SurgeMail Change History - Detailed!
Note: For documentation on changes related to SurgeWeb and
documentation on all individual specials / beta / release builds
see: SurgeWeb Change History.
If you find a bug please report it to firstname.lastname@example.org.
SurgeMail 7.3f Features
- 7.3f-17 Improved default for g_send_helo to prevent CBL/RBL
issues. Removed requirement for g_mirror_config setting on
slave. Added dlist setting "check_spf true" to enforce spf
checks before allowing a member to send to a list.
- 7.3f-13 Cleaned up tellmail mirror_status output so it's easy
to see progress of a resync.
- 7.3f-8 Added two factor authentication, enable with
g_pass_twofactor "true" (not yet implemented in surgeweb).
Users enable this feature via user.cgi password setting
page. The google authentication app available on IOS and
Android is then needed to login.
- 7.3f-7 Added days setting to user settable cleanup options for
inbox and sent folders.
- 7.3f-3 Updated pstat.dat to pstat.v6 to support ipv6
- 7.3f-2 Added g_recover_noquestions setting to remove password
reset questions, instead the password recover email address is a
SurgeMail 7.3f Bug fixes.
- 7.3f-18 Fixed 'upload chain file' to append it to the
surge_cert.pem file (after removing any other chain
- 7.3f-17 Fixed fault in forgot password code.
- 7.3f-16 Fixed issue with rename_user updating mirror when
renaming between domains.
- 7.3f-14 Fixed DKIM signing issue with multi line from
headers. Fixed tellmail rename_user command which failed
if the original domain was not the primary domain.
- 7.3f-12 Fixed bug in g_imap_inactive_free.
- 7.3f-11 experiment with removing dkim mutex.
- 7.3f-10 Fixed bug in tcp code related to gethostbyname
- 7.3f-9 Fixed some xss issues.
- 7.3f-8 Improved mirror/imap burst handling for systems where
users login to both systems at the same time.
- 7.3f-6 Fixed g_imap_search_index so it corrects finds utf
encoded strings. Fixed email notify settings to allow a
list of addresses.
- 7.3f-5 Fixed fault in legal archive retrieval if domain was
defined as mixed case in surgemail.ini. Fixed random named log
files appearing related to surgevault. Removed some logging from
ex_auth to avoid any possible deadlocks. Removed
some logging from myssl.c to avoid mutex locks.
- 7.3f-4 smgr_cmd_search strcpy/strcat fixes. Fixed default
ciphers g_ssl_perfect and disabled sslv3 for
g_ssl_perfect. Fix surgemail.ini line length issue for
settings over 500 characters, limit is now 900 chars for most
- 7.3f-3 Tightened up checks for tellmail delete_user so it will
fail if the domain is not found rather than choosing the default
----- SurgeMail 7.3e Beta build.
SurgeMail 7.3d Features
- 7.3d-33 New setting g_friends_local_match "true" which
prevents friend matches for some common forgeries where from/to
are both local domains but the spf sender is not local.
- 7.3d-23 Clarified spam log entries so initial entry is
'UNDECIDED' rather than 'ALLOWED' for non friends. Added
QNUM to the log entries. Added g_ban_From to msg*.rec log
entries, bounced the default tcp queue length on linux from 25
- 7.3d-22 Added domain admin bulk account creation/modification
in the admin tool. See 'bulk' tab after logging into
user.cgi as a domain admin.
- 7.3d-21 Added DES/CBC3 ciphers back again :-)... If you
really want to break windows XP users using outlook, then add
this setting. g_ssl_disable_des "TRUE"
- 7.3d-20 Added email warning when thread limit is approached
and automatic saving of details to status.threads file.
- 7.3d-19 Added setting g_quota_notrash "true", if set, this
means the 'Trash' folder does not count against the users
quota. Use tellmail quota_resetall after changing this
setting. This can make it easier for users to understand
quota handling. g_expire_trash "true" should probably be
used as well.
- 7.3d-18 Added G_DELIVER_ROBOT, this can be used to run a
script at delivery time. e.g. "c:\surgemail\test.exe $FILE$ $TO$
$FROM$" the two variables are replaced with the file that can be
modified/rewritten and the recipient's email address.
- 7.3d-17 Added setting g_notlocal, if enabled then if a message
is from a local domain but is not an authenticated user or spf
pass then the subject is prefixed with [UnTrusted Origin], this
can help to alert users of forgeries.
- 7.3d-17 Added setting g_status_login "true", this modifies the
spam status message handling so that users must login (once per
session) to perform actions, e.g. release or view
messages. This 'may' prevent google from miss classifying
user.cgi and report.cgi urls as unsafe.
- 7.3d-13 Renaming a user now attempts to rename the users
directory rather than copying it (much faster). Also improved to
work with mirror correctly. Added nwauth_mod to account
interface to simplify programmatically modifying user fields.
- 7.3d-12 Added G_ACCESS_WEBONLY "webonly", to limit some users
who are in the 'webonly' group to surgeweb (no imap or pop).
- 7.3d-9 Added g_mirror_resync_inbox and g_mirror_lock, these
settings should be used if you are using automatic load sharing
between master/mirror (which we don't recommend :-).
- 7.3d-8 Removed user level aliases.txt files, the domuser.dat
file is now used in all situations for user level aliases.
- 7.3d-4 To address obscure DOS issuse, reduced HTTP header read
timeouts to 1/3 of g_web_timeout, and reduced g_web_timeout from
3 minutes to 30 seconds.
- Note: DES CBC3 ciphers were removed prior to this build, if
you have trouble with old versions of outlook/xp then upgrade to
SurgeMail 7.3d Bugs
- 7.3d-34 Fixed compiler warnings... :-)
- 7.3d-33 Fixed issue with surbl code extracting a subset of the
real domain name by mistake. e.g. xyz-int.com -->
- 7.3d-31 Fixed bug related to users with '_' in the name, in
the web admin interface.
- 7.3d-30 Fixed issue where ssl fails to load if surge_chain.pem
exists but doesn't contain the correct certificate even when
surge_cert.pem does. Note the surge_chain.pem file should never
be used except for letsencrypt. In reality the chain must
always be prefixed by the real certificate, and this should be
done in surge_cert.pem file. Sometimes your Registrar will
provide what they call a chain file. But that must be appended
to your certificate file and cannot be used by itself.
- 7.3d-25 Made imap channel data counter a double int to avoid
- 7.3d-24 Added g_access_surgeweb setting, if enabled surgeweb
access obeys g_access rules based on client's address, if not
set then it uses the surgeweb servers ip address. This
restores the behavior to what it was prior to 7.2f4 which
follows our policy of avoiding changes that modify existing
behavior even in obscure ways - as this makes upgrades much
- 7.3D-23 Fixed dns caching for mx lookups.
- 7.3d-22 Increased max spam messages searchable in the friend
pending list from 10,000 to 30,000.
- 7.3d-21 Fixed issues with admin tool showing user.cgi info and
allow link (related to 7.3d-17 feature). Fixed all mirror
resync commands to all send the same misc top level config
- 7.3d-17 Archive and Status html message viewing was previously
disabled to avoid a google classification issue, this didn't
help so we have enabled viewing again. For earlier builds
set G_STATUS_VIEW_HTML "true" to fix this issue. (so in
all cases, set that setting)
- 7.3d-16 Tightened url handling for report.cgi. Fixed handing
of surge_chain.pem (so it works :-). For earlier versions
place the chain certs at the end of surge_cert.pem. If
both files exist surge_chain.pem will be used instead so make
sure that is up to date (if it exists).
- 7.3d-15 Fixed bug in imap handling of ranges whereby it would
respond with the last message in the folder if the range was
outside the range of messages that exist. This could
confuse the thunderbird email client and result in a message
that couldn't be deleted.
- 7.3d-14 Fixed fault with uidnext not updating in all cases
when g_imap_status_stored enabled, fault introduced in 6.9,
symptoms would include some email clients not showing new
messages reliably until checking email with another email
- 7.3d-12 Note only: Due to a bug in the latest Centos 7 Kernal
you may need to remove the 'ulimit' command from
- 7.3d-12 Fixed mirroring bug if g_recycling is used, introduced
in 7.2f-12 (when recycling was added). Added G_ACCESS_WEBONLY
"webonly", to limit some users to only 'web' access (no imap or
- 7.3d-11 Fixed rare crashing bug in mirror decoding.
- 7.3d-10 Fixed crashing bug introduced in 7.3d-6 to fix handle
- 7.3d-9 Possible obscure/rare user cache entry crash fix.
- 7.3d-8 Corrected nwauth issue in 7.3c beta.
- 7.3d-7 Added setting to enable secure flag for all ssl
cookies. Corrected letsencrypt path construction for systems
with surgemail in non standard folder.
- 7.3d-6 Tightened up rules for matching cgi prefix in madmin
for domadmin and user cgi's. Fixed file handle leak if ssl
certificates miss configured.
- 7.3d-5 Fixed multi line manager settings for non default
SurgeMail 7.3b Features
SurgeMail 7.3b Bugs
- 7.3b-3 Simplified about_mail.htm to avoid triggering weird
warnings in google.
SurgeMail 7.2m Features
- 7.2m-10 Modified urls for spam status report and view message
to narrow affects of google phishing false positives. Also
disabled html view by default due to remote risks of phishing.
SurgeMail 7.2m Bug Fixes
- 7.2m-11 Fixed manager_username setting to work if on multiple
- 7.2m-9 Fixed critical user.cgi bug with non default
domains introduced in version 7.2m-4
- 7.2m-6 Improved g_virus_rename to handle some other mime
- 7.2m-5 Fixed mutex deadlock with misc/vini mutexes.
- 7.2m-4 Fixed mutex deadlock and improved deadlock detection.
Improved performance with large number of domains. Minor
change to virus scanning in case file briefly locked.
Improved handling of G_SPAM_USER_MAX and user level send max so
the user level takes precedence.
SurgeMail 7.2j Features
- 7.2j-17 Added g_friends_cleanup setting, which if enabled will
over time trim friend.lst files that contains more than 10,000
entries to the ones actually used by the user.
- 7.2j-15 Implemented Proxy TCP protocol version 1 (not version
2) for smtp,imap,pop, use the setting g_tcp_proxy_ip "22.214.171.124",
- 7.2j-14 Stopped virus scanning of internal msgs. Auto
create recycling root folder. Ignore drafts folder for
- 7.2j-14 Removed recent cipher addition from g_ssl_perfect
as this creates outlook issues, if desired add it using
- 7.2j-13 Autodiscover/autoconfig for email clients (outlook,
thunderbird, IOS) https://netwinsite.com/surgemail/help/autodiscover.htm
- 7.2j-12 Added basic functionality of policy.dat feature, full
UI will be added in a later build.
- 7.2j-11 Added domain level sent_store setting
- 7.2j-7 Added setting to prevent user copying messages from
Trash folder to Trash folder (or case variants).
- 7.2j-6 Added IPV6 country code handling.
- 7.2j-5 Added simple user level setting to auto archive
inbox/sent folders to keep email tidy.
SurgeMail 7.2j Bug fixes
- 7.2j-19 Cleaned up xcmd status information.
- 7.2j-18 Improved spam_block handling to block from,return path
- 7.2j-17 Fixed issue with friend_pending messages being sent to
recycling folder when deleted.
- 7.2j-16 Improved g_webmail_secret handling so it will work if
not set (but should be set still).
- 7.2j-12 Fixed from_rewrite so it will work with a wildcard
list of the form *@a.com,!email@example.com
- 7.2j-10 Made g_sf_list work correctly if g_sf_binary is not
- 7.2j-9 Fixed issue with slow mail processing of messages
containing many attachments on systems using do_not_run virus
scanning method. This fault could cause duplicate messages! Also
improved logging to detect similar issues in future.
- 7.2j-8 Added !DES-CBC3-SHA to g_ssl_perfect cipher
rules. Improved the code to ignore bad login guessing of
- 7.2j-7 Fixed memory leak in feat.c if train folders empty but
- 7.2j-5 Fixed default ssl context if ssl_pop_domain is defined
and points to an invalid domain it was defaulting to the last
rather than first domain.
- 7.2j-4 Made spam folder comparison case insensitive so notspam
button will move messages even if folder has wrong name.
- 7.2j-3 Made password retrieval questions case insensitive.
Removed extra questions for existing password when not needed.
- 7.2j-2 Fixed fault with G_SMITE_SKIP_FROM so it now applies to
the header as well as the envelope From.
- 7.2j-1 Fixed bug with confirm emails (when g_friends_byemail
SurgeMail 7.2i Release candidate.
SurgeMail 7.2h Features
- 7.2h-5 Added setting G_DLIST_ONE, to prevent a message being
sent to a mailing list 'and' another address.
- 7.2h-4 New settings skips late forwarding feature for local
addresses: g_late_skiplocal "true"
- 7.2h-3 Added sf_rules.txt to allow for fine tuning of spam
handling. Enabled with setting: g_sf_rules "true", not
- 7.2h-2 Added 'upload private file' to SSL upload page.
- 7.2h-2 Spam handling tuning. Moving a message from spam
to inbox now removes blacklist entries.
SurgeMail 7.2h Bugs/Fixes.
- 7.2h-5 Change virus scanning so it doesn't try and scan the
raw msg body by default.
- 7.2h-4 Fixed issue with surgeweb logins requiring SSL
incorrectly due to change in IP address handling for surgeweb
- 7.2h-3 Made g_friends_obey_spf only apply to local domains.
- 7.2h-2 Fixed SSL certificate upload page so you can choose
which domain the certificate is for, doh!. In the mean
time copy to the ssl/domain.name folder manually.
- 7.2h-3 Reversed 7.2f-19 spam scoring changes.
SurgeMail 7.2f Features (fixes in separeate list below)
- 7.2f-19 Implemented Outlook plugin for POP3 users who still
wish to train the server easily (IMAP users can just move the
message to the spam folder), two buttons are added to the 'home'
menu. See https://netwinsite.com/surgemail/help/outlook.htm
- 7.2f-17 Modified G_SPAM_STATUS_HOUR so it now allows a list of
hours, e.g. "9,10,12,15,17"
- 7.2f-12 Added undelete feature to cope with users who
accidentally delete messages (or entire folders). When messages
are purged from imap folders (excluding the trash) the message
is moved to a separate user level readonly folder (-System
Recycling-), and stays their for g_undelete_life days. Messages
can be restored by copying them from this folder using any
normal imap client.
In some cases users will not wish to have this folder visible,
in which case use the group setting to restrict visibility, the
default is all users can see it.
Enable with these settings:
(Optional, not normally needed settings)
g_recycling_visible "staff" # Allows members of
group 'staff' to see the System Recycling folders (without this
setting, all users can see the folders, with this setting, ONLY
members of that group will see these folders)
g_recycling_del "staff" # Allows members of
'staff' to delete messages from the System Recycling folders
(not normally recommended)
Note: this will use additional disk space that doesn't count for
the users quota. On most systems this extra disk usage
will be insignificant, e.g. 5%.
Note: Normally the visible and del settings are not required,
but may be useful if users complain about being able to see
'deleted' messages, or about not being able to fully delete
deleted messages. One could imagine if a user has been
having secret discussions they might wish to be able to delete
'all' evidence visible from the email client at least.
Normally this should not be permitted as it allows a hacker to
delete the backup of a users email which is one of the reasons
for having this feature!
- 7.2f-9 Added G_SPAM_ALLBAD to improve handling of simple
repetitive spam if a specific user has trained a message and the
from/to/ip remains the same.
- 7.2f-8 Added g_imap_folder setting to specify common use
folders for IMAP LIST exension, this setting just names the
folders so Imap client's can use the correct/common folder name.
It doesn't have any operational meaning. Typical settings to
g_imap_folder name="Spam" type="Junk"
g_imap_folder name="Sent" type="Sent"
g_imap_folder name="Drafts" type="Drafts"
g_imap_folder name="Trash" type="Trash"
- 7.2f-5 Added g_friends_autodom to auto whitelist domain/ip
pairs for all users.
SurgeMail 7.2f Fixes
- 7.2f-19 Adjusted spam scoring slightly. (spf is now not a
limiting factor on the score)
- 7.2f-18 Improved cached imap part handling to ensure it is
reliable. Fixed G_SPAM_ALLBAD crash bug. Made portforce prevent
login attempts on smtp.
- 7.2f-16 Fixed create 'CSR' page so it does not replace the
certificate file. Added buttons to allow replacing the
private and certificate files if wanted.
- 7.2f-15 Fixed G_FRIENDS_OBEY_SPF also consider the default spf
if there is no real spf entry for the sending domain.
- 7.2f-7 Fixed relay bug introduced in 7.2f-5 build. Added
error if old_pophost_always and nodelete are both set (only
valid for imap settings)
- 7.2f-6 Slightly increased spam score if verybad and good
scores both present...
- 7.2f-4 Auto define g_webmail_secret, and changed surgeweb to
log ip address of user.
- 7.2f-3 Fixed authent corruption issue in netauth_update_user
code. Improved logging of deleted messages.
- 7.2f-2 Fixed issue with x-spamdetect header in filter
exception rules. Also added popfetch page to admin gui.
- Made g_user_send_max apply if group is missing (should be set
SurgeMail 7.2e Release build.
Surgemail 7.2d Features
- 7.2d-17 Added g_virus_cloud setting to enable cloud scanning
(primarily for use on smaller systems using clamav, note that
this setting does send the samples over the internet so may not
be appropriate in all situations).
- 7.2d-16 Improvements to virus handling to allow easy
integration with your choice of system level virus scanners
(Windows Defender and ClamAV etc). Legacy support for
avast will continue for 12 months but we recommend using the new
virus config page to change to one of the above scanners after
updating surgemail. Avast support is being phased out due to
multiple long standing support/performance issues and tests that
show we can achieve better results with system provided scanners
and other new features.
- 7.2d-10 Added more letsencrypt support. Setting
g_letsencrypt to define the path to the certificates (which are
auto coppied and loaded once a day), the domain name is
automatically added so one global setting is sufficient.
tellmail letsencrypt command added, to generate sample commands
to generate certificates. See
- 7.2d-10 Added email based password reset handling. Users
can define a recovery email address, and then request a reset
link via that email account when trying to login. tellmail
question_reminders modified to send to users who have no
password recovery questions or recovery email defined. user.cgi
user settings modified to allow users to define their recovery
email. Add this entry to allow users to do this:
g_authent_info name="Password Recovery"
and ensure your user database supports that field (nwauth does
- 7.2d-9 Added tellmail question_reminders to send emails to
users who have not configured their password recovery
questions. This command should be run once a year or
so. It will send to all users found in the user database
(that have not already configured the questions). The template
file question_reminder.eml will be used (or created) if it
doesn't exist, use this variable inside the template for
the usercgi url: ||user_url||
- 7.2d-5 Added g_hacker_days to adjust the time that ip
addresses are locked out for, the default was 7 and is now 30.
- 7.2d-2 Added/fixed g_authent_enforce setting (not recommended)
- Added support for 64 bit build on windows.
Surgemail 7.2d Fixes
- 7.2d-19 Modified crash handling to prevent deadlock. Added
- 7.2d-18 bug fix g_smtp_noauth wasn't showing correct log
- 7.2d-15 Fixed issue with imap idle command on mirror not
seeing new messages immediately.
- 7.2d-14 Minor fix to imail_inherit
- 7.2d-13 Fixed rare nwauth race condition on unix which could
miss an update from the master occasionally. Issue tellmail
resync_nwauth on master to ensure authent matches on the
- 7.2d-12 Minor fixes to bind'ing to incoming ip address for
bounces etc if g_bind_incoming used
- 7.2d-11 Fixed mapping of url to vdomain where multiple
vdomains have the same matching vdomain ip address but only one
matches the url.
- 7.2d-8 Fixed fault with imap literal decoding if more than one
sent by client in a single command.
- 7.2d-6 Made tellmail ssl_reload create new domain certificates
without needing a restart. Reduce burst logging if uid
- 7.2d-4 atrest fixes, added clear logging for responder not
responding to msg.log. Added spam settings changes to security
- 7.2d-3 Fixed crash in atrest feature.
- 7.2d-1 Changes required for 64bit vs12 build.
Some general corrections for time_t usage. Fixed
windows backtrace code.
- If using windows 64bit build and avast then you will need to
use the avastpipe external module, like this:
Extract this file and place in surgemail
And restart surgemail
In surgemail.ini set:
g_virus_filter cmd="avastpipe" type="" (add)
g_virus_avast "false" (change from true to false)
Surgemail 7.2c - Tagged build
- 7.2b-15 Minor change to avoid repeated quota warning messages
when user is at 80% usage. Added g_spf_enforce_real setting,
this enforces spf behaviour strictly for domains that have a
strong spf rule. Also note G_DOMAIN_TEMPLATES was enhanced to
work with normal pages in www folder.
- 7.2b-14 Added g_safe_warning which alerts users when they
login from a new location. It also obeys the whitelists
g_safe_white and g_safe_country so you can limit it to only warn
about logins from outside your own country.
- 7.2b-13 Added G_CREATE_APPLY_ADMIN, fixed crashing issue in
new calendar features.
- 7.2b-12 Fixed bug in imap Move extension when used with
mirroring, it was not correctly expunging the files on the
mirror, also quota was incorrectly handled.
- 7.2b-11 Fixed crash in save user settings introduced in
- 7.2b-10 Added setting(s) to allow spf to over-rule friends
more cleanly: Use g_spf_nofriend "true" g_friends_obey_spf
"true" and possibly g_known_skip "true"
- 7.2b-9 Added domain setting suspend_incoming to temporarily
block incoming email to a domain while moving it etc... (also
use the suspend setting to block logins)
- 7.2b-8 Fixed handling of obsolete ssl settings, and cleaned up
wweb.log issue with url admin requests. Corrected stopped
spf/srs rewriting for surgewall domains. Added handling of
- 7.2b-7 Added g_imap_search_text, fixed smtp_from_ip to ignore
- 7.2b-6 Added sha2 support to nwauth, add command line switch
-sha2 in g_authent_process setting to enable. Also requires
- 7.2b-5 Added g_country_login and related settings to block all
logins from outside your geographic region, e.g.
"us,nz,au" ideal for smaller systems where most users are
local. Use g_country_allow to list users that are
travelling... Added auth plain to gateway login mechanisms.
Fixed cpu loop in rare web requests.
- 7.2b-4 Improved tellmail ssl_reload and certificate handling
code, and added error messges to the ssl certificate form. Added
setting g_msg_nodup which can prevent duplicates when a message
is sent to a user directly and via a mailing list.
- 7.2b-3 Fixed log entries for user filters to log the
- 7.2b-2 Split g_ssl_ciphers,g_ssl_ciphers_web and
g_ssl_disable,g_ssl_disable_web to adjust protocol and ciphers
for web separately, this can be necessary if your security
experts want a crazy subset of ciphers or protocols for web
access, but that set won't work for older mail servers and email
clients. Also moved the individual settings g_ssl_disable* to
g_ssl_disable setting that takes a simple list of the protocols
to disable: tlsv1,tlsv1_1,tlsv1_2,sslv2,sslv3, if the _web
versions are not defined then the non _web setting is used as a
default. The g_ssl_disable setting over-rides the older
style individual settings g_ssl_disable_sslv2 etc...
Surgemail 7.2a Beta release 1 June 2016 -- Upgraded to Release
7.1f-56 fixed duplicates when message is moved from spam
folder to inbox.
7.1f-55 nwauth/sync issues completed. Special thanks
Gal Goldshtein for his assistance identifying
cross scripting and other related issues.
nwauth 4.2m performance improvements.
7.1f-54 Fixes to nwauth syncing sequence in mirrors.
7.1f-53 Fixed issue with frame_page, fixed rare crash in
main_thread_store(), added tellmail commands set_global,
show_global, set_domain, show_domain.
7.1f-49 Fixed dkim issue with headers in unusual order.e
Sent folder if the g_sent_store "Sent" setting is used and
then the email client also appends a message44 Fixed issue
with long dns packets for spf.
- 7.1f-48 documented how to use LetsEncrypt with surgemail
- 7.1f-47 added g_mirror_others setting to mirror to a third or
more servers, for more just list the other servers in this
setting. This setting is experimental.
Adjusted breakin detection table size to allow for larger
windows. Undocumented recent fix for attachments in encrypt
- 7.1f-46 added .01 whitelist scoring for sf_mfilter.txt
- 7.1f-45 Added g_sent_nodup which makes surgemail try and avoid
duplicate messages in the Sent folder if the g_sent_store "Sent"
setting is used and then the email client also appends a
message44 Fixed issue with long dns packets for spf.
- 7.1f-43 Adding g_tarpit_skip_from and g_friends_obey_spf
- 7.1f-42 Fixes for search_body and added g_tarpit_skip and
- 7.1f-41 Fixed g_header_strip if used with multi line headers.
- 7.1f-40 Fixed bug in g_imap_search_body causing multiple
incorrect matches. Delete 'cindex' folder for each user
after updating to fully correct.
- 7.1f-39 Fixed timeout in g_imap_search_body which resulted in
- 7.1f-38 Fixed fault in g_imap_search_body index building.
- 7.1f-36 Added g_virus_simple_skip and
- 7.1f-35 Added g_virus_rename_skip and
g_virus_rename_skipauth. Fixed la_view_nnn.tmp files being
- 7.1f-34 Fixed creating of na_1_nnn.tmp files being left
- 7.1f-33 Fixed imap issue reading specific length long header
- 7.1f-29 Fixed crash in cimap_stats logging of slow events due
to cmdline1 being freed in some situations.
- 7.1f-27 Fix for fakemid handling.
- 7.1f-26 Added g_mirror_live as recommended setting, fixed url
encoding in legal archive view links (and other places)
- 7.1f-25 Improved mailbox quota warning messages.
- 7.1f-23 Added g_imap_throttle_limit and speed settings to
reduce impact of individual users or faulty clients stuck in a
- 7.1f-22 Added 60 day expiration to bulletins sent using a rule
rather then with the built in interface.
- 7.1f-21 Modified ssl read/write to avoid re-using bad
- 7.1f-20 Added command tellmail la_convert c:\old_archives for
converting old style archives to legal_archive files.
- 7.1f-19 Added migrated.dat to mirror file list.
Made license limit handling smoother.
- 7.1f-17 Added g_queue_all and g_queue_spawn which allows
running a background process on messages before they are sent or
- 7.1f-16 Fixed performance issue in mfilter code on linux
- 7.1f-13 Fixed fakemid storing so it is logged in sent entries
after retry. Added g_imap_move extension
- 7.1f-12 Fixed spf lookups involving cname entries. Reverted
(removed) g_ssl_require_out matching for local domains
- 7.1f-11 Improved dlist mirror syncing. Added g_imap_log_size
- 7.1f-10 Added g_bad_login_dumb to allow it to block local
trusted addresses (good for testing maybe)
- 7.1f-9 Fix for g_route_local_ifexists so it allows
- 7.1f-8 Fix for issue where g_spf_enforce fails for known
addresses. if g_known_skip is true. Added
g_route_local_ifexists to prevent rare open relay situations if
g_route_local is used on well known domains, both settings are
needed. With this setting relaying only occurs if the
destination user exists locally too.
- 7.1f-7 Added g_footer_skipfound which can be used to allow
users to send a specific footer instead of a general one.
It should be set to something that is in the specific footer.
g_footer_notfound must also be set to "true"
- 7.1f-6 Added setting to allow a script to be run to convert
attachments, see example below
- 7.1f-5 Adjusted g_imap_idle_free behaviour to respond quickly
for the first 10 seconds for outlook as it uses it instead of
'noop'. (Fixes slow 'sync folders')
- 7.1f-4 Made surgemail read dwatch_path from dlist.ini to match
- 7.1f-2 Modified avast mutex handling. Fix for large keep
setting on g_archive. Added wsj exception to forgeme.
7.1f-6 attachment conversion feature:
First install the utility to do the conversion, for this example
we will convert 'tiff' images to 'pdf' files using the imagemagic
utility, install it
(available windows and linux)
Then find the path to the 'convert' binary you have installed,
test it works manually to convert a sample tiff file, then add a
setting to surgemail:
- g_attach_convert to="" from="" subject="" files="*.tif*"
On linux you might use 'tiff2pdf' instead,
apt-get install libtiff-tools
Create a script cvt.sh in the surgemail folder:
tiff2pdf $1 -o $2
Then add the setting:
g_attach_convert to="" from="" subject=""
7.1e - release candidate3
- 7.1d-6 Fixed imap_idle free handling under load.
- 7.1d-5 Added some logging for imap idle handling.
- 7.1d-2 fixed g_imap_search_index again :-) (new imap load
shown with tellmail erec_show)
- 7.1d-3 added simple form to add/remove users from a mailing
list: see web/dlist_subscribe.htm for example code
- 7.1d-4 added more legal archive security log entries.
- 7.1b-8 Tweaked sanity checks for nodots feature.
- 7.1b-7 Fixed bug in zip encoding of multiple attachments for
surgevault if old files left hanging. Fixed two faults in
zip_add() code too.
- 7.1b-6 Corrected mutex timeout from 26 seconds back to the
normal 3 minutes. (Faulty time was only in 7.1b-5 builds)
- 7.1b-5 Made mutex handling more resilient to system freezes.
Split imap chanels into busy and idle in status output and added
kb/sec. Added some mzip logging.
- 7.1b-4 Added some logging for mzip issue.
- 7.1b-3 Fixed performance issue related to new
- 7.1b-1 Cleaned up avast startup delays. Fixed
Avast restart bug. Added g_ssl_ciphers_add for more ciphers if
your current list exceeds 800 bytes (unlikely)
Surgemail 7.1a Beta
- 7.0f-21 Changed mfilter.rul re-write to be 'soft link'
- 7.0f-20 Fixed memory leak in png handling for large images.
- 7.0f-16 Fixed fault with dlist/lists.dat not mirroring
properly in some situations which could result in new lists
vanishing from the file.
- 7.0f-15 Fixed missing mutex handling on rarely used zip
code. Improved logging of fwd events.
- 7.0f-14 Added correct locking to imap search indexes.
- 7.0f-13 Improved g_bad_login errors to include command
tellmail nblogin_clear, and to prevent blocking logins on an ip
address with good history. Imrproved imap index to correctly
cope with headers covering more than 2 lines.
- 7.0f-12 Added g_imap_search_body setting, to accellerate imap
search responses for large folders, there is a storage impact
for this setting, but it only indexes folders that are searched.
- 7.0f-11 Fixed memory leak in thumbnail images.
- 7.0f-9 Added index option for imap search commands, enable
with: G_IMAP_SEARCH_INDEX "true", this should improve
search times for the following items: from,to,subject,message-id
- 7.0f-8 Made 'delete_contains' case insensitive. Fixed
another imap issues introduced in 7.0f-6, Disabled avast
scan during avast update to prevent timeouts.
- 7.0f-7 Fixed imap search bug introduced in 7.0f-6
- 7.0f-6 Fixed memory issue with complex imap commands.
- 7.0f-5 Added code to track imap memory issue. Adjusted
handling of timeout in imap folder read to prevent crash.
- 7.0f-4 Fixed fault in nwauth/cram_md5 on osx_intel builds,
fixed loop in user_auto_always setting...
- 7.0f-3 Fixed surgeweb sig crash. Added g_crash_nomini
setting to disable minidump on windows (may be useful if crash
- 7.0f-2 Added setting g_restart_malloc, can be used to force
restart, setting is in 'mb's g_safe_country "us,nz,au" to allow
whitelisting smtp logins from relatively safe regions.
SurgeMail 7.0e - Beta
- 7.0d-9 Allowed cookie files in mirroring.
- 7.0d-8 Added malloc check for massive allocations, and
implemented g_restart_vmsize for osx.
- 7.0d-7 Made g_timezone_force work with fractions for timezones
that are offset by 30 minutes.
- 7.0d-6 Fixed bug with multiple recipients and quota exceeded
on one account resulting in repeated deliveries.
- 7.0d-5 Added g_from_ok and g_rcpt_ok over-rides for invalid
addresses, fixed g_max_bad_to response so it's always sent.
- 7.0d-4 Fixed tellmail binary crash on solaris x86 systems.
- 7.0d-3 Fixed license key handling for dates after 2019.
- 7.0d-2 Fixed bug in popfetch related to encoded messages.
- 7.0d-2 Fixed minor memory leak in thumbnail images in
- 7.0d-2 Fixed date handling for timezones with 1/2 hour
- 7.0d-2 Minor change to malloc logging.
SurgeMail 7.0c 28-8-2015 New beta
SurgeMail 7.0b 28-8-2015
- 7.0b-8 Fixed logging issue with non users.
- 7.0b-7 g_received_names now accepts wildcards, e.g. *.xyz.com
- 7.0b-6 Fixed issue with g_dkim_sign corrupting headers when
not signing a message for some reason. Fixed
g_allow_passzip_from for linux avast.
- 7.0b-5 Minor fixes for winmail.dat processing.
- 7.0b-2 Added setting g_winmail_fix "true", first you will need
to install the tnef extractor application, on linux use apt-get
install tnef, on windows download from
SurgeMail 7.0a New Release build
6.9d-56 Fixed thread/crashing bug related to
6.9d-53 Corrected issue with calendars disabled by mistake
by removal of extra http methods.
6.9d-52 Removed legacy thread handling code.
6.9d-51 Bug hunting.
6.9d-50 Thread bug again :-)
6.9d-48 More threadlist bugs fixed.
6.9d-47 Fixed threadlist struct bug, and added setting to
enable new spam handling code G_SF_SANITY2 "true"
6.9d-46 Fixed bug in smalloc debugging code. :-)
6.9d-45 Experimenting with new spam settings
(g_spam_bounce_store "true" which stores rejected spam in
Spam_Rejected folder, to enable just set the obsolete setting
per use to bounce email above a level of 14 for
g_spam_bounce). Trying adding:
!ADH-AES128-GCM-SHA256:!ADH-AES256-GCM-SHA384 to remove anon
6.9d-44 add !ADH to cipher to remove any anonymous ciphers.
6.9d-43 Fixed slow memory leak in lib_email_getheaders
function usage. Fixed thread issue related to main_thread_run
Note: g_ssl_ciphers now 'over-rides' g_ssl_perfect default
ciphers, if you set the cipher list manually, then we assume
you intended to! :-), added g_imap_status_stored to
recommended settings, minor change to lang guess handling, new
ssl libraries on most platforms.
6.9d-42 Testing new cipher suite:
6.9d-41 Added support for the spamhaus.net domain rbl (note
this is a paid service not a free one and you would need
to get 'YUURCODE' to use it, in general the normal surbl
settings should be quite sufficient)
6.9d-40 Fixed imap unseen counts when g_imap_status_stored
setting is used./p>
6.9d-39 Fixed fault with VmSize on linux 64bit showing silly
numbers due to linux/malloc/thread handling issue - this may
improve performance on linux and or reduce memory usage.
Made g_log_user work for ip addresses for smtp sessions.
Fixed bug in g_virus_simple_zip and added dmalloc debugging to
rest of zlib calls.
6.9d-38 added exceptions for safe_smtp for
6.9d-37 re enabled G_RENAME_CONTENT a valid setting would be
"*application*zip*" only settings that contain the word
"application" will work!!!
6.9d-36 Added g_ssl_disable_tlsv1_1 and
g_ssl_disable_tlsv1_2, not recommended.
6.9d-35 Added setting g_restart_vmsize which can be used to
auto restart surgemail if/when it's leaking memory, it's not
normally needed. A typical value for this steting might
be g_restart_vmsize "1200", but check the typical usage on
your own system before setting it, a value too low would
result in constant restarts.
6.9d-34 Fixed imap crashing issue, maybe.
- 6.9d-33 Added 90 second startup wait for avast on linux to
avoid cpu issue with timeout on slow startup...
- 6.9d-32 More imap debugging code added to find a fault.
- 6.9d-31 Fixed g_virus_simple_zip so it will not reject zip
files it cannot decode. Possible bug fix for imap crash
introduced in 6.9d-28
- 6.9d-30 Added g_imap_status_stored setting to enable imap
- 6.9d-28 Improved cpu issue with mirror handling.
- 6.9d-27 Fixed handling of g_route so it doesn't apply to
local domains unless g_route_local "true" is set.
Increased imap import timeout to 2 minutes for slow imap
- 6.9d-26 Restored cipher list to:
for g_ssl_perfect setting, this cipher list may not be as
perfect but it is reasonable and seems to allow sufficient
- 6.9d-25 Debugging for aspam issue.
- 6.9d-23 Fixed fault in imap_import loosing message dates.
- 6.9d-22 Fixed fault in G_DNS_BLANK_FAIL handling.
- 6.9d-21 Fixed issue with blog email address giving error while
still working introduced in 6.9d-19.
- 6.9d-20 fixed language guess handling. Improved g_spam_allow
disconnections for smtp sessions. Increased dh param to 2048 and
improved cipher list used with g_ssl_perfect setting to:
- 6.9d-19 responder Improved spam scoring for slightly spammy
- 6.9d-18 Improved spam scoring for slightly spammy
messages. Added security.log and log page for user.cgi and
- 6.9d-18 Main memory leak resolved.
- 6.9d-17 Added g_token_httponly and g_token_secure settings,
may prevent attachments in surgeweb. Also prevents no https
usage. Not good settings for general usage
- 6.9d-17 When user account password changed or suspended any in
progress sessions will be stopped.
- 6.9d-16 Fixed mirroring of loginip.dat data
- 6.9d-14 Fixed cimap_ok bug. Minor memory leaks fixed.
(still leaking memory)
- 6.9d-13 Increased line length limit on status time settings.
- 6.9d-12 Fixed handle leak in la_extract, added auto dump.log
- 6.9d-11 Removed experimental change in sf_train from 6.9d-8,
added more sanity checks to spam score
- 6.9d-10 Added triplet spam mechanism to use good/bad training
- 6.9d-9 Added imap code to remove zero length files that can
confuse email clients.
- 6.9d-8 Adjusted sf_train so it ignores user input for rule
creation for both good and bad, setting g_sf_obey_users reverses
- 6.9d-7 Performance improvement reduced malloc usage.
- 6.9d-5 Added tellmail freq command to generate some malloc
- 6.9d-4 Fix for bug in list_cookies function
- 6.9d-2 Throttled quota warning emails. Fixed
G_FRIENDS_ADD_TRUSTED for multiple recipients.
SurgeMail 6.9c Release Candidate
- 6.9b-8 Fixed fault in surgeweb wash code.
- 6.9b-7 Added imap folder delete logging to msg*.rec, added
memory use/vmsize to crash reports.
- 6.9b-6 smtp/user.c crash issue.
- 6.9b-5 Fixed fault in fallback_force setting handling,
improved handling of bad incoming ssl/smtp sessions.
- 6.9b-4 Logging change.
- 6.9b-3 Fixed memory leak introduced in 6.9a. :-)
- 6.9b-2 Modified order of g_from_allow_to handling to fix minor
SurgeMail 6.9a - Release Candidate
- 6.8h-30 Added some more DOS protection to smtp handling.
- 6.8h-29 Fixed duplicate delivery issue with mirroring and
large messages on windows.
- 6.8h-28 Fixed cpu loop caused by silly range in imap messages
and uid search uid request. Added encrypt_surgeweb_hide
- 6.8h-27 Minor template changes to status at specific times for
log/status reporting form.
- 6.8h-26 Fixed build issue with conflicting variables.
- 6.8h-25 Changed pop/imap file opens on windows to allow
rename/delete from other threads.
- 6.8h-24 Surgeweb index fix again.
- 6.8h-23 Surgeweb index fix continued.
- 6.8h-22 Fixes to surgeweb index handling memory issue.
- 6.8h-21 Made legal archive spam setting also archive messages
before rules move the message.
- 6.8h-20 Fixed bug in proxy handling introduced in version
- 6.8h-18 Fixed possible fault in thread/mutex handling on
- 6.8h-17 Fixed memory leak in surgeweb index handling. Added
ssl_hsts "true" setting, not recommended.
- 6.8h-15 Fixed the new spam hourly reports.
- 6.8h-14 Fixed user level spam hour settings, added
g_bounce_safe and g_quota_before_forward, both of which can help
prevent back scatter. (Use these settings if you get unexplained
- 6.8h-13 Added tellmail command, users_setfield, e.g. to adjust
the quota of all users in domain xyz.com who have a username
starting 'test' to 400mb, you would use:
firstname.lastname@example.org quota 400mb
- 6.8h-12 Added user level spam hour setting to specify when
spam reports should be sent. Added setting so you can make
the legal archive store messages that are classified as
- 6.8h-11 removed caching of fallback mx lookups,
- 6.8h-10 Improved file locking related to friend.lst files.
- 6.8h-9 Fixed tellmail user_setfield, made avast attempt a
second auto restart.
- 6.8h-8 Fixed unintentional change to spam training in 6.8b-6
for systems with g_sf_binary false, and added g_sf_obey_users
(which should not be used normally), fixed missing return-path
for surgevault messages.
- 6.8h-7 Fixed issue with attachments in surgevault containing
odd characters being unreadable.
- 6.8h-6 (Undo 6.8b-4 change) Made sslv3 is no longer disabled
by g_ssl_perfect, unless you set g_ssl_diable_sslv3 specifically
as too many older clients seem to rely on it.
- 6.8h-5 Fixed user.cgi cross script issues.
- 6.8h-4 Fixed tellmail path giving erroneous errors.
(INTRODUCED PROXY BUG fixed in 6.8h-19 )
- 6.8h-2 Fixed missing images for surgevault by copying
www\encrypt folder during install.
- 6.8h-3 Fixed blogs if using g_surgeweb_process true.
- 6.8h-3 Removed extra blank line added when adding mfilter
Surgemail Beta Build 6.8g
- 6.8-f10 ADded g_virus_strangers, and scan of /var/log/messages
on unexpected restarts for 'surgemail' entries.
- 6.8-f9 Recoded imap migration/import so it can be safely
re-used and won't fetch the same items again.
- 6.8-f8 Fixed hang in windows installer on upgrade (the hang
was after the upgrade completes so can be ignored)
- 6.8-f7 Changes to allow OSX/Yosemite launchd startup to work
properly, after upgrading to Yosemite update surgemail to this
version or later, then run:
- 6.8-f6 Fixed logging of 'failed' state, and improved handling
when no 'mx' host returned and 'a' address used.
- 6.8-f5 Fixed fault where settings excluded from mirroring
would be removed if the other server had 'no' matching setting,
the problem did not occur if both servers had 'different'
- 6.8-f4 Made legal archive user level search also show results
for aliases of the user searching.
- 6.8-f3 Improved tellmail path so it does also report if user
account doesn't exist. Also fixed tellmail lookup to correct
host aliases to the real domain name so lookups work.
- 6.8-f2 Improved g_respond_safer to make it more safe :-),
Fixed g_hacker_poison so it correctly applies to smtp login
Surgemail 6.8e Release Candidate
- 6.8d-11 Added setting g_login_log_size
- 6.8d-10 Fixed crash bug caused by tcplib.h erradd
LastBytes added in 6.7c-2
- 6.8d-9 Added *.jar and *.rar to simple virus list, and added
setting to replace the default list of dangerous file
extensions. Made user_status_send ini settings correctly
update when set via the accounts/global/domain spam log page.
- 6.8d-8 Added g_migrate_password and tellmail migrate_password,
useful during migration operations where you need to have a
script login to all existing accounts without knowing their
passwords. The password is not defined in plain text but
by using the tellmail migrate_password command to generate a
- 6.8d-7 Fixed dfopen handle issue with g_surgeweb_process when
- 6.8d-6 Fixed duplicated 'failed' log entries. Made imap max
messages send a manager email when a folder exceeds the built in
limits. Note if you get this warning increasing the limit is
almost certainly the wrong solution :-), it's better for your
system performance to get the user to 'organize' their messages.
- 6.8d-5 Added suspended2 and fallback_mx "true" option.
- 6.8d-4 Added user_exists command to http interface.
- 6.8d-2 Made mdir_copy http interface respond with user unknown
error if account does not exist. Modified g_deny and
g_country to cope with ipv6 prefixed ipv4 addresses.
Surgemail 6.8c Release Candidate...
- 6.8b-6 Made sf_train ignore the 'bad' folder. Added
g_admin_readonly setting, specify system manager accounts that
should only have readonly access to the admin interface. Made
g_ssl_perfect enforce the good list of ciphers, to over-ride
this don't use g_ssl_perfect "true"
- 6.8b-5 Fixed issue with g_surgeweb_process and releasing
- 6.8b-4 Made sslv3 disabled if g_ssl_perfect is true
(this may be causing ssl errors with old clients, we may change)
- 6.8b-3 Added subject to spam verification web page
- 6.8b-2 Fixed new CSR generation...
Google have announced they are accelerating the move from SHA-1
to SHA-256 hashing so from about November chrome may warn users
who visit a website using SHA-1. This probably means you will need
to update any signed certificates used with SurgeMail. Self signed
ones are not an issue (since they already generate warnings :-)
- 6.7f-6 minor fix for g_surgeweb_process if used with
- 6.7f-5 added some logging to resolve mfilter issue
- Added g_ssl_disable_sslv3 "true" setting for poodle ssl issue
- 6.7f-4 netauth mdir_copy will now correctly add files to
- 6.7f-2 Applied g_deny_smtp to surgeweb sessions when sending
- 6.7f-2 Setting to disable SSLv3: g_ssl_disable_sslv3.
- 6.7d-5 Updated image library to fix surgeweb crash issue.
- 6.7d-4 Added debugging to tcp_read_dot error to help diagnose
issues. Added days parameter to netachive_monthly command to
expire a longer period, default 90 days.
- 6.7d-2 Improved legal archive handling so it doesn't lockup
delivery during file transfer to s3
- 6.7d-3 Changed loginip url to default to http, to make https
Surgemail 6.7c Beta Release
- 6.7b-45 Fixed 'created' date so it's set correctly when
accounts are created.
- 6.7b-44 Corrected behaviour of smtp/imap/pop to respond with
'logindisabled' capability to signify when ssl will be required
for logins to work. Made user specific delivery log
work even when friends disabled.
- 6.7b-43 Improved the password reminder code so it would more
reliably send out reminders. (not recommended), template used:
- 6.7b-42 Added created date when accounts created with tellmail
- 6.7b-41 Changed lockout handling so it remembers and shows the
cause, and avoids locking out addresses that have had good
logins in the past.
- 6.7b-40 Fixed crash if message is trained on with
- 6.7b-39 g_rename_content removed as could be easily misused
and do the wrong thing (resulting in corrupt messages).
- 6.7b-38 Added imap auth plain handling for compatibility with
- 6.7b-37 Tweaking ssl takeover handling for some timing issue
with some ssl connections...
- 6.7b-36 Applied g_friends_url to user status reports.
- 6.7b-35 Fixed auto detection of starttls when sending.
- 6.7b-34 Tweaked trace mutex handling so it can't cause
- 6.7b-33 Tweaked spam sanity checks for improved scoring with
- 6.7b-32 Added setting G_RENAME_CONTENT which can be used with
g_rename_files to modify mime types as well, typical setting
would be: "application*zip*" (DISABLED LATER, DO NOT
USE, and NEVER SET TO * !!)
- 6.7b-31 Adjusted g_from settings to permit message if
- 6.7b-30 Added X-Mash header to detect duplicate messages from
- Improved logging in mail.err if/when ssl certificates fail.
Made sure sha256 was always used for CSR requests.
- 6.7b-28 More changes for SurgeWeb in it's own process.
- 6.7b-27 Experimental setting to move surgeweb to a separate
- 6.7b-25 Modified burst behaviour to be more resilient in the
face of rename errors and avoid creating uid gaps.
- 6.7b-24 Fixed g_bounce_paranoid so it obeys g_bounce_to
- 6.7b-23 Made g_user_send_white a multi line setting
- 6.7b-22 tweaked msleep to no less than 20ms in most cases to
avoid strange osx wakeup limits
- 6.7b-21 minor changes to thread comparison and mutex code.
- 6.7b-20 turned dmalloc off again due to performance issue.
- 6.7b-18 turned dmalloc on
- 6.7b-17 Added country information to g_safe_smtp email if
g_country_ip is enabled. Minor change to imap idle thread
- 6.7b-16 Fixed fault in g_hacker_max handling of password
guessing in some situations.
- 6.7b-15 Added setting to give return address for friends
status messages. g_user_status_from.
- 6.7b-14 Minor logging change to friend release to track
- 6.7b-12 Added daily quota limit for encrypted messages, domain
level setting, encrypt_limitsz "100mb"
- 6.7b-11 Memory leaks and change to na_accounts if 'show' field
is set then username field is not used as search field.
- 6.7b-9 Fixed memory leak (only relevant if you had g_dns_disk
"true") introduced in 6.6d-13 approx.
- 6.7b-8 Minor changes to surgevault forms.
- 6.7b-7 Changed wording for attached files in surgevault
- 6.7b-6 Added some info to mutex crash logging.
- 6.7b-5 Set viewed encrypted messages to no cache in
- 6.7b-4 Changed some error responses in surgevault.
- 6.7b-3 Fixed g_breakin_n behaviour.
- 6.7b-2 Fixed legal archive so it can activate without a
usertoken if not previously activated.
SurgeMail Beta Build
- 6.6d-32 fixed g_to_valid to reject empty recipient, added
reason field to g_event_url, made surgevault attachments
download rather than open.
- 6.6d-31 Fixed fault in user_auto_always setting.
- 6.6d-30 New SSL libraries. Fixed change watermark.
- 6.6d-29 Improved security of reset password question
- 6.6d-28 Added setting g_virus_simple_zip "true" if set
surgemail will scan zip files for suspect attachments (.exe,.bat
etc), can be used with g_virus_simple setting to block dangerous
- 6.6d-27 Added domain level setting user_auto_always, this
removes password checking (not for general use!!)
- 6.6d-26 Improved SurgeVault password handling.
- 6.6d-25 Fixed rare divide by zero if time goes back one
- 6.6d-23 Fixed replies in surgevault so they will be encrypted
unless G_ENCRYPT_REPLY_PLAIN is specified.
- *6.6d-20 Made the g_hacker data persistent across restarts,
added g_hacker_passwords to list 'bad' passwords which imply
guessing. e.g. "password, passw0rd, Passw0rd, 12345678"....
- 6.6d-19 Fixed g_dns_noptr issue caused by change in dns lookup
code. Added date range option to search page. Fixed
bad login counts so smtp logins to invalid domains are
counted. Fixed webdav bug.
- 6.6d-18 Fixed vfork performance issue on linux (related to use
of g_spam_cmd), Fixed kids safe mode so it rejects the message.
- 6.6d-16 Fixed possible crash in lprintf in scmd_rcpt_real code
- 6.6d-15 fixed bug created by change in 6.6d-13
- 6.6d-13 Fixed some IO issues with mutex handling for the
mutexes FEAT and LOOKUP.
- 6.6d-12 Added G_FROM_FORCE this can be used to force the From
header for all messages to a particular address. The
reply-to header is added if it doesn't exist with the original
- 6.6d-11 SurgeWeb url code.
- 6.6d-9 Added g_ssl_perfect, if set true then this applies
defaults to the ssl settings that should result in perfect
forward security, it also fixes a problem talking to exchange
2003 over SSL. 2-May-2014
- 6.6d-8 Added domain setting old_pophost_nofetch, can be used
to migrate accounts without fetching messages from a pop server.
- 6.6d-7 Fixed handle leak if sf_binary not fully initialized...
- 6.6d-6 Fixed Android email client issue caused by fix in
6.5b-55 for IOS email client (Ironic).
- 6.6d-5 Fixed webadmin log search so it will abort if the
search button is pressed again.
- 6.6d-4 Fixed problem with domain specific web page templates.
- 6.6d-3 Fixed IMAP/IOS fault added in version 6.6b-13
- 6.6d-2 Fixed crash in imap code.
Surgemail 6.6c New Build for SSL issue. 8-April-2014
- 6.6b-16 OPENSSL bug builds
- 6.6b-15 Minor change to spf handling so whitelisting is
- 6.6b-14 Fixed issue with importing sub folders from lotus
- 6.6b-13 Fixed a rare issue with long lines containing colons
on char 1001 in imap
- 6.6b-12 Improved sanity checks in g_sf_binary
- 6.6b-11 Fixed handling of long header in imap 'envelope' code.
- 6.6b-10 Added support for ECDH and DH based ssl cipher keys.
- 6.6b-9 Experimental build with openssl 1.0.1f libraries for
- 6.6b-8 Fixed so local failures won't cause retry events...
Added sanity checks to g_sf_binary.
- 6.6b-5 Added g_hacker_fwd, if true then if a user sets a
forwarding rule an email alert is sent to the manager (useful as
hackers often set a forwarding rule after breaking into an
account, so this can help identify hacked accounts early on)
- 6.6b-2 Fixed fault with dns lookups returning mx entries in
the wrong order in some situations (where mx priority > 100
and ipv6 enabled)
- 6.6b-3 Reduced chance of mutex issue with m_lookup mutex, and
disabled dns disk cache by default (enable with g_dns_disk
- 6.6b-4 Improved handling of ssl failures on outgoing email, it
should now correctly try non ssl and log failures nicely.
Surgemail 6.6a - Beta build Wed Mar 5 03:55:43 2014
- 6.5b-67 Added "alert' paramter to expire_rule options, if set
to true then the user will receive a log of expired
- 6.5b-66 Added G_SAFE_ALERT "true" if set then the manager is
emailed when a user fails to login due to g_safe_smtp.
Also added an email to the manager when an ip address is locked
out for suspected hacking (enable with g_hacker_alert "true").
- 6.5b-65 Added workaround for bug in Windows Live Mail failing
to recognize messages with NIL imap response to header.fields
- 6.5b-63 Fixed fault with IOS 6.x failing to read entire
messages due to extra blank line in header response introduced
- 6.5b-62 Changed probe to do safe name to ip lookup with
timeout. (to avoid g_thread_max issue)
- 6.5b-61 Added support for return-path in user defined rules
- 6.5b-60 Fixed issue with avast updater changing the cwd due to
- 6.5b-59 Improved handling of no response from myrbl
server. Added lookup url for g_safe_smtp events
- 6.5b-58 Fixed crash in g_from_body_bounce setting.
- 6.5b-57 Made SNI correctly identify the certificate/domain for
- 6.5b-56 Added g_expire_onlyunread, if set then only unread
messages are expired in the inbox.
- 6.5b-55 Improved handling of corrupt messages by imap to not
confuse faulty IOS 7 email client.
- 6.5b-55 Removed code that disables encryption when forwarding
a message (you can restore behaviour with the setting
- 6.5b-54 Fixed fault with popfetch handling messages that
exceed normal line length limits.
- 6.5b-53 Changed behaviour for failing to restart authent
process to crash/restart surgemail (as it may unjam the
- Made checks for duplicate uid's more detailed.
- 6.5b-52 added to badto detection list at data stage.
- 6.5b-52 Added tellmail uid_repair (mailbox path), useful if a
user gets duplicates uid's on a mirror.
- 6.5b-51 Modified g_mirror_repair to only run once per
month on the 15th. (Note for safety, this setting should
be turned off during a hardware failure of the master system)
- 6.5b-50 Added G_QUOTA_550 to change quota exceeded response.
Added popfetch header to identify messages that were fetched,
- 6.5b-49 Increased retry limit on network failures at the data
- 6.5b-48 Added g_imap_inactive_free setting, to reduce imap
thread use when imap clients use 'noop' rather than idle...
- 6.5b-45 Fixed limit on encrypt messages sent per day so it
applies 'per day' instead of 'per restart'...
- 6.5b-44 Added default fallback to ipv4 if 421 response
- 6.5b-43 Added domain level setting ssl_require_login
- 6.5b-42 Increased subject length in received log entry and
removed "Body has arrived"
- 6.5b-41 Fixed 'inbox' path separator set incorrectly in build
- 6.5b-40 Removed 'noinferiors' flag from inbox, it was ignored
by most clients anyway and never enforced.
- 6.5b-39 Added some logging to make it clear which rules causes
encryption of outgoing messages.
- 6.5b-37 Added G_ENCRYPT_NOIP to allow not encrypting messages
relayed by ip. And added code to skip encryption for forwarded
- 6.5b-36 Added G_FILTER_PIPE_HEADERS to re-read headers.
- 6.5b-35 Possible fix in cimap_free code.
- 6.5b-32 Possible fix in cimap_free code.
- 6.5b-31 Fixed rare deadlock in mfilter if report() function
- 6.5b-30 Changed CSR to use SHA256 instead of SHA1
- 6.5b-29 Fixed myrbl array bug. Fixed possible crash in
- 6.5b-28 Added minor logging addition to track mfilter mutex
- 6.5b-27 Changed default 'from' address for internal messages
from g_manager to email@example.com
- 6.5b-26 Fixed issue with friends/spf checking that might fail
if the spam comes from an orbs forwarding/trusted host.
- 6.5B-25 Added no water mark setting, fixed fault in
- 6.4B-24 Fixed rare bug with modifying an access group
corrupting some other settings.
- 6.5b-22 Fixed issue with mirroring /pruning long file paths.
- 6.5b-21 Increased default stack size for misc threads.
- 6.5b-20 Fixed memory leak in imap code, added
- 6.5b-19 Fixed bug with renaming folders in 'mirror'
- 6.5b-18 Made friends bounces apply the g_retry_bounces
- 6.5b-17 Fixed xrealip fault.
- Added g_ssl_honor, when used with a cipher
list this may result in perfect forward encryption (if the
other end supports it)
- 6.5B-16 removed uid log file if greater
- 6.5b-14 Made stack on windows different for
each protocol and added support for larger address space.
- 6.5b-12 Fixed fault with mirroring of
domain level friend.ini and friend.rul on systems with
unmatching mailbox paths.span>
- 6.5b-11 Increased stack size slightly on
- 6.5b-10 Fixed fault with bounces if
noencrypt=true feature in use. Fixed issue with status reports
arriving every second day.
- 6.5b-9 Added surgewall setting
SURGEWALL_SAVEUSERS to save the users as they login to imap
when in surgewall mode.
- 6.5b-8 Added noencrypt=true option to
disable default encryption when useing g_encrypt_smart
- 6.5b-7 Added logging to smtp sessions to
determine cause of disconnection.
- 6.5b-4 Made g_spam_user_badto stop sending
if in the middle of a message to many users when the limit is
exceeded. And added some more logging.
- Added tellmail command to remove duplicates
after accidental repeat migrations, tellmail cleanup_all
- Security Alert: A bug fixed in 6.3d-29
of SurgeMail might have allowed security credentials to leak
from a surgeweb account setup to use multiple accounts such
that one of the other accounts in the list would also have
access to the group of multiple accounts. If you use
multiple accounts and this might be an issue check by logging
into the other accounts to see if surgeweb brings up the
entire list of accounts. This fault does NOT allow users
without credentials to get them.
- 6.5b-3 Made imap_import obey
- 6.5b-2 Fixed imap import folder list
exceptions to work with folders that contain spaces. Added
more logging for nightly rules to help tracking messages.
Surgemail 6.5a Sep 8
- 6.4b-62 Changed crash handling
slightly. Added some logging for blog stuff to find
- 6.4b-60 Changed blog lock handling code,
added setting g_debug_timing to track disk IO usage. Added
g_hacker_weak to automatically block ip addresses of
people trying to login with a weak password...
- 6.4b-59 Changed status display for
avastpipe option. Added command to MOVE duplicate mesageid's
from a users inbox
- (Use if a migration results in multiple
coppies of a message in a users inbox) tellmail
inbox_cleanup firstname.lastname@example.org /var/dups
- 6.4b-56 Optimized friends_always so it
won't append to friend lists that exceed 1mb.. Increased
g_thread_max and g_pop_max defaults slightly.
- 6.4b-55 Added hacker seting
G_SPAM_USER_BADTO which limits bad recipients for an
authenticated user, if exceeded then sending is paused for 30
minutes. A value of 50 might be reasonable as normal
users would never exceed that. A value as low as 10
might be workable. Whitelist accounts using:
G_SPAM_USER_SKIP. An email is sent to the manager account when
this limit is hit!
- 6.4b-54 Improved mutex crash handling
slightly to avoid a possible deadlock. NFS fix reverted
as the real fault was something else probably related to the
system in question and this change simply revealed the issue
(or made it worse :-)
- 6.4b-52 Added support for cram-md5 for pop
protocol. (Not recommended, in general ssl/tls is a better
- 6.4b-51 Fixed bug with imap
import/migration where it could remove messages that had
failed to import. Also fixed fault with handling of timeout
reset (keep alive) messages from exchange which could confuse
the migration code. Also improved migration code so it would
re login if the server disconnects it while it's fetching
messages for a migration.
- 6.4b-50 Made replies to replies to
encrypted messages be encrytped by default by surgeweb...
- 6.4b-49 Fixed fault with nfs drives and
burst 'renaming' loop if file size is reported incorrectly by
nfs. (REVERTED IN 6.4b-53)
- 6.4b-47 Fixed fault with 1.00 spam
- 6.4b-46 Fixed fault with multiple pop
sessions reading the same message at the same time.
- 6.4b-45 Fixed quota for accounts migrated
via imap. Added tellmail command tellmail
- 6.4b-44 Added support for g_sf_binary
manual rule with value of 1.00 which will mean 'is definitely
spam'. Also changed ifnew setting to work for domains.
- 6.4b-43 Added g_authent_addip to add the ip
address as the 3rd parameter to the authent check from
imap/pop logins - not for general use.
- 6.4b-42 Added prefixing for x-myrbl header.
(corrects spam handling on messages from surgemail systems)
- 6.4b-41 improved handling for multi line
smtp errors (gmail).
- 6.4b-40 added encrypt_ifnew setting to
enable the verify/trust option in surgeweb.
- 6.4b-39 Fixed bug in expire rules, if a
time greater than about 50 years is specified then it would
cause an overflow and expire everything.
- 6.4b-39 Made surgevault display cc/to
correctly matching original message.
- 6.4b-38 Added g_inbox_archive,
g_sent_archive and domain level setting inbox_archive, these
specifies the age at which messages should be moved out of the
inbox/sent folder into the appropriate Archives/YYYY/Inbox (or
Sent) folder. This can dramatically improve system and
perceived performance as imap email clients waste a lot of
resources and time dealing with large inbox/sent
folders. You can manually trigger the nightly
process with the command tellmail mail_rules
- 6.4b-36 Fixed fault in ip to country code,
it was failing to match some ranges correctly
- 6.4b-19 Fixed intermittent failure to
recognize non fake bounce messages due to mime encoding.
- 6.4b-18 Fixed bug in domain quota message
which would have no subject and fail to tell the user that it
was a 'domain' quota issue if a quota.eml template does exist
and a quota_domain.eml template doesn't exist.
- 6.4b-17 Added setting for max items in a
folder to mirror, and increased default to 160000 g_mirror_max
- 6.4b-16 Fixed logging issue on startup,
fixed problem with Legal Archive bucket name change so it
always uses the correct old and new bucket names.
- 6.4b-15 Fixed fault with invalid reverse
DNS entries allowing spam through.
- 6.4b-13 Made CSR signing use SHA1 instead
of MD5 since some signing authorities now complain about
MD5. The setting to do this is now ignored!
- 6.4b-13 Made Legal Archive use native
Amazon instead of DevPay (this will reduce costs long term and
makes the files visible via your Amazon console), if
upgrading you must enter a key pair from your amazon account
and then use the tellmail la_transfer command to move data to
your main s3 data area.
- 6.4b-12 Fixed fault with quota handling
that would in some situations allow a user to get multiple
quota warnings in one day.
- 6.4b-10 Added setting to throttle ssl
renegotiation (not generally recommended)
- 6.4b-8 Added G_SPAM_USER_WARN, used
to set a warning point, if the user sends this many messages
in one day, then they get an email warning them to change
their password or ask for a higher send limit if they were
actually sending that many messages. The setting
g_spam_user_max must also be set (and to a higher value!)
- 6.4b-7 Added g_create_pass_recheck,
combined with g_hack_touser it will alert users with passwords
that don't match your 'current' password requirements and ask
them to change them.
- 6.4b-7 Removed legacy code writing to
surgehost.ini unless g_webmail_save is set true. (Fixes
- 6.4b-5 Fixed problem whereby one bad ssl
certificate would prevent some or all ssl certificates from
loading, also improved logging so mail.err reports which
certificate is bad.
- 6.4b-4 Removed possible deadlock in vini
error logging (occurs rarely when surgemail.ini contains
- 6.4b-2 Added header decoding to mfilter
- 6.4b-1 New Beta Release (May 7th, 2013)
- (Dkim bug fix related to leading full stops)
- 6.3d-80 Automatically skip several known
bad rbl servers (njabl.org and trusted-forwarders.org)
- 6.3d-79 Fixed exception rules to use
headers added during processing as well as those in the
- 6.3d-78 Fixed imap search on command
- 6.3d-77 Added G_ENCRYPT_RESET_SENDER
to define message sent to 'sender' when password reset is
- Added g_virus_report_user, if enabled the
recipient is sent a message when a virus is blocked, this
setting is not recommended for normal use as in general
telling recipients about viruses they didn't get is just
- 6.3d-76 Added some logging to track nightly
- 6.3d-75 Fixed devide by zero in
cimap_detect_loops if time goes backwards one second.
- 6.3d-74 Added domain level settings
- 6.3d-73 Made g_smtp_maxbad 1000 the
default, and added delay for bad commands to prevent wasted
- 6.3d-73 Added G_HACKER_PASSWORD which
detects hackers and blocks them from guessing, it detects if
the username is used as the password guess.
- 6.3d-69 Performance bug fixed in surgeweb,
added in 6.3d-62
- 6.3d-63 Changed default domainkey size to
1024 (it was 2048 which made annoyingly large keys) Also added
input field so you can specify this when generating your dkim
- 6.3d-62 Corrected quota exceed smtp return
code from 554 to 552
- 6.3d-56 Fixed G_VIRUS_ALLOW_UNMONITORABLE
for non windows systems
- 6.3d-54 Added g_date_add_utc to add utc
timezone if none specified
- 6.3d-43 Added mdir_delete function to http
netauth functions (see accounts.htm)
- 6.3d-20 Added setting
g_user_access_webonly, if set then user access rules like
'spam,filter,virus' only stop the web user interface (so users
cannot mess with settings) but doesn't stop the action of
spam,virus checking etc for that user.
- Fixed slow memory leak in pop/migration
- 6.3d-19 Added config checker code to test
g_dns_host with a couple of rbl and mx lookups. Note using a
public dns like google's 126.96.36.199 servers will stop rbl lookups
working correctly, you must use a real local dns server (your
isp will almost certainly be providing one)
- 6.3d-18 Fixed crash in fedora (or new
glibc) due to crypt() returning null on bad input. (fix is in
nwauth and surgemail)
- 6.3d-17 Added Message-ID to expire
- 6.3d-17 Fixed fault with ucount2.dat
growing very large when deleting a large domain.
- 6.3d-17 Added options to user creation API
to create folders and populate mdir folder with files.
New options are
this would create Folder1, Folder2, And it would copy
(surgemail root)/xmdir_template files into the new users
- 6.3d-16 Fixed problem with SurgeWall
domains not applying blocklist entries. Revert behaviour
- 6.3d-15 Fixed slow memory leak in imap list
- 6.3d-12 Improved mirror handling if slave
is NOT set to allow config changes and a resync_config has
- 6.3d-11 Fixed minor domain admin issue,
fixed spf handling for ipv6 rules, fixed
- encrypt reply messages double line
spacing issue.Fixed bug with /bind in gateway setting causing
bad dns lookups.
- Fixed problem with resync_config on a new
mirror destroying an existing ini file if the first attempt to
- 6.3d-10 Increased size of sf_mfilter
scanning to 40k to help with spam filtering..Added
g_migrate_onsmtp, if true it will do a migration if a user
does an smtp login as well as pop / imap...
- Fixed problem with imap envelope response for very long list
of recipients. recipients.
- Fixed possible memory leak in pair append from imap header
read of 'message'.
Patch to change to non debugging malloc, and fix crash on linux
SurgeMail 6.3c1 Dec 13
- Improvements to spam settings to make it easier to set good
defaults and easier for users to adjust their settings.
- Added g_sf_binary setting to enable an alternative spam
- Lots of little bug fixes.
- Enahcements to encryption feature to allow downloading
messages and attachments
- Many/minor settings added.
Surgemail 6.0 Features
Companion Email Client for Window,Mac,IPhone, Ipad released: YesImOnline email client beta
Quota system improved to recover better from unclean shutdowns
Imap settings added:
Auto subscribe to public folders
Auto unsubscribe from deleted folders
Put all sent messages in the named folder.
Other settings added:
SECURITY_SUFFIX - Domain
based setting to stop hackers guessing accounts, this requires
everyone to login with a different suffix from their actual domain
name, e.g. email@example.com would login as firstname.lastname@example.org
Added SNI SSL/DOMAIN support with a single ip
SurgeWeb - Summary
Multiple Account support!
Access to Legal Archive
Multipart related image support in the signatures to support "business card" type images as part of the signature.
Emoticon icon support as multipart related inline images when composing a message
Ability to add multipart related inline images when composing messages. Includes serverside rescale and crop facility as part of the upload dialog.
Signature improvements - now supports multiple signatures, of unlimited size, with the ability to set the default for each additional account.
- Full details of SurgeWeb changes.
Misc Bug Fixes including...
html_bounds bug fix.
Bug fix for chrome editing blog posts
Fixed truncation of ipv6 headers - 6.0b-22
Surgemail 5.0 New Features
- New Spam handling see https://netwinsite.com/surgemail/help/myrbl.htm
- New Legal Archive - https://netwinsite.com/surgemail/help/legal_archive.htm
- SurgeWeb - New Improved Web Email Interface - changes
- New settings to prevent/reduce harvesters and hackers, see
- New basic support for Amazon SES - https://netwinsite.com/surgemail/help/amazon-ses.htm
- New Basic IPV6 support added
- Imap public folders improved.
- SurgeVault - See here for details
- WebDav support - See here
- New G_FRIENDS_BOUNCE_FRIEND
"true" - This makes friends 'bounce/reject' exceptions work even
if the person is a friend.
- New g_inbox_max "int" -
This setting will stop users leaving lots of message
in their inbox
- New G_INBOX_NOLIMIT
"int" - Use for special users who are not subject to the
normail message count limit on their inbox (g_inbox_max)
- New g_outgoing_n "int"
- New settings to identify outgoing spam and email the manager
if a limit is exceeded for any particular user per day.
- Blacklist ip addresses and block incoming email based on
train/spamtrap hits, see: g_black_isspam
- New capcha to bounce messages.
- FIX: RBL timeouts are now more reliable with multiple lookups.
- FIX: ASPAM updates now more reliable on certain networks
(failing on some).
- FIX: vanish_bad_bounces - broken in version 5
- FIX: Quota drift issue - deleted messages weren't being
removed from quota in some circumstances.
- Fix: Memory Leaks
- Fix: Various crashes and improved performance.
- Fix: Issues with friends confirmation emails.
- Fix: redirect_cc -
Failed with comma separated lists.
- Fix: File handle leaks.
- Fix: imap handling where wrong message body could be delivered
- Fix: imap issue that caused problems with outlook
- Fix: Timezone issues
- Fix: imap/pop lockups in some circumstances.
- Fix: g_fix_crcrlf
"bool" - caused corruption of messages
SurgeMail features of possible general interest added in recent
months (as of 4.2g-26, February 2010):
- Blacklist ip addresses and block incoming email based on
train/spamtrap hits, see: g_black_isspam
- New settings to prevent/reduce harvesters and hackers, see
- New setting to block well known hackers/harvester, see
g_honeypot* settings (not recommended)
- Prevent local address harvesting, g_dlist_nolocal true
- Basic IPV6 support added
- Manager warning when smtp thread count exceeded
- Disable smtp authentication for non trusted addresses see:
g_smtp_auth_off, g_smtp_auth_ip or g_relay_allow_ip
- Block outgoing email to known phishing addresses (dubious
value) g_spam_phishing "true"
- Setting to reject any email with surbl web content (spam urls)
g_surbl_reject bool (reduces spam but will cause some false
- Check whois info on suspect urls (this is unwise for busy
servers as it may get your server blacklisted with the whois
servers) A cache is used to minimize the load. (g_surbl_reject
true) (Requires 4.2g-27, prior to that not stable!)
- Imap public folders improved.
- SurgeVault - See here for details
- WebDav support - See here
- g_safe_smtp (requires 4.3f-20 or later) this setting prevents
smtp authentication unless the net block has had a successful
imap/pop login (this pervents most hackers sending spam via your
server even after they guess a valid password)
Version not yet released but being currently worked on :
- New: Lots of surgeweb
features, and various fixes and other new features. A new
full beta build will be done soon, and notes documenting all
changes will be added soon.
- New: g_bull_rule new
controls for bulletin access.
- New: g_breakin_white -
new spammer detection.
- New: G_SMTP_PORTFORCE
- Enforce smtp authentication 'only' be used on the ports
- New: g_redirect_cc_attach
- this feature lets you send messages 'exactly as they look
on delivery to a user and only the messages that get delivered,
to another account, as mime
- New: updated SSL version used in Windows.
- New: Added ownership to archives, The owner gets an 'archives'
button in their user self admin page.
- New: Added honeypot support http://www.projecthoneypot.org
- New: Improved dlist speed with large messages, 10-30 times
- New: Support for ip checks in any ip setting for ipv6
addresses and fixed several bugs with ipv6.
- Fix: error that causes bounces to be sent still in the
- Fix: many bugs and optimisations.
- Fix: not handling quotes properly in an email address.
- Fix: file handle leak.
- Fix: an issue with case checks on vdomains.
- Fix: issue with imap code deleting wrong message in rare
- Fix: NDB on 64bit linux and also with larget bucket files over
2 gigs also some other fixes with the NDB code that could cause
- Fix: Several bugs that could cause crashes.
- Fix: g_authent_always
- was completely broken.
- Fix: Issues with mirroring and surgevault and a minor issue
with mirror flags.
- Fix: Mirroring issue with responders.
- Fix: Issue with blog permissions.
SurgeMail 4.2d4-4 17-February-2010 (Webmail 3.1t-12)
- Fix: Patch of current production release for crashing bug for
certain oddly formatted spam messages.
- Fix: Fixed missing files in the help pages installed on the
SurgeMail 4.2d3-3 28-January-2010 (Webmail 3.1t-12)
- Fix: Get the "download all fix" noted in surgeweb changes into
the production release distributions. Possible signs of this
issue having been hit: Major jumps in diskusage by the surgeweb
folder, restart reports in startstop.log referring to MZIP
mutex. Note: Subsequent to this build (4.2d3-3) it was noted
that if this issue is hit, these temp folders files are not
actually getting deleted after a few days as I thought they
were, this is fixed is in builds 4.2g-6+ (or if this space needs
to be recovered more urgently manually delete large
attachments.zip files in the surgemail/surgeweb/work tree).
SurgeMail 4.2d2-2 5-December-2009 (Webmail 3.1t-12)
- Fix: Several surgeweb fixes already in the 42e* builds
SurgeMail 4.2d-1 5-November-2009 (Webmail 3.1t-12)
- New: SurgeWeb changes as per: surgeweb changes
- Fix: Prevent invalid pstat entries that were getting created
on some systems and fix the current pstat.dat database (some
systems this was HUGE)
- Fix: Windows only system library timezone bugfix to fix the
off by one hour issue
- Fix: Fixed occasional unreliability of nwauth mirrorring
(required both mirrored servers to be upgraded)
- Fix: Bug if g_friends_add_trusted used
- Fix: Several sporadic crashing bugs
SurgeMail 4.2a3-3 9-October-2009 (Webmail 3.1t-12)
- Fix: Doing a surgeweb "download all" of multiple attachments
with no file extension and the same name crashed surgemail
- Fix: Surgeweb forwarding a message with attachments or forward
attach was losing the attachment at send time if using the basic
- Fix: Friends processing bugfix
SurgeMail 4.2a2-2 24-September-2009 (Webmail 3.1t-12)
- New: Extensive improvements to the SurgeWeb "Ajax / Web 2.0"
web email interface (for more information see surgeweb changes, and known bug list )
- New: SurgeVault email encryption (feature is PRERELEASE -
contact email@example.com if you want to try
- New: Force use of ssl on webmail/surgweb/user.cgi (but not
blogs and surgeplus) using g_ssl_require_web
- New: Improved DNS handling sending requests to multiple
- New: Split g_from_valid into g_from_valid (recommended) and
g_to_valid (unwise to use)
- New: Allow use of spaces in passwords (NOT RECOMMENDED) using
g_authent_spaces and nwauth 4.0r+
- New: To header added to the HTML spam status email
- Fix: Domain quota issue (not workign if mailbox had trailing
- Fix: Naked LF could slip through in very specific
- Fix: Some imap response fixes to make sure thunterbird did not
get confused sometimes wrt showing new messages
- Fix: Retry times were not getting obeyed for messages that
could not even open a connection to the destination server
- Fix: Webmail trash emptying related quota drift issue
- Fix: Two mutex related fixes
- Fix: Some imap response fixes to make sure thunterbird did not
get confused sometimes wrt showing new messages
- Fix: Minor IPV6 fixes
SurgeMail 4.0v-8 3-June-2009 (Webmail 3.1t-12)
- New: Surgeweb searching revamped - works across multiple
folders, and messages have "search by subject" (thread) /
"search by address" conversation history with sender. For more
info see surgeweb changes
- New: HTML "spam status" message (status_html.eml) that allows
friends pending spam store actions to be done from normal mail
client. Actions allowed: delete message; deliver message; purge
spam store; show log. To revert old behaviour use
- New: Linux builds now support "Load factor" and "CPU
utilisation" in trend graphs
SurgeMail 4.0u4 10-June-2009 (Webmail 3.1t-12)
- Fix: memory leak fixed in probe code
- Fix: webmail has correct version number
- Fix: domain with letters a-f only fix is actually in this
SurgeMail 4.0u3 28-May-2009 (Webmail 3.1t-11)
- New: Continued improvements to the SurgeWeb "Ajax / Web2" web
email interface (for more information see surgeweb documentation, surgeweb changes, and known bug list )
- New: Blogs make use of surgeweb cross browser html editor -
old editor / text mode can be enabled per blog in advanced
- New: Basic support for IPV6 under windows and linux (beta and
- Fix: webmail template fix so that the html editor is not
displayed for IE8 (the same as has always been done for IE7).
The fix is part of this build - the webmail version was upped to
3.1t-12, but the incremented version number did not make it into
the build :-(
SurgeMail 4.0k 10-April-2009 (Webmail 3.1t-11)
- New: Continued improvements to the SurgeWeb "Ajax / Web2" web
email interface (for more information see surgeweb documentation, surgeweb changes, and known bug list )
- New: User.cgi has a blocklist feature (just like friends but
blocks by address) so you can block by address without having to
add a zillion filtering rules
- Fix: Trend graphing overflow problem + several fixes to
several issues that became apparent as result of first fix
- Fix: Mirrorring of settings that don't exist on the master
- Fix: CPU bug if ports were disabled
- Fix: IMAP idle command was not showing new messages under
certain conditions for non inbox folders
- Fix: Timezone related "out by one hour" fix for windows 2003
- Fix: Several fixes dlist member removal via web admin
- Fix: Several fixes to surgeplus photo sharing
- Fix: Crash when some messages (generally spam) were viewed
- Fix: Archive viewer was missing the last 30 odd characters of
- Fix: Forward / responder was failing to respond and deliver
locally in some circumstances
- Fix: Mutex locking problems on multicpu servers
- Fix: Made g_imap_timeout apply to the idle command
- Fix: Dlist memory leak
- Fix: Lockup if authent module doesn't respond nicely to
SurgeMail 4.0a 5-January-2009 (Webmail 3.1t-10)
- New: SurgeWeb new "Ajax / Web2" high performance web email
interface (still being worked on though, for more information
see surgeweb documentation,
surgeweb changes, and known bug list )
- New: New archive searching interface with CRC validation to
confirm the messages in the achive have not been tampered with
- New: Arbitrary error translation of error messages
- New: Setting to adjust max number of messages in a folder
(g_imap_max_messages) - defaults to 200,000
- New: Imap burst loggin to delivery log so message->uid
renames can be traced
- New: Default page not returned for invalid cgi requests -
stops "dumb tools" reporting surgemail as compromised (old
behaviour can be restored with g_web_old_behaviour)
- New: Bounce other messages if first message is mending
awaiting friends bounce (g_friends_bounce_second)
- New: Require friend confirmation if email appears to be in
language not in list of accepted languages
- Fix: High use reports were getting confused by addresses
longer than 100 characters (these get truncated in the delivery
- Fix: Thunderbird timeout with large imap folders
- Fix: Tellmail archive search fixes for: g_maildir_netwin, date
based archive before first rollover
- Fix: Sporadic crash in archive extract
- Fix: SPF related fix where DNS errors sometimes generated
- Fix: Message attachments sometimes not showing in Thunderbird
- Fix: CR/LF handling when attaching footer files on unix
- Fix: In FF3 the admin interface login resulted in multiple
login dialog boxes
- Fix: Editing dlist/lists.dat directly in raw format from admin
interface sometimes deleted it completely
- Fix: Responder now works when late forwarding isused
- Fix: Webmail APOP was sporadically crashing webmail
- Fix: Avast for windows would stop messages with very high
compression ratio with an error, these are now allowed and
logged with a "possible compression bomb" warning
- Fix: Address was being synched when mirrorring config files,
address field is now not mirrorred
- Fix: Improvements to the noforgeme handling
- Fix: Bounce handling of surgewall filtering rules
- Fix: Admin login spodarically "froze" due to file lock on
- Fix: A number of other minor fixes
SurgeMail 3.9g2 18-June-2008 (Webmail 3.1t-7)
- Security: Minor issue allowing imap command to crash surgemail
SurgeMail 3.9g 13-June-2008 (Webmail 3.1t-7)
- New: Allow headers "exists" check in users filtering rules
- New: Allow raw message content to be dispalyed from user cgi
spam and friends pages
- Fix: User filtering "or rules" were not correctly handled
- Fix: Imap login on mirror server was not deleting old messages
- Fix: Originating ip and orbs headers not added for
- Fix: Various other various minor fixes
SurgeMail 3.9e 10-April-2008 (Webmail 3.1t-7)
- Fix: Minor new IMAP module fixes
- Fix: Several other minor fixes
SurgeMail 3.9c 14-March-2008 (Webmail 3.1t-7)
- Fix: pstat database file backed up and cleared when switching
binaries with incompatible data types (eg. switching 32 / 64 bit
binaries) - previously this would corrupt pstat database
- Fix: Blacklist related crash fixed
- Fix: Improved quota handling in new imap code
- Fix: Reduced disk loading on webmail (due to reduced flushing)
- Fix: Variety of other minor fixes
SurgeMail 3.9a 31-January-2008 (Webmail 3.1t-5)
- Fix: Linux 64 bit webmail issue (introduced Nov 2007)
- Fix: New IMAP fix
SurgeMail 3.8u 25-January-2008 (Webmail 3.1t-4)
- New: New setting g_spam_from_blacklist
- Fix: OSX mail client not handling some imap responses nicely
- Fix: Improved UIDL handling in new IMAP implementation
- Fix: Correctly keep imap flags during migration, this was
broken by new imap implementation.
- Fix: Corrected html footer handling under some circumstances
- Fix: Corrected surgemail and webmail handlig of "%" when
listing imap folders. NOTE: If you upgrade the surgemail binary
and not webmail binary, users mail folders will seem to
disappear from webmail. To correct this add "imap_list_* true"
or make sure both webmail is upgraded with surgemail.
SurgeMail 3.8s 7-January-2008 (Webmail 3.1t-1)
- New: IMAP folder based access to friends pending
- New: IMAP folder based access to aspam training folders
- New: New spam prevention settings: g_from_valid,
g_bounce_suggest, g_from_noforge, g_from_noforgeme,
g_max_bad_ip, g_max_bad_ip_time, g_msg_max_drop.
- New: Miscellaneous new settings: gateway_to, old_pophost_bind,
g_bind_incoming, g_friends_short, g_friends_ignore_trusted,
g_friends_url, g_log_dropped_disable, g_rcpt_trace,
g_redirect_ignore_errors, g_retry_unwarn, g_send_helo_in,
g_spf_web_url, g_ssl_ciphers, g_ssl_disable_sslv2,
- Fix: Several fixes to the new IMAP implementation
- Fix: Webmail smooth template enabled for safari 2.0.4+ (Was
already mostly operational for safari but several minor changes
- Fix: user.cgi editing last filter in filter list would delete
it rather than save it
- Fix: Variety of other fixes and minor performance enhancements
SurgeMail 3.8q 26-November-2007 (Webmail 3.1s-18)
- New: Rewritten more efficient IMAP implementation
- Fix: Webmail' clickable links would sometimes be broken /
display missing chunks from message
- Fix: Web Friends & account rename was partly broken for
non primary domains
- Fix: Blogs bug that allowed two blogs of same name except for
- Fix: Blogs postings with '<' or '>' characters is now
- Fix: Webmail message list confusion when fetching mail from
servers with with case sensitive POP UIDs (eg MS Exchange)
- Fix: Admin interface log searching would sometimes return an
incorrect empty result.
SurgeMail 3.8o 30-August-2007 (Webmail 3.1s-12)
- Fix: Get packet fix into latest release too
SurgeMail 3.8k4 29-August-2007 (Webmail 3.1s-6)
- Fix: Improved version of the TCP packets small in relation to
SMTP headers fix in 3.8k3
SurgeMail 3.8k3 28-August-2007 (Webmail 3.1s-6)
- Fix: Rather nasty bug that could corrupt message text if
message headers were sent 1 TCP packet at a time.
SurgeMail 3.8m 20-August-2007 (Webmail 3.1s-11)
- Security: IMAP buffer overun (affecting logged valid email
- Fix: Variety of minor surgemail and webmail and fixes
SurgeMail 3.8k2 20-August-2007 (Webmail 3.1s-6)
- Security: IMAP buffer overun (affecting logged valid email
SurgeMail 3.8k 26-June-2007 (Webmail 3.1s-6)
- New: SPF additional option 'nohard' and g_spam_grey_nohard to
allow SPF to be softened further.
- New: Made blogs lists sortable
- New: Added mouse click handling to webmails address
- Fix: Report generation failure if authentication db entries
were larger than 1KB
- Fix: Webmail crashing bug if retrieving external accounts and
mailbox was emtpy (recently added)
- Fix: g_archive message extraction (via tellmail
archive_extract) was failing when an external filter had
modified the message content
- Fix: Variety of other minor fixes
SurgeMail 3.8i3 10-May-2007 (Webmail 3.1s-4)
- Fix: Webmail version numbering tidyup. Webmail 3.1s-1 in
surgemail build 3.8i2 was patched for security fix but version
number not updated. To be absolutely certain you have the
security fix make sure you are running the webmail executable
version 3.1s-4 (either from surgemail build or standalone
SurgeMail 3.8i2 9-May-2007 (Webmail 3.1s-1)
- Security: Webmail security fix (all versions of webmail should
SurgeMail 3.8i 26-March-2007 (Webmail 3.1s-1)
- New: Enhanced blogs security settings to limit blog comment
spam (+ new setting g_blogs_cleanup_links)
- New: Verification images (primarily used in blogs) are now
distortion based (+ new setting: g_verify_image_hard
- to make images even harder to crack - and read)
- New: Webmail addressbook autocompletion (off by default,
enable with webmail.ini 'enable_autocomplete 1')
- New: Clicking "find config setting"search links highlights the
- New: g_proxy_webmail
- Redirect user.cgi logins to external host name
- New: Allow ||remoteip|| macro to be used in g_smtp_noauth
- New: Added support for 'user' token in "max_in"
- New: g_bind_byfromip
- Bind outgoing connections by sender ip
- New: Windows avast obeys g_vpipe_skip
- New: Extended "tellmail finduser" syntax to support wildcards
- Fix: (NASTY) If older than "n month" user.cgi mailbox rule
processing crossed year boundary matched wrong date
- Fix: Webmail inbox corruption where some messages on list pane
would get subject and addressing info from other messages
- Fix: Webmail null messages in inbox after login fixed
- Fix: Webmail fix WYSIWYG disabled for windows Vista (as MS no
longer supports method used by webmail)
- Fix: Webmail sporadic bug that webmail would log out out
immediately on first login
- Fix: Webmail would eat the first characters of headers (of
particular note the From header) if header did not have a space
after the colon
- Fix: Webmail fix to make the display of mht messages more
- Fix: Webmail smooth template only fix that could delete
messages instead of move them under an obscure set of actions on
the "move to folder dropdown".
- Fix: Webmail - attachments sent via webmail had a CR/LF
appended at end
- Fix: IMAP import date handling so date is correct on migrated
- Fix: IMAP import bug that would fail to import folders if the
destination server sent list responses with a trailing space
- Fix: IMAP import fix where sometimes processed folder count
would get incorrectly displayed as zero
- Fix: IMAP import folder subscription handling if account
- Fix: Domain admin log file search fix (on the first 9 days of
the month, on unix systems, the domain admin msg.log
delivery log search would not match any messages)
- Fix: Under certain conditions 'and' rules were being processed
as 'or' rules
- Fix: Domain selection, if more than g_domain_list_max domains,
on spam control, redirection, migration page
- Fix: Mailing list delete member handling if member has '_'
character in name.
- Fix: Mailing list member sorting was broken about 6 months ago
- Fix: g_smtp_fix_nohead was broken in some cases
- Fix: default value handling with g_user_status_send
- Fix: Deletion of exception rules containing a quote character
- Fix: Removal of domain settings on mirrored host in some
- Fix: Sporadic crashes in domain keys handling
- Fix: Limits large file uploads under blogs
- Fix: FProt dot stuffing fix
- Fix: If g_send_speed was <500 bytes/s large messages would
timeout due to buffering
- Fix: Minor memory leak in SSL connection handling
- Fix: Bug in signup per day limits
- Fix: sendmail_surge.ini handling fixed
SurgeMail 3.8f3 12-January-2007 (Webmail 3.1r-13)
- New: Blogs ping timeout added
- Change: Reduced stack size limits (reduction of max
- Fix: 4 fixes relating to uncommon crash conditions.
SurgeMail 3.8f2 8-November-2006 (Webmail 3.1r-13)
- Fix: Fixes related to g_include, and use of g_default_domain
SurgeMail 3.8f 30-October-2006 (Webmail 3.1r-13)
- New: g_mirror_nwauth_always
- Always mirror nwauth even if using other authentication module
- New: Changed default install to set recommended settings on by
- Fix: fix to dlist search command
- Fix: possible timeout problem due to invalid responses to ehlo
- Fix: Several fixes that could cause crash in unusual
- Fix: ndb performance related fix
- Fix: Log file searching smarts fix (recently broken)
SurgeMail 3.8d 13-October-2006 (Webmail 3.1r-13)
- New: g_friends_confirm_debug
- Allow debugging of friends confirmation messages by logging
friends actions to friend_confirm.log.
- New: mailing list "modify members" can now search based on
- New: Add senders from ip address to relevant users log
- New: tellmail "-q" command line option added to run in quiet
mode only outputting result of commands
- New: Copy and edit added to user filters and exceptions page
- New: g_mirror_nwauth_always
- Always mirror nwauth even if using other authentication module
- New: g_surbl_skip_ip
- Skips surbl lookups if the sender is from a listed ip
- New: Support for syslog server using g_log_syslog, g_log_syslog_host, g_log_syslog_only
- Fix: The way the date is stored on mailing list archives
changed so that moving files with tar can preserve date
- Fix: Domainkeys signing fix
- Fix: mailing list fix such that web_hide_email woks in
- Fix: Truncation of long lines on domain admin log file
- Fix: Blogging of images fixed (recently broken)
- Fix: Friends template message header fix
- Fix: Domainkeys multiple txt record lookups (eg as used by
- Fix: Viewing of html messages cpu loop fix
- Fix: Date displayed for SPF user.cgi log lines conrrect for
front end / backend systems
SurgeMail 3.8b 28-August-2006 (Webmail 3.1r-12)
- New: g_sms_forward -
This setting allows you to specify IP's which can send to an
sms="TRUE" gateway without being authenticated. Normally only
smtp authenticated senders can use these because we need to be
sure the sender really is the person sending, not someone faking
their address (in order to decrement the correct users quota).
However, if you can already guarantee the sender, or you don't
care then you can use this setting. This allows your list server
(dlist) to send to SMS numbers, for example.
- New: surgewall_auth -
user="username" pass="password" - Makes SurgeMail use SMTP AUTH
when delivering to the SurgeWalled server.
- New: g_spam_share -
This lets surgemail share whitelisting information to improve
scoring and avoid annoying spf bounce issues
- New: g_friends_always
- Allows user's friends setting to be overridden
- New: Ability to view messages from user.cgi mailbox page &
admin interface (requires g_user_mail_view)
to see whether they are spam etc
- New: Additional settings to tweak SPF operation: g_spf_nogrey, g_spf_noallow, g_spf_enforce_local
- New: g_blogs_domonly
- Make listed blogs page only show blogs in same domain as
logged in user
- New: tellmail append_ini and append_lists command to append
ini file sections
- New: "tellmail lookup recipient@domain" shows whether
recipient is user / alias / mailing list etc.
- New: Ability to restore deleted domains (can restore domain +
nwauth entries + users mail, not any originally deleted domain
settings, aliases and mailing lists)
- Fix: g_orbs_check_all "true" caused g_orbs_late "true" to
- Fix: was not correctly stamping when g_orbs_list was setup to
deal with multiple responses. eg g_orbs_list
- Fix: g_orbs_check_all "true" caused g_orbs_late "true" to
- Fix: Encoded email headers now get correctly decoded prior to
filtering rules getting applied
- Fix: Send channel thread creation leak (freebsd only)
- Fix: Skip spf / grey bounce user setting related bug
- Fix: (g_)user_status_send not getting properly applied in
- Fix: Blogs related UTF-8 charactr encoding fix
- Fix: recently added overzealous validity checking on
- Fix: g_domainkeys_sign cr/lf bug
- Fix: Exceptions / filters page behaviour for surgewall domains
SurgeMail 3.8a 27-July-2006 (Webmail 3.1r-8)
- New: g_forward_attach
- SurgeMail will send emails as attachments for specified
domains when using late forwarding.
- New: SurgeMail supports CIDR format in ip based settings.
- New: g_domainkeys_check
- Check incoming DomainKeys signatures (beta)
- New: g_domainkeys_sign
- Sign outgoing messages (create a key first using web admin)
- New: g_domainkeys_selector
- Policy name for your server (used creating dns entry for
- New: g_domainkeys_only
- Domains to sign for outgoing email
- New: g_user_friends_log_disable
- This disables the logging of lines to the users friends.log
files (the users "log" page).
- New: g_friends_old -
restores old friends behaviour
- New: g_spf_byweb -
Description below in g_friends_byweb
- New: g_friends_byweb
- These settings enable the use of a link to "allow" bounced
and/or friends pending messages. The link returns a page with a
verification image, the user enters the number shown and clicks
"Add IP" or "Release message" depending on the context. In the
case of spf allow, this link _replaces_ the allow email address
in the bounce message error string. In the case of friends, this
link is added to the friends confirmation message
(default) and the option to add it to the custom message appears
on the custom message page.
- New: g_late_forward -
described below in late_forward
- New: late_forward -
These force late forwarding and hide the user option on the
forwarding page that chooses whether to get it or not. If the
user has already selected late forwarding setting either of
these will not clear that, even if they load and save the
forwarding page. Disabling these settings later will revert it
back to the users previous personal setting as you'd expect.
- New: tellmail list_rcpt - Attempts to list all valid receipt
addresses for the server
- New: tellmail dropfile_import user@domain c:\inbox\fred\mail -
This looks for 'dropfile's one per folder, and creates matching
folders/messages in surgemail (maildir format)
- New: tellmail bull_fwd [domain] - This searches the authent
database, locates all the accounts which forward to a non-local
address (and do not also deliver locally or deliver to a robot
or responder) and emails them all the bulletins they have not
- New: Support for multiple webadmins added - "surgemail
- New: added mirroring of mfilter.dat and simple.rul files
- New: domainkey web admin interface page added
- New: g_msg_log_extra
- The setting causes extra logging in the msg.log files, it logs
user logins and imap fetch commands (to match the existing pop
- New: You can now setup an auto response message and have it
automatically turn off after a set period of time.
- New: tellmail can now use SSL for connections - use -ssl on
the command line.
- New: forward message if smaller than xx (added to end user
interface). If a message arrives which is larger than the
specified size, it's not forwarded, it's delivered locally and a
notification message is sent in it's place. This feature is
especially useful to people who are forwarding email to pda
devices with limited storage.
- New: "match exactly", "does not contain", "does not match
exactly" in filters in end user interface.
This feature only works if you use late forwarding (the
interface makes this clear).
- Change: g_forward_illegal
- Rules only apply to non local domains now.
- Change: g_spam_allow
changed to multi settings.
- Change: Instead of sending a confirmation (to a possibly faked
address, which would then be considered spam and cause you to be
blacklisted by spamcop or similar) it gave a 554 error. It did
this if the message did not contain spf headers with "pass" in
them. In other words it did this when spf was disabled or when
spf failed. It has been changed so that it only does it when spf
is enabled and fails.
- Change: On startup SurgeMail scans the mail queue, if this
takes more than 10 seconds it skips the rest and makes an
- Fix: g_user_alias_file - strange problems when editing in
webadmin when alias.dat does not exist
- Fix: redirect/redirect_cc - crashed when editing these
settings in webadmin in some versions
- Fix: memory leak in cluster resync
- Fix: aspam performance
- Fix: dlist crash
- Fix: IMAP problem with messages with bad headers
- Fix: Some minor mirror problems.
- Fix: IMAP problem with changing folders caused problems for
- Fix: IMAP codes when moving messages to inbox (improved
- Fix: crash during ASPAM retrain.
- Fix: Mirror fix that caused some of the users settings not to
be mirrored (bug was added in 3.7xx)
- Fix: rare crash in *nix in thread creation code.
- Fix: imapbody structure which most clients ignore except a few
- Fix: g_spam_allow_rbl
- wasn't working properly
- Fix: problem with quotas drifiting upwards
- Fix: added more error checking to SurgeMail to detect admin
mistakes like creating loops with redirect rules or adding
domains that are already aliased to other domains etc.
- Fix: crash in domain keys code.
- Fix: rare admin bug that stopped the admin showing any values
- Fix: If machine A had a unique setting then changes on machine
B would cause that setting to be removed from the config on A.
- Fix: DNS invalid domain - If a dns lookup failed due to a
timeout, then the next lookup for the same domain would fail as
if the domain didn't exist instead of with a timeout error.
- Fix: Pop proxy bug - When using gateway setting(s) and
g_proxy_to_gateways the pop proxy was not being used for users
in domains which do not exist in the config file (i.e. all of
SurgeMail 3.7b8 31-May-2006 (Webmail 3.1r-8)
- Update: Reverted SPF + Friends bounce behaviour (to enable
feature now use g_responder_safer and g_friends_spf_fail_bounce)
- Fix: Mirroring of user cgi setting files (broken in most 3.7
SurgeMail 3.7b7 25-May-2006 (Webmail 3.1r-8)
- Fix: Several memory leaks
- Fix: Blog post editing and plaintext email posting fixes
- Fix: Footer & g_gateway_dat fix
SurgeMail 3.7b6 28-April-2006 (Webmail 3.1r-8)
- Fix: Netauth memory leak
- Fix: Quota handling uncommon crash
- Fix: Outlook IMAP folder redownload issue
- Fix: Friends related uncommon crash
SurgeMail 3.7b5 19-April-2006 (Webmail 3.1r-8)
- Fix: Friends store/pending view html email crash
- Fix: Webmail basic html message non display issue
- Fix: Mailing list archive viewer memory leak
- Fix: "all domain" reporting used default domain only
- Fix: Dlist hide_sender crash on linux
- Fix: Webmail HTML editor "press SPACEBAR or ENTER to activate
and use this control" issue
SurgeMail 3.7b3 6-April-2006 (Webmail 3.1r-8)
- Fix: Aspam retraining performance bug
- Fix: Crash on freesbd on certain header addition operations
SurgeMail 3.7b 7-March-2006 (Webmail 3.1r-8)
- New: g_block_skip
"address@domain" - exception for g_block_files, for sender
- New: g_header_strip
"header" - removes the header from the message.
- New: g_imap_capa
- New: g_imap_capa_strip
- New: g_authent_last_login
- New: g_bounce_bind
- New: g_create_user_length
- New: g_iplimit
- New: g_iplimit_local
- New: g_iplimit_remote
- New: g_iplimit_islocal
- New: g_iplimit_whitelist
- New: g_user_send_rule
- New: g_language_default
- New: g_archive_files
- New: g_bounce_reject
"ip" - which you use to list the ip addreseses of dumb back end
servers that should not be allowed to send you bounce messages.
- New: redirect_max
- New: language_default
- New: g_newui_advanced
"true/false" - can set the UI into advanced mode permanently,
- New: g_from_relay &
if (relay_allow_ip matches) if (!authenticated) if
(!whitelisted(from) bounce "sorry you need to be smtp
authenticated to send from a non local domain"
- New: g_user_utoken_expire
- New: g_forward_illegal
- allows you to stop users from setting up forward rules to
- New: Installer adds link to help
- New: dlist_rotate_n "n" - how many logs to keep for dlist
- New: image based human verification for blogs
- New: popfetch now reads bcc's when using it with g_spool
- New: popfetch now tries to use the rcpt from received headers
- New: create_image
"true/false" - this setting adds a verification image to the
user signup process.
- Update: g_spf_skip is now
a multi setting
- Update: removed some netwinsite URL's from surgemail/webmail
as were causing problems with SPAM sites.
- Update: bounces now are never generated due to exception
filters unless the setting g_bounce_some "true" is added
- Fix: timezone changes on Windows platforms should now work
properly without restart. (daylight saving for example)
- Fix: when changing a group name, surgemail now updates all
settings relating to that group correctly.
- Fix: popfetch in SSL mode.
- Fix: loading of mailing lists
- Fix: various crashes
- Fix: mirroring of files > 100 megabytes.
- Fix: problems with outlook and uid errors in imap
- Fix: display quotas of over 2 gigs
- Fix: problem with messages bypassing friends with an empty
- Fix: renaming user from one domain to another domain
SurgeMail 3.6f7 1-December-2005 (Webmail 3.1q-2)
- Fix (3.6f7): Self account creation password problem
- Fix (3.6f7): Invalid message encoding confusing webmail fix
- Fix (3.6f7): Memory leak on quota report (if report was
limited in some way)
SurgeMail 3.6f5 11-November-2005 (Webmail 3.1q-2)
- Fix (3.6f4): Unix intercept migration fix
- Fix (3.6f4): Webmail invalid UID fix
- Fix (3.6f4): Removal of several netwin urls in friends /
bounce messages as this was getting servers blacklisted
- Fix (3.6f5): Bug with use of g_aspam_headers (unix only,
SurgeMail 3.6f3 4-October-2005 (Webmail 3.1q-2)
- New: Date range based reporting added to "tellmail report" per
user / domain monthly reports.
- New: Integral support for blog listing with technorati.com
- New: Optional password protection for blogs
- New: Fancier surgemail bulletin features
- New: Account rename functionality
- Fix: Fixed non functional blogs_per_user_max
- Fix: Fixes to updated mailing list interface
- Fix: several other fixes
- Fix (3.6f2): Config mirrorring and IMAP fix
- Fix (3.6f3): Webmail login issue (bug added post 3.6d)
SurgeMail 3.6d 9-September-2005 (Webmail 3.1p-8)
- New: New g_admin_access feature allows customisation of domain
administrator features (per server / domain / per account)
- New: Webmail now handles replying to html messages in HTML
without messing up html - in particular allows replies to HTML
messages sent by MS Outlook (requires "allow_html_reply true"
and "allow_style true" in webmail.ini)
- New: Per domain & per group log creation limits
- New: Posted blog images can be rotated on edit post page
- New: migration_translation.txt file support for handling weird
account anames when using old_pophost / old_imaphost migration
- Fix: HTTP timeouts changed from 5s to 60 s
- Fix: New admin UI now has global use defaults (on accounts
- Fix: New admin UI was not saving surgehost.ini settings for
- Fix: domain_defaults.txt works for domain creation under new
web admin UI
- Fix: Quite a lot of other fixes :-)
SurgeMail 3.5b3 15-August-2005
- Fix: Blogs mirrorring fix
- Fix: Blogs possible CPU loop when posting comments
- Fix: New admin UI fix - pressing save in domains page broke
surgewall / user_sms_quota setting values
- Fix: New admin UI fix - vlist based settings automatic sorting
conforms to old admin UI (affects g_access_group, g_download,
g_header_out, g_include, g_retry_rule, g_sample_get,
g_sample_show, g_send_tolimit not sorted)
- Fix: Webmail logins fail after upgrade (if first install prior
to surgemail 1.5d and url_host is used)
- Fix: Back links removed in webmails use of surgemail web pages
- Fix: Perflog crash if system performance library did not
return correct processor count (windows only)
- Fix: Crash if mail delivered to already full mailbox (solaris
only, recently introduced)
- Fix: tellmail quota_rebuild "invalid account" fix (bug
introduced surgemail 3.2a)
- Fix (3.5b2): Cosmetic new admin UI fix (removal of warnings
introduced by fix above)
- Fix (3.5b3): Incorrect addition of g_authent_domain "true" if
no setting present (not using g_authent_domain) and saved from
web admin ui
- Fix (3.5b3): New admin UI bug, save on domain page in standard
mode reset mailbox_path do default value
- Fix (3.5b3): HTTP timeouts changed from 5s to 60 s
- Fix (3.5b3): Couple of new admin ui and blogs cosmetic changes
- Fix (3.5b3): Bug that could delay messages by a few minutes if
send_isslow feature is used - default in this version
- Fix (3.5b3): Aspam filtering fix
SurgeMail 3.5a 26-July-2005 (was 3.2g 19-July-2005)
- New: Additional wave template set for blogs
- New: Aditional dlist settings: post_members_tomod, mod_hide,
- Fix: Several minor new web admin UI fixes
- Fix: Sending fix if remote system always hung while sending
- Fix: NFS efficiency fixes
- Fix: Memory allocation efficiency fixes
- Fix: Minor blog fixes
- Fix: Mirrorring fixes (now mirrorring pending.dat and
- Fix: Several minor surgeplus fixes
- Fix (3.5a): Delete domain button added to new ui + several new
SurgeMail 3.2e 1-July-2005
- New: New simplified and more informative UI for SurgeMail
Admin web interface
- New: Surgemail Blogs allowing users to create and manage blogs
- New: Many minor features added, too many to list individually
- New: suspend "true/false" -
allows suspending the domain, allows incomming mail, but denies
the ability of users to check their mail.
- New: g_fix_crcrlf
"true/false" - setting to deal with some legacy applications
sending incorrect cr/lf's at the end of headers
- New: g_auth_norelay
"true/false" - if true does not let user relay because they
- New: sendmail.ini file in (g_home directory) controls some
aspects of sendmail
- New: g_smtp_portauth -
Forces smtp authentication on this port eg g_smtp_portauth "587"
- New: tellmail add_rules
- New: g_send_nolimit
<domain> - Overrides g_send_max_perdom for one or more
- New: Allowed changes to SSL certificates to take effect
without a restart
- New: g_tarpit_retry -
so that tarpit limit results in a retry rather than a 5 second
- New: g_msg_max_hops
"number" - sets maximum number of received lines before
rejecting (default 30)
- New: email notification message - The first 1024 chars of the
body are now available with ||body||
- New: g_quota group=string
- New: tellmail add_member
<list> <email> - adds memeber to mailing list
- New: g_smtp_noauth
"ip" - all non matching ip's must authenticate
- New: alias_max - limits
the amount of aliases allowed in a domain
- New: g_allow_passzip_to
"..." - allows avast to let through unmonitorable zip files to
- New: g_allow_passzip_from
"..." - allows avast to let through unmonitorable zip files from
- New: g_orbs_report
"true/false" - This allows you to get an email if your server
gets 'orbs' listed
- New: g_include / g_download - Used
together you can fetch a file from a web server, and get updates
and include it for global settings in your surgemail.ini
- New: g_body_filter
"true/false" - end users can now choose to filter on the body of
- Fixed: g_vpipe_skip
"ip" - now skips g_virus_fprot
- Fixed: sendmail crashing when using sendmail.ini
- Fixed: Deletion of domains (changed to two actions, delete
- Fixed: Many minor bugs
- Fixed: Various bugs that could cause crashes
- Fixed: Many cosmetic issues
- Fixed: Deleting in outlook using imap with multiple threads
- Fixed: Updated IMAP IDLE command to timeout after 32 mins
- Fixed: Random bug where a 5 second delay could be caused
between WebMail and SurgeMail
- Fixed: Bounce to rules were being lost in some situations
- Fixed: Many cross site scripting fixes
- Fixed: DNS UDP runt packets being sent
- Fixed: Added code to check when tarpitting channels that there
are always enough channels left for connections - if not old
ones are dropped.
- Fixed: g_bad_from doesn't block if it gets a 400 error now as
was blocking emails due to greylisting
- Security: g_web_max "100"
- maximum connections
- Security: g_web_max_perip
"10" - maximum per ip
- Security: g_deny "ip" is now
used by webconnections also
SurgeMail 3.0c2 22-March-2005
- Security: (2.2c2 : 22 March 2005) Webmail security issue and
user.cgi security issue fixed.
- Add: Updated version of webmail to webmail 2.1n (build23)
- Note: This release is really just what would normally have
been 2.2g5 (does not contain features in 2.2h builds)
SurgeMail 3.0a 17-March-2005
- Fixed: 5 second delay affecting webmail running under
surgemail (affects several unix versions only)
- Note: This release is really just what would normally have
been 2.2g4 but with a major version number update (does not
contain features in 2.2h build
SurgeMail 2.2g3 5-March-2005
- Fixed: Remove the option of deleting domains from the admin as
it some circumstances it could remove the wrong domain (two
admins using the admin at the same time, or an admin with two
browser windows open to the admin)
SurgeMail 2.2g2 15-February-2005
- New: g_surbl - Takes
advantage of databases for known spam URL's (www.surbl.com)
- New: g_rcpt_nodup "true/false"
- Stops duplicates of the same message being delivered multiple
times to one address (only in same session) - works well when
using fallbacks etc.
- New: Extended archiving flexibility - see archive section in
- New: Can edit members in a mailing list - disabled true/false,
onholiday true/false, digest true/false
- New: g_orbs_list - This
setting can now have different stamps based on the ip returned
by the RBL.
- Fixed: problem where a forward to multiple users with one user
over quota gave back a meaningless error.
- Fixed: blank gateway rules caused problems.
- Fixed: cleaned up various logging messages.
- Fixed: size() in mfilter not working with values over 14999.
- Fixed: Many other unspecified fixes
- Fixed: (2.2g2 : 15 February 2005) Surbl rule formatting bug
- Note this build contains the same version of webmail as the
surgemail 2.2c10 release.
SurgeMail 2.2c10 17-January-2005
- Security: (2.2c9 : 23 December 2004) Webmail security bug
- New: g_smtp_welcome_delay
"seconds"- delays smtp welcome, any connection that doesn't wait
for prompt before sending data is dropped.
- New: g_orbs_cache_life
"seconds" - Time to keep RBL hits cached
- New: g_orbs_force
"true/false" - forces rbl lookups even if user is in an allowed
relay ip (g_relay_allow_ip)
- New: tellmail surgehost_update
- makes surgemail update surgehost.ini for each domain.
- New: user_list_quota
- This setting configures the number of mailing lists a user of
this domain can create
- New: g_user_list_quota
- This setting configures the number of mailing lists a user can
create on this server
- New: g_admin_guesses
"number" - number of guesses allowed for admin login before
being shut out.
- New: g_user_send_max
"number" - Allows the specification of a maximum number of
emails per day.
- New: user_send_max
"number" - Allows the specification of a maximum number of
emails per day.
- New: g_user_filter_early
"true/false" - this setting causes it to run the users
exceptions/filters before writing the
message to disk during the delivery process.
- New: Multilanguage support for user.cgi pages
- Fixed: autoresponders failing when used with g_orbs_late "true"
- Fixed: memory leak
- Fixed: quota handling problem on surgemail crashes
- Fixed: dlist - quoted text before the address was not handled
eg "text here" <address@domain>
- Fixed: (2.2c7 : 8 December 2004) Friends message pending list
did not display email address correctly.
- Fixed: (2.2c10 : 17 January 2005) 3 fixes - crash when adding
non local dlist members, minor memory leak, and debug
SurgeMail 2.2a6 1-November-2004
- New: DNS lookups now use UDP.
- New: Per user usage logging for gatewayed / surgewalled
domains + more report generation features
- New: g_mailstatus_message
- New: g_send_helo_from
"txt" - Uses from envelope to generate helo.
- New: g_received_skip
"true/false" - Skips writing the received header for trusted
- New: No rbl lookups are done if the user matches
- New: list_max_users
"number" -sets maximum amount of users that can be added to the
lists in this domain
- New: tellmail change_pass <user@domain> <new
password> - changes users password.
- New: CRAM-MD5 support added - Documentation here.
- New: header_add
<header> - adds headers to messages, domain setting.
- Fixed: installer for FreeBSD systems.
- Fixed: The imap command asd fetch 1:*
BODY.PEEK[HEADER.FIELDS.NOT (RECEIVED)] imap returning incorrect
- Fixed: IMAP IDLE command.
- Fixed: delay in reading in dns.dat cache.
- Fixed: File leak on avast update.
- Fixed: perflog stability
- Fixed: handling of MIME messages and footers in dlist.
- Fixed: join template and naked line feeds in dlist.
- Fixed: blocked all ips from admin interface if 6 incorrect
attempts were made, now done per ip.
- Fixed: g_spam_allow if blank allowed everyone.
- Fixed: Variety of other minor fixes
SurgeMail 2.1c7 9-September-2004
- New: Improved DNS lookup code
- New: g_orbs_late "true"
- allows late lookups so authenticated users can be bypassed for
- New: g_spf_skip_to "user@address"
skips spf checks for specified rcpt, also skips rbl checks if
using g_orbs_late "true"
- New: g_quota_skip "ip"
- skips quota checks for users sending from specified ip
- New: g_filter_n "number"
- Number of filters to run simultaneously
- New: Added more information to to the status pages (mainly
bandwidth related) and status page readability improvements
- New: Improved surgeplus integration
- New: Install dbabble from within surgemail web admin interface
- New: Latest version of webmail now included with surgemail
releases (for this release v3.1k build 8) for webmail release
notes see https://netwinsite.com/webmail/updates.htm
- part of webmail admin manual
- New: Improved web image caching for surgemail and webmail
- New: Build number now included as part of filename on patched
builds (instead of separate patch number) to avoid version
- Fixed (2.1c7): DNS bug rejecting some emails "DNS channels all
busy for 5 minutes"
- Fixed (2.1c7): Per domain/user logs deleted based on
- Fixed (2.1c6): Further perflog crashing bug fixed
- Fixed (2.1c6): DNS display on standard status page
- Fixed (2.1c6): Per user / domain reporting did not work if
g_record_path was used
- Fixed (2.1c5): Continuous peflog problems fixed by making
sampling code more robust
- Fixed (2.1c5): Webmail fix - Smooth template set reply etc
would not send
- Fixed (2.1c5): DNS lookups on surgewall domains
- Fixed (2.1c5): Several other minor fixes
- Fixed: The uninstaller so it removes all files and rollback
mechanism works correctly if file busy error encountered during
- Fixed: Some confusing SMTP error messages like this one
- Fixed: Bug in the sendmail stub that caused it to crash with
the -mailfrom argument
- Fixed: Several stabilty bugs
- Fixed: Peflog restarting surgemail if missing more than 5
minutes of data
- Fixed: Bug when sending with g_spool, sometimes mail got sent
- Fixed: SMS notification quota handling
- Fixed: Several changes + fixes to SPF handling
- Fixed: Mailing list handling fixes
SurgeMail 2.1a 6-August-2004
- Fix: Perflog graphing bandwidth_in and bandwidth_out graphing
could get broken sometimes
- Fix: Several stability issues and a few other minor issues
- 2 new webmail template sets (Surge and Smooth), both with
multilanguage support (English, French, German, Spanish,
- SPF improvements and new settings (g_spf_default,
g_spf_default_noblock, g_spf_skip, g_spf_rev_skip)
- Usage reporting for usage / accounting purposes (per user and
per domain mail received / send / pop usage etc)
- Latest version of webmail (version 3.1i build 13)
- Some surgemail admin web interface improvements
- Viruses stopped by all mechanism now logged on advanced status
- (non functional - Windows only) On fault stack is now dumped
by surgemail to startstop.log instead of drwatson logs for
catching crash information as drwatson logs not reliable on
SurgeMail 2.0g2 10-July-2004
- Fix:(2.0g2): Using g_access_groups with access_smtp not
matching IP prevented receiving instead of sending of messages
- Fix: Sporadic crash due to perflog graphing
- Fix: cc's in mfilter when entered via the webadmin
- Fix: UID issues in imap especially when used with outlook
- Fix: fixed problem with reloading mfilter, could cause
- Fix: Using our own dns code on freebsd now as theirs was buggy
- reverse dns lookups will work etc.
- +: Added domain quotas - setting quota_domain "500mb"
- +: Improved logging for RBL hits, logs which RBL was hit
- +: Status page now shows how many hits for each RBL you are
SurgeMail 2.0e 10-June-2004
- Fix: search feature in surgemail now a lot faster
- Fix: spf templates now use "strict" not "mean"
- Fix: g_mfilter_skip_ip problem fixed , caused skippng if no
value was set
- Fix: tellmail logout - wouldn't logout users in certain
- Fix: dns problems related to SPF lookups.
- Fix: friends/exceptions/spam problems fixed (added in 2.0b)
- Fix: g_tellmail_ip "ip" now works.
- g_dsn_enable "true/false" - default false, must set to true to
turn on dsn support.
SurgeMail 2.0c 3-June-2004
- Fix: Now rejects messages on receipt of the SIZE declaration
- Fix: Problem when daily logs get too large ( > 2 gigs)
- Fix: IMAP dying on certain messages
- Fix: Fixed some tellmail commands that were not working
properly (add_user, delete_user etc)
- Fix: Problems with user admin buttons not working.
- Fix: Friends release didn't move messages to inbox.
- Fix: Improved stability
- Fix: stopped displaying full paths for various file errors
(thanks to www.exploitlabs.com)
- Fix: Improved speed for systems with large amount of domains
- +: added support for #include's in surgemail.ini - won't be
able to use webadmin for saving changes however.
- +: IMAP4 UIDPLUS extension added (rfc2359)
- +: g_mfilter_skip_ip <ip> skips mfilter for messages
coming from selected ip's
- +: added support for x-receiver headers for g_spool_path
- +: Added DSN's
- +: tellmail suspend - stops surgemail from delivery mail, just
- +: tellmail resume - tells surgemail to start delivering mail
again after a suspend command has been issued.
- +: Surgemail performance counter (and windows perfmon system
counter) history graphing
- +: Webmail version 3.1g (includes security fix)
SurgeMail 2.0a2 21-May-2004
- Fix(2.0a2): Friends messages contained bad header (broken
- Fix:(2.0a2): Remote tellmail command using "-host" (broken
- Fix: dlist problems with subscribes/unsubscribes not working
- Fix: several security issues (not showing full paths on errors
etc) (thanks to www.exploitlabs.com)
- Fix: patched ssl version to cover security issues in open ssl
- Fix: smitecrc was broken in 1.9 builds.
- Fix: dlist problems with digests not going out and missing
- +: g_spf_domain "domain" - specify the domain to use in spf
and srs rewrite responses.
- +: g_retry_dns "hours" - retries messages that get a dns error
(dns responds but with nothing valid).
- Fix: 5xx errors on connect now cause bounce instead of
- Fix: setting bounce in mfilter rules now causes a bounce
instead of scoring it high.
SurgeMail 1.9b2 19-May-2004.
- Fix (1.9b2): smitespam binary only updated to version built 19
May (installer and surgemail binary will still say version 1.9b.
Alternatively just run 1.9b build (12 May) and update smitecrc
from web admin)
- Fix: g_spam_allow now stops lookups for g_badfrom_check
- Fix: DNS problems, caused lookups to fail in some cases.
- Fix: smite_skip_ip was broken
- Fix: Improved stability
- Fix: account status's now work for smtp
- Fix: SurgeMail could crash while searching for a config
- Fix: domain aliases with user aliases were broken.
- Fix: SurgeMail wasn't decreasing user license numbers in some
circumstances when users were deleted.
- Fix: Aspam was being classed as a filter not a spam user
access setting, now corrected to use the 'spam' access
- Fix: Fixed the infamous "399" tcp errors when unable to
connect to other servers, now gives proper reasons.
- Fix: Can now set moderator password for lists in the webadmin.
- +: g_smtp_max_nolimit <ip> - Ip addresses that don't
have max smtp limit applied.
- +: list_max <number> - maximum number of lists that can
be created for that domain.
- +: list_disable <true/false> - disables list creation
for that domain.
- +: added access_list to dlist, can control who sees particular
lists with the "list" command.
- +: logging changes, now logs the setting that gave a user
permission to relay and if they used smtp auth logs the account
they authenticated with.
- +: tellmail add_domain <domain> - adds domain to
- +: tellmail add_user <user@domain> <password> -
adds user to user database
- +: tellmail add_user_alias <user> <alias> - adds
an alias for the specified user
- +: tellmail delete_user_alias <user> <alias> -
deletes an alias for the specified user.
- +: g_orbs_list will now use the stamp as the rejection message
in deny mode.
SurgeMail 1.8g3 25-March-2004
- Spool path allowing SurgeMail to send dropped files as email
- New settings (g_delete_user_mode, g_user_alias_file)
- SurgePlus calendar and filesharing (fully functional but still
- Fix: Memory corruption bug causing sporadic random crashes on
- Fix: Vpipe restart bug on timeout
- Fix: Further fix to new na_exceptions web page
- Fix: Minor memory leak
- Fix: Proxy mode fix
- Fix (1.8g2): WebMail autologin fix for non default vdomains
using custom quick login method
- Fix (1.8g2): Alias creation bug
- Fix (1.8g3): Hopefully final fix to WebMail autologin. (Rolled
back logic to that of previous release builds)
- Fix (1.8g3): Reports page broken on UNIX systems
- Fix (1.8g3): Bug in SurgePlus that could sporadically crash
SurgeMail on display of SurgePlus web page
For updates prior to 1.8g3 see the older
surgemail change history page.