with large inbox/sent folders. You can manually trigger the nightly process with the command tellmail mail_rules
6.4b-36 Fixed fault in ip to country code, it was failing to match some ranges correctly
6.4b-19 Fixed intermittent failure to recognize non fake bounce messages due to mime encoding.
6.4b-18 Fixed bug in domain quota message which would have no subject and fail to tell the user that it was a 'domain' quota issue if a quota.eml template does exist and a quota_domain.eml template doesn't exist.
6.4b-17 Added setting for max items in a folder to mirror, and increased default to 160000 g_mirror_max
6.4b-16 Fixed logging issue on startup, fixed problem with Legal Archive bucket name change so it always uses the correct old and new bucket names.
6.4b-15 Fixed fault with invalid reverse DNS entries allowing spam through.
6.4b-13 Made CSR signing use SHA1 instead of MD5 since some signing authorities now complain about MD5. The setting to do this is now ignored!
6.4b-13 Made Legal Archive use native Amazon instead of DevPay (this will reduce costs long term and makes the files visible via your Amazon console), if upgrading you must enter a key pair from your amazon account and then use the tellmail la_transfer command to move data to your main s3 data area.
6.4b-12 Fixed fault with quota handling that would in some situations allow a user to get multiple quota warnings in one day.
6.4b-10 Added setting to throttle ssl renegotiation (not generally recommended)
6.4b-8 Added G_SPAM_USER_WARN, used to set a warning point, if the user sends this many messages in one day, then they get an email warning them to change their password or ask for a higher send limit if they were actually sending that many messages. The setting g_spam_user_max must also be set (and to a higher value!)
6.4b-7 Added g_create_pass_recheck, combined with g_hack_touser it will alert users with passwords that don't match your 'current' password requirements and ask them to change them.
6.4b-7 Removed legacy code writing to surgehost.ini unless g_webmail_save is set true. (Fixes deadlock issue)
6.4b-5 Fixed problem whereby one bad ssl certificate would prevent some or all ssl certificates from loading, also improved logging so mail.err reports which certificate is bad.
6.4b-4 Removed possible deadlock in vini error logging (occurs rarely when surgemail.ini contains syntax errors)
6.4b-2 Added header decoding to mfilter subject.
6.4b-1 New Beta Release (May 7th, 2013)
(Dkim bug fix related to leading full stops)

SurgeMail 6.3d

6.3d-80 Automatically skip several known bad rbl servers (njabl.org and trusted-forwarders.org)
6.3d-79 Fixed exception rules to use headers added during processing as well as those in the message.
6.3d-78 Fixed imap search on command
6.3d-77 Added G_ENCRYPT_RESET_SENDER to define message sent to 'sender' when password reset is requested.
Added g_virus_report_user, if enabled the recipient is sent a message when a virus is blocked, this setting is not recommended for normal use as in general telling recipients about viruses they didn't get is just irritating :-)
6.3d-76 Added some logging to track nightly load issue
6.3d-75 Fixed devide by zero in cimap_detect_loops if time goes backwards one second.
6.3d-74 Added domain level settings status_url
6.3d-73 Made g_smtp_maxbad 1000 the default, and added delay for bad commands to prevent wasted cpu.
6.3d-73 Added G_HACKER_PASSWORD which detects hackers and blocks them from guessing, it detects if the username is used as the password guess.
6.3d-69 Performance bug fixed in surgeweb, added in 6.3d-62
6.3d-63 Changed default domainkey size to 1024 (it was 2048 which made annoyingly large keys) Also added input field so you can specify this when generating your dkim private key.
6.3d-62 Corrected quota exceed smtp return code from 554 to 552
6.3d-56 Fixed G_VIRUS_ALLOW_UNMONITORABLE for non windows systems
6.3d-54 Added g_date_add_utc to add utc timezone if none specified
6.3d-43 Added mdir_delete function to http netauth functions (see accounts.htm)
6.3d-20 Added setting g_user_access_webonly, if set then user access rules like 'spam,filter,virus' only stop the web user interface (so users cannot mess with settings) but doesn't stop the action of spam,virus checking etc for that user.
Fixed slow memory leak in pop/migration import.
6.3d-19 Added config checker code to test g_dns_host with a couple of rbl and mx lookups. Note using a public dns like google's 8.8.8.8 servers will stop rbl lookups working correctly, you must use a real local dns server (your isp will almost certainly be providing one)
6.3d-18 Fixed crash in fedora (or new glibc) due to crypt() returning null on bad input. (fix is in nwauth and surgemail)
6.3d-17 Added Message-ID to expire messages.
6.3d-17 Fixed fault with ucount2.dat growing very large when deleting a large domain.
6.3d-17 Added options to user creation API to create folders and populate mdir folder with files. New options are &create_folders=Folder1,Folder2&mdir_copy=xmdir_template, this would create Folder1, Folder2, And it would copy (surgemail root)/xmdir_template files into the new users 'mdir' folder.
6.3d-16 Fixed problem with SurgeWall domains not applying blocklist entries. Revert behaviour with G_SURGEWALL_IGNORE_ERROR
6.3d-15 Fixed slow memory leak in imap list command.
6.3d-12 Improved mirror handling if slave is NOT set to allow config changes and a resync_config has never succeeded.
6.3d-11 Fixed minor domain admin issue, fixed spf handling for ipv6 rules, fixed
encrypt reply messages double line spacing issue.Fixed bug with /bind in gateway setting causing bad dns lookups.
Fixed problem with resync_config on a new mirror destroying an existing ini file if the first attempt to sync fails.
6.3d-10 Increased size of sf_mfilter scanning to 40k to help with spam filtering..Added g_migrate_onsmtp, if true it will do a migration if a user does an smtp login as well as pop / imap...
Fixed problem with imap envelope response for very long list of recipients. recipients.
Fixed possible memory leak in pair append from imap header read of 'message'.

SurgeMail 6.3c2

Patch to change to non debugging malloc, and fix crash on linux 64bit installer.

SurgeMail 6.3c1 Dec 13 04:49:20 2012

Improvements to spam settings to make it easier to set good defaults and easier for users to adjust their settings.
Added g_sf_binary setting to enable an alternative spam scoring mechanism.
Lots of little bug fixes.
Enahcements to encryption feature to allow downloading messages and attachments
Many/minor settings added.

Surgemail 6.0 Features

Companion Email Client for Window,Mac,IPhone, Ipad released: YesImOnline email client beta

Quota system improved to recover better from unclean shutdowns

Imap settings added:

imap_public_show "true"
    Auto subscribe to public folders
g_imap_unsub_auto "true"
    Auto unsubscribe from deleted folders
g_sent_store "System_Sent"
    Put all sent messages in the named folder.

Other settings added:

SECURITY_SUFFIX - Domain based setting to stop hackers guessing accounts, this requires everyone to login with a different suffix from their actual domain name, e.g. user@xyz.com would login as user@secret.xyz.com

Added SNI SSL/DOMAIN support with a single ip address.

SurgeWeb - Summary

```
Multiple Account support!
```
```
Access to Legal Archive
```

Multipart related image support in the signatures to support "business card" type images as part of the signature.

Emoticon icon support as multipart related inline images when composing a message

Ability to add multipart related inline images when composing messages. Includes serverside rescale and crop facility as part of the upload dialog.

Signature improvements - now supports multiple signatures, of unlimited size, with the ability to set the default for each additional account.

Full details of SurgeWeb changes.

Misc Bug Fixes including...

html_bounds bug fix.
Bug fix for chrome editing blog posts
Fixed truncation of ipv6 headers - 6.0b-22

Surgemail 5.0 New Features

Surgemail 5.3h

New Spam handling see https://netwinsite.com/surgemail/help/myrbl.htm
New Legal Archive - https://netwinsite.com/surgemail/help/legal_archive.htm
SurgeWeb - New Improved Web Email Interface - changes
New settings to prevent/reduce harvesters and hackers, see g_hacker* settings.
New basic support for Amazon SES - https://netwinsite.com/surgemail/help/amazon-ses.htm
New Basic IPV6 support added
Imap public folders improved.
SurgeVault - See here for details
WebDav support - See here
New G_FRIENDS_BOUNCE_FRIEND "true" - This makes friends 'bounce/reject' exceptions work even if the person is a friend.
New g_inbox_max "int" - This setting will stop users leaving lots of message
in their inbox
New G_INBOX_NOLIMIT "int" - Use for special users who are not subject to the
normail message count limit on their inbox (g_inbox_max)
New g_outgoing_n "int" - New settings to identify outgoing spam and email the manager if a limit is exceeded for any particular user per day.
Blacklist ip addresses and block incoming email based on train/spamtrap hits, see: g_black_isspam
New capcha to bounce messages.
FIX: RBL timeouts are now more reliable with multiple lookups.
FIX: ASPAM updates now more reliable on certain networks (failing on some).
FIX: vanish_bad_bounces - broken in version 5
FIX: Quota drift issue - deleted messages weren't being removed from quota in some circumstances.
Fix: Memory Leaks
Fix: Various crashes and improved performance.
Fix: Issues with friends confirmation emails.
Fix: redirect_cc - Failed with comma separated lists.
Fix: File handle leaks.
Fix: imap handling where wrong message body could be delivered to user.
Fix: imap issue that caused problems with outlook
Fix: Timezone issues
Fix: imap/pop lockups in some circumstances.
Fix: g_fix_crcrlf "bool" - caused corruption of messages

SurgeMail features of possible general interest added in recent months (as of 4.2g-26, February 2010):

Blacklist ip addresses and block incoming email based on train/spamtrap hits, see: g_black_isspam
New settings to prevent/reduce harvesters and hackers, see g_hacker* settings.
New setting to block well known hackers/harvester, see g_honeypot* settings (not recommended)
Prevent local address harvesting, g_dlist_nolocal true
Basic IPV6 support added
Manager warning when smtp thread count exceeded (g_smtp_warning)
Disable smtp authentication for non trusted addresses see: g_smtp_auth_off, g_smtp_auth_ip or g_relay_allow_ip
Block outgoing email to known phishing addresses (dubious value) g_spam_phishing "true"
Setting to reject any email with surbl web content (spam urls) g_surbl_reject bool (reduces spam but will cause some false positives)
Check whois info on suspect urls (this is unwise for busy servers as it may get your server blacklisted with the whois servers) A cache is used to minimize the load. (g_surbl_reject true) (Requires 4.2g-27, prior to that not stable!)
Imap public folders improved.
SurgeVault - See here for details
WebDav support - See here
g_safe_smtp (requires 4.3f-20 or later) this setting prevents smtp authentication unless the net block has had a successful imap/pop login (this pervents most hackers sending spam via your server even after they guess a valid password)

Version not yet released but being currently worked on :

New: Lots of surgeweb features, and various fixes and other new features. A new full beta build will be done soon, and notes documenting all changes will be added soon.
New: g_bull_rule new controls for bulletin access.
New: g_breakin_white - new spammer detection.
New: G_SMTP_PORTFORCE - Enforce smtp authentication 'only' be used on the ports specified.
New: g_redirect_cc_attach - this feature lets you send messages 'exactly as they look on delivery to a user and only the messages that get delivered, to another account, as mime
attachments.
New: updated SSL version used in Windows.
New: Added ownership to archives, The owner gets an 'archives' button in their user self admin page.
New: Added honeypot support http://www.projecthoneypot.org
New: Improved dlist speed with large messages, 10-30 times faster now.
New: Support for ip checks in any ip setting for ipv6 addresses and fixed several bugs with ipv6.
Fix: error that causes bounces to be sent still in the backscatter code.
Fix: many bugs and optimisations.
Fix: not handling quotes properly in an email address.
Fix: file handle leak.
Fix: an issue with case checks on vdomains.
Fix: issue with imap code deleting wrong message in rare ocassions.
Fix: NDB on 64bit linux and also with larget bucket files over 2 gigs also some other fixes with the NDB code that could cause crashes.
Fix: Several bugs that could cause crashes.
Fix: g_authent_always - was completely broken.
Fix: Issues with mirroring and surgevault and a minor issue with mirror flags.
Fix: Mirroring issue with responders.
Fix: Issue with blog permissions.

SurgeMail 4.2d4-4 17-February-2010 (Webmail 3.1t-12)

Fix: Patch of current production release for crashing bug for certain oddly formatted spam messages.
Fix: Fixed missing files in the help pages installed on the mailserver.

SurgeMail 4.2d3-3 28-January-2010 (Webmail 3.1t-12)

Fix: Get the "download all fix" noted in surgeweb changes into the production release distributions. Possible signs of this issue having been hit: Major jumps in diskusage by the surgeweb folder, restart reports in startstop.log referring to MZIP mutex. Note: Subsequent to this build (4.2d3-3) it was noted that if this issue is hit, these temp folders files are not actually getting deleted after a few days as I thought they were, this is fixed is in builds 4.2g-6+ (or if this space needs to be recovered more urgently manually delete large attachments.zip files in the surgemail/surgeweb/work tree).

SurgeMail 4.2d2-2 5-December-2009 (Webmail 3.1t-12)

Fix: Several surgeweb fixes already in the 42e* builds

SurgeMail 4.2d-1 5-November-2009 (Webmail 3.1t-12)

New: SurgeWeb changes as per: surgeweb changes
Fix: Prevent invalid pstat entries that were getting created on some systems and fix the current pstat.dat database (some systems this was HUGE)
Fix: Windows only system library timezone bugfix to fix the off by one hour issue
Fix: Fixed occasional unreliability of nwauth mirrorring (required both mirrored servers to be upgraded)
Fix: Bug if g_friends_add_trusted used
Fix: Several sporadic crashing bugs

SurgeMail 4.2a3-3 9-October-2009 (Webmail 3.1t-12)

Fix: Doing a surgeweb "download all" of multiple attachments with no file extension and the same name crashed surgemail
Fix: Surgeweb forwarding a message with attachments or forward attach was losing the attachment at send time if using the basic html interface
Fix: Friends processing bugfix

SurgeMail 4.2a2-2 24-September-2009 (Webmail 3.1t-12)

New: Extensive improvements to the SurgeWeb "Ajax / Web 2.0" web email interface (for more information see surgeweb changes, and known bug list )
New: SurgeVault email encryption (feature is PRERELEASE - contact surgemail-support@netwinsite.com if you want to try using this)
New: Force use of ssl on webmail/surgweb/user.cgi (but not blogs and surgeplus) using g_ssl_require_web
New: Improved DNS handling sending requests to multiple servers
New: Split g_from_valid into g_from_valid (recommended) and g_to_valid (unwise to use)
New: Allow use of spaces in passwords (NOT RECOMMENDED) using g_authent_spaces and nwauth 4.0r+
New: To header added to the HTML spam status email
Fix: Domain quota issue (not workign if mailbox had trailing slash)
Fix: Naked LF could slip through in very specific circumstances
Fix: Some imap response fixes to make sure thunterbird did not get confused sometimes wrt showing new messages
Fix: Retry times were not getting obeyed for messages that could not even open a connection to the destination server
Fix: Webmail trash emptying related quota drift issue
Fix: Two mutex related fixes
Fix: Some imap response fixes to make sure thunterbird did not get confused sometimes wrt showing new messages
Fix: Minor IPV6 fixes

SurgeMail 4.0v-8 3-June-2009 (Webmail 3.1t-12)

New: Surgeweb searching revamped - works across multiple folders, and messages have "search by subject" (thread) / "search by address" conversation history with sender. For more info see surgeweb changes
New: HTML "spam status" message (status_html.eml) that allows friends pending spam store actions to be done from normal mail client. Actions allowed: delete message; deliver message; purge spam store; show log. To revert old behaviour use g_friends_old_status_email
New: Linux builds now support "Load factor" and "CPU utilisation" in trend graphs

SurgeMail 4.0u4 10-June-2009 (Webmail 3.1t-12)

Fix: memory leak fixed in probe code
Fix: webmail has correct version number
Fix: domain with letters a-f only fix is actually in this build

SurgeMail 4.0u3 28-May-2009 (Webmail 3.1t-11)

New: Continued improvements to the SurgeWeb "Ajax / Web2" web email interface (for more information see surgeweb documentation, surgeweb changes, and known bug list )
New: Blogs make use of surgeweb cross browser html editor - old editor / text mode can be enabled per blog in advanced settings
New: Basic support for IPV6 under windows and linux (beta and requires g_ipv6_enable)
Fix: webmail template fix so that the html editor is not displayed for IE8 (the same as has always been done for IE7). The fix is part of this build - the webmail version was upped to 3.1t-12, but the incremented version number did not make it into the build :-(

SurgeMail 4.0k 10-April-2009 (Webmail 3.1t-11)

New: Continued improvements to the SurgeWeb "Ajax / Web2" web email interface (for more information see surgeweb documentation, surgeweb changes, and known bug list )
New: User.cgi has a blocklist feature (just like friends but blocks by address) so you can block by address without having to add a zillion filtering rules
Fix: Trend graphing overflow problem + several fixes to several issues that became apparent as result of first fix
Fix: Mirrorring of settings that don't exist on the master
Fix: CPU bug if ports were disabled
Fix: IMAP idle command was not showing new messages under certain conditions for non inbox folders
Fix: Timezone related "out by one hour" fix for windows 2003
Fix: Several fixes dlist member removal via web admin interface
Fix: Several fixes to surgeplus photo sharing
Fix: Crash when some messages (generally spam) were viewed through user.cgi
Fix: Archive viewer was missing the last 30 odd characters of messagas
Fix: Forward / responder was failing to respond and deliver locally in some circumstances
Fix: Mutex locking problems on multicpu servers
Fix: Made g_imap_timeout apply to the idle command
Fix: Dlist memory leak
Fix: Lockup if authent module doesn't respond nicely to -version request

SurgeMail 4.0a 5-January-2009 (Webmail 3.1t-10)

New: SurgeWeb new "Ajax / Web2" high performance web email interface (still being worked on though, for more information see surgeweb documentation, surgeweb changes, and known bug list )
New: New archive searching interface with CRC validation to confirm the messages in the achive have not been tampered with
New: Arbitrary error translation of error messages (g_error_xlate)
New: Setting to adjust max number of messages in a folder (g_imap_max_messages) - defaults to 200,000
New: Imap burst loggin to delivery log so message->uid renames can be traced
New: Default page not returned for invalid cgi requests - stops "dumb tools" reporting surgemail as compromised (old behaviour can be restored with g_web_old_behaviour)
New: Bounce other messages if first message is mending awaiting friends bounce (g_friends_bounce_second)
New: Require friend confirmation if email appears to be in language not in list of accepted languages
Fix: High use reports were getting confused by addresses longer than 100 characters (these get truncated in the delivery logs)
Fix: Thunderbird timeout with large imap folders
Fix: Tellmail archive search fixes for: g_maildir_netwin, date based archive before first rollover
Fix: Sporadic crash in archive extract
Fix: SPF related fix where DNS errors sometimes generated
Fix: Message attachments sometimes not showing in Thunderbird
Fix: CR/LF handling when attaching footer files on unix
Fix: In FF3 the admin interface login resulted in multiple login dialog boxes
Fix: Editing dlist/lists.dat directly in raw format from admin interface sometimes deleted it completely
Fix: Responder now works when late forwarding isused
Fix: Webmail APOP was sporadically crashing webmail
Fix: Avast for windows would stop messages with very high compression ratio with an error, these are now allowed and logged with a "possible compression bomb" warning
Fix: Address was being synched when mirrorring config files, address field is now not mirrorred
Fix: Improvements to the noforgeme handling
Fix: Bounce handling of surgewall filtering rules
Fix: Admin login spodarically "froze" due to file lock on users.lst file
Fix: A number of other minor fixes

SurgeMail 3.9g2 18-June-2008 (Webmail 3.1t-7)

Security: Minor issue allowing imap command to crash surgemail

SurgeMail 3.9g 13-June-2008 (Webmail 3.1t-7)

New: Allow headers "exists" check in users filtering rules
New: Allow raw message content to be dispalyed from user cgi spam and friends pages
Fix: User filtering "or rules" were not correctly handled sometimes.
Fix: Imap login on mirror server was not deleting old messages
Fix: Originating ip and orbs headers not added for authenticated users
Fix: Various other various minor fixes

SurgeMail 3.9e 10-April-2008 (Webmail 3.1t-7)

Fix: Minor new IMAP module fixes
Fix: Several other minor fixes

SurgeMail 3.9c 14-March-2008 (Webmail 3.1t-7)

Fix: pstat database file backed up and cleared when switching binaries with incompatible data types (eg. switching 32 / 64 bit binaries) - previously this would corrupt pstat database
Fix: Blacklist related crash fixed
Fix: Improved quota handling in new imap code
Fix: Reduced disk loading on webmail (due to reduced flushing)
Fix: Variety of other minor fixes

SurgeMail 3.9a 31-January-2008 (Webmail 3.1t-5)

Fix: Linux 64 bit webmail issue (introduced Nov 2007)
Fix: New IMAP fix

SurgeMail 3.8u 25-January-2008 (Webmail 3.1t-4)

New: New setting g_spam_from_blacklist
Fix: OSX mail client not handling some imap responses nicely
Fix: Improved UIDL handling in new IMAP implementation
Fix: Correctly keep imap flags during migration, this was broken by new imap implementation.
Fix: Corrected html footer handling under some circumstances
Fix: Corrected surgemail and webmail handlig of "%" when listing imap folders. NOTE: If you upgrade the surgemail binary and not webmail binary, users mail folders will seem to disappear from webmail. To correct this add "imap_list_* true" or make sure both webmail is upgraded with surgemail.

SurgeMail 3.8s 7-January-2008 (Webmail 3.1t-1)

New: IMAP folder based access to friends pending (g_imap_friends)
New: IMAP folder based access to aspam training folders (g_spam_folders, g_spam_folders_show)
New: New spam prevention settings: g_from_valid, g_bounce_suggest, g_from_noforge, g_from_noforgeme, g_max_bad_ip, g_max_bad_ip_time, g_msg_max_drop.
New: Miscellaneous new settings: gateway_to, old_pophost_bind, g_bind_incoming, g_friends_short, g_friends_ignore_trusted, g_friends_url, g_log_dropped_disable, g_rcpt_trace, g_redirect_ignore_errors, g_retry_unwarn, g_send_helo_in, g_spf_web_url, g_ssl_ciphers, g_ssl_disable_sslv2, g_virus_disable_local, g_web_noserver.
Fix: Several fixes to the new IMAP implementation
Fix: Webmail smooth template enabled for safari 2.0.4+ (Was already mostly operational for safari but several minor changes made)
Fix: user.cgi editing last filter in filter list would delete it rather than save it
Fix: Variety of other fixes and minor performance enhancements

SurgeMail 3.8q 26-November-2007 (Webmail 3.1s-18)

New: Rewritten more efficient IMAP implementation
Fix: Webmail' clickable links would sometimes be broken / display missing chunks from message
Fix: Web Friends & account rename was partly broken for non primary domains
Fix: Blogs bug that allowed two blogs of same name except for trailing slash
Fix: Blogs postings with '<' or '>' characters is now handled nicely
Fix: Webmail message list confusion when fetching mail from servers with with case sensitive POP UIDs (eg MS Exchange)
Fix: Admin interface log searching would sometimes return an incorrect empty result.

SurgeMail 3.8o 30-August-2007 (Webmail 3.1s-12)

Fix: Get packet fix into latest release too

SurgeMail 3.8k4 29-August-2007 (Webmail 3.1s-6)

Fix: Improved version of the TCP packets small in relation to SMTP headers fix in 3.8k3

SurgeMail 3.8k3 28-August-2007 (Webmail 3.1s-6)

Fix: Rather nasty bug that could corrupt message text if message headers were sent 1 TCP packet at a time.

SurgeMail 3.8m 20-August-2007 (Webmail 3.1s-11)

Security: IMAP buffer overun (affecting logged valid email accounts only)
Fix: Variety of minor surgemail and webmail and fixes

SurgeMail 3.8k2 20-August-2007 (Webmail 3.1s-6)

Security: IMAP buffer overun (affecting logged valid email accounts only)

SurgeMail 3.8k 26-June-2007 (Webmail 3.1s-6)

New: SPF additional option 'nohard' and g_spam_grey_nohard to allow SPF to be softened further.
New: Made blogs lists sortable
New: Added mouse click handling to webmails address autocompletion functionality
Fix: Report generation failure if authentication db entries were larger than 1KB
Fix: Webmail crashing bug if retrieving external accounts and mailbox was emtpy (recently added)
Fix: g_archive message extraction (via tellmail archive_extract) was failing when an external filter had modified the message content
Fix: Variety of other minor fixes

SurgeMail 3.8i3 10-May-2007 (Webmail 3.1s-4)

Fix: Webmail version numbering tidyup. Webmail 3.1s-1 in surgemail build 3.8i2 was patched for security fix but version number not updated. To be absolutely certain you have the security fix make sure you are running the webmail executable version 3.1s-4 (either from surgemail build or standalone webmail build)

SurgeMail 3.8i2 9-May-2007 (Webmail 3.1s-1)

Security: Webmail security fix (all versions of webmail should be upgraded)

SurgeMail 3.8i 26-March-2007 (Webmail 3.1s-1)

New: Enhanced blogs security settings to limit blog comment spam (+ new setting g_blogs_cleanup_links)
New: Verification images (primarily used in blogs) are now distortion based (+ new setting: g_verify_image_hard - to make images even harder to crack - and read)
New: Webmail addressbook autocompletion (off by default, enable with webmail.ini 'enable_autocomplete 1')
New: Clicking "find config setting"search links highlights the relevant settings
New: g_proxy_webmail - Redirect user.cgi logins to external host name
New: Allow ||remoteip|| macro to be used in g_smtp_noauth
New: Added support for 'user' token in "max_in" (eg.max_in="200k")
New: g_bind_byfromip - Bind outgoing connections by sender ip
New: Windows avast obeys g_vpipe_skip
New: Extended "tellmail finduser" syntax to support wildcards etc
Fix: (NASTY) If older than "n month" user.cgi mailbox rule processing crossed year boundary matched wrong date
Fix: Webmail inbox corruption where some messages on list pane would get subject and addressing info from other messages
Fix: Webmail null messages in inbox after login fixed
Fix: Webmail fix WYSIWYG disabled for windows Vista (as MS no longer supports method used by webmail)
Fix: Webmail sporadic bug that webmail would log out out immediately on first login
Fix: Webmail would eat the first characters of headers (of particular note the From header) if header did not have a space after the colon
Fix: Webmail fix to make the display of mht messages more sensible
Fix: Webmail smooth template only fix that could delete messages instead of move them under an obscure set of actions on the "move to folder dropdown".
Fix: Webmail - attachments sent via webmail had a CR/LF appended at end
Fix: IMAP import date handling so date is correct on migrated messages
Fix: IMAP import bug that would fail to import folders if the destination server sent list responses with a trailing space
Fix: IMAP import fix where sometimes processed folder count would get incorrectly displayed as zero
Fix: IMAP import folder subscription handling if account already existed
Fix: Domain admin log file search fix (on the first 9 days of the month, on unix systems, the domain admin msg.log
delivery log search would not match any messages)
Fix: Under certain conditions 'and' rules were being processed as 'or' rules
Fix: Domain selection, if more than g_domain_list_max domains, on spam control, redirection, migration page
Fix: Mailing list delete member handling if member has '_' character in name.
Fix: Mailing list member sorting was broken about 6 months ago
Fix: g_smtp_fix_nohead was broken in some cases
Fix: default value handling with g_user_status_send
Fix: Deletion of exception rules containing a quote character
Fix: Removal of domain settings on mirrored host in some circumstances
Fix: Sporadic crashes in domain keys handling
Fix: Limits large file uploads under blogs
Fix: FProt dot stuffing fix
Fix: If g_send_speed was <500 bytes/s large messages would timeout due to buffering
Fix: Minor memory leak in SSL connection handling
Fix: Bug in signup per day limits
Fix: sendmail_surge.ini handling fixed

SurgeMail 3.8f3 12-January-2007 (Webmail 3.1r-13)

New: Blogs ping timeout added
Change: Reduced stack size limits (reduction of max redirection loops)
Fix: 4 fixes relating to uncommon crash conditions.

SurgeMail 3.8f2 8-November-2006 (Webmail 3.1r-13)

Fix: Fixes related to g_include, and use of g_default_domain

SurgeMail 3.8f 30-October-2006 (Webmail 3.1r-13)

New: g_mirror_nwauth_always - Always mirror nwauth even if using other authentication module
New: Changed default install to set recommended settings on by default
Fix: fix to dlist search command
Fix: possible timeout problem due to invalid responses to ehlo requests
Fix: Several fixes that could cause crash in unusual circumstances
Fix: ndb performance related fix
Fix: Log file searching smarts fix (recently broken)

SurgeMail 3.8d 13-October-2006 (Webmail 3.1r-13)

New: g_friends_confirm_debug - Allow debugging of friends confirmation messages by logging friends actions to friend_confirm.log.
New: mailing list "modify members" can now search based on user settings
New: Add senders from ip address to relevant users log messages
New: tellmail "-q" command line option added to run in quiet mode only outputting result of commands
New: Copy and edit added to user filters and exceptions page
New: g_mirror_nwauth_always - Always mirror nwauth even if using other authentication module
New: g_surbl_skip_ip - Skips surbl lookups if the sender is from a listed ip
New: Support for syslog server using g_log_syslog, g_log_syslog_host, g_log_syslog_only
Fix: The way the date is stored on mailing list archives changed so that moving files with tar can preserve date information
Fix: Domainkeys signing fix
Fix: mailing list fix such that web_hide_email woks in show_headers mode
Fix: Truncation of long lines on domain admin log file searching page
Fix: Blogging of images fixed (recently broken)
Fix: Friends template message header fix
Fix: Domainkeys multiple txt record lookups (eg as used by yahoo.com)
Fix: Viewing of html messages cpu loop fix
Fix: Date displayed for SPF user.cgi log lines conrrect for front end / backend systems

SurgeMail 3.8b 28-August-2006 (Webmail 3.1r-12)

New: g_sms_forward - This setting allows you to specify IP's which can send to an sms="TRUE" gateway without being authenticated. Normally only smtp authenticated senders can use these because we need to be sure the sender really is the person sending, not someone faking their address (in order to decrement the correct users quota). However, if you can already guarantee the sender, or you don't care then you can use this setting. This allows your list server (dlist) to send to SMS numbers, for example.
New: surgewall_auth - user="username" pass="password" - Makes SurgeMail use SMTP AUTH when delivering to the SurgeWalled server.
New: g_spam_share - This lets surgemail share whitelisting information to improve scoring and avoid annoying spf bounce issues
New: g_friends_always - Allows user's friends setting to be overridden
New: Ability to view messages from user.cgi mailbox page & admin interface (requires g_user_mail_view) to see whether they are spam etc
New: Additional settings to tweak SPF operation: g_spf_nogrey, g_spf_noallow, g_spf_enforce_local
New: g_blogs_domonly - Make listed blogs page only show blogs in same domain as logged in user
New: tellmail append_ini and append_lists command to append ini file sections
New: "tellmail lookup recipient@domain" shows whether recipient is user / alias / mailing list etc.
New: Ability to restore deleted domains (can restore domain + nwauth entries + users mail, not any originally deleted domain settings, aliases and mailing lists)
Fix: g_orbs_check_all "true" caused g_orbs_late "true" to fail.
Fix: was not correctly stamping when g_orbs_list was setup to deal with multiple responses. eg g_orbs_list name="combined.njabl.org" action="stamp" stamp="3=NJABL-DUL~4=NJABL-Spam~NJABL-other"
Fix: g_orbs_check_all "true" caused g_orbs_late "true" to fail.
Fix: Encoded email headers now get correctly decoded prior to filtering rules getting applied
Fix: Send channel thread creation leak (freebsd only)
Fix: Skip spf / grey bounce user setting related bug
Fix: (g_)user_status_send not getting properly applied in certain conditions
Fix: Blogs related UTF-8 charactr encoding fix
Fix: recently added overzealous validity checking on redirect_cc fixed
Fix: g_domainkeys_sign cr/lf bug
Fix: Exceptions / filters page behaviour for surgewall domains

SurgeMail 3.8a 27-July-2006 (Webmail 3.1r-8)

New: g_forward_attach - SurgeMail will send emails as attachments for specified domains when using late forwarding.
New: SurgeMail supports CIDR format in ip based settings.
New: g_domainkeys_check - Check incoming DomainKeys signatures (beta)
New: g_domainkeys_sign - Sign outgoing messages (create a key first using web admin)
New: g_domainkeys_selector - Policy name for your server (used creating dns entry for domainkeys)
New: g_domainkeys_only - Domains to sign for outgoing email
New: g_user_friends_log_disable - This disables the logging of lines to the users friends.log files (the users "log" page).
New: g_friends_old - restores old friends behaviour
New: g_spf_byweb - Description below in g_friends_byweb
New: g_friends_byweb - These settings enable the use of a link to "allow" bounced and/or friends pending messages. The link returns a page with a verification image, the user enters the number shown and clicks "Add IP" or "Release message" depending on the context. In the case of spf allow, this link _replaces_ the allow email address in the bounce message error string. In the case of friends, this link is added to the friends confirmation message
(default) and the option to add it to the custom message appears on the custom message page.
New: g_late_forward - described below in late_forward
New: late_forward - These force late forwarding and hide the user option on the forwarding page that chooses whether to get it or not. If the user has already selected late forwarding setting either of these will not clear that, even if they load and save the forwarding page. Disabling these settings later will revert it back to the users previous personal setting as you'd expect.
New: tellmail list_rcpt - Attempts to list all valid receipt addresses for the server
New: tellmail dropfile_import user@domain c:\inbox\fred\mail - This looks for 'dropfile's one per folder, and creates matching
folders/messages in surgemail (maildir format)
New: tellmail bull_fwd [domain] - This searches the authent database, locates all the accounts which forward to a non-local address (and do not also deliver locally or deliver to a robot or responder) and emails them all the bulletins they have not yet received.
New: Support for multiple webadmins added - "surgemail -admin_add"
New: added mirroring of mfilter.dat and simple.rul files
New: domainkey web admin interface page added
New: g_msg_log_extra - The setting causes extra logging in the msg.log files, it logs user logins and imap fetch commands (to match the existing pop retr ones).
New: You can now setup an auto response message and have it automatically turn off after a set period of time.
New: tellmail can now use SSL for connections - use -ssl on the command line.
New: forward message if smaller than xx (added to end user interface). If a message arrives which is larger than the specified size, it's not forwarded, it's delivered locally and a notification message is sent in it's place. This feature is especially useful to people who are forwarding email to pda devices with limited storage.
New: "match exactly", "does not contain", "does not match exactly" in filters in end user interface.
This feature only works if you use late forwarding (the interface makes this clear).
Change: g_forward_illegal - Rules only apply to non local domains now.
Change: g_spam_allow & g_con_perip_except changed to multi settings.
Change: Instead of sending a confirmation (to a possibly faked address, which would then be considered spam and cause you to be blacklisted by spamcop or similar) it gave a 554 error. It did this if the message did not contain spf headers with "pass" in them. In other words it did this when spf was disabled or when spf failed. It has been changed so that it only does it when spf is enabled and fails.
Change: On startup SurgeMail scans the mail queue, if this takes more than 10 seconds it skips the rest and makes an estimate.
Fix: g_user_alias_file - strange problems when editing in webadmin when alias.dat does not exist
Fix: redirect/redirect_cc - crashed when editing these settings in webadmin in some versions
Fix: memory leak in cluster resync
Fix: aspam performance
Fix: dlist crash
Fix: IMAP problem with messages with bad headers
Fix: Some minor mirror problems.
Fix: IMAP problem with changing folders caused problems for clients.
Fix: IMAP codes when moving messages to inbox (improved efficiency)
Fix: crash during ASPAM retrain.
Fix: Mirror fix that caused some of the users settings not to be mirrored (bug was added in 3.7xx)
Fix: rare crash in *nix in thread creation code.
Fix: imapbody structure which most clients ignore except a few on osx
Fix: g_spam_allow_rbl - wasn't working properly
Fix: problem with quotas drifiting upwards
Fix: added more error checking to SurgeMail to detect admin mistakes like creating loops with redirect rules or adding domains that are already aliased to other domains etc.
Fix: crash in domain keys code.
Fix: rare admin bug that stopped the admin showing any values for settings.
Fix: If machine A had a unique setting then changes on machine B would cause that setting to be removed from the config on A.
Fix: DNS invalid domain - If a dns lookup failed due to a timeout, then the next lookup for the same domain would fail as if the domain didn't exist instead of with a timeout error.
Fix: Pop proxy bug - When using gateway setting(s) and g_proxy_to_gateways the pop proxy was not being used for users in domains which do not exist in the config file (i.e. all of them)

SurgeMail 3.7b8 31-May-2006 (Webmail 3.1r-8)

Update: Reverted SPF + Friends bounce behaviour (to enable feature now use g_responder_safer and g_friends_spf_fail_bounce)
Fix: Mirroring of user cgi setting files (broken in most 3.7 builds)

SurgeMail 3.7b7 25-May-2006 (Webmail 3.1r-8)

Fix: Several memory leaks
Fix: Blog post editing and plaintext email posting fixes
Fix: Footer & g_gateway_dat fix

SurgeMail 3.7b6 28-April-2006 (Webmail 3.1r-8)

Fix: Netauth memory leak
Fix: Quota handling uncommon crash
Fix: Outlook IMAP folder redownload issue
Fix: Friends related uncommon crash

SurgeMail 3.7b5 19-April-2006 (Webmail 3.1r-8)

Fix: Friends store/pending view html email crash
Fix: Webmail basic html message non display issue
Fix: Mailing list archive viewer memory leak
Fix: "all domain" reporting used default domain only
Fix: Dlist hide_sender crash on linux
Fix: Webmail HTML editor "press SPACEBAR or ENTER to activate and use this control" issue

SurgeMail 3.7b3 6-April-2006 (Webmail 3.1r-8)

Fix: Aspam retraining performance bug
Fix: Crash on freesbd on certain header addition operations

SurgeMail 3.7b 7-March-2006 (Webmail 3.1r-8)

New: g_block_skip "address@domain" - exception for g_block_files, for sender and rcpt.
New: g_header_strip "header" - removes the header from the message.
New: g_imap_capa
New: g_imap_capa_strip
New: g_authent_last_login
New: g_bounce_bind
New: g_create_user_length
New: g_iplimit
New: g_iplimit_local
New: g_iplimit_remote
New: g_iplimit_islocal
New: g_iplimit_whitelist
New: g_user_send_rule
New: g_language_default
New: g_archive_files
New: g_bounce_reject "ip" - which you use to list the ip addreseses of dumb back end servers that should not be allowed to send you bounce messages.
New: redirect_max
New: language_default
New: g_newui_advanced "true/false" - can set the UI into advanced mode permanently, default false.
New: g_from_relay & g_from_relay_white - if (relay_allow_ip matches) if (!authenticated) if (!islocal(from)) if
(!whitelisted(from) bounce "sorry you need to be smtp authenticated to send from a non local domain"
New: g_user_utoken_expire
New: g_forward_illegal - allows you to stop users from setting up forward rules to certain domains
New: Installer adds link to help
New: dlist_rotate_n "n" - how many logs to keep for dlist (default 4)
New: image based human verification for blogs
New: popfetch now reads bcc's when using it with g_spool
New: popfetch now tries to use the rcpt from received headers
New: create_image "true/false" - this setting adds a verification image to the user signup process.
Update: g_spf_skip is now a multi setting
Update: removed some netwinsite URL's from surgemail/webmail as were causing problems with SPAM sites.
Update: bounces now are never generated due to exception filters unless the setting g_bounce_some "true" is added
Fix: timezone changes on Windows platforms should now work properly without restart. (daylight saving for example)
Fix: when changing a group name, surgemail now updates all settings relating to that group correctly.
Fix: popfetch in SSL mode.
Fix: loading of mailing lists
Fix: various crashes
Fix: mirroring of files > 100 megabytes.
Fix: problems with outlook and uid errors in imap
Fix: display quotas of over 2 gigs
Fix: problem with messages bypassing friends with an empty return-path <>
Fix: renaming user from one domain to another domain

SurgeMail 3.6f7 1-December-2005 (Webmail 3.1q-2)

Fix (3.6f7): Self account creation password problem
Fix (3.6f7): Invalid message encoding confusing webmail fix
Fix (3.6f7): Memory leak on quota report (if report was limited in some way)

SurgeMail 3.6f5 11-November-2005 (Webmail 3.1q-2)

Fix (3.6f4): Unix intercept migration fix
Fix (3.6f4): Webmail invalid UID fix
Fix (3.6f4): Removal of several netwin urls in friends / bounce messages as this was getting servers blacklisted
Fix (3.6f5): Bug with use of g_aspam_headers (unix only, introduced 3.6f4)

SurgeMail 3.6f3 4-October-2005 (Webmail 3.1q-2)

New: Date range based reporting added to "tellmail report" per user / domain monthly reports.
New: Integral support for blog listing with technorati.com
New: Optional password protection for blogs
New: Fancier surgemail bulletin features
New: Account rename functionality
Fix: Fixed non functional blogs_per_user_max
Fix: Fixes to updated mailing list interface
Fix: several other fixes
Fix (3.6f2): Config mirrorring and IMAP fix
Fix (3.6f3): Webmail login issue (bug added post 3.6d)

SurgeMail 3.6d 9-September-2005 (Webmail 3.1p-8)

New: New g_admin_access feature allows customisation of domain administrator features (per server / domain / per account)
New: Webmail now handles replying to html messages in HTML without messing up html - in particular allows replies to HTML messages sent by MS Outlook (requires "allow_html_reply true" and "allow_style true" in webmail.ini)
New: Per domain & per group log creation limits
New: Posted blog images can be rotated on edit post page
New: migration_translation.txt file support for handling weird account anames when using old_pophost / old_imaphost migration
Fix: HTTP timeouts changed from 5s to 60 s
Fix: New admin UI now has global use defaults (on accounts page)
Fix: New admin UI was not saving surgehost.ini settings for default domain
Fix: domain_defaults.txt works for domain creation under new web admin UI
Fix: Quite a lot of other fixes :-)

SurgeMail 3.5b3 15-August-2005

Fix: Blogs mirrorring fix
Fix: Blogs possible CPU loop when posting comments
Fix: New admin UI fix - pressing save in domains page broke surgewall / user_sms_quota setting values
Fix: New admin UI fix - vlist based settings automatic sorting conforms to old admin UI (affects g_access_group, g_download, g_header_out, g_include, g_retry_rule, g_sample_get, g_sample_show, g_send_tolimit not sorted)
Fix: Webmail logins fail after upgrade (if first install prior to surgemail 1.5d and url_host is used)
Fix: Back links removed in webmails use of surgemail web pages
Fix: Perflog crash if system performance library did not return correct processor count (windows only)
Fix: Crash if mail delivered to already full mailbox (solaris only, recently introduced)
Fix: tellmail quota_rebuild "invalid account" fix (bug introduced surgemail 3.2a)
Fix (3.5b2): Cosmetic new admin UI fix (removal of warnings introduced by fix above)
Fix (3.5b3): Incorrect addition of g_authent_domain "true" if no setting present (not using g_authent_domain) and saved from web admin ui
Fix (3.5b3): New admin UI bug, save on domain page in standard mode reset mailbox_path do default value
Fix (3.5b3): HTTP timeouts changed from 5s to 60 s
Fix (3.5b3): Couple of new admin ui and blogs cosmetic changes
Fix (3.5b3): Bug that could delay messages by a few minutes if send_isslow feature is used - default in this version
Fix (3.5b3): Aspam filtering fix

SurgeMail 3.5a 26-July-2005 (was 3.2g 19-July-2005)

New: Additional wave template set for blogs
New: Aditional dlist settings: post_members_tomod, mod_hide, strip_headers
Fix: Several minor new web admin UI fixes
Fix: Sending fix if remote system always hung while sending headers
Fix: NFS efficiency fixes
Fix: Memory allocation efficiency fixes
Fix: Minor blog fixes
Fix: Mirrorring fixes (now mirrorring pending.dat and custom.dat)
Fix: Several minor surgeplus fixes
Fix (3.5a): Delete domain button added to new ui + several new UI fixes.

SurgeMail 3.2e 1-July-2005

New: New simplified and more informative UI for SurgeMail Admin web interface
New: Surgemail Blogs allowing users to create and manage blogs
New: Many minor features added, too many to list individually
New: suspend "true/false" - allows suspending the domain, allows incomming mail, but denies the ability of users to check their mail.
New: g_fix_crcrlf "true/false" - setting to deal with some legacy applications sending incorrect cr/lf's at the end of headers
New: g_auth_norelay "true/false" - if true does not let user relay because they authenticated
New: sendmail.ini file in (g_home directory) controls some aspects of sendmail
New: g_smtp_portauth - Forces smtp authentication on this port eg g_smtp_portauth "587"
New: tellmail add_rules <file>
New: g_send_nolimit <domain> - Overrides g_send_max_perdom for one or more domains
New: Allowed changes to SSL certificates to take effect without a restart
New: g_tarpit_retry - so that tarpit limit results in a retry rather than a 5 second delay
New: g_msg_max_hops "number" - sets maximum number of received lines before rejecting (default 30)
New: email notification message - The first 1024 chars of the body are now available with ||body||
New: g_quota group=string quota=string
New: tellmail add_member <list> <email> - adds memeber to mailing list
New: g_smtp_noauth "ip" - all non matching ip's must authenticate
New: alias_max - limits the amount of aliases allowed in a domain
New: g_allow_passzip_to "..." - allows avast to let through unmonitorable zip files to address
New: g_allow_passzip_from "..." - allows avast to let through unmonitorable zip files from address
New: g_orbs_report "true/false" - This allows you to get an email if your server gets 'orbs' listed
New: g_include / g_download - Used together you can fetch a file from a web server, and get updates hourly,
and include it for global settings in your surgemail.ini
New: g_body_filter "true/false" - end users can now choose to filter on the body of the message
Fixed: g_vpipe_skip "ip" - now skips g_virus_fprot
Fixed: sendmail crashing when using sendmail.ini
Fixed: Deletion of domains (changed to two actions, delete then purge)
Fixed: Many minor bugs
Fixed: Various bugs that could cause crashes
Fixed: Many cosmetic issues
Fixed: Deleting in outlook using imap with multiple threads
Fixed: Updated IMAP IDLE command to timeout after 32 mins
Fixed: Random bug where a 5 second delay could be caused between WebMail and SurgeMail
Fixed: Bounce to rules were being lost in some situations
Fixed: Many cross site scripting fixes
Fixed: DNS UDP runt packets being sent
Fixed: Added code to check when tarpitting channels that there are always enough channels left for connections - if not old ones are dropped.
Fixed: g_bad_from doesn't block if it gets a 400 error now as was blocking emails due to greylisting
Security: g_web_max "100" - maximum connections
Security: g_web_max_perip "10" - maximum per ip
Security: g_deny "ip" is now used by webconnections also

SurgeMail 3.0c2 22-March-2005

Security: (2.2c2 : 22 March 2005) Webmail security issue and user.cgi security issue fixed.
Add: Updated version of webmail to webmail 2.1n (build23)
Note: This release is really just what would normally have been 2.2g5 (does not contain features in 2.2h builds)

SurgeMail 3.0a 17-March-2005

Fixed: 5 second delay affecting webmail running under surgemail (affects several unix versions only)
Note: This release is really just what would normally have been 2.2g4 but with a major version number update (does not contain features in 2.2h build

SurgeMail 2.2g3 5-March-2005

Fixed: Remove the option of deleting domains from the admin as it some circumstances it could remove the wrong domain (two admins using the admin at the same time, or an admin with two browser windows open to the admin)

SurgeMail 2.2g2 15-February-2005

New: g_surbl - Takes advantage of databases for known spam URL's (www.surbl.com)
New: g_rcpt_nodup "true/false" - Stops duplicates of the same message being delivered multiple times to one address (only in same session) - works well when using fallbacks etc.
New: Extended archiving flexibility - see archive section in webadmin.archive
New: Can edit members in a mailing list - disabled true/false, onholiday true/false, digest true/false
New: g_orbs_list - This setting can now have different stamps based on the ip returned by the RBL.
Fixed: problem where a forward to multiple users with one user over quota gave back a meaningless error.
Fixed: blank gateway rules caused problems.
Fixed: cleaned up various logging messages.
Fixed: size() in mfilter not working with values over 14999.
Fixed: Many other unspecified fixes
Fixed: (2.2g2 : 15 February 2005) Surbl rule formatting bug
Note this build contains the same version of webmail as the surgemail 2.2c10 release.

SurgeMail 2.2c10 17-January-2005

Security: (2.2c9 : 23 December 2004) Webmail security bug fixed.
New: g_smtp_welcome_delay "seconds"- delays smtp welcome, any connection that doesn't wait for prompt before sending data is dropped.
New: g_orbs_cache_life "seconds" - Time to keep RBL hits cached
New: g_orbs_force "true/false" - forces rbl lookups even if user is in an allowed relay ip (g_relay_allow_ip)
New: tellmail surgehost_update - makes surgemail update surgehost.ini for each domain.
New: user_list_quota - This setting configures the number of mailing lists a user of this domain can create
New: g_user_list_quota - This setting configures the number of mailing lists a user can create on this server
New: g_admin_guesses "number" - number of guesses allowed for admin login before being shut out.
New: g_user_send_max "number" - Allows the specification of a maximum number of emails per day.
New: user_send_max "number" - Allows the specification of a maximum number of emails per day.
New: g_user_filter_early "true/false" - this setting causes it to run the users exceptions/filters before writing the
message to disk during the delivery process.
New: Multilanguage support for user.cgi pages
Fixed: autoresponders failing when used with g_orbs_late "true"
Fixed: memory leak
Fixed: quota handling problem on surgemail crashes
Fixed: dlist - quoted text before the address was not handled eg "text here" <address@domain>
Fixed: (2.2c7 : 8 December 2004) Friends message pending list did not display email address correctly.
Fixed: (2.2c10 : 17 January 2005) 3 fixes - crash when adding non local dlist members, minor memory leak, and debug filehandling fix.

SurgeMail 2.2a6 1-November-2004

New: DNS lookups now use UDP.
New: Per user usage logging for gatewayed / surgewalled domains + more report generation features
New: g_mailstatus_message state="string" message="string"
New: g_send_helo_from "txt" - Uses from envelope to generate helo.
New: g_received_skip "true/false" - Skips writing the received header for trusted local user.
New: No rbl lookups are done if the user matches g_relay_allow_ip
New: list_max_users "number" -sets maximum amount of users that can be added to the lists in this domain
New: tellmail change_pass <user@domain> <new password> - changes users password.
New: CRAM-MD5 support added - Documentation here.
New: header_add <header> - adds headers to messages, domain setting.
Fixed: installer for FreeBSD systems.
Fixed: The imap command asd fetch 1:* BODY.PEEK[HEADER.FIELDS.NOT (RECEIVED)] imap returning incorrect data
Fixed: IMAP IDLE command.
Fixed: delay in reading in dns.dat cache.
Fixed: File leak on avast update.
Fixed: perflog stability
Fixed: handling of MIME messages and footers in dlist.
Fixed: join template and naked line feeds in dlist.
Fixed: blocked all ips from admin interface if 6 incorrect attempts were made, now done per ip.
Fixed: g_spam_allow if blank allowed everyone.
Fixed: Variety of other minor fixes

SurgeMail 2.1c7 9-September-2004

New: Improved DNS lookup code
New: g_orbs_late "true" - allows late lookups so authenticated users can be bypassed for rbl checks
New: g_spf_skip_to "user@address" skips spf checks for specified rcpt, also skips rbl checks if using g_orbs_late "true"
New: g_quota_skip "ip" - skips quota checks for users sending from specified ip
New: g_filter_n "number" - Number of filters to run simultaneously
New: Added more information to to the status pages (mainly bandwidth related) and status page readability improvements
New: Improved surgeplus integration
New: Install dbabble from within surgemail web admin interface
New: Latest version of webmail now included with surgemail releases (for this release v3.1k build 8) for webmail release notes see https://netwinsite.com/webmail/updates.htm - part of webmail admin manual
New: Improved web image caching for surgemail and webmail
New: Build number now included as part of filename on patched builds (instead of separate patch number) to avoid version confusion
Fixed (2.1c7): DNS bug rejecting some emails "DNS channels all busy for 5 minutes"
Fixed (2.1c7): Per domain/user logs deleted based on g_record_days
Fixed (2.1c6): Further perflog crashing bug fixed
Fixed (2.1c6): DNS display on standard status page
Fixed (2.1c6): Per user / domain reporting did not work if g_record_path was used
Fixed (2.1c5): Continuous peflog problems fixed by making sampling code more robust
Fixed (2.1c5): Webmail fix - Smooth template set reply etc would not send
Fixed (2.1c5): DNS lookups on surgewall domains
Fixed (2.1c5): Several other minor fixes
Fixed: The uninstaller so it removes all files and rollback mechanism works correctly if file busy error encountered during upgrade
Fixed: Some confusing SMTP error messages like this one "failed (Success)"
Fixed: Bug in the sendmail stub that caused it to crash with the -mailfrom argument
Fixed: Several stabilty bugs
Fixed: Peflog restarting surgemail if missing more than 5 minutes of data
Fixed: Bug when sending with g_spool, sometimes mail got sent multiple times
Fixed: SMS notification quota handling
Fixed: Several changes + fixes to SPF handling
Fixed: Mailing list handling fixes

SurgeMail 2.1a 6-August-2004

Fix: Perflog graphing bandwidth_in and bandwidth_out graphing could get broken sometimes
Fix: Several stability issues and a few other minor issues
2 new webmail template sets (Surge and Smooth), both with multilanguage support (English, French, German, Spanish, Portuguese)
SPF improvements and new settings (g_spf_default, g_spf_default_noblock, g_spf_skip, g_spf_rev_skip)
Usage reporting for usage / accounting purposes (per user and per domain mail received / send / pop usage etc)
Latest version of webmail (version 3.1i build 13)
Some surgemail admin web interface improvements
Viruses stopped by all mechanism now logged on advanced status page
(non functional - Windows only) On fault stack is now dumped by surgemail to startstop.log instead of drwatson logs for catching crash information as drwatson logs not reliable on Windows 2003

SurgeMail 2.0g2 10-July-2004

Fix:(2.0g2): Using g_access_groups with access_smtp not matching IP prevented receiving instead of sending of messages (broken 2.0c)
Fix: Sporadic crash due to perflog graphing
Fix: cc's in mfilter when entered via the webadmin
Fix: UID issues in imap especially when used with outlook
Fix: fixed problem with reloading mfilter, could cause crashes.
Fix: Using our own dns code on freebsd now as theirs was buggy - reverse dns lookups will work etc.
+: Added domain quotas - setting quota_domain "500mb"
+: Improved logging for RBL hits, logs which RBL was hit
+: Status page now shows how many hits for each RBL you are using

SurgeMail 2.0e 10-June-2004

Fix: search feature in surgemail now a lot faster
Fix: spf templates now use "strict" not "mean"
Fix: g_mfilter_skip_ip problem fixed , caused skippng if no value was set
Fix: tellmail logout - wouldn't logout users in certain states.
Fix: dns problems related to SPF lookups.
Fix: friends/exceptions/spam problems fixed (added in 2.0b)
Fix: g_tellmail_ip "ip" now works.
g_dsn_enable "true/false" - default false, must set to true to turn on dsn support.

SurgeMail 2.0c 3-June-2004

Fix: Now rejects messages on receipt of the SIZE declaration
Fix: Problem when daily logs get too large ( > 2 gigs)
Fix: IMAP dying on certain messages
Fix: Fixed some tellmail commands that were not working properly (add_user, delete_user etc)
Fix: Problems with user admin buttons not working.
Fix: Friends release didn't move messages to inbox.
Fix: Improved stability
Fix: stopped displaying full paths for various file errors (thanks to www.exploitlabs.com)
Fix: Improved speed for systems with large amount of domains
+: added support for #include's in surgemail.ini - won't be able to use webadmin for saving changes however.
+: IMAP4 UIDPLUS extension added (rfc2359)
+: g_mfilter_skip_ip <ip> skips mfilter for messages coming from selected ip's
+: added support for x-receiver headers for g_spool_path
+: Added DSN's
+: tellmail suspend - stops surgemail from delivery mail, just queues it.
+: tellmail resume - tells surgemail to start delivering mail again after a suspend command has been issued.
+: Surgemail performance counter (and windows perfmon system counter) history graphing
+: Webmail version 3.1g (includes security fix)

SurgeMail 2.0a2 21-May-2004

Fix(2.0a2): Friends messages contained bad header (broken 2.0a)
Fix:(2.0a2): Remote tellmail command using "-host" (broken 1.9b)
Fix: dlist problems with subscribes/unsubscribes not working
Fix: several security issues (not showing full paths on errors etc) (thanks to www.exploitlabs.com)
Fix: patched ssl version to cover security issues in open ssl
Fix: smitecrc was broken in 1.9 builds.
Fix: dlist problems with digests not going out and missing mesages
+: g_spf_domain "domain" - specify the domain to use in spf and srs rewrite responses.
+: g_retry_dns "hours" - retries messages that get a dns error (dns responds but with nothing valid).
Fix: 5xx errors on connect now cause bounce instead of retries.
Fix: setting bounce in mfilter rules now causes a bounce instead of scoring it high.

SurgeMail 1.9b2 19-May-2004.

Fix (1.9b2): smitespam binary only updated to version built 19 May (installer and surgemail binary will still say version 1.9b. Alternatively just run 1.9b build (12 May) and update smitecrc from web admin)
Fix: g_spam_allow now stops lookups for g_badfrom_check
Fix: DNS problems, caused lookups to fail in some cases.
Fix: smite_skip_ip was broken
Fix: Improved stability
Fix: account status's now work for smtp
Fix: SurgeMail could crash while searching for a config setting.
Fix: domain aliases with user aliases were broken.
Fix: SurgeMail wasn't decreasing user license numbers in some circumstances when users were deleted.
Fix: Aspam was being classed as a filter not a spam user access setting, now corrected to use the 'spam' access
Fix: Fixed the infamous "399" tcp errors when unable to connect to other servers, now gives proper reasons.
Fix: Can now set moderator password for lists in the webadmin.
+: g_smtp_max_nolimit <ip> - Ip addresses that don't have max smtp limit applied.
+: list_max <number> - maximum number of lists that can be created for that domain.
+: list_disable <true/false> - disables list creation for that domain.
+: added access_list to dlist, can control who sees particular lists with the "list" command.
+: logging changes, now logs the setting that gave a user permission to relay and if they used smtp auth logs the account they authenticated with.
+: tellmail add_domain <domain> - adds domain to surgemail
+: tellmail add_user <user@domain> <password> - adds user to user database
+: tellmail add_user_alias <user> <alias> - adds an alias for the specified user
+: tellmail delete_user_alias <user> <alias> - deletes an alias for the specified user.
+: g_orbs_list will now use the stamp as the rejection message in deny mode.

SurgeMail 1.8g3 25-March-2004

Spool path allowing SurgeMail to send dropped files as email (g_spool_path)
New settings (g_delete_user_mode, g_user_alias_file)
SurgePlus calendar and filesharing (fully functional but still beta)
Fix: Memory corruption bug causing sporadic random crashes on SSL conections
Fix: Vpipe restart bug on timeout
Fix: Further fix to new na_exceptions web page
Fix: Minor memory leak
Fix: Proxy mode fix
Fix (1.8g2): WebMail autologin fix for non default vdomains using custom quick login method
Fix (1.8g2): Alias creation bug
Fix (1.8g3): Hopefully final fix to WebMail autologin. (Rolled back logic to that of previous release builds)
Fix (1.8g3): Reports page broken on UNIX systems
Fix (1.8g3): Bug in SurgePlus that could sporadically crash SurgeMail on display of SurgePlus web page

For updates prior to 1.8g3 see the older surgemail change history page.


Search website:

Help Index