This page is out of date, please use our new website https://surgemail.com
Note: Most 'matching' settings take wild card lists as
parameters, for example "fred*" will match "freddy" and
"Fred@bob". And "1.2.*,2.3.*" will match 1.2.4.4 and 2.3.99.100.
Many settings will also accept a ! as a "not", and are processed
from left to right. eg "!*,127.*,10.*" would first "deny all" then
try and match on any 127.* or 10.* domains. Settings using ip's
will take ranges also like 10.0.1-120.5 and also support CIDR
notation eg 10.10.1.32/27.
You can read about CIDR notation here http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing
and there is an online CIDR calculator here http://www.subnet-calculator.com/cidr.php.
This setting has no further documentation currently available
Syntax: g_about_disable bool
Access rules defining groups of IP addresses with certain POP, IMAP and SMTP privileges. When a user is authenticated access is checked against group membership defined in the "mailaccess" field in the authentication database. See accounts for more information.
eg. this could allow you to charge webmail users for pop access
privileges:
g_access_group group=paid_user access_pop=* access_imap=*
access_smtp=*
g_access_group group=free_user access_pop=webmail.svr.ip
access_imap=webmail.svr.ip access_smtp=webmail.svr.ip
with "Access type" set to "free_user" on accounts page or
equivalently in nwauth authentication database:
marijn@mydomain.com:{ssha}tVANQo...:created="1060034937"
mailaccess="free_user" ...
To prevent webmail access for some users you would do this:
g_access_group_default "normal"
g_access_group group="normal" access_pop="*" access_imap=*" access_smtp="*"
g_access_group group="nowebmail" access_pop="*,!webmail.ip" access_imap="*,!webmail.ip" access_smtp="*"And put the users you want to limit in a group called 'nowebmail' e.g.
lookup fred@domain
+OK fred@domaing config 0 mailaccess="nowebmail"
Syntax: g_access_group group=string access_pop=string access_imap=string access_smtp=string access_incoming=string
Access group defaults for users with no access groups set. (must be used in conjunction with g_access_group)
Syntax: g_access_group_default string
This setting has no further documentation currently available
Syntax: g_access_surgeweb bool
This setting has no further documentation currently available
Syntax: g_access_surgeweb_ip string
This setting has no further documentation currently available
Syntax: g_access_webonly string
This setting has no further documentation currently available
Syntax: g_acctlog_aliases bool
This setting has no further documentation currently available
Syntax: g_acctlog_noauth bool
This setting has no further documentation currently available
Syntax: g_acctlog_sum_inactive bool
g_admin_access group="wildcard" access="list"
This setting matches the g_access_group the admin is in to the wildcard specified and applies the specified access list to that domain admin, giving / restricting thier access to certain features. The list may include any of the following:
Value | Result |
---|---|
alias | Access to domain users "Alias" page and features. |
aspam | Access to the "ASpam" page and features. |
blog | Access to the "Blogs" page and features. |
bulletins | Access to the "Bulletins" page and features. |
centipaid | Access to domain users "Centipaid" page and features. |
enotify | Access to domain users "Email Notification" page and features. |
exceptions | Access to domain users "Exceptions" page. |
friends | Access to domain users "Friends" pages, and system. |
fwd | Access to domain users "Forwarding" features, forwarding, auto-responder. |
fwdonly | Access to domain users "Forwarding" features, forwarding |
lists | Access to the "Lists" page and features. |
log | Access to domain users "Log" page. |
mailbox | Access to domain users "Mailbox" page, view mailbox, setup rules. |
sms | Access to domain users "Sms" page. |
spam | Access to domain users "Spam" page, and SmiteSpam and Aspam processing of messages. |
spampriv | Access to domain users "Spam" pages' spam private feature |
spf | Access to domain users "Spf" page and features. |
usage | Access to the "Usage" button, which shows a domain users usage. |
users | Access to the "Users" page and features. |
redirect | Access to the "Redirect" page and settings. |
redirect_cc | Access to the "Redirect CC" page and settings. |
In addition you can prefix any of the above with ! to deny access. There are two other special case values, "all" and "none" which mean exactly what they say, access to "all" or "none" of the features.
Example:
g_admin_access group="simple" access="all,!users,!reports"
The above setting gives admins in the 'simple' group access to all the features except the users and reports features.
Syntax: g_admin_access group=string access=string
This setting is a default access list for all domain admins on the server, it is specified in the same maner as the g_admin_access settings 'access' parameter. eg:
g_user_access_default "all,!users,!reports"
Syntax: g_admin_access_default string
Syntax: g_admin_guesses "number"
This sets the number of guesses allowed for the admin username/password. Once this has been reached the ip is banned.
Syntax: g_admin_guesses int
Mask of valid IP addresses for admin users (default *), this is a security setting you can use to restrict remote web admin access to trusted IP addresses. One is always allowed to use manage SurgeMail using 127.0.0.1 regardless of whether this is explicitly specified.
eg. To restrict to local network as per net mask
g_admin_ip "10.0.0.*,10.1.2.*"
Syntax: g_admin_ip string
Allows a localhost connection to access the web admin port without using the administrator username / password. This is good if you keep forgetting the admin password like I do.
Syntax: g_admin_localhost bool
This setting has no further documentation currently available
Syntax: g_admin_login bool
This setting has no further documentation currently available
Syntax: g_admin_login_ip string
This setting has no further documentation currently available
Syntax: g_admin_readonly string
This setting has no further documentation currently available
Syntax: g_admin_session_time int
This setting has no further documentation currently available
Syntax: g_admin_utoken_expire int
This setting has no further documentation currently available
Syntax: g_admin_utoken_idle int
Stops the user login to pop or imap as the alias account
Syntax: g_alias_login_disable bool
This will allow bodyless email to be accepted. These are usually spam. In particular Norton Antivirus in autoprotect mode closes the POP link which makes it appear that SurgeMail has terminated the connection when a bodyless email is encountered.
Syntax: g_allow_bodyless bool
These may of course contain viruses as they cannot be scanned, but some people still need to be able to accept such files.
Syntax: g_allow_passzip_from string
These may of course contain viruses as they cannot be scanned, but some people still need to be able to accept such files.
Syntax: g_allow_passzip_to string
This provides limited access to the user database for applications like webmail and surgeplus.
Syntax: g_allow_user_authent_field_get string
This provides limited access to the user database for applications like webmail and surgeplus.
Syntax: g_allow_user_authent_field_set string
This setting has no further documentation currently available
Syntax: g_apple_bug1 bool
This setting has no further documentation currently available
Syntax: g_apple_bug2 bool
This setting has no further documentation currently available
Syntax: g_arc_check bool
This setting has no further documentation currently available
Syntax: g_arc_sign bool
Archive rules allowing all mail delivered to be archived to either:
- Fixed size rotating archive - use this if you want to be able to get back a particular message that has recently passed thorugh the server but you do not want the mail archives to be able to grow too large
- History archive of a fixed (or unlimited) duration that can grow as much as the disk space available. Use this if you need to archive say all mail sent to / from a particular customer for the last year.
The archive is stored as a directory containing bucket files. This allows you to retrieve messages that have been delivered if you need to retrieve a particular message for any reason. To retrieve a message this needs to be extracted manually from the archive files manually using a text editor or your own script. The maximum bucket size (default if 1Mb) of the archive and the maximum individual message size can be set.
Filtering is done based upon wildcard destination and source addresses and subject. These fields provide a logical AND, with a blanks filed matching the default "*". A specific email may match multiple archive rules, and will be archived in each archive in this case. Also note that if a match is part of a larger string the match string should have wildcards surrounding it. eg: to match "important business" in the subject "Very important business for you" you should specify "*important business*".
eg. To catch all email delivered from domain.com you would
specify:
g_archive to="*" from="*@domain.com" subject=""
path="c:\mailarchive" size="10mb" maxitem="10k"
You can also select whether the archiving rule is triggered before or after any filtering that is applied such as virus or spam filtering using the early flag. This can be useful to capture the original source of viruses or spam for testing purposes.
Syntax: g_archive to=string from=string path=string subject=string size=string maxitem=string keep=string early=bool owner=string fromorto=string
Sets the size of the archive buckets used by the circular archives. If set too large then editing the buckets manually is awkward.
Syntax: g_archive_bucketsize int
This will apply the archive rules before content filtering is applied. This can be user to capture the source message if it is getting stored or bounced unnecessarily by any of the SurgeMail filters. The early flag on individual archive rules should be used instead of this setting.
Syntax: g_archive_early bool
Each message to the named account will have it's attachments removed and placed in the named directory. The path can contain the symbols $month$ $year$ $day$ $second$. The 'second' is only within this day. Together these variables can be used to ensure a unique path is used for each file if the names might conflict. Use g_redirect_cc to archive email going to an existing account because if you set 'to' equal to a real account then the real account will stop receiving messages!
Syntax: g_archive_files path=string to=string files=string
Directory to archive deleted users files to. Defaults to 'archive_deleted' in the SurgeMail installation folder.
Syntax: g_archive_on_delete_dir string
Purged monthly or by tellmail purge_deleted_users
Syntax: g_archive_on_delete_off bool
Contact netwin for more details of this mechanism if you wish to use it.
Syntax: g_archive_tcpip to=string from=string path=string dom=string
When using an archive server this defines the host that is running the archive server. Contact netwin if you need more info on this feature.
Syntax: g_archive_tcpip_host string
Adds informational aspam headers to all messages.
Syntax: g_aspam_headers bool
This prevents poluted bad messages in aspam_good causing spam to bypass the filters, but reduces effectiveness of the notspam address.
Syntax: g_aspam_need_ip bool
This setting effect the g_disable_smtp_after and g_delete_user_after settings which, by default, ignore users who have not logged in and have no created field.
Syntax: g_assume_created_epoch bool
This setting has no further documentation currently available
Syntax: g_atrest_all bool
This setting has no further documentation currently available
Syntax: g_atrest_api bool
This setting has no further documentation currently available
Syntax: g_atrest_crazy bool
This setting has no further documentation currently available
Syntax: g_atrest_enable bool
This is the setting for clients to define to fetch mail from an upstream server. Typically this is done on the special port 366, to specify another port use host:port in the host setting. E.g. host="smtp.upstream.com:25"
Syntax: g_atrn_client domain=string user=string pass=string host=string
See g_atrn_server for more details, the default is port 366, atrn is not obeyed on port 25
Syntax: g_atrn_port string
This allows a client on a dynamic IP to connect and request mail for a specific domain after authenticating by using the ATRN command. Typically this is done on the special port 366
Syntax: g_atrn_server domain=string user=string pass=string
This setting has no further documentation currently available
Syntax: g_att_enable bool
This setting has no further documentation currently available
Syntax: g_att_in bool
This setting has no further documentation currently available
Syntax: g_att_in_keep int
This setting has no further documentation currently available
Syntax: g_att_info string
This setting has no further documentation currently available
Syntax: g_att_local_only bool
Ideally this should be smarter. But will only fail if more than 10 attachments
Syntax: g_att_max int
This setting has no further documentation currently available
Syntax: g_att_min int
This setting has no further documentation currently available
Syntax: g_att_path string
This setting has no further documentation currently available
Syntax: g_att_send bool
This setting has no further documentation currently available
Syntax: g_att_send_keep int
This setting has no further documentation currently available
Syntax: g_attach_convert to=string from=string subject=string files=string output=string command=string
Per default SMTP authentication is enabled. If a user matches this IP range/list they will NOT be shown the ESMTP extension for SMTP authentication. This will usually stop the mail client from prompting the user for authentication. We STRONGLY recommend you do NOT use this feature. It is much better to let users authenticate when sending email.
Syntax: g_auth_hide string
This means relaying only occurs if g_relay_allow_ip matches
Syntax: g_auth_norelay bool
This means relaying only occurs if g_relay_allow_ip matches
Syntax: g_auth_norelay_webok bool
Needed for mirroring if using multiauth
Syntax: g_auth_path string
Skip gateway rules if we get a proxy SMTP auth command. This is not for general use. It can be used if you are using SurgeMail in front of another mail server with a wild card gateway to gateway all domains to a back end mail server. Then an authenticated user is a local user trying to send out so the gateway rules are ignored. (this is strongly not recommended)
Syntax: g_auth_skipgateway bool
Use this setting to specify the filter machines which perform spam scanning for this machine. Use this on the filter machine, to specify itself so that mailing list messages do not get scanning/tagged twice. Ensure your users are sending messages via the filter machine.
Syntax: g_auth_trust string
This setting has no further documentation currently available
Syntax: g_authent_addip bool
By default ascii characters < 32 and >= 127 are blocked as invalid. If you require these characters set this to TRUE.
Syntax: g_authent_allow_badascii bool
Always lookup user, so virtual domains can exist just in authent module. This allows you to support 10,000 domains on one system without a 'huge' ini file. Be careful to not create/remove real domains with the same name as existing domains that only exist in the authent database as the 'drop files/inboxes' will move when this occurs and existing mail will vanish.
Syntax: g_authent_always bool
Previously surgemail would lookup a user even if the domain in question did not exist, if you need to restore this odd behaviour then you can use this setting...
Syntax: g_authent_any bool
Set the life in seconds that the cached failed lookups can be used, default 60 seconds. Best left alone unless your server is being hit by thousands of failed lookups and your authent module is slow.
Syntax: g_authent_cachebad int
Set the life in seconds that successful cached lookups can be used, default 2 hours. Best left alone.
Syntax: g_authent_cachelife int
Set the size of the authent cache, default is 500 entries. Generally best left alone.
Syntax: g_authent_cachesize int
By default surgemail avoids case sensitive passwords as they do little to increase security but causes endless frustration for users, but this is just an opinion and some people disagree so use this setting if you wish to have case sensitive passwords :-).
Syntax: g_authent_case_sensitive bool
This setting should only be used as part of a migration, it obviously exposes your customers passwords to risk!.
Syntax: g_authent_decrypt bool
If this is 'true', the virtual domain name is appended to the username before it is passed to the authent process. This lets the authent process deal with virtual domains. As a general rule, this should ALWAYS be true.
Syntax: g_authent_domain bool
Not for general use currently, used to partially obscure credit card info when stored in the authent module.
Syntax: g_authent_encrypt_key string
Days until we block logins if password is not changed. This setting will annoy your customers but not really achieve anything useful, it shouldn't be used in most situations. Expire password. Force password change
Syntax: g_authent_enforce int
Allows old style DMail forward files to be read.
Syntax: g_authent_fwdfile bool
Defines a piece of information to store about the user in the user database (phone number, name, address etc). Each piece of information is given a name, a field, an access mode, a default and a type. The name defines what appears in the web management display. The field is what is sent to the authent_process. The access mode can be one of the following: user, domadmin, or admin, createonly, none. The default is what value is assigned upon creation of a new user. The type can be one of: date, readonly, encrypt or any custom string which you want to check for or match on the na_details.htm page with a template function like: ||ifequal||user_info_type||custom|| .. do things .. ||endif||
An access mode of 'admin' means that only the system admin can see the information, 'domadmin' means the sysadmin and any domain admin can see the information, 'user' means the user can see the information, 'createonly' means the user sets the information at creation time but cannot see it after that and 'none' ensures that no-one can see or modify the information (used for information that is handled by SurgeMail itself, either through the interface or otherwise)
e.g. g_authent_info name="Phone Number" field="phone" access="user" default="" type=""
See here for a complete list of default settings.
Syntax: g_authent_info name=string field=string access=string default=string type=string
Specifies the authent fields this user group is allowed to see and change. This applies only to the fields visible on the account properties page and the domain admin "Users" page it cannot be used to prevent access to fields which are managed by the web interface i.e. 'fwd'
Syntax: g_authent_info_grp group=string fields=string tag=string
If enabled each connecting IP address will be looked up in your user database as x.x.x.x@ip eg: "127.0.0.1@ip" and if the user is found then relaying is allowed and if 'send_limit="nn"' is defined then that will set the tarpit send limit for that user.
For per IP tarpit limits to work you need to define the g_tarpit_max and g_tarpit_max_remote settings. And g_tarpit_drop to make the limit effective.
Syntax: g_authent_ip bool
This setting will cause the authent field 'last_login' to be updated when a user logs in. The field is set to a timestamp which is 'the number of seconds since midnight January 1, 1970'. This field is updated 'at most' once every 24 hours. Other features i.e. delete_user_after and disable_smtp_after will look for this field.
Syntax: g_authent_last_login bool
If enabled, authentication requests are logged in mail.log as "<day> <time> Authent[<action> <info>]".
Syntax: g_authent_logall bool
This setting has no further documentation currently available
Syntax: g_authent_lookup bool
Use this at your own risk, it is provided for compatibility with dmail installations, but should be avoided if at all possible.
Syntax: g_authent_nodomain bool
The number of concurrent authent processes to run. If you are using a slow external authent module (e.g. sql) then it is probably worth running 3-4, there is no need to have more than 1 when using nwauth.exe. (Default = 1)
Syntax: g_authent_number int
This setting has no further documentation currently available
Syntax: g_authent_pass string
Prefix separator for prefix based separator. Only
relevant if enabled on a per vdomain basis using the
"prefix" setting.
Syntax: g_authent_prefix_sep string
The command line of a NetWin authentication module. You can use one of our standard modules for LDAP, ODBCAuth, MySQL etc or write your own. For more information on these modules see the authentication section of the manual .
This will typically be something like:
g_authent_process "E:\surgemail\nwauth.exe -path E:\surgemail"
or
g_authent_process "/usr/local/surgemail/nwauth -path
/usr/local/surgemail"
Syntax: g_authent_process string
Days until we remind user to change password.
Syntax: g_authent_reminders int
This is the one to use, only requires change in surgeweb, expire password
Syntax: g_authent_require int
This is useful if there are resource allocation issues in the authentication module. Eg OBDCAuth
Syntax: g_authent_restart bool
This let's users exist who contain the single quote ' character. It is not supported with some authent modules though, nwauth does allow it.
Syntax: g_authent_single bool
Not supported for most authent modules, requires nwauth 4.0r or later, If you have already got users with spaces in their passwords and you turn this setting on, they will no longer be able to login until they reset their passwords. Authent module must support slash encoding, for nwauth add -spaces to command line
Syntax: g_authent_spaces bool
Use when your database expects one 'primary' domain to do lookups without a domain name then SurgeMail will strip that domain only from lookups. Typically this is only necessary with old DMail authent modules.
Syntax: g_authent_strip_domain string
Timeout for authent response, default 60 seconds.
Syntax: g_authent_timeout int
This allows webmail to autologin when using an nfs based cluster and a load sharing device.
Syntax: g_autologin_file string
IMAP autologins allow autologin to surgeweb.
Syntax: g_autologin_imap_disable bool
Improved logic for user.cgi autologin url generation. Notably affects proxy mode, frontend-backend configurations, and whether ssl is used.
Syntax: g_autologin_newlogic bool
Webmail needs the ability to automatically login to SurgeMail to changes passwords etc. This setting will do this via an extension to the pop protocol allowing WebMail to autologin whilst running on another server. (Normally this is done using a temporary file)
Syntax: g_autologin_pop bool
Disable backtrace information for unix systems.
Syntax: g_backtrace_disable bool
Number of consecutive bad logins for a user before blocking that user.
Syntax: g_bad_login_allow int
This disables the smart feature so this setting will probably catch real users :-)
Syntax: g_bad_login_dumb bool
Number of bad logins from a single IP before blocking that IP.
Syntax: g_bad_login_ip_allow int
Use for webmail system or other local gateway to stop bad login counter from locking out all users.
Syntax: g_bad_login_ip_ignore string
This can reduce load during DOS attack.
Syntax: g_bad_login_lockout bool
Minutes to block login for, if consecutive g_badlogin_allow or g_badlogin_ip_allow bad logins received=.
Syntax: g_bad_login_mins int
If mx host is one of these addresses then drop the message, it's definitely spam (e.g. 127.*).
Syntax: g_badfrom_badmx string
If this is set to "true" then SurgeMail will connect back to the
envelope 'from' address and check that the address is valid, a
cache is used to improve performance, if it cannot connect then
the message is bounced as probable spam. It's nicer to use the
following setting "g_badfrom_stamp" as well, then if SurgeMail
cannot connect back or the user is invalid then a header is added
to indicate this, and our SmiteSpam rules will use this to
increase the spam weighting.
You can use g_spam_allow to exempt an IP from this check as well
as g_badfrom_whitelist for a domain. Please note that by default
SurgeMail uses a blank mail from to do its check.
MAIL FROM: <>
Some servers might reject this, though they shouldn't because its
a standard bounce, however if they do you can use g_badfrom_from to set a mail from
address to be used for this check.
Syntax: g_badfrom_check bool
From to use when doing the g_badfrom_check check, not normally needed, if set must be set to valid account.
Syntax: g_badfrom_from string
Check envelope from domain exists and is a valid ip number, if not bounce message.
Syntax: g_badfrom_noip bool
Use g_verify_mx_skip to bypass/whitelist ip addresses from this check
Syntax: g_badfrom_noip_temp bool
g_badfrom_check must also be set to true. If this is set to "true" then SurgeMail will connect back to the envelope 'from' address and check that the address is valid, a cache is used to improve performance, if it cannot connect then a header is added to indicate this, and our SmiteSpam rules will use this to increase the spam weighting.
Syntax: g_badfrom_stamp bool
Whitelist of "from" address domains to skip g_badfrom_* checks.
eg.
g_badfrom_whitelist "specialdomain.com"
Syntax: g_badfrom_whitelist string
Leave connected but reject all recipients without looking them up. This is good of dealing with high volume spammers without wasting resources doing user lookups.
Syntax: g_ban_blackhole bool
Same as 'ban_helo' but applies to the from (return address) part of the mail envelope. This is NOT the same as the from/sender header in the message itself!!! This equates to the 'Return-path:' header that the mail server adds.
Syntax: g_ban_from string
This is a simple spam protection system to block known spam/problem users based on the 'helo' name they send to your system. This name is recorded in the 'received' header along with the IP address. This name is very easy to 'fake' so is not a high security level of protection, but it is simple for stopping stupid robots etc, that have gone insane.
Example: *junkmail.com
Syntax: g_ban_helo string
Same as 'ban_helo' but applies to the recipient part of the envelope (destination users) this is NOT the same as the 'To:' header in the message itself!!! This can sometimes be used to block really simple spamming programs that always send to the same invalid users.
Syntax: g_ban_rcpt string
Use when trying to debug the g_bank_url post/response
Syntax: g_bank_debug bool
See g_bank_url for details
Syntax: g_bank_group group=string price=string desc=string
See g_bank_url for details
Syntax: g_bank_log string
See g_bank_url for details
Syntax: g_bank_ok string
See g_bank_url for details
Syntax: g_bank_pass string
See g_bank_url for details
Syntax: g_bank_reason string
This allows automated monthly charging of users
Syntax: g_bank_url string
See g_bank_url for details
Syntax: g_bank_user string
So authenticated users get the default binding not g_bind_byfromip
Syntax: g_bind_authent_default bool
This setting has no further documentation currently available
Syntax: g_bind_byfromip fromip=string bindip=string
Bind outgoing SMTP connections based on the IP of the virtual domain in 'from' envelope. This is only useful if you are using IP based virtual domains.
Syntax: g_bind_from bool
So if the incomnig mail came in on interface address 1.2.3.4 then that same address is used to send the email
Syntax: g_bind_in_always bool
So if the incomnig mail came in on interface address 1.2.3.4 then that same address is used to send the email
Syntax: g_bind_incoming bool
Bind outgoing smtp connections to this IP number.
Syntax: g_bind_out string
This setting has no further documentation currently available
Syntax: g_bind_to string
This setting has no further documentation currently available
Syntax: g_bind_to_ip string
This setting has no further documentation currently available
Syntax: g_bind_to_name string
Level for spam detection for blacklisting IP number e.g. 7.
Syntax: g_black_above int
Number of spam in a row before IP blacklisted for 30 minutes eg: 30 (default = disabled)
Syntax: g_black_count int
This setting has no further documentation currently available
Syntax: g_black_isspam bool
There is no default. The ip is blacklisted for the time specified by G_MAX_BAD_IP_TIME or one day. Whitelist with G_BLACK_WHITE for ip address or from matches. This limit is related to a single connection, not all errors from an ip over time.
Syntax: g_black_nbad int
Blacklist senders IP address for 30 minutes if they deliver to these spam catch email addresses.
eg. g_black_to "smith@mydomain.com,catcher@myotherdomain.com"
Syntax: g_black_to string
This setting has no further documentation currently available
Syntax: g_black_white string
Allow you to block any mail with certain files attached.
g_block_files "*.exe,*.cmd,*.com"
Syntax: g_block_files string
By default files names over this length are ALWAYS blocked if g_block_files is used, in rare situations these are not just viruses attempting to get around the filter.
Syntax: g_block_longok bool
Some users will need to send various attachments, these users are excempt to the g_block_files rule
Syntax: g_block_skip string
Block the '*' wildcard character in usernames.
Syntax: g_block_wild bool
Due to widespread abuse of blogs this is not recommended.
Syntax: g_blogs_allow_links bool
This setting will help cleanup existing spam postings to your users blogs.
Syntax: g_blogs_cleanup_links bool
Helps if there are lots of comments, this is a global setting not per blog..
Syntax: g_blogs_comment_rev bool
This setting can have a value of the name of any directory in the SurgeMail blogtpl directory
Syntax: g_blogs_default_template string
By default all blogs in all domains are listed/shown to the user. This setting causes it to only list blogs in the users domain.
Syntax: g_blogs_domonly bool
Allow users to create blogs
Syntax: g_blogs_enable bool
This setting has no further documentation currently available
Syntax: g_blogs_https bool
By default image verification is now required, this prevents spammers from abusing the many 'test' blogs set up by your users.
Syntax: g_blogs_image_optional bool
Maximum number of blogs per user, default is 5
Syntax: g_blogs_max_per_user int
Images larger than this (in largest dimension) that are posted to blogs are scaled down, default is 390, per blog setting can overide this.
Syntax: g_blogs_maximum_image_size int
Images larger than this that are posted to blogs are scaled down, default is 390, per blog setting can overide this.
Syntax: g_blogs_maximum_image_width int
Maximum number of post bodies to appear on a blog top page, default is 10
Syntax: g_blogs_maximum_items_in_top_page int
This shortens http://a.com/blog/juggling to http:/a.com/juggling, but does require that you define a specific name for the blogs in the domain based url_blogs setting
Syntax: g_blogs_no_suffix bool
Only allows access to a blog on the domain it is defined on, this is not recommended. (probably want to use g_blogs_not_unique, g_blogs_domonly too)
Syntax: g_blogs_not_global bool
If set you can create different blogs with the same name in different virtual domains, this is not recommended.
Syntax: g_blogs_not_unique bool
Host and path to ping on each blog post. eg: host=rpc.weblog.com path=/RPC2
Syntax: g_blogs_ping host=string path=string
Experimental feature do not use
Syntax: g_blogs_sub_domain_prefix string
If you're DNS entry supports it, turn on this setting to make blogs accessible at http://blog_name.blogs.domain/ instead of http://domain/blogs/blog_name
Syntax: g_blogs_use_sub_domains bool
Allows the user to configure filters which filter the body of incoming messages
Syntax: g_body_filter bool
Simple system to prevent intentional or more likely, accidental mail loops or mail bombs where thousands of Emails are sent to a single user. A setting in the range of 100-1000 is generally good depending on your sensitivity to incorrectly blocking real mail. We suggest 1000 is a good setting if you are unsure.
This counts the messages from a single IP address to a single recipient. If a single IP sends more than this many messages to any single recipient then they will be tarpitted (slowed down and rejected).
Use spam_allow ip.address.list to over-ride the limit for known local systems that might exceed this limit (unlikely anything will).
Syntax: g_bomb_max int
Max msgs from a single email address/hour.
Syntax: g_bomb_max_from int
Useful for robots etc that expect high volume
Syntax: g_bomb_white string
Some RBL sites blacklist machines for sending bounces, which is probably a good thing. But even with spf running your server may occasionally send a bounce to a forged address, and so you can use an alternate ip address for these bounces to avoid blacklisting your main mail server address. First you must assign the ip address to your network interface etc
Syntax: g_bounce_bind string
Disable all bounces. This is particularly useful when under spam attack. This is for outgoing bounces it stops SurgeMail generating bounces it won't affect incomming bounces from other servers.
example:
g_bounce_disable "true"
Syntax: g_bounce_disable bool
Max size in bytes of message to send back as bounce message is truncated if necessary.
Syntax: g_bounce_limit int
This setting makes bounces occur normally, the reason bounces are normally dropped for non local users is that they are almost always spam bouncing off another server due to forwarding settings, and as such sending a bounce email will get your server black listed, so we decided it was best to drop them by default since they are rarely useful. Turn this setting on at your own risk :-). Instead use g_bounce_to to list domains that it is safe to bounce to.
Syntax: g_bounce_nodrop bool
This can help stop back scatter from another server going through your server to an external domain
Syntax: g_bounce_paranoid bool
This can be used to avoid 'back scatter' which can get your server listed in various black listed sites. In general your server should not generate bounces so if you get lots you may find changing config settings can stop them. Note this only redirects bounces to non local recipients, so your users sending outgoing mail will still get their own bounce messages.
Syntax: g_bounce_redirect string
Some mail servers (exchange) will accept email, then bounce it, this is now considered a 'crime' and will get your server black listed, so if you have surgemail running as a gateway for such servers you can tell it to reject any bounce that server is foolish enough to send you.
Syntax: g_bounce_reject string
This may result in lost messages, but can also avoid backscatter issues
Syntax: g_bounce_safe bool
This can decrease back scatter, but it has other bad effects, it can result in duplicate messasges arriving. Never never use this setting
Syntax: g_bounce_some_stop bool
This may help stop black listing for backscatter while still alerting the sending domain admin that one of their users emails to your server bounced, You can specify a template file suggest.eml if you don't like the default message suggesting the postmaster add spf records for their domain
Syntax: g_bounce_suggest bool
This setting makes bounces occur normally, the reason bounces are normally dropped for non local users is that they are almost always spam bouncing off another server due to forwarding settings, and as such sending a bounce email will get your server black listed, so we decided it was best to drop them by default since they are rarely useful. Turn this setting on at your own risk :-). Instead use g_bounce_to to list domains that it is safe to bounce to. e.g. *@a.com,*@b.com
Syntax: g_bounce_to string
This can help prevent message loss in rare cases where quota/size limits prevent a delivery from surgewall server to destination server.
Syntax: g_bounce_to_recipient bool
When a hacker guesses a password on your system they will often send outgoing spam to your server from multiple ip addresses, Surgemail detects this and emails the administrator when it occurs, use g_breakin_white to enable specific users who need to do this (this is very unusual though)
Syntax: g_breakin_enable bool
Only lower numbers are valid.
Syntax: g_breakin_n int
When a hacker guesses a password on your system they will often send outgoing spam to your server from multiple ip addresses, Surgemail detects this and emails the administrator when it occurs, use g_breakin_white to enable specific users who need to do this (this is very unusual though)
Syntax: g_breakin_short bool
When a hacker guesses a password on your system they will often send outgoing spam to your server from multiple ip addresses, Surgemail detects this and emails the administrator when it occurs, use this setting to enable specific users who need to do this (this is very unusual though), it also accepts wild cards, e.g. * if you wish to disable teh feature. A list is given as "user@domin,user2@domain2"
Syntax: g_breakin_white string
The window in which the multiple logins are counted
Syntax: g_breakin_window string
Disables the added buttons for voice messages
Syntax: g_broad_noadd bool
Customer specific feature
Syntax: g_broad_pass string
Customer specific feature
Syntax: g_broad_port string
Customer specific feature
Syntax: g_broad_server string
Customer specific feature
Syntax: g_broad_url string
Customer specific feature
Syntax: g_broad_user string
This setting has no further documentation currently available
Syntax: g_bull_maxage int
Senders must be authenticated user that matches the sender, domain can be blank to send to all domains, the to field is the address you will send posts to, typically something like: bulletins@your.domain.name
Syntax: g_bull_rule to=string domain=string sender=string
This setting should not be needed.
Syntax: g_byname_old bool
This setting has no further documentation currently available
Syntax: g_calendar_version int
Useful if you are paranoid about information :-)
Syntax: g_callhome_disable bool
Authentication server and port for CentiPaid.
Syntax: g_centipaid string
Downloads a ip to country database and then adds a header based on that to each message to show where it came from. This file IpToCountry.csv should appear in your surgemail home directory after enabling this setting (restart surgemail too), if the file doesn't appear you can download it via http://updates.netwinsite.com/updates/IpToCountry.csv , tellmail aspam_update may trigger the download!
Syntax: g_check_date bool
Some users will trigger CID matches due to the nature of their business (accountants/lawyers) for these people you may want to list them here. CID is content matching, usually scams which often use legal language.
Syntax: g_cid_skip_to string
This is a dummy setting that lets you store information in the ini file that will survive setting changes from the web admin tool.
Syntax: g_comment date=string name=string comment=string
This setting has no further documentation currently available
Syntax: g_con_gateway int
Maximum number of connections allowed per IP address. Primarily this is used to prevent simple denial of service attacks where one user could otherwise use up all the channels your system can support and then do nothing with them.
Syntax: g_con_perip int
IP list of exception addresses to g_con_perip.
Syntax: g_con_perip_except string
Maximum number of concurrent connections per subnet. This limits
concurrent connections from a sub net, great for automatically
stopping professional spammers who use multiple addresses. A
typical setting might be 20. Subnet is /24.
Syntax: g_con_persubnet int
This setting has no further documentation currently available
Syntax: g_con_peruser int
This setting has no further documentation currently available
Syntax: g_con_peruser_except string
Some Spam tests send mail user%spamdomain.com@localdomain.com to see if a server is an open relay. If a default address is set up for the local domain this will be delivered to this local address and the test assumes the mail server is an open relay. This setting prevents this.
Syntax: g_convert_percent bool
This setting has no further documentation currently available
Syntax: g_cookie_secure bool
This setting has no further documentation currently available
Syntax: g_country_allow string
This setting has no further documentation currently available
Syntax: g_country_allowip string
Downloads a ip to country database and then adds a header based on that to each message to show where it came from. This file IpToCountry.csv should appear in your surgemail home directory after enabling this setting (restart surgemail too), if the file doesn't appear you can download it via http://updates.netwinsite.com/updates/IpToCountry.csv , tellmail aspam_update may trigger the download!
Syntax: g_country_ip bool
See IpToCountry.csv and make sure g_country_ip is enabled
Syntax: g_country_login string
This setting has no further documentation currently available
Syntax: g_country_url string
Default is 10 seconds, helps detect system lockups and alert the manager
Syntax: g_cpu_notest bool
Default is 10 seconds, helps detect system lockups and alert the manager
Syntax: g_cpu_slow int
This setting has no further documentation currently available
Syntax: g_crash_nomini bool
Crash without catching signals 10,11. In particular
this will generate correct core files on FreeBSD
systems.
Syntax: g_crash_normal bool
This setting has no further documentation currently available
Syntax: g_crash_simple bool
Defaults to A-Za-z0-9\-_. meaning usernames/password may contain letters, numbers, -, _ and . and nothing else.
Syntax: g_create_allow string
Settting overriding g_create_allow just for passwords.
Syntax: g_create_allow_pass string
This setting allows you to apply create_* settings to domain admin accounts. Specify g_access_group names and domain admins in these groups will have create_* settings applied to them when adding users in the domain admin interface.
Syntax: g_create_apply string
Without this setting the admin can create usernames that contain any characters pretty much
Syntax: g_create_apply_admin bool
Comma separated list of illegal usernames, may contain wild cards, if username contains part of a non-wild card or matches a wildcard it is disallowed.
Syntax: g_create_badnames string
This causes a delete to be actioned for a user before/as they are created. This ensures the new user does not end up with any files, on any mailing lists, with any aliases etc from a previous user of the same name/address. If you delete users from the authent database directly i.e. not using the surgemail web admin or calling 'tellmail delete_user' then this setting will cleanup the users files when their address is re-used.
Syntax: g_create_cleanup bool
Text file containing one word per line, passwords are compared to all words longer than 4 characters in this file, if a username or password contains a word in this file it is not allowed. Only takes effect if g_create_strict is checked.
Syntax: g_create_dictionary string
This setting has no further documentation currently available
Syntax: g_create_pass_digit bool
This is applied during user self creation and when users change passwords. Set admin to true to restrict the domain and global admin also.
Syntax: g_create_pass_length min=int max=int admin=bool
Require mixed case passwords
Syntax: g_create_pass_mixed bool
Ban password if it conains the username
Syntax: g_create_pass_notuser bool
This setting has no further documentation currently available
Syntax: g_create_pass_recheck bool
This setting has no further documentation currently available
Syntax: g_create_pass_recheck_text string
Useful sometimes for provisioning, allows username=password
Syntax: g_create_pass_slack bool
Require a special character
Syntax: g_create_pass_special bool
This setting has no further documentation currently available
Syntax: g_create_record_ip bool
Checking this causes surgemail to check passwords do not contain words longer than 4 characters from g_create_dictionary as well as requiring the password to be 6+ characters, and usernames/passwords to contain more than 1 character.
Syntax: g_create_strict bool
This setting has no further documentation currently available
Syntax: g_create_strict_admin bool
This is applied during user self creation. Set admin to true to restrict the domain and global admin also.
Syntax: g_create_user_length min=int max=int admin=bool
Add timezone if date header is missing one
Syntax: g_date_add_utc bool
This causes links to appear in the DBabble interface to switch to using WebMail (and SurgePlus if you have the g_surgeplus_links setting on).
Syntax: g_dbabble_links bool
This setting specifies the port that DBabble listens on. DBabble looks at surgemail.ini and if it sees this setting, overrides it's own setting with this value. When you save changes to this setting from within the SurgeMail DBabble admin interface, SurgeMail automatically sets appropriate values for the g_redirect_iflocal and g_gateway settings.
Syntax: g_dbabble_smtp_port int
This setting is used in conjunction with the dbabble_smtp_port setting to forward all mail with the specified prefix on to DBabble.
Syntax: g_dbabble_smtp_prefix string
For catching bugs in block file processsing.
Syntax: g_debug_block bool
This setting has no further documentation currently available
Syntax: g_debug_body bool
This setting has no further documentation currently available
Syntax: g_debug_check bool
This setting has no further documentation currently available
Syntax: g_debug_crt bool
This is for tracking a particular bug, not for general use
Syntax: g_debug_free bool
This is for tracking a particular bug, not for general use
Syntax: g_debug_freepc int
This setting has no further documentation currently available
Syntax: g_debug_image bool
This is for tracking a particular bug or user error :-)
Syntax: g_debug_imap bool
This is a temp setting used for testing
Syntax: g_debug_ini bool
This makes ncpy clear the entire destination buffer to increase the chance of a crash if the buffer length is wrong
Syntax: g_debug_ncpy bool
This makes ncpy clear the entire destination buffer to increase the chance of a crash if the buffer length is wrong
Syntax: g_debug_ncpy2 bool
This is for tracking a particular bug, not for general use
Syntax: g_debug_padpc int
This makes ncpy clear the entire destination buffer to increase the chance of a crash if the buffer length is wrong
Syntax: g_debug_timing bool
This is for tracking a particular bug, not for general use
Syntax: g_debug_vanished string
If the authent response includes this field/value pair then the user account will not expire
Syntax: g_delete_exclude field=string value=string
Example: field="noexpire" value="true"
Number of days an account can remain unread before it is deleted. This setting cannot be used on an authent_domain FALSE domain unless it has a prefix setting.
e.g.
DELETE_USER_AFTER "30"
Then issue the command:
tellmail expire_accounts
Then examine users_delete.rec to see it is a valid list of old
accounts, then use:
tellmail delete_user FILE users_delete.rec
To actually delete the accounts.
Syntax: g_delete_user_after int
You can set this to "file" or "suspend". "file" causes accounts to be written to the users_delete.rec file, which you can action by running "tellmail delete_user FILE" or "tellmail delete_user FILE users_delete.rec" (optionally specify the file). "suspend" causes accounts to be suspend, it does this by setting the field and value specified in the g_delete_user_suspend setting.
If this setting is blank the default is to use 'file' mode, accounts are NEVER deleted automatically except in the very oldest versions of surgemail (before version 3)
Syntax: g_delete_user_mode string
Set the field and value to use when suspending an account due to g_delete_user_after and the g_delete_user_mode "suspend" settings.
Example: Disable accounts after 1 year g_delete_user_after "365" g_delete_user_mode "suspend" g_delete_user_suspend field="mailstatus" value="closed"
Syntax: g_delete_user_suspend field=string value=string
This setting has no further documentation currently available
Syntax: g_deliver_robot string
This setting has no further documentation currently available
Syntax: g_demo bool
This setting has no further documentation currently available
Syntax: g_demo_to string
Block known spammers etc by IP address. You can use wild cards and 'not' signs, e.g. "!*,127.*,10.*"
Syntax: g_deny string
Block countries, examine the file IpToCountry.csv for the abbreviations, g_country_ip must be set true, and issue tellmail aspam_update
Syntax: g_deny_country string
This setting has no further documentation currently available
Syntax: g_deny_log bool
This setting has no further documentation currently available
Syntax: g_deny_login string
Message to give to users who are disconnected due to the above 'deny' setting.
Syntax: g_deny_msg string
Block users from some IP ranges connecting to SMTP only.
Syntax: g_deny_smtp string
If the authent response includes this field/value pair then the user account will not be disabled from receiving messages
Syntax: g_disable_exclude field=string value=string
Example: field="noexpire" value="true"
This setting has no further documentation currently available
Syntax: g_disable_qnum bool
Useful to ensure delivery for important company notices
Syntax: g_disable_skip string
DO NOT USE THIS SETTING IN A MIRROR/CLUSTER SETUP
Number of days an account can remain unread before delivery is disabled.
Syntax: g_disable_smtp_after int
Disable users from logging in using the SurgePlus Calendar and File Sharing client. See SurgePlus
Syntax: g_disable_surgeplus bool
New versions of the SurgePlus client are automatically downloaded from netwinsite.com and made available for download form your server by your users. See SurgePlus
Syntax: g_disable_surgeplus_updates bool
This setting has no further documentation currently available
Syntax: g_disk_debug bool
This setting has no further documentation currently available
Syntax: g_disk_warning string
Intended to make server die rather than to pretend to keep running when a major disk fault has occurred
Syntax: g_diskio_abort bool
See domainkeys.htm
Syntax: g_dkim_allow string
See domainkeys.htm
Syntax: g_dkim_allowip string
Use if you need to use a different selector when forwarding for a domain (so you can define a different dkim private key)
Syntax: g_dkim_alt_domains string
Use if you need to use a different selector when forwarding for a domain (so you can define a different dkim private key)
Syntax: g_dkim_alt_name string
Useful when you want to act as a signing gateway
Syntax: g_dkim_always_force bool
See domainkeys.htm
Syntax: g_dkim_check bool
This can be used to exclude some domains
Syntax: g_dkim_exclude string
Use if you need to use a different selector when forwarding for a domain (so you can define a different dkim private key)
Syntax: g_dkim_force_from string
This will help get the message through gateways without breaking the signature, try a single header, e.g. from
Syntax: g_dkim_headers string
Use if you need to use a different selector when forwarding for a domain (so you can define a different dkim private key)
Syntax: g_dkim_noforce string
Useful to avoid double signing incoming messages
Syntax: g_dkim_nogateway bool
Normally all local domains are signed, but if this setting exists then it is used instead so you must list local domains as well as non local ones you want to sign messages for. G_dkim_sign must also be set to true! Never set to *
Syntax: g_dkim_only string
Useful when you want to act as a signing gateway
Syntax: g_dkim_return bool
This defines the dns entry name for your policy record and public key entry in your dns. See domainkeys.htm for details
Syntax: g_dkim_selector string
To turn off dkim for some domains see the per domain setting, dkim_disable. See domainkeys.htm for more info.
Syntax: g_dkim_sign bool
This is useful if the destination server is faulty with it's dkim processing
Syntax: g_dkim_skip string
Prevents address havesting etc by users - strongly recommended on public servers, not necessary on small or private servers
Syntax: g_dlist_nolocal bool
If set disable (do not attempt to start) dlist for DMail compatibility mode..
Syntax: g_dlist_nostart bool
This setting has no further documentation currently available
Syntax: g_dlist_one bool
DList Path normally defaults to $g_home/dlist.
Syntax: g_dlist_path string
Run DMail compatible filter files. Mfilter rule files should be used instead.
Syntax: g_dmail_filter string
This setting has no further documentation currently available
Syntax: g_dmarc_allow string
This setting has no further documentation currently available
Syntax: g_dmarc_enforce bool
This setting has no further documentation currently available
Syntax: g_dmarc_none_quarantine bool
This setting has no further documentation currently available
Syntax: g_dmarc_use bool
This setting has no further documentation currently available
Syntax: g_dmarc_whitelist bool
This setting has no further documentation currently available
Syntax: g_dns_blank_fail bool
Best not to change this normally
Syntax: g_dns_cache_size int
Not normally needed unless dns server is flakey...
Syntax: g_dns_disk bool
This setting can normally be left blank as the mail server will find your system DNS settings. However, you can specify one or more DNS servers for the mail server to use instead to lookup names.
DNS lookups are cached to disk so SurgeMail will generally continue to work even if your dns server is temporarily unavailable.
Test your dns server with this command. If working it should return two ip addresses for that domain.
tellmail dns_test "netwinsite.com"
Prior to SurgeMail 2.0h dns lookups were done using tcp instead of udp, they are now down with UDP unless the response exceeds UDP packet size (as per RFC).
NOTE: All dns servers listed in this setting must be fully recursive, a non recursive dns server will create many dns lookup failures!
Syntax: g_dns_host string
The message given to the user when the forwar/reverse dns lookup doesn't match
Syntax: g_dns_match_msg string
Example: "Sorry your ip address doesn't translate into a name that translates into your ip address"
Concurrent DNS lookups to send to DNS server (Default=20) (not used after version 2.0h)
Syntax: g_dns_nlookup int
This setting disables the small cache used for SPF lookups to improve performance.
Syntax: g_dns_nocache bool
If the ip number of a connecting user has no associated name in the reverse dns database then the connection is rejected or told to retry later.
Syntax: g_dns_noptr string
Example: "retry"
See short description.
Syntax: g_dns_noptr_msg string
This is an over-ride for local addresses which you trust.
Syntax: g_dns_noptr_skip string
Example: "retry"
Does a forward DNS lookup on the sender's domain and matches this with a reverse lookup of the senders IP address. If these do not match the message is either bounced or stamped with the header "X-DNS-Paranoid: <explanation>". Valid values for this field are "STAMP","RETRY" and "REJECT".
STAMP = Add the X-DNS-Paranoid header if it fails
RETRY = Bounce the message with a 450 error. (so if the failure was temporary the sending server will retry)
REJECT = Bounce the message with a 550 error
Set g_dns_lookup_msg or g_dns_match_msg to define the reject/stamp strings respectively.
Require MAIL FROM header to match the reverse dns lookup based of the sender based on the sender's IP.
eg. from=*@hotmail.com hosts=*hotmail.com
Syntax: g_dns_paranoid string
This setting predates SPF which does the same sort of thing on a grander scale, no longer needed.
Syntax: g_dns_require from=string hosts=string
Example: from=*@hotmail.com hosts=*hotmail.com
This setting has no further documentation currently available
Syntax: g_dns_retryretry bool
If all channels hang in a state 'lookup' then turn this off so it will use the surgemail code for reverse dns lookups. This setting used to be g_dns_lookup and had the opposite meaning, we reversed it because the system dns code was faulty so often
Syntax: g_dns_system bool
This setting has no further documentation currently available
Syntax: g_dns_test_blank bool
This setting has no further documentation currently available
Syntax: g_dns_threaded bool
Useful for translating ip numbers inside a local intranet and doing other fancy routing of various sorts.
Syntax: g_dns_translate from=string to=string
This setting has no further documentation currently available
Syntax: g_dns_unthreaded bool
Default unit is seconds. You can specify units e.g. 3 minutes, 10 hours etc...
Syntax: g_domadmin_utoken_expire int
This setting has no further documentation currently available
Syntax: g_domadmin_utoken_idle int
This setting has no further documentation currently available
Syntax: g_domain_create_auto bool
This setting has no further documentation currently available
Syntax: g_domain_create_route bool
This is probably not what you think it is, generally the 'first' domain in surgemail.ini is used in this situation, but in some instances, when using domuser.dat for example to translate users back to virtual domains, you will want the default domain to be a 'generic' made up domain that doesn't really exist.
For example lets say you have users fred@a.com, bob@b.com, then in domusers.dat you have
fred@a.com fred@a.com
bob@b.com bob@b.com
bob@xxx bob@b.com
fred@xxx fred@a.com
And the result is that users who login to pop as bob or fred, will be correctly mapped to the correct virtual domain user even though the actual domain is different in those two cases.
Clear as mud I expect?
Syntax: g_domain_default string
Maximum number of domains to list at once in the admin user interface.
Syntax: g_domain_list_max int
For POP logins where your virtual domain is NOT distinguished by IP address users can login with 'user@domain' or user/domain.name etc and the mail server will pickup the domain name correctly. By default only 'user@domain.name' is accepted unless this setting is used which can be useful for brain dead mail clients which don't allow the user to specify 'user@domain.name' as the username eg:
g_domain_separator "/"
Syntax: g_domain_separator string
This setting has no further documentation currently available
Syntax: g_domain_templates bool
Specifies a file which contains lines that translate an email address to the username that should be looked up in the database. This file can contain a domain name not previously specified in surgemail.ini allowing you to create unique sub-domain addresses. eg:
g_domuser_file "c:\surgemail\domuser.dat"
Example entries...
*@domain.com postmaster@domain.com
userA@domain.com userB@domain.com
firstname@lastname.domain.com firstname@lastname.domain.com
Syntax: g_domuser_file string
Minutes to wait for nfs lock file, default 20 minutes.
Syntax: g_dotlock_minutes int
In the dotstuffed format any attachments that have content (in encoded format) starting with a . get corrupted, as all single '.' characters at the start of a line are converted to '..'. This is only very seldomly an issue as encoded text doesn't usually have . characters. This feature can only be enabled and still need furhter production level testing to make sure there are no side effects... so if you play with it consider yourself adequately warned :-)
Syntax: g_dotstuff_fix bool
Can be used with g_include to have settings fetched from a central location, the file is fetched once an hour.
Syntax: g_download url=string user=string pass=string local=string
For use on Solaris when using sendmail for incoming mail delivery.
Syntax: g_drop_use_len bool
Not recommended. Delivery Status Notification is used by spammers to find addresses to spam to.
Syntax: g_dsn_enable bool
Safer alternative to real DSN as it only applies to local users. This guesses if the user is trusted based on previous logins
Syntax: g_dsn_loggedin bool
This setting helps hide internal addresses in bounce messages (after forwarding etc). Not recommended.
Syntax: g_dsn_nofinal bool
This is probably a bad idea, it is best to reject 8bit mime and stop people sending it as the destination server may not support it
Syntax: g_ehlo_8bitmime string
This setting has no further documentation currently available
Syntax: g_ehlo_log bool
This is a debugging setting, do not use.
Syntax: g_ehlo_simple string
This is probably a bad idea, it is best to reject 8bit mime and stop people sending it as the destination server may not support it
Syntax: g_ehlo_smtputf8 string
Be aware that this setting will not work until you register on their server and tell them the ip address of your server/dns to permit lookups. They charge $20 to verify your domain and this will help to get your email delivered more reliably
Syntax: g_emailreg_enable bool
This can be used if naked passwords in the config are a problem. This setting currently applies to g_gateway, and may apply to others in future. You must manually copy the file config.key from master to slave.
Syntax: g_encrypt_config bool
Disable encryption mechanism
Syntax: g_encrypt_disable bool
When a message is sent via encryption it is deleted after this many days
Syntax: g_encrypt_expire int
Sets the default encryption method when a rule does not apply
Syntax: g_encrypt_inline bool
Per user limit
Syntax: g_encrypt_limit int
Server wide limit to prevent abuse (or accidental over use)
Syntax: g_encrypt_max int
This lets you create accounts for domains that don't exist, these users can then send encrypted messages.
Syntax: g_encrypt_nodomain bool
Known fault, this affects all recipeients, not generally good to use
Syntax: g_encrypt_nofwd bool
Only significant if the setting to lock all messages is enabled.
Syntax: g_encrypt_noip string
If default encrpting is enabled then you might need this setting to stop it for late forwarding.
Syntax: g_encrypt_nolate bool
Only significant if the setting to lock all messages is enabled.
Syntax: g_encrypt_none string
e.g. No watermark defined, please complete this form
Syntax: g_encrypt_nowater string
DO NOT USE
Syntax: g_encrypt_path string
This setting has no further documentation currently available
Syntax: g_encrypt_prefix string
DO NOT USE
Syntax: g_encrypt_pw_host string
DO NOT USE
Syntax: g_encrypt_pw_key string
Not for general use, keywords (expire password reminder)
Syntax: g_encrypt_reminders int
By default a reply to a local user is also encrypted this makes it not encrypt the reply as user should be reading the message via SSL so the data is secure anyway.
Syntax: g_encrypt_reply_plain bool
This setting has no further documentation currently available
Syntax: g_encrypt_reset_easy bool
Message body sent to end user when password is reset
Syntax: g_encrypt_reset_msg string
This setting increases security and should be used if your server allows public account registrations.
Syntax: g_encrypt_reset_safe bool
Message body sent to sender password reset is requested
Syntax: g_encrypt_reset_sender string
The sender has been emailed a link they can use to reset your password
Syntax: g_encrypt_reset_user string
If this rule matches then the message will be encrypted before it is sent to the user. method=server or inline, we recommend 'server' mode as it's much simpler.
Syntax: g_encrypt_rule header=string contains=string from=string to=string noconfirm=bool method=string
Encrypt all messages except g_encrypt_unlock and surgeweb defined addresses - this feature not generally available till 9/March/2013, encrypt_smart per domain must also be turned on.
Syntax: g_encrypt_smart bool
When a message is going to be encrypted this setting ensures it is sent from the user to the server via SSL
Syntax: g_encrypt_ssl_force bool
When a message is going to be encrypted this setting ensures it is sent from the user to the server via SSL
Syntax: g_encrypt_ssl_noforce string
Enables the display of surgevault encryption in the surgeweb interface (can be modified using encrypt_hide on surgeweb customisation page)
Syntax: g_encrypt_surgeweb_show bool
Not for general use
Syntax: g_encrypt_unlock string
Normally surgewall skips encryption
Syntax: g_encrypt_wall bool
This setting has no further documentation currently available
Syntax: g_enotify_from string
These characters can break some mail clients and should not appear in normal emails
Syntax: g_eof_fix_off bool
If wild card string matches smtp response code, then replace with 'to' response code, use %1 to replace the first wild card match etc...
Syntax: g_error_xlate was=string to=string
e.g. New,Sent,Bounced,Later,Failed,Stored,Dropped,Rejected
Syntax: g_event_list string
The parameters sent include, (given url)&mode=xx&mid=xx&from=x&to=xx&qnum=xx
Syntax: g_event_url string
Send an email to all members of the domain, only accessable by authenticated domain administrator, also $alldomains@domain.name will send to all users of all domains if you are the g_manager_username user
Syntax: g_everyone bool
Used if rule files added manually
Syntax: g_expire_all_rules bool
Reduce load spent expiring old messages.
Syntax: g_expire_every int
Useful if you only want to expire message the user never read
Syntax: g_expire_onlyunread bool
Some users get upset when they find messages have expired, this setting makes the expiration silent so the users don't even notice. I think this is a bit nuts myself but some admins prefer it
Syntax: g_expire_silent bool
Expires any messages more than 7 days old found in the 'trash' folder.
Syntax: g_expire_trash bool
This will help warn users before a file is actually deleted.
Syntax: g_expire_warning int
This tags any external email with a warning
Syntax: g_external_all bool
This tags any external email with a warning
Syntax: g_external_dlist bool
Also use g_received_skip
Syntax: g_external_ip_disable bool
This tags any external email with a warning
Syntax: g_external_msg string
e.g. *@xyz.com,*@fred.com
Syntax: g_external_only string
Tags most msgs placed in the spam folder too.
Syntax: g_external_spam bool
Used to set the color/font etc...
Syntax: g_external_style string
This tags any external email with a warning
Syntax: g_external_warn bool
This setting has no further documentation currently available
Syntax: g_external_white string
People who don't need warning.
Syntax: g_external_white_to string
Default address for all local domains. If a local delivery is not to any valid user Emails will be delivered to this address. There is also a per domain default.
We want to stress that this is a dangerous setting, you use at
your own peril.
Spammers will turn up to your server and test sending to accounts,
they will just run through a dictionary of names, with a fallback
setting you will be telling the spammer that all these accounts
exist. The spammer will then deliver spam to these addresses in
volumes that can cripple a server almost.
Syntax: g_fallback string
This can be used to relay users where you have a user database that can be checked on the front end system directly (odbcauth, tcpauth, etc)
Syntax: g_fallback_relay_if_exists bool
This setting has no further documentation currently available
Syntax: g_fast_time_off bool
Used to test alternate spam filter weigtings
Syntax: g_feat_testing bool
Messages over this size (in bytes) are skipped. default = no limit
Syntax: g_filter_max int
Default is 20, when this limit is reached the incoming thread waits a few seconds then skips the filter if necessary, this is intended to prevent a log jam/melt down effect.
Syntax: g_filter_n int
This allows external applications to filter and modify incoming messages. Example: Integration with Spam Assassin (on UNIX) could be achieved as follows:
g_filter_pipe "/usr/local/bin/spamassassin -P"
it expects a normal unix 'filter' so, read the message on 'stdin' and write the identical (or modified) message to 'stdout'.
The input will be 'crlf' terminated and so should the output file.
That's all you can do with this mechanism, if you want to bounce the message or flag it as spam you 'add' a header and then use something in surgemail to detect and act on the header you've added (mfilter)
Syntax: g_filter_pipe string
Needed if you want headers to be seen by later surgemail processing
Syntax: g_filter_pipe_headers bool
Skip for authenticated users
Syntax: g_filter_pipe_noauth bool
Set this for local servers that don't need filtering, e.g. mailing list servers, local trusted robots.
Syntax: g_filter_pipe_skip string
Filter timeout (g_filter_pipe) in seconds, default is 360.
Syntax: g_filter_timeout int
This setting is for backward compatibility to reproduce buggy behaviour
Syntax: g_find_wrong bool
This is best not used, it's best to fix the faulty email application, results are not gauranteed.
Syntax: g_fix_crcrlf bool
This is best not used, it's best to fix the faulty email server, results are not gauranteed.
Syntax: g_fix_imap_lf bool
This essentially adds the footers to 'outgoing' email... if the user is a member of the group nofooter then the footer is also skipped.
Syntax: g_footer_auth bool
Footer file which is appended to all plain text mail messages.
Syntax: g_footer_file string
Footer file which is appended to all HTML mail messages.
Syntax: g_footer_html string
This works by examining the message contents to try and find part of the footer.
Syntax: g_footer_notfound bool
Plain text footer file which is appended to all outbound mail messages only.
Syntax: g_footer_send string
Add g_footer_send to all messages when sending to non local users.
Syntax: g_footer_sendonly bool
This skips the footer for matching users (e.g. cell phones etc)
Syntax: g_footer_skip string
This can be used to make the footer optional
Syntax: g_footer_skipfound string
This prevents the footer from being added for a message that pretends to come from your domain.
Syntax: g_footer_trusted bool
Useful with hotmail.com, aol.com etc so that forwarded messages are not mistaken for spam
Syntax: g_forward_attach string
This prevents problems with spf/identity checking as the forwarded message is sent with valid from and return path
Syntax: g_forward_fixfrom bool
Syntax: g_forward_illegal to="address" apply="user type "
This setting allows you to specify some addresses as being illegal for certain users. This stops users setting up forwarding rules to these addresses. They can still send mail to these addresses manually with their email client. These rules _ONLY_ apply to non local domains.
Some examples:
If you want to stop your users setting up forward rules that
redirect to aol.com.
g_forward_illegal to="*@aol.com" apply="user"
If you want to stop your users setting a forward to all domains
except aol.com
g_forward_illegal to="*,!*@aol.com" apply="user"
Stop domain admins sending to aol.com
g_forward_illegal to="*@aol.com" apply="domadmin"
Stop admins sending to netwinsite.com
g_forward_illegal to="*@netwinsite.com" apply="admin"
Syntax: g_forward_illegal to=string apply=string
Testing setting, please do not use.
Syntax: g_forward_oops string
This is useful if senders are not using smtp auth but you still want friends to be added, typically used with surgewall...
Syntax: g_friends_add_trusted bool
The user click on a button to disable friends for a few hours, during this time all messages will get treated as a friend and thus bypass SPF too.
Syntax: g_friends_allow_spf bool
This enables the "Add all outgoing email addresses to list" feature and always checks incoming messages against the friends list so that SurgeMail can correctly tag or filter it.
Syntax: g_friends_always bool
This setting is automatically added/removed by the web admin when global friends defaults are configured. It allows us to check friends at rcpt stage without paying a disk access cost for non-friends users.
Syntax: g_friends_at_rcpt bool
This means a friend or trained message will whitelist the entire domain/ip address combination until contradicted for all users
Syntax: g_friends_autodom bool
This setting has no further documentation currently available
Syntax: g_friends_bounce_friend bool
This setting has no further documentation currently available
Syntax: g_friends_bounce_rej bool
This can make it clearer that email is not getting through to the destination
Syntax: g_friends_bounce_second bool
This restores the old beahviour, you would normally only use this if your mail server was unaccessable via http as email based rejections are not as easy to use or as reliable as web based human confirmations
Syntax: g_friends_byemail bool
If the incoming message may be forged it will bounce messages using an smtp error code to deny delivery but it will allow any real sender to bypass this. This settings is good if spamcop block your domain for sending friends challenges as it cuts down on the number of such messages. This avoids backscatter
Syntax: g_friends_check_spf bool
This setting has no further documentation currently available
Syntax: g_friends_cleanup bool
This enables us to examine suspect replies to friends confirmations for indications that they were sent by spammers or mail robots.
Syntax: g_friends_confirm_debug bool
String to use as the subject of a friends confirmation email. Defaults to: "Please reply to ||confirm|| message and allow delivery". This value must contain the text ||confirm||, this text is replaced by the unique message id that allows SurgeMail to find the message to release eg. confirm(1150419513.1880_1180.domain). It is also advisable to place the ||confirm|| near the start of the string as some clients will truncate long subjects and any truncation of the ||confirm|| value will result in failure to release the message.
Syntax: g_friends_confirm_subject string
This setting has no further documentation currently available
Syntax: g_friends_daemon_ok bool
This makes surgemail always send an email bounce rather than a safe reject, only intended for testing bounce messages
Syntax: g_friends_debug1 bool
This setting has no further documentation currently available
Syntax: g_friends_default_autoadd bool
Valid settings are kids,disabled,smite,silent,list. Recommended silent or smite, in silent mode no challenge email is sent, in smite mode a challenge email is sent if the score is exceeded.
Syntax: g_friends_default_mode string
Used when you wish to whitelist outgoing addresses even though the sender/reply address does not match the authenticated user (e.g. messages sent via exchange)
Syntax: g_friends_global_add string
Used when you wish to whitelist outgoing addresses even though the sender/reply address does not match the authenticated user (e.g. messages sent via exchange)
Syntax: g_friends_global_auto bool
This is good for avoiding meaningless entries or obvious entries that people might send email to by mistake
Syntax: g_friends_global_exclude string
List of addresses considered friends for all users on the system eg: the system manager email address
Syntax: g_friends_ignore string
Useful when you have a gateway that is sending to surgemail
Syntax: g_friends_ignore_trusted bool
This setting improves spam handling
Syntax: g_friends_lang_auto bool
Causes friends to re-read message headers, allowing rules based on headers added during delivery
Syntax: g_friends_latest_headers bool
This setting has no further documentation currently available
Syntax: g_friends_local_match bool
Uses an older style link
Syntax: g_friends_long bool
e.g. Delivery pending, to deliver you must send an email to
Syntax: g_friends_msg string
e.g. Note: Delivery will ONLY occur if you click on this link
Syntax: g_friends_msg_link string
This specifies what to call the friends system when referring to it on web pages and in email to our users, you can call it whatever you like
Syntax: g_friends_name string
If spf failed then don't allow a friends match
Syntax: g_friends_obey_spf bool
Use status.eml instead of status_html.eml
Syntax: g_friends_old_status_email bool
An anti-spam feature which screens incoming mail to ensure it comes from a human. For incoming mail from unknown addresses a message is sent to this person requesting them to reply to confirm they are human and the original message will be delivered. See this page for more details.
Syntax: g_friends_only bool
How long to store users friends pending messages before deleting them (days)
Syntax: g_friends_pending_keep int
The default is 10000 Items
Syntax: g_friends_pending_max int
This shouldn't be changed unless this feature has not been used before as it will confuse your users. Any matching folder the user has of the same name will become invisible. So at least make it something other than simply Spam!!
Syntax: g_friends_pending_name string
When a bounce for a confirmation message is received we vanish it, this setting will also delete the original message.
Syntax: g_friends_pending_vanish bool
This setting has no further documentation currently available
Syntax: g_friends_release_wash bool
Set log size, the log is also rotated when a friends report email is sent (if configured)
Syntax: g_friends_rotate int
By using a rejection during the incoming message instead of sending an email back scatter is completely avoided.
Syntax: g_friends_safer bool
This setting is to simply disable the confirm emails, not generally recommended as this makes friends a bit pointless.
Syntax: g_friends_silent bool
Not generally recommended.
Syntax: g_friends_silent_level int
This setting has no further documentation currently available
Syntax: g_friends_skip_ip string
This sets the default when no friends.ini file exists, a level of 8 will give best all round results, a level of 10 will stop less spam but avoid false positives.
Syntax: g_friends_spam_score int
This setting has no further documentation currently available
Syntax: g_friends_spf bool
The default behaviour is to only send confirmations if SPF checks pass, if they fail friends checking is skipped, no confirmation request is sent and the email is not blocked by friends.
Syntax: g_friends_spf_fail_bounce bool
This setting has no further documentation currently available
Syntax: g_friends_status_sort bool
Reports to manager if any fail
Syntax: g_friends_testurl bool
Normally the default will work.
Syntax: g_friends_url string
Normally the default will work.
Syntax: g_friends_use_https bool
This used to be the default, but it meant people thought delivery was occurring!
Syntax: g_friends_warnonce bool
From headers to allow bypassing the g_from* checks. e.g. "*@x.y.com,*@b.com,fred@bb.com"
Syntax: g_from_allow string
This setting has no further documentation currently available
Syntax: g_from_allow_ip string
This setting has no further documentation currently available
Syntax: g_from_allow_to string
The 'from' domain is checked against the specified RBL which must be a special 'FROM' based rbl which lists spammers by from address. Most spammers fake from addresses so this is a fairly marginally useful method.
Syntax: g_from_bl name=string stamp=string
Checks if the sender is authenticated or from an address that can relay, if not then the message is bounced if it claims to be from a local domain. One of the settings to prevent forgery
Syntax: g_from_body_bounce bool
Bounce if from address is probably faked.
This check is activated for any mail with a local domain in the from address but not using SMTP authentcation, relay allow IP address or spam allow IP address.
Syntax: g_from_bounce bool
Check from domains match valid local domains if user is authenticated, or g_from_allow.
Should be used with g_from_bounce "true" which basically forces them to authenticate and then makes this setting work properly.Syntax: g_from_check bool
Fixes the 'from' envelope if the email client failed to specify a domain name, this doesn't fix the from header currently but we may change that in future!
Syntax: g_from_domain string
This setting has no further documentation currently available
Syntax: g_from_domain_match bool
Check from matches authenticated user. If user is not authenticated the setting is skipped.
Should be used with g_from_bounce "true" which basically forces
them to authenticate and then makes this setting work properly.
Syntax: g_from_exact bool
Used when you want to make all messages use the same valid bounce address, reply-to header will contain original from if it doesn't exist
Syntax: g_from_force string
From header used in delivery bounces.
Syntax: g_from_header string
Doesn't allow lists to bypass forge rules
Syntax: g_from_list_too bool
Can be useful in blocking dumb spam robots
Syntax: g_from_must_exist bool
This can prevent many common forms of forgery, this will bounce some real email, so probably better to use the noforgeme setting instead. One of the settings to prevent forgery
Syntax: g_from_noforge bool
Prevent forgeries of important local addresses, e.g. *support*
Syntax: g_from_noforge_some string
This can prevent many common forms of forgery, this is safer than the noforge setting above, and generally almost as effective. One of the settings to prevent forgery
Syntax: g_from_noforgeme bool
Prevents forgery where the descriptive name is a fake email address that doesn't match the real address
Syntax: g_from_noforgename bool
This setting modifies the g_from_noforgeme behaviour so it doesn't block the message but does prevent a friend match occurring
Syntax: g_from_nofriend bool
This setting has no further documentation currently available
Syntax: g_from_ok string
This one helps prevent a local virus sending out spam. It basically says non authenticated users who can relay due to a g_relay_allow_ip rule must send from one of your domains or use smtp authentication or be in a white list. Note this test is performed on the message envelope not the body. We recommend insisting on smtp authentication to reduce your risk of this type of problem.
Syntax: g_from_relay bool
This is domains that can be used as a 'from' address for non authenticated users, in addition to local domains
Syntax: g_from_relay_white string
This lets you change the 'from' address from an internal domain name to a valid public domain name. The change is performed on the From envelope (return path), not the from header. And the chanage does not affect the return path written in local deliveries, only outgoing email. Mfilter rules can be used to rewrite the actual message headers.
Syntax: g_from_rewrite was=string to=string
Replaces the From: header in the mesage with the new address.
Syntax: g_from_rewrite_header bool
Replaces the Sender: header in the mesage with the new address.
Syntax: g_from_rewrite_sender bool
Stamp message with "X-Verify-Failed:" header if from address is probably faked.
eg: X-Verify-Failed: <user@mydomain.com> From mydomain.com
is local but user not authenticated or from g_relay_allow_ip
This check is activated based on the same conditions as g_from_bounce.
Syntax: g_from_stamp bool
Timeout in seconds of g_badfrom_* checks. Default = 60 seconds. If this timeout is reached the g_badfrom check will be classed as having failed.
Syntax: g_from_timeout int
This forces the sender to either give 'no' reply address or a valid one with an @ and a dotted domain
Syntax: g_from_valid bool
Used to gateway messages to another local mail server. Typically this other server is inside a fire wall so it's local IP address is not known by the DNS server. You specify the domain and IP address to send messages to and this server is treated as 'local' rather than remote in terms of open relay restrictions. eg: nonauthenticated users are able to send in mail. Open relay restrictions do not apply to messages sent to this domain because they are considered as if they were local users and not 'relaying'.
This setting has the fields domain(required), to(required), user(optional), pass(optional), relay=true/false(optional),check=true/false (optional)
Normally "domain" and "to" are the only fields that need to be
filled in. eg. To relay mail from anyone to user accounts in the
domain somedomain.com to the host 1.2.3.4.
g_gateway domain="somedomain.com" to="1.2.3.4"
user="username" pass="password"
If SMTP authentication is required on the destination server the user and pass fields need to be completed.
check=trueThe check=true setting tells surgemail to actually connect to the server and check that recipients exist before accepting an incoming email for that user, this is STRONGLY recommended, as it stops the server having to bounce thousands of messages when spammers send to invalid addresses on your server. If SurgeMail cannot connect it will assume the user does exist so nothing is bounced except when the connection is successful.
Classic smarthost setting
This is where you want to send all outgoing email to another server, that may require authentication, note that we don't use relay="true" as that would make the server an open relay.
g_gateway domain="*" to="isp.mail.server" user="user@isp.server" pass="xxx"
relay="true" (warning, usually not needed or wise, this can make your server into an open relay for spammers to abuse!)
As a safety measure to prevent accidental openrelays, SurgeMail
will not relay for non authenticated users or trusted users (users
that are allowed to relay due to relaying settings eg
g_relay_allow_ip) if the domain is "*". This can be overridden by
placing "true" in the "relay" field. eg: To relay all mail for all
users to host 1.2.3.4:
g_gateway domain="*" to="1.2.3.4" relay="false"
It is possible to use domain="c:\domains.txt" where domains.txt is a file listing the domains to be gatewayed, this should only be done for one gateway rule, and is only worth doing if you have thousands of domains to gateway.
local="true"
Requires that the destination addresses exist in the local account database.
When gatewaying to a domain which accepts all email regardless of address (e.g. exchange) you are best to define the users in your local user database, this is the only way to prevent nasty bounces and get rid of all the spam cleanly.
1) remove the gateway setting for the domain
2) add a virtual domain
3) In the virtual domain add surgewall settings, e.g. in this
example I'm gatewaying the domain 'netwin.co.nz' to a
backend server called 'backend.netwin.co.nz"
vdomain address="" name="netwin.co.nz"
...
surgewall "backend.netwin.co.nz"
surgewall_options strip_domain="" proxy_failover="" auth_local="TRUE" pop="" smtp="" imap="" usercgi=""
You can find more gateway examples in our FAQ here http://www.netwinsite.com/surgemail/help/faq.htm#gateway
Syntax: g_gateway domain=string to=string user=string pass=string relay=string check=bool sms=bool local=bool
Some spam prevention mechanisms which use the ip address of the incoming system must be disabled for incoming SMTP servers/surgewall/firewall boxes so that stupid limits don't block all the incoming messages from your backup mx server etc. Settings this affects: g_tarpit_max, g_tarpit_max_remote, g_con_perip, RBL checks,
Syntax: g_gateway_allow string
Always send to gateway even if local domain exists. Not sure why you would want to use this setting other than to temporarily send mail on to another server whilst keeping the local domain and accounts intact and untouced.
Syntax: g_gateway_always bool
Send SMTP auth requests to another host.
Syntax: g_gateway_auth string
To allow bounces to be handled cleanly gateway messages before responding to the data comman so bounces can go direct without being generated and creating back scatter.
Syntax: g_gateway_data bool
In some cases to verify an email address the correct 'from' must be passed through, normally this is a bad idea as it will cause spf failures, but it is sometimes necessary
Syntax: g_gateway_from bool
An incoming filter can discard the majority of incoming bounces by using this setting to figure out if a bounce is valid without having to do a user lookup first! Usually this would be the setting g_send_helo from your 'outgoing' mail server, this setting can be a list of host names.
Syntax: g_gateway_helo string
Syntax: g_gateway_ifnot string
This setting has no further documentation currently available
Syntax: g_gateway_ignorewild_ip string
This can be useful if you have thousands of servers using your machine for mx backup and you want to allow them simply because the mx records exist, it's much better to use g_gateway or g_relay settings instead as this saves lookups and makes the results entirely more predictable :-)
Syntax: g_gateway_mx string
This lets you set g_gateway domain=* and relay=true, this makes your server an open relay so is never a good idea!
Syntax: g_gateway_open bool
This writes a header X-Rcpt-Original: ..., when forwarding a message to another server, good for tracking problems. This may disclose multiple hidden recipients, it should not be used normally
Syntax: g_gateway_orcpt bool
Use if you wish to spread outgoing load evenly to multiple outgoing servers.
Syntax: g_gateway_shuffle bool
This setting has no further documentation currently available
Syntax: g_gift_disable bool
Based upon a match on an arbitrary field in the authentication database a user can be defined as being part of an access_group. All fields (field, value, group) are required. eg: To add the user to the access_group "paid_user" if the field "mystatus" has the value "fullaccess":
g_group_field field="mystatus" value="fullaccess" group="paid_user"
Syntax: g_group_field field=string value=string group=string
This setting has no further documentation currently available
Syntax: g_gzip_disable bool
Useful if you must have weak passwords for some reason
Syntax: g_hack_detect_disable bool
Message to send to users with a weak password
Syntax: g_hack_msg string
This setting has no further documentation currently available
Syntax: g_hack_noemail bool
This setting has no further documentation currently available
Syntax: g_hack_report string
Send warnings directly to users
Syntax: g_hack_touser bool
Url to your server for users to change password, if not given the user.cgi url will be generated
Syntax: g_hack_url string
This setting has no further documentation currently available
Syntax: g_hacker_alert bool
This setting has no further documentation currently available
Syntax: g_hacker_days int
Useful to identify a spammer trying to set a bounce address to pickup incoming email
Syntax: g_hacker_fwd bool
Stops hackers from guessing passwords every day until they find one, use tellmail unlock ip.number to unlock, or whitelist it...
Syntax: g_hacker_max int
This setting has no further documentation currently available
Syntax: g_hacker_more bool
Good for stopping robots guessing accounts
Syntax: g_hacker_password bool
List commonly guessed passwords, e.g. 12345678
Syntax: g_hacker_passwords string
If user tries to login with this account then their ip address is blocked from further logins. Give full domain name or wild card, e.g. root@your.domain,staff@*
Syntax: g_hacker_poison string
This setting has no further documentation currently available
Syntax: g_hacker_star bool
This setting has no further documentation currently available
Syntax: g_hacker_timeout bool
If someone is 'guessing' weak passwords their ip address will be locked out
Syntax: g_hacker_weak bool
Whitelist for gateways or other systems that you expect multiple failed logins from (e.g. webmail host)
Syntax: g_hacker_whitelist string
Mail header to add to outgoing mailing list posts.
Syntax: g_header_out string
Useful for stripping headers that you don't trust or don't want for some reason
Syntax: g_header_strip string
Helo is optional for SMTP protocol (not recommended).
Syntax: g_helo_optional bool
This setting has no further documentation currently available
Syntax: g_help_local bool
This setting has no further documentation currently available
Syntax: g_help_url string
This setting controls where the mail server runs including the many sub directories it creates below this directory for work files and log files for each domain. Not something you should generally change.
Syntax: g_home string
Do not share your key you can get a key for free from this web site. By defining this setting you will enable honeypot lookups, which in turn will block web imap pop and smtp authentication connections from listed sites, it does not block normal incoming email, but does reduce the permitted guess count to '1'. You can whitelist an ip address using g_spam_allow or g_hacker_whitelist, this setting will tend to cause false positives which will stop users logging in, we don't recommend you use this setting currently.
Syntax: g_honeypot_key string
This is the name of the rbl database we are going to query
Syntax: g_honeypot_rbl string
This setting has no further documentation currently available
Syntax: g_host_alias_sni bool
Use for special users who are not subject to the normail message count limit on their inbox (g_inbox_max)
Syntax: g_host_ip string
This setting has no further documentation currently available
Syntax: g_host_redirect from=string to=string
Experimental setting do not use
Syntax: g_http_11 bool
This setting has no further documentation currently available
Syntax: g_http_add_header string
Proxy web server for fetching files if direct access fails. (mainly for updates to the spam prevention rules from netwinsite.com and for downloading the latest version of the SurgePlus Windows client to make available to your users.)
Syntax: g_http_proxy string
This setting allows folders to be shared between users. See the domain setting 'imap_public'. Requires surgemail 3.9d or later! For this to work you will need an imap client that supports ACL's to create and map shared folders (.e.g. thunderbird)
Syntax: g_imap_acl bool
This setting allows folders to be shared between users. See the domain setting 'imap_public'. Requires surgemail 3.9d or later! For this to work you will need an imap client that supports ACL's to create and map shared folders (.e.g. thunderbird)
Syntax: g_imap_acl_prefix bool
This setting has no further documentation currently available
Syntax: g_imap_allow_trailing bool
Some imap clients assume certain folders exist, this setting can be used to let surgemail auto create such folders when the imap client requests some action involving the folder
Syntax: g_imap_auto_create string
This setting has no further documentation currently available
Syntax: g_imap_auto_subscribe bool
This lets you find any of your users who's ip address has been blacklisted, at most it will email once a day, any additional entries are logged in mail.err log file (search for 'blacklist')
Syntax: g_imap_blacklist bool
When you have suffix based domains and you're using SurgeWall the CAPABILITY request comes before the domain of the user is known. As such SurgeMail cannot determine whether to send the real servers CAPABILITY or it's own. This setting will choose the default behaviour, valid values are: Local,
Syntax: g_imap_capa string
In some situations you might not want to advertise server capabilities, for example SURGEMAIL and XFLDDATA when they cause problems with SurgeWall operations. Or perhaps the IDLE capability. Specifying the capability strings to hide here will cause SurgeMail to stop advertising those capabilies.
Syntax: g_imap_capa_strip string
Please note that CRAM-MD5 does have security implications, specifically it means that the local users password must be stored in a semi reversable state in the authent database. Also you must be using the new version of the NWAuth module.
Syntax: g_imap_cram_enable bool
This setting has no further documentation currently available
Syntax: g_imap_debug bool
This setting has no further documentation currently available
Syntax: g_imap_delay bool
This setting has no further documentation currently available
Syntax: g_imap_expunge_close bool
Helps email clients all use the same folder names, Valid types include: Trash,Flagged,AllMail,Junk,Important,Sent,Drafts, note these names have no meaning on the server, in particular AllMail is not actually all mail.
Syntax: g_imap_folder name=string type=string
Warning this may change the default folder currently used by creating one the user didn't previously have
Syntax: g_imap_folder_create bool
Setting to map the friends_pending folder into an imap folder. There is no corresponding setting for the 'held' folder as we believe people should always use the friends mechanism as it is a superset of the held folder in functionality
Syntax: g_imap_friends bool
This setting has no further documentation currently available
Syntax: g_imap_idle_free bool
Number of seconds for IMAP IDLE to do directory rescan - , note setting is miss spelled, do not correct it!
Syntax: g_imap_idle_nsf int
This setting has no further documentation currently available
Syntax: g_imap_inactive_free bool
This setting has no further documentation currently available
Syntax: g_imap_log bool
This only logs when a body or body part is read via imap
Syntax: g_imap_log_body bool
This setting has no further documentation currently available
Syntax: g_imap_log_copy bool
Flush IMAP log on every write (for debugging).
Syntax: g_imap_log_flush bool
This logs rather a lot so may create excessive logging. Probably the log body setting is more wise.
Syntax: g_imap_log_header bool
This setting has no further documentation currently available
Syntax: g_imap_log_main bool
Log IMAP protocol and other IMAP information to the mail.log file.
Syntax: g_imap_log_protocol bool
This sets the imap.log file size, default is 2mb
Syntax: g_imap_log_size int
This setting has no further documentation currently available
Syntax: g_imap_log_user bool
This only logs when a body or body part is read via imap
Syntax: g_imap_loop_report bool
This setting helps limit impact when a user has a large folder, it will fail to load a folder larger than this and report errors in the log, it does not prevent the folder from having messages added to it, and it does not inform the user that the problem has occurred, this setting is primarily to limit impact of a crazy user :-), see also G_MAILDIR_MAX
Syntax: g_imap_max_limit int
This setting helps limit impact when a user has a large folder, it will fail to load a folder larger than this and report errors in the log, it does not prevent the folder from having messages added to it, and it does not inform the user that the problem has occurred, this setting is primarily to limit impact of a crazy user :-), see also G_MAILDIR_MAX
Syntax: g_imap_max_messages int
This setting has no further documentation currently available
Syntax: g_imap_maxbusy int
This setting has no further documentation currently available
Syntax: g_imap_maxdup int
This setting has no further documentation currently available
Syntax: g_imap_move bool
The RFC implementation of internal dateis broken wiht MS outlook. SurgeMail has been modified to conform to the outlook inplementation of internal date making this setting redundant..
Syntax: g_imap_no_internal_date bool
Replace normal imap with old imap module, not recommended/supported
Syntax: g_imap_old bool
Replace normal imap with old imap module, not recommended/supported
Syntax: g_imap_old_ip string
Prevents redownloading messages if file indicating user is using imap is lost. Generally this setting is not needed and should not be used. Turning it on/off will result in users getting duplicate messagese if they are using POP and have leave on server ticked
Syntax: g_imap_pop_burst bool
Specifies the PORT to listen for IMAP connections on. IMAP is an alternative to POP protocol where the messages and folders all exist on the server. This is ideal when sharing a mail account between several users or when using Email from more than one computer. Use the keyword 'disabled' to disable this part of the surgemail service.
Syntax: g_imap_port int
This setting has no further documentation currently available
Syntax: g_imap_search_body bool
This setting has no further documentation currently available
Syntax: g_imap_search_index bool
This setting has no further documentation currently available
Syntax: g_imap_search_noattach bool
This setting has no further documentation currently available
Syntax: g_imap_search_text bool
This setting has no further documentation currently available
Syntax: g_imap_search_timeout int
Specifies the PORT to listen for dedicated SSL IMAP connections.
Syntax: g_imap_secure_port int
Displays message size in IMAP responses
Syntax: g_imap_size_fetch bool
This setting has no further documentation currently available
Syntax: g_imap_spam_train bool
Improves performance/reduces disk IO for imap
Syntax: g_imap_status_cache bool
Improves performance/reduces disk IO for imap
Syntax: g_imap_status_stored bool
This setting has no further documentation currently available
Syntax: g_imap_sync_all bool
This setting has no further documentation currently available
Syntax: g_imap_sync_nomax string
Replace normal imap with a test one, this is not functional, do not use this setting.
Syntax: g_imap_testing bool
Useful for detecting an email client in a loop wasting your resources
Syntax: g_imap_throttle int
This setting has no further documentation currently available
Syntax: g_imap_throttle_exclude string
This setting has no further documentation currently available
Syntax: g_imap_throttle_limit int
This setting has no further documentation currently available
Syntax: g_imap_throttle_speed int
You may in some cases wish to reduce this below the RFC required default if your server is under very heavy load. Results may be unexpected when breaking RFC behavior!
Syntax: g_imap_timeout int
You may in some cases wish to reduce this below the RFC required default if your server is under very heavy load. Results may be unexpected when breaking RFC behavior!
Syntax: g_imap_timeout_login int
as per title :-)
Syntax: g_imap_timezone string
This setting has no further documentation currently available
Syntax: g_imap_trash_nocopy bool
If true disable auto repair of identical UIDL entries.
Syntax: g_imap_uidl_nofix bool
Helps dumb email clients that get confused
Syntax: g_imap_unsub_auto bool
This setting has no further documentation currently available
Syntax: g_imap_use_nil bool
This may confused some email clients if multiple clients are used on a single account as the user flags can conflict
Syntax: g_imap_user_flags bool
This may confused some email clients if multiple clients are used on a single account as the user flags can conflict
Syntax: g_imap_user_moreflags bool
We recommend setting this at about 10000, users should use the auto cleanup features (via user.cgi) to archive older messages to another folder
Syntax: g_imap_warn_big int
Trigger with tellmail mail_rules (or it will run once a week)
Syntax: g_inbox_archive int
This setting will stop users leaving lots of message in their inbox. Valid range would be 1000 to 10000 depending on the nature of your users. A smaller number can reduce load on your server. The user is warned when the reach 70% and 95% of the limit
Syntax: g_inbox_max int
Use for special users who are not subject to the normail message count limit on their inbox (g_inbox_max)
Syntax: g_inbox_nolimit string
Unlike the include command this setting will allow editing of the ini file in web admin, but settings included via this setting will not appear in the admin interface
Syntax: g_include string
These limit settings let you control untrusted sources which may get viruses or cgi scripts that open them up to abuse. By throttling the remote addreses limit this will prevent any significant abuse. Authenticated sessions are 'not' limited!.
Syntax: g_iplimit string
See explanation of g_iplimit
Syntax: g_iplimit_islocal string
See explanation of g_iplimit
Syntax: g_iplimit_local int
See explanation of g_iplimit
Syntax: g_iplimit_remote int
This lets you bypass the iplimit restrictions for a known trusted user/form that needs to send a lot of local/remote emails
Syntax: g_iplimit_whitelist string
x
Syntax: g_ipv4_only string
Enable IPV6 networking, Best avoided unless your mail server is in ipv6 address space.
Syntax: g_ipv6_enable bool
Disables the automatic conversion of addresses to ipv4 format strings on linux
Syntax: g_ipv6_notrim bool
x
Syntax: g_ipv6_only string
Testing a new feature do not use
Syntax: g_kann_test bool
Don't use this yet, we are still working on it.
Syntax: g_keepalive bool
When you purchase updates you must activate to get the expire date reset in surgemail, if this setting is not turned on then surgemail will try and do this automatically for you.
Syntax: g_key_manual bool
Disables the email reminding you to pay for updates for virus and spam filter and new versions etc...
Syntax: g_key_nowarning bool
Purely for testing
Syntax: g_known_skip bool
If the user has not yet selected a language then this language is used as a default. If the language specified here does not exist in the language files, or nothing is specified here then English is used as the default language.
Syntax: g_language_default string
If true then when users login via pop or imap or webmail the file last_login.time is created/touched, this can then be used by local scripts to determine which user directories are not in active use.
Syntax: g_last_login bool
This can be used on a shared disk cluster to establish which users are inactive. On a normal mirror or stand alone system you should use DISABLE_SMTP_AFTER
Syntax: g_last_login_days int
By default users forwarding rules are applied before friends, spam and user filter rules. By default users can tick and option on their forwarding page to perform 'late' forwarding, that is forwarding that occurs after friends, spam and filtering. This option overrides the user option and causes all user forwarding rules to be applied after friends, spam and filtering.
Syntax: g_late_forward bool
This setting has no further documentation currently available
Syntax: g_late_skiplocal bool
Forwards all ldap requests to another host, primarily intended for testing, use at your own risk.
Syntax: g_ldap_forward string
numeric maximum items to return default=0 (ie disabled)
Syntax: g_ldap_outlook_browse_max int
If specified this enables the mini ldap server inside surgemail which allows users with email clients that can do 'ldap' directory lookups to search for other users on the system. Obviously this should NEVER BE turned on for a public mail server, it is only appropriate with private mail servers where all users who can access the system are trusted.
There are additional 'domain' settings ldap_anydomain, which lets users search for users outside their own domain name. And ldap_disable which can disable ldap for specific domains.
Syntax: g_ldap_port int
This setting has no further documentation currently available
Syntax: g_legal_archive_accesskey string
This setting has no further documentation currently available
Syntax: g_legal_archive_add string
This setting has no further documentation currently available
Syntax: g_legal_archive_body bool
This setting has no further documentation currently available
Syntax: g_legal_archive_bucket string
This setting has no further documentation currently available
Syntax: g_legal_archive_early bool
This setting has no further documentation currently available
Syntax: g_legal_archive_enable bool
This setting has no further documentation currently available
Syntax: g_legal_archive_encrypt_key string
This setting has no further documentation currently available
Syntax: g_legal_archive_exclude string
This setting has no further documentation currently available
Syntax: g_legal_archive_hostid int
This setting has no further documentation currently available
Syntax: g_legal_archive_keep int
This setting has no further documentation currently available
Syntax: g_legal_archive_local bool
This setting has no further documentation currently available
Syntax: g_legal_archive_mirror bool
This setting has no further documentation currently available
Syntax: g_legal_archive_nofail bool
This setting has no further documentation currently available
Syntax: g_legal_archive_only bool
This setting has no further documentation currently available
Syntax: g_legal_archive_path string
This setting has no further documentation currently available
Syntax: g_legal_archive_secretkey string
This setting has no further documentation currently available
Syntax: g_legal_archive_show bool
Messages are always stored now regardless of spam score
Syntax: g_legal_archive_spam bool
This setting has no further documentation currently available
Syntax: g_legal_archive_trim int
This setting has no further documentation currently available
Syntax: g_letsencrypt string
This setting has no further documentation currently available
Syntax: g_lf_fix_list string
This setting has no further documentation currently available
Syntax: g_lf_fix_off bool
If true skip gateway rule for local messages (bounces etc).
Syntax: g_local_skipgateway bool
Disables useless logging in msg*.rec files, only recommended for busy servers
Syntax: g_log_bounce_disable bool
Makes log lines more complete
Syntax: g_log_date_old bool
This setting has no further documentation currently available
Syntax: g_log_disable bool
Useful when debugging unexpected DNS results, search for 'dns' in mail.log to find the results.
Syntax: g_log_dns bool
Useful when debugging unexpected DNS results, search for 'dns' in mail.log to find the results.
Syntax: g_log_dns_mx bool
Useful when debugging unexpected DNS results, search for 'dns' in mail.log to find the results.
Syntax: g_log_dns_only string
Disables useless logging in msg*.rec files, only recommended for busy servers
Syntax: g_log_dropped_disable bool
This setting has no further documentation currently available
Syntax: g_log_fakemid string
This makes the server flush log data after every write to the file. This affects performance but can sometimes be the only way to track down an unusual fault eg: if the server dies the log is completely up to date and shows the last thing the server did before dying.
Syntax: g_log_flush bool
Log fwd/redirection rules associated with g_log_rcpt in msg.rec files.
Syntax: g_log_fwd bool
Set the logging level. This is primarily intended for finding faults with the server. Info level logging is the default. Alternatives are 'error' and 'debug'
Syntax: g_log_level string
Log individual recipients in msg.rec files
Syntax: g_log_norcpt bool
It is considered bad form to do this, but it can be very useful, so it's up to you!
Syntax: g_log_password bool
Sets the path for all SurgeMails generated logfiles. (except the delivery record logs)
Syntax: g_log_path string
Log PID along with thread-id in the UNIXlog files.
Syntax: g_log_pid bool
Creates a file for each user that matches this list, user_user@domain.log
Syntax: g_log_quota string
SurgeMail will normally log failed deliveries due to MFilter / SmiteSpam / etc in the delivery logs. This setting will restrict this logging to accepted mail only.
Syntax: g_log_reject_disable bool
The mail.log files are a fixed size rotating log of what is happening inside SurgeMail. Dependant on the load of your server this may contain a few days worth of activity or a few minutes worth. This setting allows you to change the default 2MB before rotation size.
Syntax: g_log_size int
Forces logging to disk even if it may slow things down. Not recommended.
Syntax: g_log_slow bool
This setting has no further documentation currently available
Syntax: g_log_ssl_fail bool
By default the mail.log is rotated to mail2.log... on startup.
Syntax: g_log_start_norotate bool
This is useful to 'merge' log information on a single host, on unix you specify the destination in your syslog configuration rather than specifying a host. On windows you can specify the remote host as you may not have a local syslog daemon
Syntax: g_log_syslog bool
This data is probably not worth sending to syslog, it's really debugging information of no long term value and too much to store.
Syntax: g_log_syslog_debug bool
On windows this lets you tell surgemail where the syslog deamon is, on unix you can do this in your syslog config file.
Syntax: g_log_syslog_host string
This prevents the local logs from being written
Syntax: g_log_syslog_only bool
On windows this lets you tell surgemail where the syslog deamon is, on unix you can do this in your syslog config file.
Syntax: g_log_syslog_port int
These settings let you 'trace' the data going 'to' and or 'from' a specific IP address (or list, or wild card) Lets say you have a client on a specific address that has a problem where the fault could be server/client or network related. To track it down add this to surgemail.ini
g_log_tcp_read "2.3.4.5"
g_log_tcp_write "2.3.4.5"
Then try whatever is 'failing' and examine 'mail.log' to see what was read/written to that client.
Syntax: g_log_tcp_read string
Logs the thread id in the msg*.rec files, this is good for some types of debugging.
Syntax: g_log_thid bool
Creates a file for each user that matches this list, user_user@domain.log
Syntax: g_log_user string
Max is 2gig, this is the size of login.log
Syntax: g_login_log_size int
This is one of those things that you very likely do not want to turn on. It makes the mail server lookup the IP name of any connecting user, however lookups can take 30-90 seconds so it can negatively impact apparent performance. Most of the access rules in the server can accept IP names if this setting is enabled, e.g. instead of specifying local users are 153.2.3.* you can say '*.netwinsite.com"
Syntax: g_lookup_names bool
If lookup cannot get a name, reject user (not generally recommended)
Syntax: g_lookup_reject_fails bool
This setting has no further documentation currently available
Syntax: g_lowdisk_mailbox string
SurgeMail checks available disk space on startup and every half hour whilst running on all the mail, temp and home directories. If any is found to be low an email is sent to the system manager. The recommended level is at least 100MB (default is 10MB).
Syntax: g_lowdisk_warning string
This setting has no further documentation currently available
Syntax: g_mailbox_inbox string
Default directory to store mail this is used to set mailbox_path when creating domains.
Syntax: g_mailbox_path string
This setting has no further documentation currently available
Syntax: g_maildir_imap_max bool
The default is 30,000. When exceeded additional messages are invisible until some are deleted. We strongly recommend you don't change this limit as large folders are gemoetrically inefficient and users should take steps to avoid this limit rather than increasing it.
Syntax: g_maildir_max int
This changes the storage format from one message per file, to a proprietry format, the spool is converted automatically when you restart surgemail. As a new feature which reformats all messages stored this settings has some risks, we suggest caution particularly on an existing server, ensure you have a backup mechanism of some kind in place!. Although this setting can give performance gains we think generally the gains do not out weigh the risk introduced, personally I prefer a simple 'directory of files' for each mail folder
Syntax: g_maildir_netwin bool
This is for debugging and not for general use
Syntax: g_maildir_report bool
The maildir format is flawed in that it is not designed to be used on Windows systems. This setting will force SurgeMail to use a more standard maildir format, but does mean you cannot just copy mail from a UNIX box to a Windows box as the ":" character is a reserved character on Windows systems.
Syntax: g_maildir_standard bool
This allows you to specify the error message given to the user when they are set to certain states, you may use other authent fields in the message, for example:
g_mailstatus_message state="payup" message="Payment is due $full_name$, please pay here: http://your.site/path/file.htm"
Syntax: g_mailstatus_message state=string message=string
Email address to send reports to.
Syntax: g_manager string
This is the port the web manager and web mail access will run on. By default it is port 7026. Use the keyword 'disabled' to disable this part of the surgemail service.
Syntax: g_manager_port int
This should be the main server management port and provides a secure server management connection. By default it is port 7025. https://your.mail.server:7025. Use the keyword 'disabled' to disable this part of the SurgeMail service.
Syntax: g_manager_secure_port int
For obvious reasons, if the server is not working it cannot use itself to send the manager an Email message, so for highest reliability you may want to define another mail server for fault reports to be Emailed to.
Syntax: g_manager_smtp string
Specifies the local users which have manager rights for all domains. These users can login to the user self management interface and will recieve special domain manager options. This setting works slightly different to the domain level 'manager_username' setting in that if you specify an account without the @domain part i.e. 'admin' it gives all admin users in all domains domain rights over all domains.
Syntax: g_manager_username string
This setting is important to stop hackers fishing for email addresses by guessing, I recommend you start with a low setting like 5, but increase to 100 if it causes problems. If you have a firewall or spam filter in front of surgemail add G_SPAM_ALLOW to whitelist it's ip address
Syntax: g_max_bad_ip int
Use to disable g_max_bad_ip tests for specific ip addresses
Syntax: g_max_bad_ip_skip string
The default is 1 day (used to be 1 hour). Units is seconds
Syntax: g_max_bad_ip_time int
Max bad recipients in a row if exceeded skip user lookup - useful when tarpitting a spammer.
Syntax: g_max_bad_nolookup int
If a system sending your system Email sends more than the specified number of bad addresses in a row then it is assumed to be incoming spam and further messages are rejected.
Syntax: g_max_bad_to string
Hashing mode for SurgeMail, default is 5, for compatibilty with /b/o/bob use 2.
Syntax: g_mdir_hash int
Prefix for maildir folders defaults to 'mdir', use '.' for compatibility with qmail.
Syntax: g_mdir_prefix string
If true then only allow 'adding' headers, not changing them.
Syntax: g_mfilter_addonly bool
Run the mfilter processing even on bounces
Syntax: g_mfilter_bounces bool
Performance feature
Syntax: g_mfilter_disable bool
This is the full path to the Mfilter rule file which provides advanced message filtering capabilities. See Mfilter.htm for more details.
Syntax: g_mfilter_file string
If true then only run Mfilter on local deliveries.
Syntax: g_mfilter_localonly bool
Size to truncate messages to before processing with Mfilter.
Syntax: g_mfilter_maxlen int
Logs the real details of mfilter, never user on a live busy system this is only intended for debugging an mfilter script. It logs every line of the script!
Syntax: g_mfilter_noisey bool
This setting has no further documentation currently available
Syntax: g_mfilter_skip_from string
This allows you to add a comma separated list of ip's to skip running mfilter on. This is based on the ip of the sender. Wild cards and ranges can be used.
Example:
g_mfilter_skip "10.0.0.2,210.56.43.*,193.1.16-24.0-255"
Syntax: g_mfilter_skip_ip string
If one matches then mfilter is skipped for entire message
Syntax: g_mfilter_skip_to string
Log trace lines in Mfilter for debugging .
Syntax: g_mfilter_trace bool
This setting has no further documentation currently available
Syntax: g_migrate_domain string
Gives the user some indication of when the migration has finished. You can modify the templates migration_started.eml and migration_finished.eml
Syntax: g_migrate_email bool
Normally migration only starts with a pop or imap login
Syntax: g_migrate_onsmtp bool
Note: a plain text password will not work, e.g. it should look like this: {cram-md5}0286EAAC915C2CCA77649, use tellmail master_password to create the hash
Syntax: g_migrate_password string
This allows the migration to work when shared folders exist for all users on the old server.
Syntax: g_migrate_skip string
e.g. inbox.* --> %1 would change inbox.folder to folder
Syntax: g_migrate_translatet was=string to=string
Syntax: g_mirror_config "true/false"
You put this on both machines and it will attempt to mirror the surgemail.ini. There will be some settings that you do not wish to mirror and these can be exempted by using:
g_mirror_config_except "setting,setting,setting"
Some settings are not mirrored by default these are: g_mirror_host, g_mirror_nwauth*, g_mirror_mode, g_authent_path, g_dlist_path, g_log_path, g_record_path, g_home, g_authent_process, g_mfilter_file, g_webmail_work, g_work, g_virus_cmd, g_atrn_port, g_imap_port, g_imap_secure_port, g_ldap_port, g_manager_port, g_manager_secure_port, g_monitor_port, g_pop_port, g_pop_secure_port, g_ppd_port, g_smtp_port, g_smtp_secure_port, g_webmail_port, g_webmail_secure_port, g_surgeplus_port, g_surgeplus_secure_port, g_surgeplus_web_port, g_bind_out, g_virus_avast, dmail_drop_path, dmail_bin_path, web_path, webmail_work
(it is possible we will update this list over time)
* g_mirror_nwauth is obsolete don't use it.
Syntax: g_mirror_config bool
Syntax: g_mirror_config "setting,setting,setting"
This will tell the server not to import the specified settings from the other mirror.
Example:
g_mirror_except "g_spam_allow"
This will tell the server not to change this setting. This only affects the machine its on, if the other server does not have this set, it will continue to mirror the setting. This setting accepts wildcards. This setting accepts a special case value "address" that will prevent mirroring of existing domain ip addresses, allowing different ips on each mirror machine. There are a number of settings which are not mirrored by default these are specified above in g_mirror_config.
In addition the mailbox_path setting is not mirrored, unless, the existing setting is a sub directory of the g_mailbox_path and the new setting is a sub directory of the g_mailbox_path from the other server, in which case the mailbox_path is set to the same sub directory using the existing g_mailbox_path setting eg.
[recieving server]
g_mailbox_path "c:\surgemail\mbox"
mailbox_path "c:\surgemail\mbox\domain"
[sending server]
g_mailbox_path "d:\surgemail\mbox"
mailbox_path "c:\surgemail\mbox\domain_moved_here"
[result on recieving server]
g_mailbox_path "c:\surgemail\mbox"
mailbox_path "c:\surgemail\mbox\domain_moved_here"
Syntax: g_mirror_config_except string
Helps when tracking down fault with nwauth or mirroring, never leave turned on as it can lead to mutex crashing
Syntax: g_mirror_debug bool
Helps when tracking down fault with nwauth or mirroring, never leave turned on as it can lead to mutex crashing
Syntax: g_mirror_debug3 bool
This is a debug setting to spot issues with mirroring, it emails the manager a log of the files that were resynced, set G_MIRROR_PRUNE_AGE 1 as well to cut down on false positives.
Syntax: g_mirror_email bool
This unique SurgeMail feature allows you to setup two identical mail servers across a local or widearea network. The waiting mail messages & folders etc are duplicated continuously between the two systems, so users can use either system. If either system fails for any hardware reason the other acts as an instant on line replacement without any interruption to the user. In addition when the faulty system is replaced the two automatically re-synchronize.
See this page for Mirror overview
Syntax: g_mirror_host string
This setting has no further documentation currently available
Syntax: g_mirror_lists_one bool
Enables a faster mirroring mechanism, strongly recomended, this setting will be the default in a future release
Syntax: g_mirror_live bool
This prevents smtp delays when mirroring over a slowish link. The default is 60k
Syntax: g_mirror_live_max int
This setting has no further documentation currently available
Syntax: g_mirror_lock bool
This setting has no further documentation currently available
Syntax: g_mirror_max int
Certain actions may only be run on the mirror master system (such as expire processing) or are different in behaviour between the master and slave (such as NWAuth mirrorring and dlist mirorring). This setting must be set to MASTER on one system and SLAVE on the other system for correct operation. (Note basic mirrorring of delivered mail will happen if this setting is the same on both systems it is just some of the special mirrorring functionality that this is required for)
Syntax: g_mirror_mode string
This is best turned off unless your servers are talking over a wide area untrusted network.
Syntax: g_mirror_nossl bool
Sending threads for normal queue
Syntax: g_mirror_nsend int
This setting is no longer used (as of SurgeMail 1.7d), the g_mirror_mode setting is used instead to decide whether do mirror the NWAuth database.
Syntax: g_mirror_nwauth bool
Set this if you're using multiauth to run nwauth and you want those files mirrored. Requires you to add -isslave2 to multiauth.ini nwauth command line. Requires the nwauth files to be located in the surgemail root/install directory.
Syntax: g_mirror_nwauth_always bool
This setting has no further documentation currently available
Syntax: g_mirror_others string
Mirror minimum age for items to be pruned during sync_prune, default 14 days.
Syntax: g_mirror_prune_age int
This setting runs a monthly resync to keep the cluster in sync. Maybe be resource intensive on a large system! This should always be disabled during a failure as it could cause messages loss when the master is re connected.
Syntax: g_mirror_repair bool
This setting has no further documentation currently available
Syntax: g_mirror_resync_inbox bool
This password is required to prevent the mirroring mechanisms being abused. We recommend a random string of letters at least 10 characters long. e.g. "urcajfielsjfs"
Syntax: g_mirror_secret string
During resync fast four threads are used, this is usually sufficient, more may overload your system and result in failures, if your system is not under load you could set it as high as eight, but this would only be sensible if your disk array has more than 4 drives in it!
Syntax: g_mirror_threads int
This can be useful when you want to compare results so you want everything even if it's a bit pointless
Syntax: g_mirror_trash bool
This setting has no further documentation currently available
Syntax: g_modern_admin bool
This setting has no further documentation currently available
Syntax: g_modern_hicontrast bool
This setting has no further documentation currently available
Syntax: g_modern_surgeweb bool
This setting has no further documentation currently available
Syntax: g_modern_user bool
This allows the monitor process to be completely disabled. The monitor process is the swatch executable and can be setup to monitor and automatically restart SurgeMail if it crashes. The monitor process is also used to start SurgeMail from the using the web interface if it has been shutdown.
Syntax: g_monitor_disable bool
The port SurgeMail monitor runs on allowing SurgeMail to be remotely started. Typically you won't need to change this, however you can specify an IP address to bind to or a list of alternate ports, e.g. 10.3.2.3:7027 or 7027,8027 etc...
Syntax: g_monitor_port int
If there are more received lines than this the message is bounced.
Syntax: g_msg_hops_max int
Log msg body fetch too, this will fill up the logs, not recommended
Syntax: g_msg_log_body bool
Log from header field
Syntax: g_msg_log_dkim bool
Log user activities like logins (successful and failed) 'msg.log' files; recYYMM/msgYYMMDD.rec
Syntax: g_msg_log_extra bool
Log from header field
Syntax: g_msg_log_from bool
Log from header field
Syntax: g_msg_log_pop bool
Max size, in bytes, of a message, eg: 20,000,000 for a 20mb limit. This setting is useful to prevent a single large message jamming up your system.
Syntax: g_msg_max int
This setting has no further documentation currently available
Syntax: g_msg_max_drop int
This setting has no further documentation currently available
Syntax: g_msg_max_send int
This limits abuse, if set to 100mb then if user sends 10mb message to 10 users it will be blocked
Syntax: g_msg_max_total int
This setting has no further documentation currently available
Syntax: g_msg_nodup bool
Debugging setting, do not use
Syntax: g_msg_track bool
Use DNS entries to discover if receiving server should have a signed SSL certificate
Syntax: g_mtasts bool
Most failures will be due to something other than real hackers, so this alert helps you resolve issues, and add whitelist rules g_mtasts_white settings for problem domains
Syntax: g_mtasts_report bool
Whitelist for destination domains we should just send to anyway
Syntax: g_mtasts_white string
Interrnal use only
Syntax: g_mutex_fast bool
Default mutex timeout period in seconds
(default=600 ie 10minutes). This is a self
monitoring feature that if it has not received a
mutex for some reason (usually a bug, but could be
server overloading) SurgeMail will shut itself down.
If g_restart is enabled this would restart
surgemail.
Syntax: g_mutex_timeout int
Interrnal use only
Syntax: g_mutex_timing string
This breaks the standard RFC behavior, but can be sensible in certain rare situations which currently escape me.
Syntax: g_mx_tryall bool
This setting should not be needed
Syntax: g_myrbl_disable bool
This setting should not be needed
Syntax: g_myrbl_disable_rbl bool
This setting has no further documentation currently available
Syntax: g_myrbl_fake ip=string color=string
Strongly recommended, this setting shares reports of spam/and not spam from various ip addresses
Syntax: g_myrbl_share bool
Best not to touch this setting, default is 10000, Suggested valid range would be no less than 1000 and no more than 100000
Syntax: g_myrbl_store int
This is for debugging only
Syntax: g_myrbl_to string
This setting should not be needed
Syntax: g_myurl_disable bool
Default is: "Naked LF see https://netwinsite.com/surgemail/help/smtplf.htm"
Syntax: g_naked_msg string
This setting has no further documentation currently available
Syntax: g_newui_advanced bool
This setting has no further documentation currently available
Syntax: g_newui_disable bool
This setting has no further documentation currently available
Syntax: g_no_bull string
This can be used by user exception rules for users that don't expect any foreign language messages
Syntax: g_notag_notascii bool
Many scam's will use legit urls with aref links to their own site, this tries to tag such messages which can then be scored as spam via aspam_mfilter.rul
Syntax: g_notag_url_forgery bool
This setting has no further documentation currently available
Syntax: g_notlocal bool
This setting has no further documentation currently available
Syntax: g_notlocal_message string
This setting has no further documentation currently available
Syntax: g_oauth_bearer bool
This setting has no further documentation currently available
Syntax: g_oauth_bearer_url string
This setting has no further documentation currently available
Syntax: g_oauth_client_id string
This setting has no further documentation currently available
Syntax: g_oauth_client_secret string
This setting has no further documentation currently available
Syntax: g_oauth_trim bool
This setting has no further documentation currently available
Syntax: g_oauth_url string
This is just the way it used to do it, I can't see any good reason for it, but I'm leaving this setting incase there is a reason :-)
Syntax: g_old_imap_headbody bool
This is just the way it used to do it, I can't see any good reason for it, but I'm leaving this setting incase there is a reason :-)
Syntax: g_old_imap_nossl bool
This is just the way it used to do it, I can't see any good reason for it, but I'm leaving this setting incase there is a reason :-)
Syntax: g_old_imap_skip string
Log extra info when doing old pophost logins for debugging.
Syntax: g_old_pophost_debug bool
Normally the account status field is checked at the recipient stage, this setting disables this check.
Syntax: g_old_user_check bool
This setting has no further documentation currently available
Syntax: g_old_webmail_links bool
Syntax: g_orbs_cache_life "seconds"
Default: 7200 seconds
This allows you to control how long the RBL lookups are cached for.
Example:
g_orbs_cache_life "100"
Syntax: g_orbs_cache_life int
This checks all the RBL servers listed even if the connecting ip address is found in one server, this is slower but can mean you can score more accurately when an ip is listed in multiple RBL databases. Do not use with g_orbs_late, the two settings conflict and will not work. (g_orbs_late will be ignored)
Syntax: g_orbs_check_all bool
This allows you to over-ride a response from an ORBS/RBL database. For example, if a site you wish to do business with is in the RBL database you can add their IP address to this setting and then they can send you Email again.
Syntax: g_orbs_exception string
This setting has no further documentation currently available
Syntax: g_orbs_fake string
Syntax: g_orbs_force "true/false"
This allows you to force RBL lookups on users that would normally not be checked due to being in an allowed relay ip (g_allow_relay_ip).
Syntax: g_orbs_force bool
Sometimes your customers will be using dial in lines that are banned by RBL databases, in this situation this setting will help as it will keep the connection alive long enough for a valid user to send an smtp authentication in.
Can also be used wth g_spf_skip_to "user@domain" this will allow you to add exceptions for users or domains that do not want RBL checks done on their accounts.
Syntax: g_orbs_late bool
Allows enforcement of a servers blacklisting or whitelisting in one or more RBL databases with a different action for each database. In addition this can be used to mark messages with a header which can then be taken into account in the SmiteCRC"SpamDetect rating" calculation. A RBL database is simply a DNS server that returns a positive response if a server is listed in the database. A variety of services are available online that can maintain blacklist databases. Normally you would maintain your own whitelist database that overrides the blacklist listings.
name=service action=deny,accept,stamp stamp="string to add to header ||remoteip||"
Where the stamp option adds the header:
X-ORBS-Stamp: string to add to header 1.2.3.4
The variable ||remoteip|| can be used to create a url to go directly to a spam database web site and give details on the offending ip address. e.g. stamp="Spamcop, http://spamcop.net/w3m?action=checkblock&ip=||remoteip||"
eg 1 - A simple deny mail from blacklisted servers could be
achieved with:
g_orbs_list name="relays.ordb.org" action="deny"
eg 2 - A smarter setup with exceptions for certain IP
ranges and a whilelist exception database, a blacklisted
deny database and with useful header based tagging could be
achieved as follows:
g_orbs_exception "127.0.0.*,12.34.56.*"
g_orbs_list name="mywhitedatabase.none" action="accept"
g_orbs_list name="relays.ordb.org" action="deny"
g_orbs_list name="relays.osirusoft.com" action="deny"
g_orbs_list name="bl.spamcop.net" action="stamp" stamp="spamcop, http://spamcop.net/w3m?action=checkblock&ip=||remoteip||"
eg 3 - To use the output of header based ORBS stamping in the SmiteCRC calculation the following could be used:
g_orbs_list name="relays.ordb.org" action="stamp" stamp="open relay"
g_orbs_list name="my.dialup.databse.none" action="stamp" stamp="dialup"
These entries have the following rules in filter.rul. If you used your own stamp text you would place appropriate entries in the local.rul file.
if(rexp_case("X-ORBS-Stamp", "open relay")) then
call spamdetect(4.0, "Sender's IP was on an open relay RBL")
endifif(rexp_case("X-ORBS-Stamp", "dialup")) then
call spamdetect(4.0, "Sender's IP was on a dialup RBL")
endif
Some RBL lists return a numeric code to give extra meaning, for example 127.0.0.4 might mean an open relay, and 127.0.0.5 might mean the site has no postmaster address. You can specify multiple stamp messages using this format, stamp="4=Open Relay~5=No postmaster address~Default message goes here"
See Also: RBL's
Syntax: g_orbs_list name=string action=string stamp=string
Use this setting to test your own ip addresses, as soon as one is found in a RBL you will be sent an email to alert you. The test is performed hourly. To test add 127.0.0.2 to the comma seperated list
Syntax: g_orbs_multi_thread bool
Only for disabling this improvement
Syntax: g_orbs_nosubmit bool
Log to record file if ORBS deny action occurs (can fill logs up).
Syntax: g_orbs_rec bool
Use this setting to test your own ip addresses, as soon as one is found in a RBL you will be sent an email to alert you. The test is performed hourly. To test add 127.0.0.2 to the comma seperated list
Syntax: g_orbs_report string
Set the name of the RBL service you want to use. A RBL service is a DNS database that has a record of all known spamming sites. If the server finds the connecting users IP address in this database all Email from their system is rejected. Also see the setting g_orbs_exception. Here are a few known RBL services, some charge and some are free!
Syntax: g_orbs_service string
If true use system DNS lookups instead of surgemails for orbs (not recommended).
Syntax: g_orbs_system bool
This setting has no further documentation currently available
Syntax: g_orbs_test2 bool
If true ORBSlookups are recorded but not blocked.
Syntax: g_orbs_testing bool
ORBS lookup timeout in seconds (default=10). If the timeout is reached the message is accepted and the failure is logged to mail.log.
Syntax: g_orbs_timeout int
Use with caution!
Syntax: g_outgoing_block int
Outgoing SPAM filter, for local authenticated hacker sending spam.
Syntax: g_outgoing_n int
This setting has no further documentation currently available
Syntax: g_outgoing_white string
Makes the user change the password on the next login to user.cgi or surgeweb
Syntax: g_pass_force bool
Allow users to enable two factor authentication.
Syntax: g_pass_twofactor bool
Requires merged login.
Syntax: g_pass_twofactor_bypass string
Allow users to enable two factor authentication.
Syntax: g_pass_twofactor_life int
Requires merged login.
Syntax: g_pass_twofactor_merged bool
Completely disable the logging of historica performance data for the status graphs.
Syntax: g_perflog_disable bool
Interval in seconds to flush the performance log files to disk. Default is 3600 s (ie once per hour)
Syntax: g_perflog_flush_interval int
Log all counters including the currently undisplayed counters. This is useful if in the future you suddenly think, Oh I would really like to see the historic information on one of the undisplayed counters - which would normally not have been logged to file.
Syntax: g_perflog_logall bool
Normally data is logged avery 10 seconds and 5 display scales are available hour, day, week, month and year. If this is set samples are taken every 5 minutes and 4 display scales are avbailable: day, week, month, year.
Syntax: g_perflog_lowres bool
On Windows systems surgemail's performance logging will gather counters from surgemail and from the system "Perfmon" performance logging. This disables the collection of system counters.
Syntax: g_perflog_surgeonly bool
This setting has no further documentation currently available
Syntax: g_phish_block bool
This setting has no further documentation currently available
Syntax: g_phish_friends bool
This setting has no further documentation currently available
Syntax: g_phish_key string
This setting has no further documentation currently available
Syntax: g_phish_local bool
This setting has no further documentation currently available
Syntax: g_phish_only string
Show pipelining in ehlo response - not recommended - has no behavior affect.
Syntax: g_pipelining bool
This setting has no further documentation currently available
Syntax: g_policy_enable bool
This renames inbox messages to include the size of the file so that an lstat call is not needed.
Syntax: g_pop_add_size bool
Size of packets to read POP messages (best left alone).
Syntax: g_pop_blocksize int
This setting has no further documentation currently available
Syntax: g_pop_cram_enable bool
This setting replaced g_pop_nodelay, as the default has been changed. It was changed as this can improve performance.
Syntax: g_pop_delay bool
Too debug faulty network/client pop issues, not for general use, this may slow performance significantly
Syntax: g_pop_flush_lines bool
Use this setting if you are sharing a file system between multiple mail servers. This will make the mail server lock the users files to prevent a second user of the same name logging in and reading mail from one of the other systems.
Syntax: g_pop_lock bool
This limits the channels that will be used at any one time for incoming POP and IMAP connections. The purpose of this setting is to prevent a sudden burst of users reading mail from using up all available channels. Generally setting this is a bad idea as there is a sensible default (dependent on the system resources available).
See FAQ section on session limits
Syntax: g_pop_max string
This may be less disruptive as it stops the client thinking the password is wrong.
Syntax: g_pop_min_late bool
This lets you explain to the user what the problem is. Don't get carried away some clients may not like a long string here!
Syntax: g_pop_min_msg string
Useful for whitelisting webmail servers etc. 127.0.0.1 is always skipped
Syntax: g_pop_min_skip string
If a pop client connects more often than this, give an error. This setting will very likely break webmail sessions and cause odd problems, Best avoided!
Syntax: g_pop_min_time int
This setting avoids problems when users use pop and imap access to the same account at the same time.
Syntax: g_pop_nolock bool
This setting has no further documentation currently available
Syntax: g_pop_notseen bool
Typically you won't need to change this, however you can specify an IP address to bind to or a list of alternate ports, eg: 10.3.2.3:110 or 110,6110 etc... By default the mail server listens to port 110 on all adapters/addresses. Use the keyword 'disabled' to disable this part of the SurgeMail service.
Syntax: g_pop_port string
Dedicated secure port to listen on for POP connections. Use the keyword 'disabled' to disable this part of the SurgeMail service.
Syntax: g_pop_secure_port string
This setting has no further documentation currently available
Syntax: g_pop_warning int
POPfetch will retrieve mail from POP accounts on another server and store it locally. The POP fetch interval can be set using g_popfetch_interval. The parameters for this setting are host(required), user(required), pass(required) or localuser(required).
eg:
g_popfetch host="netwin.co.nz" user="marijn" pass="secret"
localuser="marijn@anydomain.com"
Alternatively POPfetch is able to attempt local delivery based on headers. Delivery is attempted to "X-Rcpt-To:" with fallback of "To:" and "Cc:" headers. To enable this the local user needs to be defined as "*,userxxx". Fetched mail will be delivered as specified in the headers or if no valid user is identified in the header to the default user "userxxx".
Syntax: g_popfetch host=string user=string pass=string localuser=string disable=bool
The interval (in seconds) between successive attempts to fetch mail from remote mailserver POP accounts (as per g_popfetch rules). (default is 5 minutes = 300)
Syntax: g_popfetch_interval int
If true then POPfetch will try and open the link for 10 seconds, then retry, this should bring up ISDN lines.
Syntax: g_popfetch_kick bool
Drop duplicate messages based on "Message-id:" header.
Syntax: g_popfetch_nodup bool
Port to listen for POPPassD connections. Typically you won't need to change this, however you can specify an IP address to bind to or a list of alternate ports, eg: 10.3.2.3:106 or 106,6106 etc... By default the mail server listens to port 106 on all adapters/addresses. Use the keyword 'disabled' to disable this part of the SurgeMail service.
Syntax: g_ppd_port string
Used to enable private features. Not for general use
Syntax: g_private string
This enables the SurgeMail proxy mode, using 'tohost="xxx"' received from the authentication to determine real host for SMTP/POP connections. Any incoming SMTP, POP or IMAP connections will be passed on directly to the specified server. This allows you to split a domain over several separate systems. This method is outlined in general terms here.
To setup a proxy server system with 4 machines (2 proxy, 2 backend) use the following steps, lets assume your hosts are PROXY1, PROXY2, SERVER1, SERVER2
1) Set on the proxy servers in surgemail.ini g_proxy "true"
On the back end server use g_pop_nolock "true" (to avoid timing issues)
On the back end server set g_tohost_local "server1" (or server2) so it knows it's own name.
2) Configure your authent database to return 'tohost=xxx' for each user on your system, e.g. in nwauth
nwauth
set testuser1@test.com test tohost="SERVER1"
set testuser2@test.com test tohost="SERVER2"
lookup testuser1@test.com
+OK testuser1@test.com config 0 tohost="SERVER1"
3) Configure your load balancing router to send users to PROXY1 & PROXY2, ...
4) When new users are added always define the 'tohost' setting to define which system they are added to as load increases you can add more backend or frontend servers as needed.
This is very similar to the 'mailhost' setting some systems use in LDAPAuth to translate mailhost to 'tohost' you would use: info_fields mailhost,tohost in ldapauth.ini
Syntax: g_proxy bool
Default host to forward to if 'tohost' is not defined in user database for this user.
Syntax: g_proxy_default string
This lets you use a front end server to move web based logins onto the correct webmail host
Syntax: g_proxy_smtp string
This setting has no further documentation currently available
Syntax: g_proxy_to_gateways bool
This setting has no further documentation currently available
Syntax: g_proxy_usercgi bool
This lets you use a front end server to move web based logins onto the correct webmail host
Syntax: g_proxy_webmail host=string redirect=string
Used for debugging only, do not play with this.
Syntax: g_pstat_disable bool
This setting has no further documentation currently available
Syntax: g_queue_all bool
If you send email in faster than it can be sent, the queue grows forever until the server fails due to huge directories or insufficient disk space, this setting stops the incoming messages so you are alerted to the problem before it becomes critical. Note that this stops all incoming mail, including local deliveries. This is the number of items
Syntax: g_queue_limit int
Example: g_queue_limit "100000"
Size of internal mail queue file cache, range 500-3000.
Syntax: g_queue_max int
This setting has no further documentation currently available
Syntax: g_queue_spawn string
If you send email in faster than it can be sent, or something is wrong (e.g. a broken dns server) then this helps warn you early
Syntax: g_queue_warning int
Example: g_queue_warning "10000"
If the user is in the specified group they get the specified disk quota. This is applied if no quota is specified in the authent module.
Syntax: g_quota group=string quota=string
Can help with old systems that need the wrong error code.
Syntax: g_quota_550 bool
Level at which user gets a warning message
Syntax: g_quota_at string
This setting has no further documentation currently available
Syntax: g_quota_before_forward bool
This setting has no further documentation currently available
Syntax: g_quota_default string
Disables quota processing completely
Syntax: g_quota_disable bool
Count friends pending messages and spam store as part of the per user quota.
Syntax: g_quota_friends bool
This setting has no further documentation currently available
Syntax: g_quota_from string
This setting has no further documentation currently available
Syntax: g_quota_noemail bool
This setting has no further documentation currently available
Syntax: g_quota_notrash bool
SurgeMail now does quota checking at rcpt stage (Quota checking used to be done after data arrived) This setting disables the quota checking at rcpt stage if the above causes problems (not intended for general use).
Syntax: g_quota_rcpt_disable bool
Useful for small systems where any quota limit failure is an issue for the manager to resolve, only one report is sent a day so you may not hear about all users over quota.
Syntax: g_quota_report bool
Skips the quota checking. Use this if you have a high priority robot (like your billing system) that must be able to deliver email to users (or students) even if the user is over quota.
Syntax: g_quota_skip string
Give 450 response if user is over quota so message will be resent.
Syntax: g_quota_try_later bool
Disables the 80% quota warning message.
Syntax: g_quota_warning_disable bool
This setting has no further documentation currently available
Syntax: g_rbl_login string
Allow exclamation marks in addresses. ie '!'
Syntax: g_rcpt_bang bool
Allow colon characters in addresses. ie ':'
Syntax: g_rcpt_colon bool
Max recipients per message, default is 1000, can only be lower than 1000.
Syntax: g_rcpt_max int
This limit is only applied to untrusted sessions (incoming mail)
Syntax: g_rcpt_max_in int
Response given for invalid recipient errors message is prefixed by email address..
Syntax: g_rcpt_msg string
When enabled this prevents a message being delivered more than once to a single person, it's a fairly good setting to use and will get rid of some spam for people using fallback addresses.
Syntax: g_rcpt_nodup bool
This setting has no further documentation currently available
Syntax: g_rcpt_ok string
By default quotes are blocked at the SMTP level, this is because some of the authent modules don't handle quotes in addresses so it's best not to let them through. There is no known reason for ever turning this setting on.
Syntax: g_rcpt_quote bool
This will list all recipients in the message to facilitate tracing
Syntax: g_rcpt_trace bool
Best set between 10 and 60
Syntax: g_rdns_timeout int
Name shown as received "by" in the received headers this defaults to server name but can be specified if required:
eg "myservername"
Received: from netwin.co.nz (unverified [10.0.0.5]) by myservername (SurgeMail 1.5f) with ESMTP id 1140619 for <marijn@netwin.co.nz>; Fri, 07 Nov 2003 10:25:59 +1300
Syntax: g_received_name string
This list is used when processing vanish_bad_bounces, vanish_virus_bounces and vanish_any_bounce. It defines the valid received names to expect quoted in a properly formed bounce message for a message from this server/system.
Syntax: g_received_names string
This setting can be used to hide sensitive local ip addresses from outgoing mail headers. This will make tracking abuse more difficult, we do not recommend using this setting generally.
Syntax: g_received_skip bool
Note that in the case of a message that is to a local and remote recipeient, it will skip the headers for both, even though the desire is to skip them for the remote recipient only. This not quite right, ideally one should skip this for outgoing only but since the header is added at delivery time we thought this was close enough.
Syntax: g_received_skip_all bool
Note that in the case of a message that is to a local and remote recipeient, it will skip the headers for both, even though the desire is to skip them for the remote recipient only. This not quite right, ideally one should skip this for outgoing only but since the header is added at delivery time we thought this was close enough.
Syntax: g_received_skip_spf bool
This allows you to disable recent login failure checking for certain IP addresses. Normally there up to a maximum of 9 login attempts are allowed per connection.
Syntax: g_recent_bypass string
The number of days SurgeMail message delivery logs are stored.
Syntax: g_record_days int
Message delivery logs may be stored in hashed format within g_record_path as <surgemail dir> \recYYMM\msgYYMMDD.rec
Syntax: g_record_hash bool
This setting has no further documentation currently available
Syntax: g_record_login bool
Sets the path for the SurgeMail delivery logs. Delivery logs contain entries for mail received and delivered in a single file per day. See Searching the Log Files for more information.
Syntax: g_record_path string
This setting has no further documentation currently available
Syntax: g_recover_noquestions bool
This setting has no further documentation currently available
Syntax: g_recover_reminder bool
See tellmail undelete command
Syntax: g_recycling bool
This setting has no further documentation currently available
Syntax: g_recycling_del string
This setting has no further documentation currently available
Syntax: g_recycling_imap bool
This setting has no further documentation currently available
Syntax: g_recycling_life int
This setting has no further documentation currently available
Syntax: g_recycling_pop bool
This setting has no further documentation currently available
Syntax: g_recycling_visible string
Specifies global redirection rule. These rules are applied to local and remote addresses so should be used with 'care', for domain based redirection use the redirect rules within a domain. An example rule would be: fred@xx.com --> bob@yy.com or *@xx.com --> joe@xx.com
Wild cards can be used and replaced, e.g.
g_redirect was="*@gadget.net" to="%1@gadget.com"
g_redirect was="*@*.gadget.com" to="%1-%2@gadget.com"
Would make
bob@gadget.net --> bob@gadget.com
fred@cool.gadget.com --> fred-cool@gadget.com
These rules are processed 'before' the domain is identified, therefore you cannot use host_alias domain values in them. Use a domain redirect rule if this is required.
You can also redirect a message to a robot or script like this:
g_redirect was="auto@mydomain.com" to="|/usr/local/myrobot.sh"
Your script can read the environment variables:
MAILFROM
RCPTTO
MSGSIZE
And must read the message on 'stdin', the message will be terminated with "crlf.crlf"
Your script can then process the message and if it want's to respond must use smtp to send a response back etc...
Your script will run as the user 'mail' so if that user does not have access to the script file or work files then it will fail :-)
Syntax: g_redirect was=string to=string
Same as 'redirect' but the message is still delivered to the original address as well. For g_redirect_cc there are two special names defined "$localdomain$" and "$remotedomain$", which can be used in the 'was' paramater (requires SurgeMail 2.3).
Syntax: g_redirect_cc was=string to=string
This rule is applied at the point of delivery, so only if the original user actually gets the email, and the message is sent as an attachment, the original message is ALSO delivered
Syntax: g_redirect_cc_attach was=string to=string header=string contains=string
Redirect a message to another address if the from matches.
Syntax: g_redirect_from from=string to=string
Redirect a copy of the message to another address if the from matches still delivering to the original address as well.
Syntax: g_redirect_from_cc from=string to=string
Hide the redirection in the SMTP output
Syntax: g_redirect_hide bool
This is for doing fancy redirection where the rule is only applied if the domain of the destination is a local domain. For example to redirect all messages to postmaster at any local domain to one particular admin user.
Syntax: g_redirect_iflocal was=string to=string
Example: g_redirect_iflocal was="postmaster@*" to="john@main.domain"
We consider this to be faulty behaviour as it will lead to emails vanishing with no bounce, use entirely at your own risk.
Syntax: g_redirect_ignore_errors bool
This can help avoid loops.
Syntax: g_redirect_newmid bool
This will stop SurgeMail creating redirection rules for new domains such as postmaster,abuse and support
Syntax: g_redirect_noautocreate_rules bool
Send all outgoing email to this address instead, useful for redirecting email to a robot (like amazon ses service), this is called for each outgoing message, once for each recipient
Syntax: g_redirect_ses from=string was=string to=string
Example: g_redirect_ses was="*" to="john@external.domain"
This setting allows users to send outgoing Email if their envelope 'from' address is a known local address. This is a very bad idea in general as spammers can do this too. So in general don't use this setting except as a lesser of two evils. It will be detected by some open relay checking systems and your site can then end up listed as an open relay. If this happens your Emails will be rejected by other peoples systems. e.g.
g_relay_allow_from "*@my.domain,*@second.domain,fred@third.domain"
Syntax: g_relay_allow_from string
List the IP ranges of local users that you will allow to send 'OUTGOING' Email without using SMTP authentication, e.g. "127.0.0.1,10.0.*". In the past, mail servers used to permit this from any IP address, but since this was abused by 'spammers' all modern mail servers only allow this from known local IP addresses. Remote users should use 'smtp authentication' or login via POP protocol before sending Email, then SurgeMail will trust them. Do NOT set this to '*' If you do your system will be blocked as it will be assumed that spammers are using your system even if they are not!!!
Syntax: g_relay_allow_ip string
Allow relaying if the domain in the from envelope and IP address both match.
Syntax: g_relay_dom_and_ip domain=string ip=string
This lets you send all email to 'mx' destination, even if the account is local, unless it is coming from a known ip address range.
Syntax: g_relay_ifnot string
Text string displayed to users who try and relay.
Default (blank) is: "Relaying blocked, read new mail, add <sender.ip> to forwarding or enable smtp authentication in your mail client"
Syntax: g_relay_message string
This setting has no further documentation currently available
Syntax: g_relay_nolocal bool
Allows you to run an external program to lookup an ip address and decide if it is one of your users who should be allowed to relay. This can be used when your users login via some type of shared system so the ip ranges are not known but you do have a way of checking if a user of yours is 'currently' connected on an ip address
Syntax: g_relay_process string
Example: g_relay_process "c:/surgemail/testip.exe $WHOIP"
This setting allows mail from anyone to be relayed to the specified domain. The relaying is unconditional.
Syntax: g_relay_to string
This setting has no further documentation currently available
Syntax: g_relay_to_user string
This sets the time after a valid POP login that you will allow a user on the same IP to send outgoing mail. In general it is safe to set this setting large and it can allow people using old mail clients (that do not know how to do SMTP authentication) to still send through your server without making your server an open relay.
Syntax: g_relay_window int
This must be used with g_relay_window, the matching is 'simplistic' and matches on the 'from envelope' but will stop most simple forms of abuse.
Syntax: g_relay_window_from bool
This setting has no further documentation currently available
Syntax: g_rename_content string
Only takes effect if g_virus_rename is checked. Default is: "*.exe,*.pif,*.bat,*.com,*.cmd,*.jav,*.vbs,*.scr,*.wsh"
Syntax: g_rename_files string
Not for general use currently
Syntax: g_report_host string
This feature enables automatic reporting of some not spam messages (as tagged by users on your server) - this setting has serious privacy considerations only use if your users are happy with this. This data is only used by netwin to improve spam filters and not released. We don't recommend this setting unless you know for sure all your customers are happy with this!
Syntax: g_report_notspam bool
Note that this sends full mail samples to netwinsite for later analysis/training.
Syntax: g_report_spam bool
This setting has no further documentation currently available
Syntax: g_responder_delay string
This can further reduce spam back scatter issues
Syntax: g_responder_friends bool
Use g_bounce_noreply setting instead to avoid annoying bounces
Syntax: g_responder_from bool
This improves delivery
Syntax: g_responder_noreply bool
This setting makes the server less likely to be black listed by accidentally responding to a forged email.
Syntax: g_responder_safer bool
This can further reduce spam back scatter issues
Syntax: g_responder_score int
Allow response on spf failure if from matches thsi wildcard
Syntax: g_responder_sender string
Skip responder if from envenlope matches this list/wild card
Syntax: g_responder_skip string
Allow response on spf failure if from matches thsi wildcard
Syntax: g_responder_source string
Allow response on spf failure if to matches this list
Syntax: g_responder_to string
Alow utf8 chars in response
Syntax: g_responder_utf8 bool
If turned on Swatch (a spawned second process) checks every 30 seconds to see if the server is still running. If it isn't running but it's pid file still exists (so if it died) this second process restarts the missing server and sends the manager account an Email reporting the fault.
For this to work on NT you need to set Dr Watson NOT to show visual notification of faults:
This sets Dr Watson to be the default debugger) c:/> drwtsn32 /i This brings up the Dr Watson settings, un-tick "Visual Notification" c:/> drwtsn32
Generally this setting is not needed and could be left off, but if an odd problem should develop, this setting can give you peace of mind for a few days while you wait for a problem resolution from NetWin.
Syntax: g_restart bool
This setting has no further documentation currently available
Syntax: g_restart_kill bool
This setting has no further documentation currently available
Syntax: g_restart_malloc int
This setting has no further documentation currently available
Syntax: g_restart_vmsize int
Max hours to keep trying to deliver a bounce the default is 48hrs
Syntax: g_retry_bounces int
By default, if the DNS server says a domain doesn't exist, the message is immediately bounced so the sending user can take action. In some rare cases this will occur with a valid domain name because the actual DNS of the domain you are sending to is temporarily down. In this situation making SurgeMail retry for 1 hour can prevent these false bounces. I don't recommend this setting as mostly the DNS response and cache etc is very very reliable because SurgeMail keeps a local cache of DNS lookups that worked on disk. So for a failure like this to occur it must be the first time the server has EVER looked up the domain, so the odds are extremely remote. Delaying a useful response to the user for 1 hour just for this remote chance is not wise in my opinion.
Syntax: g_retry_dns int
Example: g_retry_dns "1"
This setting has no further documentation currently available
Syntax: g_retry_from domain=string hours=string
Every hour the mail server will attempt to deliver any messages that fail for a reason that may be a temporary fault (for example the destination mail server doesn't respond). This setting limits how long these retries continue for. The default is 48 hours (2 days).
Syntax: g_retry_limit int
Time in minutes that SurgeMail will try and resend a
message that has failed to be delivered.
(default = 60 minutes).
Syntax: g_retry_minutes int
Rules that allow you to specify the retry_limit in hours on a per destination domain basis.
Example:
g_retry_rule domain="test.com" hours="48"
That will make it keep retrying to send to the domain test.com for 48 hours.
Syntax: g_retry_rule domain=string hours=string
This complements the warning setting, so the user can see the message did eventually go through and after how long...
Syntax: g_retry_unwarn bool
I like this setting myself but it can confuse users as the first send attempt will often fail and the user will mis read the bounce and think it's failed completely. It does mean when a message is urgent the user gets told right away, instead of 2 days later, that there is a problem sending the message so for a business it's a nice setting to enable.
Syntax: g_retry_warn bool
Similar to the above setting but this one reduces the false warnings as messasges often fail on the first attempt
Syntax: g_retry_warn_n int
Route messages matching particular wildcard "from address" and wildcard "to address" to specified server. This is not a gatweay rule and is only applied to mail that has already been accepted via SMTP authentication, relaying rules or gateway rules.
This would typically be used to route all mail for a particular user on a domain to another mailserver or to route all mail from a local domain through another server:
Case 1: Route mail for one user to another server
g_route from="*@*" to="user@localdomain.com" dest="1.2.3.4" user="" pass=""
Case 2: Route all mail from local domain through other
server
g_route from="*@localdomain.com" to="*" dest="1.2.3.4" user="" pass=""
g_route_except gets applied allowing you to prevent mail coming in from certain IP addresses to be routed.
Syntax: g_route from=string to=string dest=string user=string pass=string
Use routing to a particular server based on 'tohost' setting in authentication database. This is particularly useful if you have users spread over several physical locations and want to be able to route mail for different users to particular servers.
Syntax: g_route_by_tohost bool
IP exception to g_route and g_route_by_tohost.
Syntax: g_route_except string
This setting has no further documentation currently available
Syntax: g_route_local bool
g_route_local is also required.
Syntax: g_route_local_ifexists bool
This setting has no further documentation currently available
Syntax: g_route_tous bool
This setting has no further documentation currently available
Syntax: g_rules_msgtime bool
This setting has no further documentation currently available
Syntax: g_rules_old bool
This setting has no further documentation currently available
Syntax: g_run_cmd string
This setting has no further documentation currently available
Syntax: g_sabre_version string
Useful to keep an eye on users and hackers
Syntax: g_safe_alert bool
This whitelists your entire country, which can help prevent user confusion by blocking logins while still blocking logins from the rest of the world
Syntax: g_safe_country string
This setting has no further documentation currently available
Syntax: g_safe_country_nowarning string
This feature is intended to prevent spamers/hackers from harvesting accounts on your system and then using them to send out spam. This setting should never be used as users often never see the error and just get prompted for a new password.
Syntax: g_safe_imap bool
The default is 'Sorry logins are not permitted from unknown ip addresses'
Syntax: g_safe_message string
This feature is intended to prevent spamers/hackers from harvesting accounts on your system and then using them to send out spam, the user is sent an email to enable logins
Syntax: g_safe_smtp bool
This feature is intended to prevent spamers/hackers from harvesting accounts on your system and then using them to send out spam
Syntax: g_safe_smtp_email bool
This lets you explain to the user what this email is about.
Syntax: g_safe_text string
Helps alert users if their account has been hacked, will also cause confusion though. This is not the same as g_safe_smtp which also generates user level warnings...
Syntax: g_safe_warning bool
These ip addresses are always considered to safe, typically internal networks, 10.*.*.* .
Syntax: g_safe_white string
The idea is to create several accounts on various public mail servers. Then send a test message using a mailing list or g_redirect rule to these test accounts, then use the command tellmail sample_get CODE DELETE to check if the messages have arrived. The first paramter of tellmail sample_get is a code it expects to find in the message headers (or subject) and the second paramter should be the keyword 'delete' if you want it to delete the sample messages.
Syntax: g_sample_get host=string user=string pass=string
Typicall you will list headers that are added by spam filters
Syntax: g_sample_show string
Converts return value from g_scan_cmd, action=drop,accept,bounce.
Syntax: g_scan_action code=int action=string reason=string
Run command on message, and return integer, see g_scan_action.
Syntax: g_scan_cmd string
This setting has no further documentation currently available
Syntax: g_scan_cmd_failok bool
This setting has no further documentation currently available
Syntax: g_scan_cmd_skip string
This setting has no further documentation currently available
Syntax: g_scan_cmd_testing bool
Timeout for sched utokens in minutes.
Syntax: g_sched_utoken_timeout int
Seconds to leave slow responding host alone (default 900).
Syntax: g_send_backoff int
This setting will tend to result in 'duplicate' messages being received, so should not be used, but strictly speaking it is valid to retry in this situation, the trouble is the receiving mail server 'may' have a real copy of the message so may deliver it even though the connection was dropped.
Syntax: g_send_body_end_retry bool
By default SurgeMail retries to send messages if the tcp connection is lost during the body send part of sending an email message. In rare situations this may cause problems, for example while sending a large file if the receiving software is faulty and is dieing rather than responding with 'don't try again' error code. This behaviour was reversed before version 2.0h (e.g. it never retried)
Syntax: g_send_body_noretry bool
This setting disables the new feature where the server tries harder to deliver a message even if it 'might' result in duplicates being delivered.
Syntax: g_send_body_once bool
Debugging feature.
Syntax: g_send_bug1 bool
This helps prevent surgemail exceed tarpit throttles common in unix mail servers, adjust at your own risk. This won't generally limit outgoing email speed so you don't need to touch it. A value of '1' means surgemail can make one connection each second.
Syntax: g_send_conspeed int
This is a simple throttle to limit sending speed to any single domain, a value of 2 seconds is probably reasonable. In general you would also set G_SEND_MAX_PERDOM to 1.
Syntax: g_send_delay int
It's best not to change this generally, if you set it too low then grey listing may fail, if you set it higher then email is delayed.
Syntax: g_send_first_retry int
Fully qualified domain to use for all outgoing SMTP helo commands.
Syntax: g_send_helo string
If the senders domain name (in return path envelope) is a valid local domain, then it is used in the 'helo' command.
Not generally recommended. The correct use of the helo is to identify the sending machine, not the domain, so although this makes the headers look pretty it doesn't make them more correct in my opinion.
Syntax: g_send_helo_from bool
So this is the local ip name it looks up not the remote ip address name. Unsafe because dns may fail then it will say helo with invalid string
Syntax: g_send_helo_in bool
Send messages in single line packets, slow! (for debugging)
Syntax: g_send_lines bool
This limits the impact from mailing lists that would otherwise clogg the server and prevent normal individual emails going through quickly, typically set to *bounce@* to lower mailing list priority
Syntax: g_send_lowpriority string
Maximum concurrent outgoing SMTP connections . You should not have to change this. The default is 100.
Syntax: g_send_max int
This may help delivery if a server is incorrectly identifying your server as a spam source. A value of 1-5 would be reasonable
Syntax: g_send_max_perchan int
Maximum concurrent outgoing SMTP connections to a single domain. The default is 2. This can be set higher and the default used to be 6 however there are a few servers out there that don't like more than 2 channels being opened to them.
Syntax: g_send_max_perdom int
Default is unlimited, Setting this to a small value like 10 may help some mail servers.
Syntax: g_send_max_rcpt int
Most useful when using g_authent_always, as this error will be shown to local users when sending to local users that don't exist.
Syntax: g_send_no_domain string
Use this on incomng mx severs for the local domain so it can use lots of channels to send the data through.
Syntax: g_send_nolimit string
This is to try and find an elusive fault on some systems sending large emails, not for general use
Syntax: g_send_nopoll bool
Revert to old style sending, no known reason for doing this
Syntax: g_send_nosize bool
Normally surgemail remembers hosts that are slow to open, fail and doesn't retry for 60 minutes.
Syntax: g_send_noskipslow bool
Only send outgoing while doing a POPfetch (For dialup use).
Syntax: g_send_onpopfetch bool
Timeout, in seconds when opening an SMTP link.
Syntax: g_send_open_timeout int
Might be useful to stop messages bouncing when destination server is temporarily rejecting everything
Syntax: g_send_retry_550 bool
Some faulty hosts return a 552 error when a user is over quota, this means that by the RFC SurgeMail must not try again to deliver the message. However this is clearly not a permanent error and so it's often wise to retry in this situation, This setting makes SurgeMail attempt retries when faced with this odd response.
Syntax: g_send_retry_552 bool
This rewrites the recipient envelope, you can use wild cards, e.g. *@this.domain %1@another.domain, to rewrite 'from' addresses use g_from_rewrite
Syntax: g_send_rewrite was=string to=string
Bytes per second to limit each outgoing channel to. eg: 10k
Syntax: g_send_speed int
This setting has no further documentation currently available
Syntax: g_send_sslheader bool
This setting disables the ability to save the message to the sent folder as part of the smtp command (only used by SurgeAlert)
Syntax: g_send_store_disable bool
This setting has no further documentation currently available
Syntax: g_send_strip string
Timeout, in seconds when sending mail, default is 540 (9 minutes)
Syntax: g_send_timeout int
Some large providers will assume you are a spammer if you send too many messagse in an hour. If you have a large mailing list it's easy to break these limits, in which case some rules like this can prevent this problem.
Syntax: g_send_tolimit domain=string perhour=int
Example: g_send_tolimit domain="hotmail.com,*hotmail.com" perhour="60"
Trigger with tellmail mail_rules (or it will run once a week)
Syntax: g_sent_archive int
This setting has no further documentation currently available
Syntax: g_sent_nodup bool
If user is authenticated then store message in a folder, note that duplicates may occur if the client is also doing this (disable in the client) or use a name like System_Sent to avoid confusion
Syntax: g_sent_store string
The vdomain a user connects on is normally identified automatically for "user account self management" and for "webmail". In the event that the domain name is not the same as the host name (eg hostname = mail.domain.com, domainname = domain.com) the WebMail web server can automatically translate the SERVER_NAME variable.
This setting specifies a wild card list of URLs 'URL' with associated translated host name for "SERVER_NAME". If the URL matches then SERVER_NAME is set to the second part of this setting 'name'. eg: to host the domains domain.com and mail.domain.com on host mail.domain.com:
g_server_name url="*.domain.com" name="domain.com"
Note: If your server name is not the same as your domain name also check the per domain setting URL_host.
Syntax: g_server_name url=string name=string
Replaces SurgeMail and version string in Received headers of process mail
Syntax: g_server_stamp string
This setting has no further documentation currently available
Syntax: g_setpassword_firstlogin bool
Binary tree for scoring - this mechanism scores based on finding the sample or samples with the closes matching features, and counting how many are spam/not spam. This method is the best choice (currently)
Syntax: g_sf_binary bool
This setting has no further documentation currently available
Syntax: g_sf_disable bool
Creates feature_gen.dat from sf_mfilter.txt (instead of using feature_gen.net downloaded from netwinsite.com). This requires your server to have a reasonable sample of spam in the train... folders, this is collected automatically over a few days.
Syntax: g_sf_generate bool
This setting has no further documentation currently available
Syntax: g_sf_ignore_users bool
This setting has no further documentation currently available
Syntax: g_sf_limit bool
A new mechanism to score more rationally based on the known data.
Syntax: g_sf_list bool
Experimental setting
Syntax: g_sf_nnet bool
This smoothes out the nonsense a bit if g_sf_binary over-reacts to training or small samples
Syntax: g_sf_nosanity bool
This setting has no further documentation currently available
Syntax: g_sf_obey_users bool
Use additional manual rules
Syntax: g_sf_rules bool
Experimental setting
Syntax: g_sf_saneonly bool
This second sanity check improves scores over 8 to be a bit more useful.
Syntax: g_sf_sanity2 bool
Test another spam scoring method
Syntax: g_sf_sanity_test bool
Experimental setting
Syntax: g_sf_test2 bool
This allows sharing of the home directory in the unlikely situation that you might want to run separate surgemail processes. eg one process to cope with SMTP and another to cope with POP access.
Syntax: g_share_home bool
Set true if mail area is shared (by nfs or other mechanism)
Syntax: g_share_mail bool
Normally SurgeMail keeps track of quota for all users in memory, this is efficient, but means if your are using a shared mail spool the quota figures are completely wrong, so use this setting to make surgemail keep track of quota's on disk, it increases disk load a bit of course but not too much.
Syntax: g_share_quota bool
This setting has no further documentation currently available
Syntax: g_show_senders bool
Intended to make server die rather than to pretend to keep running when a major disk fault has occurred
Syntax: g_shutdown_ifmissing string
Add 20 second delay to shutdown for testing
purposes only.
Syntax: g_shutdown_slow bool
This setting has no further documentation currently available
Syntax: g_skip_return bool
Add 20 second delay to welcome message for testing
purposes only.
Syntax: g_slow_welcome bool
Normally SmiteSpam headers are only added for locally delivered messages. This setting to all messages passing through this server.
Syntax: g_smite_all bool
Normally SmiteSpam headers are only added for locally delivered messages. This setting adds the headers for gatewayed messages too. This also adds headers to messages that are redirected by forward rules as well.
Syntax: g_smite_gateway bool
If SmiteSpam gives a message a "smite score" above this, throw it awayl. This setting is best never used. If used it should be set to '1 or 2'. A value of 1 = "has been reported", 2 = "has been reported multiple times". If smite match score is above this drop message. This is applied when the user downloads the email not at delivery time. What you probably want is 'g_spam_bounce' described elsewhere on this page.
Syntax: g_smite_level int
This will skip running SmiteCRC for messages whose from
address matches these domains. This is the mail from
envelope header NOT the from header in the message (you
can check the return path header in the message to check
what you need to add for this setting).
Note this is a wildcard field so to match any mail claiming to be from safedomain.com you would have to set:
g_smite_skip "*@safedomain.com"
Syntax: g_smite_skip string
Skips spam checks and spam header generation for any authenticated local user.
Syntax: g_smite_skip_auth bool
This setting has no further documentation currently available
Syntax: g_smite_skip_from string
Skip smite scanner if sender IP matches this wild card list.
Syntax: g_smite_skip_ip string
This setting has no further documentation currently available
Syntax: g_smite_skip_only string
Skips spam checks and spam header generation for any local user.
Syntax: g_smite_skip_relay bool
Skip smite scanner if to matches this wild card to <address>.
Syntax: g_smite_skip_to string
If set to true will tag messages already in the SmiteSpam database. A value of 1 = "has been reported", 2 = "has been reported multiple times".
Syntax: g_smite_tag bool
Normally sms gateways are restricted to authenticated users (SMTP authentication) this allows you to specify IP's which can send without authentication. For example you may want your dlist server to send SMS, in which case you might add 127.0.0.1 to this setting.
Syntax: g_sms_forward string
This is the ip and port of an 'email to sms gateway'. The gateway should accept SMTP messages on this port and convert the email into an sms message then deliver to the phone number in the 'to' address. SMSGate is our 'email to sms gateway' and is FREE with SurgeMail. Setting user_sms to "true" for a domain allows users to specify a phone number (or email address) and rules for when to notify them.
Syntax: g_sms_gateway string
If a user sets their sms number to an email address, perhaps to make use of an existing gateway, then surgemail will send the message to the domain in that address. If you set this you can force the email to go to g_sms_gateway. NOTE: It is possible to configure SMSGate with 'send_mode smtp', 'recv_mode none' and no GSM modem. In this setup it simply reformats messages passing them on to the configured smtp_outserver for delivery as email messages.
Syntax: g_sms_gateway_force bool
Defines the maximum number of bytes of 'body' text to send to the g_sms_gateway. All headers are sent, then the defined number of bytes of 'body' text. Defaults to 160. May be set larger than the default if you have a lot of html messages or multipart html and text messages. Should not be set too large as there is no point sending binary attachments and the like to an sms gateway.
Syntax: g_sms_gateway_msgbytes int
Defines the maximum number of bytes of 'subject' text to send to the g_sms_gateway.
Syntax: g_sms_gateway_subjbytes int
Normally sms gateways are restricted to authenticated users (SMTP authentication) this allows you to specify IP's which can send without authentication. For example you may want your dlist server to send SMS, in which case you might add 127.0.0.1 to this setting.
Syntax: g_sms_recover_text string
This setting has no further documentation currently available
Syntax: g_smtp_allow_invalid bool
This setting has no further documentation currently available
Syntax: g_smtp_auth_debug bool
This prevents a hacker sending out spam by cracking a users account details, users must login from an address specified in g_smtp_auth_ip or g_relay_allow_ip
Syntax: g_smtp_auth_ip string
This prevents a hacker sending out spam by cracking a users account details, users must login from an address specified in g_smtp_auth_ip or g_relay_allow_ip, NEVER USE THIS!
Syntax: g_smtp_auth_off bool
This setting tries to prevent thrashing by making the server slow down the speed it reads data in an attempt to get larger packets. This seemed to have no affect when I tested it, but play with it if you want, It is only intended to be useful when you have hundreds of incoming connections all very slowly sending in data, and the server is short of CPU.
Syntax: g_smtp_big bool
If external servers are over loading your server so much that it ends up in a cpu loop rejecting connections then increaseing this might help. But beware your system must not run out of file handles so don't set it too large, The default is 100
Syntax: g_smtp_bounce_nslow int
Testing feature.
Syntax: g_smtp_chunking bool
Seconds to wait after getting a message for next command (workaround for sendmail bug)
Syntax: g_smtp_cmd_timeout int
Please note that CRAM-MD5 does have security implications, specifically it means that the local users password must be stored in a semi reversable state in the authent database. Also you must be using the new version of the NWAuth module. Also Cram-md5 cannot be used with Migration from an old server (since by definiton the old password is never sent)
Syntax: g_smtp_cram_enable bool
This setting has no further documentation currently available
Syntax: g_smtp_data_bug bool
Seconds to wait for SMTP data input.
Syntax: g_smtp_data_timeout int
Only applies if more than 2 connections from the same ip address, so it only throttles bulk senders not people
Syntax: g_smtp_delay int
If true then if any smtp commands arrive before the 'helo' greeting is sent then a header is added to messages which will result in a higher spam score.
Syntax: g_smtp_delay_stamp bool
Only do etrn processing if user is authenticated.
Syntax: g_smtp_etrn_auth bool
Normally SurgeMail waits 1-10 seconds before rejecting a bad connection (rbl/limits,...), this reduces cpu usage and prevents some DOS attacks, this setting disables this behaviour.
Syntax: g_smtp_fast_bounce bool
This setting tries to cope if the message contains no headers at all, it is not recommended of course but may be needed on occasion for bad scripts
Syntax: g_smtp_fix_nohead bool
Disable SMTP help command (minor security percaution).
Syntax: g_smtp_help_disable bool
If enabled, the SMTP protocol is logged to the mail.log file as "smtp: In" and "smtp: Out" entries.
Syntax: g_smtp_log_protocol bool
This sets the smtp.log file size, default is 2mb
Syntax: g_smtp_log_size int
This limits the channels that will be used at any one time for incoming SMTP connections. The purpose of this setting is to prevent a sudden burst of spam from using up all available channels. Generally you do not need to change this. (Default = 250). Use the related setting g_smtp_max_reason to over-write the detailed error if you don't want spammers to know what your limits are set to.
Syntax: g_smtp_max int
This lets you specify IP based exceptions to g_smtp_max, so if you need a certain IP to open up many connections you would add that IP here.
eg. g_smtp_max_nolimit "10.0.0.50"
Syntax: g_smtp_max_nolimit string
This is most useful when the host in question is being used for the wrong purpose (incoming when it's intended for outgoing etc), or simply to advise the user of a potential solution
Syntax: g_smtp_max_reason string
The maximum number of bad commands accepted per session before SurgeMail will drop the connection.
Example: g_smtp_maxbad "10"
Syntax: g_smtp_maxbad int
Some faulty mail clients forget to put the brackets <> around the recipient, this setting allows such faulty behavior. Not generally recommended.
Syntax: g_smtp_no_brackets bool
Mail sent from other IP addresses is only accepted if user is authenticated. Typically used if your server is behind a firewall of some kind and should only allow incoming email from a particular IP address. Users will be able to send as from any IP address if they use smtp authentication. This setting is only useful if your incoming email always comes through a gateway or filter, it's not a normally useful setting
Syntax: g_smtp_noauth string
Message sent to sender when they try and send to the server but are required to authenticate because of g_smtp_noauth
Syntax: g_smtp_noauth_msg string
Mail sent from other IP addresses is only accepted if user is authenticated. Typically used if your server is behind a firewall of some kind and should only allow incoming email from a particular IP address. Users will be able to send as from any IP address if they use smtp authentication.
Syntax: g_smtp_noauthm string
Testing feature.
Syntax: g_smtp_noclear bool
This is to keep stupid scanners happy, for security you should disable non SSL logins, disabling plain is pointless and annoying.
Syntax: g_smtp_plain_hide bool
Typically you won't need to change this however you can specify an IP address to bind to or a list of alternate ports, eg: 10.3.2.3:25 or 110,2110 etc... By default the mail server listens to port 25 on all adapters/addresses. Use the keyword 'disabled' to disable this part of the SurgeMail service.
Syntax: g_smtp_port int
It is recommended (by some) that users send email to port 587, and it requires smtp authentication, and port 25 be blocked from client ip addresses to prevent viruses etc using email servers. Be sure to add ,587 to the g_smtp_port setting too!
Syntax: g_smtp_portauth string
Use this to prevent local users logging into port 25, this also stops many spammers abusing your system as they will try and send on port 25
Syntax: g_smtp_portforce bool
Port to listen on for dedicated SSL SMTP connections.
Syntax: g_smtp_secure_port int
This makes the server run a seperate thread just to process incoming smtp connections, this can help on a busy system to stop a huge load of smtp connections clogging up the pop/imap connection processing, it is rarely needed.
Syntax: g_smtp_thread bool
This setting is rarely a good idea, vrfy is best left disabled
Syntax: g_smtp_vrfy_allow string
Change Response to VRFY, e.g. 252 Not telling.
Syntax: g_smtp_vrfy_msg string
This setting has no further documentation currently available
Syntax: g_smtp_warning int
Syntax: g_smtp_welcome_delay "seconds"
This delays the welcome message sent by SurgeMail to a connecting server. If the server sends data to SurgeMail during this waiting time SurgeMail will drop their connection. The theory is that any well behaved server will wait for prompts and check them, but a lot of spamming software never takes any notice of prompts/responses and sends blindly. We believe a value of 1-3 seconds is ideal. You can also exempt ip's from this setting by using g_spam_allow "ip". Settings too high will cause real mail to be lost.
Examples:
g_smtp_welcome_delay "3"
g_spam_allow "127.0.0.1"
So above, delay giving the welcome message for 3 seconds, anyone that sends data in that 3 seconds will be dropped, but anything connecting from 127.0.0.1 will be able to send immediately (you should make sure webmail is exempt).
Syntax: g_smtp_welcome_delay int
This allows each user an infinite number of aliases of the form user+extension@domain.name, this can cause problems so only enable with caution. Usually set to "++" but can be set to a single plus, but this will break any email address that contains a plus so not normally recommended. If used avoid defining it as a single character at least!
Syntax: g_spam_alias_any string
Makes blacklisting automatic
Syntax: g_spam_allbad bool
Typically use this to allow known mailing list servers that use your system to send messages in without being tarpitted. e.g. "127.0.0.1,local.ip.number". This same setting is an exception to the other spam rules.
Syntax: g_spam_allow string
Normally when SurgeMail detects an SPF failure it will give the sending an opportunity to send an email to a special address, If the sender does this then their IP address is permitted in future, this saves a lot of hassle generally, in rare situations you may not want this system, this setting will just simply bounce the message instead.
Syntax: g_spam_allow_disable bool
This setting makes the SPF strict settings much softer, basically it says any IP address we've known about for 3 days, is considered safe. This will still stop most spammers, particularly when used in combination with RBL lists which will block the 'repeat' offenders.
Syntax: g_spam_allow_known bool
This lets you tailor the 'allow' bounce message given to incoming messages that fail the SPF checks. ||reason|| becomes the reason for the failure and ||allow|| is either the allow email to send to, or a link to use (if using g_spf_byweb "TRUE").
Syntax: g_spam_allow_msg string
Example: g_spam_allow_msg "||reason||, to fix send an email to ||allow|| then resend original email."
This setting extends the 'allow' email system used by SPF to the RBL style of failures. This makes it much safer to use RBL lists is block mode instead of stamping mode. You really must have g_spam_block enabled for this setting to work, otherwise the 'allow' mechanism lets everything through so this becomes pointless :-)
Syntax: g_spam_allow_rbl bool
Spammers can trivially forge a reverse dns name, so it's very unwise to use it for bypassing spam checking except for rare/local domain names that spammers won't know to use
Syntax: g_spam_allow_rdns bool
Skip spam rules if recent POP IP number (see g_relay_window).
Syntax: g_spam_allow_recent bool
Scale for Aspam default is 1.0. Valid range is zero to two.
The aspam matching based on it's database of known spam and non spam produces a score in the range -5 --> 5. Tthe g_spam_aspam setting lets you 'scale' this score to increase/decrease the importance of the aspam rating. The result is then applied (added to) the spamdetect header.
Syntax: g_spam_aspam string
Auto train spam filter good messages based on first 1,000 outgoing emails.
Syntax: g_spam_autotrain bool
Changes blacklist handling to only place in spam folder (not auto reject) and to automatically blacklist when isspam button pressed
Syntax: g_spam_black_auto bool
Place in spam rather than bouncing hard.
Syntax: g_spam_black_tospam bool
This setting is critical, without it, all the spam is let through to the user, with it set to true, 95% of spam is blocked before it enters your server. So, generally you want this turned on, it should result in very few false positives as messages are 'grey list' bounced.
Syntax: g_spam_block bool
Use this setting on incoming mail servers or servers that relay to servers that implement SPF. Without this SPF blocking will not work as the back end server cannot perform the SPF checks/blocking.
Syntax: g_spam_block_gateway bool
This error is given for SPF failures when the allow system is disabled. You are probably looking for the setting g_spam_allow_msg, as it is the one that is normally used when a user is 'blocked' by spf.
Syntax: g_spam_block_msg string
If spamdetect score is above this, add spamdetect header at top of message body (in addition to the header). This allows mail clients that are not able to filter mail based on headers to filter out spam email. This can be set on a per user basis too. A value of 3 or 4 would be reasonable. The only real reason for this setting is some common mail clients are unable to scan non standard headers so cannot automatically file spam in a folder unless this is used. My recommendation is for such users to use the web interface to set actions individually.
Syntax: g_spam_body int
This can help the user decide if the message really is spam
Syntax: g_spam_body_more bool
On this page you should explain to your users why this tag was added to their message, and how they can adjust their spam settings etc.
Syntax: g_spam_body_url string
If spamdetect score (number of '*'s) is above this,
bounce message if local delivery. 14 is a reasonable
value, never set below 10.
Syntax: g_spam_bounce int
If spamdetect score (number of '*'s) is above this, bounce message, this applies to all messages regardless of user settings. e.g. 7 or 8 would be reasonable, 3 would be very strict, and less than 3 would certainly bounce real emails. I recommend you don't set this below 5. This rule is applied as soon as the message is submitted, user spam settings do not override it.
Syntax: g_spam_bounce_all int
This setting enables rejected spam to be saved in the spam_rejected folder, this makes it safe to use the spam rejection level again.
Syntax: g_spam_bounce_store bool
As per description. Default is: "554 Failure Message looks like spam, sorry not wanted here q=311", where q is the message queue id.
Syntax: g_spam_bounce_text string
Normally trusted users (spam_allow or smtp authenticated users) are never bounced due to spam content, this setting forces those users to also be checked for spam content.
Syntax: g_spam_bounce_trusted int
Addresses on web pages that shouldn't get any email
(robot bait), only for use with Aspam.
Any email going to the specified address will be sent to
the isspam address for processing and the message will
also be dropped. If the message has multiple rctp's and
some are valid users, but one matches the catcher
address, it is not delivered to anyone. If you need to
enter a lot of spam catcher addresses then the best way
is to just setup a single spam catcher address and then
use g_redirect to redirect
other addresses to the spam catcher address.
eg
g_spam_catcher "johnsmith@mydomain.com"
Syntax: g_spam_catcher string
Changing this will cause no end of problems, so only do this when initially installing SurgeMail
Syntax: g_spam_char string
Normally authenticated users are exempt from spam rules when sending mail. This enables all spam checking rules for authenticated users.
Syntax: g_spam_check_auth bool
This allows you to run a simple external spam filter the return value is added as a header, X-SpamCmd: r=N, Is Spam/Not Spam, use local.rul file to translate this return value to a spam score. e.g. G_SPAM_CMD "snfrv2r3.exe xnk05x5vmipeaof7 $S_FILE$" if used with http://www.armresearch.com/message-sniffer/. If the program returns 0 then the words Not Spam are added, if the value is non zero then Is Spam is added, this makes filtering rules easier to add to local.rul, see http://netwinsite.com/surgemail/help/spam.htm#external
Syntax: g_spam_cmd string
This allows you to only scan messages with an external filter if the message is not obviously spam
Syntax: g_spam_cmd_if int
Filters based on return code of external spam filter program
Syntax: g_spam_cmd_reject int
This allows whitelisting to work
Syntax: g_spam_cmd_skip int
The file aspam_content.txt is fetched from netwinsite and used to identify certain common spam messages based on content. Each line in the file gives a list of words or phrases, if most of the words are found, then the rule matches. You can add your own rules to aspam_content_local.txt. In a message that matches a rule you will see in the spamdetect header, Content: cid=NNN cid=NNN, you can then match the NNN with the unique id of each rule in aspam_content.txt
Syntax: g_spam_content_disable bool
Some filters and servers like to see this header, a good value for this might be 7. Valid range would be 1-15, with 1 marking almost everything as spam, and 15 marking almost nothing.
Syntax: g_spam_flag int
This allows a user to create two folders '-Train Is Spam-' and '-Train Not Spam-' and then run the aspam training mechanism by dropping messages into those folders, items are expired ffrom train is spam folder after 30 days if G_EXPIRE_TRASH is TRUE
Syntax: g_spam_folders bool
Without this setting the user must create the folder name correctly for training to work from imap folders
Syntax: g_spam_folders_show bool
This feature fetches the file http://www.sa-blacklist.stearns.org/sa-blacklist/sa-blacklist.current and then uses it efficiently to block senders, it is a huge file (26mb). Not currently recommended, we don't think the hit rate of this filter method is high enough to be useful. url used is http://www.sa-blacklist.stearns.org/sa-blacklist/sa-blacklist.current
Syntax: g_spam_from_blacklist string
This limit is useful where a local machine is sending on behalf of many users without authentication and you want to limit potential abuse
Syntax: g_spam_from_max int
The grey listing mechanism relies on the principle that spammers are not using real mail servers but using dumb robots that won't 'retry'. So if all incoming messages are asked to 'retry' then the spam will not be received but the non spam will get in eventually. This does create a delay on all incoming mail, and may stop some stupid mail servers from successfully delivering. I would tend not to use this setting myself.
Syntax: g_spam_grey bool
Since messages which are allowed in due to grey listing generally can't accept friends bounces (as the sender is unverified) it's important to bounce them with an allow message instead if they look like spam
Syntax: g_spam_grey_bounce string
In theory this broadens slightly what grey listing will accept.
Syntax: g_spam_grey_classc bool
If a message is going to be accepted due to the spf default rule (so there was no real spf record), then this comes into play. If the message is not from a trusted person, or a domain that we have previously checked using grey listings. Then the message is bounced. If the sender then tries again to send the same message (from/to pair) within a few hours, but not within 1 minute, then that ip address is marked as 'good' and future messages from them are accepted. This setting will result in some real email bouncing but slightly reduce spam, we no longer recommend this setting.
Syntax: g_spam_grey_dflt bool
This setting enables grey listing for spf default failure events only, and only if it's the first message from that ip address if more arrive before the grey listing succeeds then allow bounces are sent instead
Syntax: g_spam_grey_dflt_bad bool
Use this for domains that retry at 5 minute intervals, e.g. (*@cs.com,*@xyz.com), this skips a test used to detect a particularly virrulent spammer who uses a robot that retries at exactly 5 minute intervals
Syntax: g_spam_grey_nofive string
This avoids the hard bounce you would normally get for failed real spf records.
Syntax: g_spam_grey_nohard bool
When a host is unknown if it sends more than this many messages before the grey listing resend occurs then it's considered to be a spammer.
Syntax: g_spam_grey_nseen int
On busy servers set this to a larger figure, e.g. 9000 so it can remember more grey listing events
Syntax: g_spam_grey_size int
Skips the grey listing if the host didn't resond to the g_smtp_verify probe for g_spam_grey_dflt_bad
Syntax: g_spam_grey_verify bool
This prevents a fast retry by a stupid robot, some robots now wait 5-6 minutes but some mail servers may retry that fast too :-)
Syntax: g_spam_grey_window int
Use this setting to specify the filter machines which perform spam scanning for this machine. Use this on the filter machine, to specify itself so that mailing list messages do not get scanning/tagged twice. Ensure your users are sending messages via the filter machine.
Syntax: g_spam_header_trust_ip string
This setting has no further documentation currently available
Syntax: g_spam_hold_hide bool
How many days to store users spam hold messages before
deleting them.
Default is 14 days.
eg. g_spam_hold "14"
Syntax: g_spam_hold_keep int
Info line and url to explain aspam system.
Syntax: g_spam_info string
Removes the x-spamdetect-info header line.
Syntax: g_spam_info_hide bool
Enable new 'internal' spam processing system, note this disables SmiteCRC too!
Syntax: g_spam_internal bool
This bounces all email from an address recorded as a spam source until it is recorded as a 'notspam' source, the blocking message allows the sender to bypass the block.
Syntax: g_spam_isspam_ignore bool
Allow ASPAM training messages to (isspam) from any trusted source (e.g. any source that would be allowed to relay/send outgoing email). This setting is recommended.
Syntax: g_spam_isspam_kind bool
This removes the old spam settings that should never be used. In version 5 this disabled hold/vanish/bounce, now it only disables hold/vanish but allows 'bounce', the bounce behaviour has been made considerably safer by tuning the spam filter and changing the actual bounce to allow the sender to bypass via captcha
Syntax: g_spam_nobounce bool
This adds a header which makes a best guess at the contents of the message, it should not be assumed to be 100 percent reliable! Also note that empty messages or messages containing only images may be classified as 'Unknown (English)'
Syntax: g_spam_nolang bool
Disable isspam and notspam addresses for user training.
Syntax: g_spam_notrain bool
Address that non authenticated users can send non spam to.
Example: g_spam_notspam "notspam@domain.com"
Syntax: g_spam_notspam string
Disable fetch of aspam filter rules etc from netwinsite.
Syntax: g_spam_noupdate bool
Use this to stop your users resonding via email to a known phishing address. See http://code.google.com/p/anti-phishing-email-reply/
Syntax: g_spam_phishing bool
Use this to stop your users resonding via email to a known phishing address. See http://code.google.com/p/anti-phishing-email-reply/
Syntax: g_spam_phishing_ok string
Enables a Bayesian word and phrase filter to enhance spam filtering. The filter auto trains based on the train folders each night
Syntax: g_spam_phrase bool
Scale for poly word matching, default is 0.1, Valid range is zero to two, Use 1.0 to enable.
Syntax: g_spam_poly string
Disables the poly statistical scoring feature which is part of Aspam. Poly tries to analyze the frequency of word combinations in spam and not spam to identify if a message is likely to be spam or not. We don't consider the poly system to be very useful, it has two faults, it's behaviour is not 'understandable' and it is 'content based', SPF is a much superior system!
Syntax: g_spam_poly_disable bool
Note: The user will define these settings, after turning on this global setting the user can use the Web Self administration interface, press the 'Spam' button and the private email address is defined on that page.
This setting adds the ability for each user to create a private email address to bypass SPF/ Spam filters. The user would then typically increase the spam settings for their non private account to 'friends mode' and enable SPF. So only known friends will be able to contact them via the old address.
This allows the user to live 'spam free' without the risk of blocking email from real people.
The user must be careful with their new private address, it should only be used with humans, when entering an address in a web form or mailing list a special variant should be used e.g. user--from-WEBDOMAINNAME@users.domain
The user defines their private address, in the form user--PRIVATE@domain.com, e.g. if the users public address is joe@cool.com, and the user defines a private extension of "juggle" then the private address would be:
joe--juggle@cool.com
Email addressed to joe--juggle@cool.com is delivered without SPF or SPAM filtering / tagging.
In addition the user can enable 'from' matching which must look like this: username--KEYWORD-STRING@cool.com, the user specifies a keyword e.g. "match". Then anything addressed to the user in this form:
joe--match-STRING@cool.com
Will only be delivered if 'STRING' is found in the 'from' envelope address, otherwise it will bounce. So when entering an email address in a web page called "toys.com" the user would enter:
joe--match-toys@cool.com
Any -- extension that is not recognized will return a bounce suggesting they remove the extension and try again.
Syntax: g_spam_private bool
This setting searches email messagse from dodgy/unknown sources for urls, then looks at the page those urls refer to to see if those pages in turn point to a listed SURBL. Only domains matching a specific list of rules are scanned so there is almost no risk of this feature clicking on a page that might do something bad.
Syntax: g_spam_probe_enable bool
Generally not advised
Syntax: g_spam_probe_friends bool
Generally not advised
Syntax: g_spam_probe_more bool
This setting increases the remote chance of probing a web page that might have some action (like a confirmation signup request, unsubscribe etc...), in practice there are a bunch of tests we perform so it would be most unusual for this problem to occur but it's safer not to use this option.
Syntax: g_spam_probe_unknown bool
Some spammers register new domains each day, this probe checks the whois data to find if the new web site is owned by a known spammer
Syntax: g_spam_probe_whois bool
This setting enables some features which let surgemail share information about spam and non spamming ip addresses with a central netwin server.
Syntax: g_spam_share bool
Normally the spam status emails are sent in response to incoming messages at undefined times, this allows all spam status emails to be sent at a predefined time.
Syntax: g_spam_status_hour int
This is good to make sure all users know about their spam settings and how to change them.
Syntax: g_spam_status_monthly bool
If spamdetect score is above this add spam rating Spam:**** to subject.
Syntax: g_spam_subject int
Note that g_spam_subject_gateway and G_SMITE_GATEWAY or G_SMITE_ALL must also be set to true for this to work. If this setting is blank then all gatewayed domains would get tagged. Tagging won't occur if the message is not sent through a g_gateway rule or redirect rule
Syntax: g_spam_subject_dom string
If true then spam_subject setting applies to gatewayed messages too
Syntax: g_spam_subject_gateway bool
This is a string that is prefixed to the subject of incoming mail caught by g_spam_subject. You can use ||score|| and ||stars|| which will contain the actual spam rating. Good examples might be: "[SPAM]" or "SPAM(||score||), "
Syntax: g_spam_subject_word string
Scale for URL word matching, default is 0.3, Valid range is zero to two (recommend 1.0)
Syntax: g_spam_url string
Whitelist using G_SPAM_USER_SKIP, limits bad recipients for an authenticated user, if exceeded then sending is paused for 30 minutes. A value of 50 might be reasonable as normal users would never exceed that. A value as low as 10 might be workable. Whitelist accounts using: G_SPAM_USER_SKIP. An email is sent to the manager account when this limit is hit
Syntax: g_spam_user_badto int
This setting has no further documentation currently available
Syntax: g_spam_user_lockout bool
Max messages an authenticated user can send per 30 minutes, eg: 5000
Syntax: g_spam_user_max int
Set this for special known users who send lots of email
Syntax: g_spam_user_skip string
This setting has no further documentation currently available
Syntax: g_spam_user_warn string
This setting has no further documentation currently available
Syntax: g_spam_user_warn_msg string
Allow users to opt in / out of specific anti spam features. If this is enabled this will add a "Spam" button on the users account self management pages.
The most useful antispam feature is that user's mail that is suspected spam, can be stored on the server so that these messages do not need to be downloaded to your normail email client over what could well be a low bandwidth connection.
Syntax: g_spam_userconfig bool
If spamdetect score (number of '*'s) is above this, vanish message if local delivery. eg: 12 would be reasonable.
Syntax: g_spam_vanish int
If spamdetect score (number of '*'s) is above this, drop message, applies to all messages regardless of user settings. e.g. 14. This rule is applied as soon as the message is submitted, user spam settings do not override it.
Syntax: g_spam_vanish_all int
This setting has no further documentation currently available
Syntax: g_spamdetect_some bool
Useful for finding obscure problems with spawned modules of various kinds, webmail, nwauth, virus checkers etc.
Syntax: g_spawn_log bool
This setting has no further documentation currently available
Syntax: g_speech_cmd string
This setting has no further documentation currently available
Syntax: g_speech_end string
This setting has no further documentation currently available
Syntax: g_speech_from string
This setting has no further documentation currently available
Syntax: g_speech_group bool
This setting has no further documentation currently available
Syntax: g_speech_info string
This setting has no further documentation currently available
Syntax: g_speech_size int
Example: 10mb
This setting has no further documentation currently available
Syntax: g_speech_to string
This setting is not normally needed as lookups generate retry failures so the sending server tries again and the dns failure (which is usually temporary) won't occur the second time. Normally on a DNS failure SPF should give a 'retry' message, this is because spammers often have faulty DNS servers so that SPF checks always fail for their domain, so letting the message through will let some spam into your system. But in some situations the normal behavior might loose you real email so then using this setting at least until your dns problems are resolved might be wise.
Syntax: g_spf_baddns_skip bool
This gives an email to the sender in the allow bounce message instead of aa url.
Syntax: g_spf_byemail bool
By default this log is not generated as it's not usually needed.
Syntax: g_spf_debug_log bool
The example shown isn't entirely true, we adjust the 'd2' depending on the domain, so it's usually unwise to change this.
Syntax: g_spf_default string
This setting makes blocking occur only for REAL spf records, not for the default one applied to domains that have no SPF record defined.
Syntax: g_spf_default_noblock bool
Generally a ten or twenty second timeout is reasonable. Adjusting the default is probably not necessary.
Syntax: g_spf_dns_timeout int
When SurgeMail relays/forwards a message the 'from' address is rewritten (g_spf_rewrite should be true). The new address is 'from' your domain and this setting tells surgemail which local domain to use for these from addresses.
Syntax: g_spf_domain string
This enforces spf for domain that must be trusted.
Syntax: g_spf_enforce string
If enabled this will enforce spf for some common domains that get forged.
Syntax: g_spf_enforce_auto bool
This setting has no further documentation currently available
Syntax: g_spf_enforce_known bool
This settings stops spammers who fake your own email domains, but it may upset users who are not authenticating or are using their own mail servers, so you will have to expect a few minor issues like that when you turn this on. This setting over-rides the 'users' spf and friends settings for local domains. (was miss documented as give allow message)
Syntax: g_spf_enforce_local bool
Enforces spf if the domains spf record ends with -all
Syntax: g_spf_enforce_real bool
This enforces spf for domain that must be trusted.
Syntax: g_spf_fake string
If the sending host matches g_verify_mx_skip, then spf tests are performed on the first received header not listed in that setting. Only stamping is possible though since this indicates a front end gateway and a reject would cause a 'bounce' which would not be safe
Syntax: g_spf_header bool
See https://netwinsite.com/spf.htm for details.
Syntax: g_spf_mode string
This toughens spf for critical domains (banks etc) where you don't want any forged messages leaking through. This setting over-rides the users spf/friends settings for these domains (so should be used with some caution)
Syntax: g_spf_noallow string
There is a small cache used for SPF results, This setting disables it.
Syntax: g_spf_nocache bool
This toughens spf so friends matches don't bypass it
Syntax: g_spf_nofriend bool
This toughens spf for the domains in question, requiring that they really pass an 'allow' test rather than simply a grey listing test. Good for commonly forged domains which do normally obey spf.
Syntax: g_spf_nogrey string
Where you allow users to send through your server you may want to stop rewriting for their domains so that their from address is not munged. Local domains are automatically excempt from 'rewriting'. Specify *@domain.name not just domain.name
Syntax: g_spf_norewrite string
Used to make select domains add spf to talk to you :-)
Syntax: g_spf_required string
Where you identify a domain that does not support SPF and is often used in a manner which breaks SPF default rules this setting can safely allow the problem domain. This setting is probably not needed now most large mail systems are using SPF.
Syntax: g_spf_rev_skip string
When messages are redircted/forwarded to another server from you server, the 'from' address of the existing message envelope will no longer obey SPF rules as it will be coming from your server rather then the original server. So to fix this enable this rewrite setting and then the from envelope is rewritten to point to your system using a short life token. The 'from' header of the message is not modified.
Syntax: g_spf_rewrite bool
In some cases you will want SRS rewriting for relay hosts, In which case you should turn this on.
Syntax: g_spf_rewrite_gateway bool
In some cases you will want SRS rewriting for relay hosts, In which case you should turn this on.
Syntax: g_spf_rewrite_relay bool
List your other incoming mail servers (which must be running surgemail). This lets SurgeMail share the list of known IP addresses which have sent 'allow' emails. You must copy your srs.secret file across all of the servers in question so they can verify each other correctly.
Syntax: g_spf_share string
List the ip addresses of your other MX servers so SPF checks wont fail when a message comes in via an mx host instead of directly. The SPF checking must therefore be done on all the MX servers.
Syntax: g_spf_skip string
Good for skipping SPF checking if a domain is in some way incompatible with SPF checking
Syntax: g_spf_skip_from string
Syntax: g_spf_skip_to "user@domain.com"
This setting can be used to skip spf checks based on the rcpt address, if used with g_orbs_late "true" then it can also be used to skip rbl checks if the rcpt matches this setting.
Syntax: g_spf_skip_to string
Best not to change
Syntax: g_spf_timeout int
This setting has no further documentation currently available
Syntax: g_spf_trust_local bool
This can be useful if you need to ensure emails bounce with an address that is similar to the destination
Syntax: g_spf_user_domain bool
In this mode real SPF failures are hard failures, but if there is no SPF record for a domain then the friendly 'allow' system is used to let the user send mail with only mild difficulty.
Syntax: g_spf_very_strict bool
Normally the default will work.
Syntax: g_spf_web_url string
If some of your backend servers are not surgemail then this setting will be needed to turn off the spflog messages to the non surgemail servers
Syntax: g_spflog_domains string
Enable this if this server is a frontend for a SurgeMail server users log into.
Syntax: g_spflog_enable bool
Syntax: g_spool_path "directory of spool"
SurgeMail will scan this directory every few seconds and check for any messages in this directory if found SurgeMail will then send them the messages (must end in the extension .msg). The format of the messages is as follows (without the quotes).
filename: test.msg
"
To: you@domain.com
From: blah@domain.com
Subject: blah blah
This is a test
"
Syntax: g_spool_path string
This setting controls which connecting IP numbers are permitted to use SSL on POP and IMAP. They will see TLS in the protocol extension command (ETRN for SMTPor CAPA for POP). Typically, to enable SSL you set this to "*" after getting a certificate. If you don't have a valid certificate then turning this on can cause problems as mail clients will try to use SSL and fail.
Syntax: g_ssl_allow string
This setting has no further documentation currently available
Syntax: g_ssl_allow_fix bool
This setting controls which connecting IP numbers are permitted to use SSL on IMAP.
Syntax: g_ssl_allow_imap string
This setting has no further documentation currently available
Syntax: g_ssl_auto bool
This can be used to enhance security but needs to be set carefully
Syntax: g_ssl_ciphers string
This can be used to enhance security, not recommended but is useful if you are trying to pass a security audit of some kind. A value of MEDIUM:HIGH is probably what you want to set it to. It is case sensitive.
Syntax: g_ssl_ciphers_add string
This list is for web connections only, restart surgemail after changing
Syntax: g_ssl_ciphers_web string
This setting has no further documentation currently available
Syntax: g_ssl_disable string
This setting has no further documentation currently available
Syntax: g_ssl_disable_des bool
May help virus fire walls to detect viruses, that's the theory anyway...
Syntax: g_ssl_disable_port25 bool
GEnerally this shouldn't be used unless you have to keep some paranoid security scan happy
Syntax: g_ssl_disable_renegotiation bool
Disables one of the older ssl protocols which slightly increases security and decreases compatibility with older clients. Use g_ssl_disable and g_ssl_disable_web instead
Syntax: g_ssl_disable_sslv2 bool
Disables one of the ssl protocols which slightly increases security. Use g_ssl_disable and g_ssl_disable_web instead
Syntax: g_ssl_disable_sslv3 bool
Use g_ssl_disable and g_ssl_disable_web instead
Syntax: g_ssl_disable_tlsv1 bool
Use g_ssl_disable and g_ssl_disable_web instead
Syntax: g_ssl_disable_tlsv1_1 bool
Use g_ssl_disable and g_ssl_disable_web instead
Syntax: g_ssl_disable_tlsv1_2 bool
This setting has no further documentation currently available
Syntax: g_ssl_disable_web string
This setting has no further documentation currently available
Syntax: g_ssl_dmalloc bool
For future use
Syntax: g_ssl_fips bool
The certifictes must be coppied from the ssl to the lets folder manually!
Syntax: g_ssl_guess_domain bool
Maybe useful to force certain types of security/encryption
Syntax: g_ssl_honor bool
The certifictes must be coppied from the ssl to the lets folder manually!
Syntax: g_ssl_lets_exclude string
Use this if you have a webserver that is running on port 80 but you still wish to generate ssl certificates automatically. Folder must be writeable by user 'mail' on linux
Syntax: g_ssl_lets_path string
Also exclude url_host on the mirroring exclude settings
Syntax: g_ssl_lets_slave bool
SurgeMail can be set to use a single SSL certificate
for the server or individual certificates on a per
domain basis.
SurgeMail will create private key / certificate pairs if required on startup. Alternatively these can be created using the 'SSL Config' link on the global settings page. These can be replaced with your own trusted signed certificates using the web admin interface or by placing the appropriate private key and certificate pem files in the following location: <surgemail>/ssl for a single certificate for the whole server and under <surgemail>/ssl/<vdomain> for per vdomain certificates.
Some mail clients and web browsers will complain if the certificate domain does not match the domain they are connecting to.
Changing g_ssl_per_domain will require surgemail to be restarted to take affect. Changes to certificates using the web admin interface now take affect immediately.
Syntax: g_ssl_per_domain bool
Just an easy way of setting the ciphers etc for perfect forward secrecy
Syntax: g_ssl_perfect bool
This forces all matching IP addresses to use SSL for SMTP, POP and IMAP connections. Typically you would use this for non local connections to increase security local connections might be comparatively safe in un-encrypted mode.
Syntax: g_ssl_require string
This forces all matching IP addresses to use SSL for IMAP connections.
Syntax: g_ssl_require_imap string
This setting has no further documentation currently available
Syntax: g_ssl_require_in string
This setting forces all matching IP addresses to use
SSL for any action that requires a user login. eg: POP,
IMAP and SMTP authentication but not plain SMTP. So this
is ideal if you want all users to use SSL but still want
email to come in from non SSL SMTP servers.
Syntax: g_ssl_require_login string
This forces all matching IP addresses to use SSL for SMTP outgoing connections. Typically you would use this for outgoing connections to increase security.
Syntax: g_ssl_require_out string
This setting has no further documentation currently available
Syntax: g_ssl_require_smtp string
This setting has no further documentation currently available
Syntax: g_ssl_require_web bool
Best not to change generally
Syntax: g_ssl_retry_seconds int
This will probably be made the default in the near future
Syntax: g_ssl_sha1_sign bool
Break ssl for outgoing sends
Syntax: g_ssl_test_fail bool
Must also match the g_ssl_try_out rule, this lets you only do ssl when the email is 'from' certain domains/users
Syntax: g_ssl_try_from string
If the hosts match then SurgeMail Does not try ssl even if g_ssl_try_out matches.
Syntax: g_ssl_try_not string
If the hosts match then SurgeMail tries to start SSL security on the SMTP session. Note that this may cause failures if the link is dropped by the receiving server.
Syntax: g_ssl_try_out string
This setting has no further documentation currently available
Syntax: g_ssl_verify string
This setting has no further documentation currently available
Syntax: g_ssl_warn bool
This setting has no further documentation currently available
Syntax: g_ssl_warn_ignore string
This setting has no further documentation currently available
Syntax: g_ssl_warn_text string
We use this to keep track of which features customers use/like
Syntax: g_sstat_disable bool
Never set this, it can make the server unstable
Syntax: g_stack int
Never set this, it can make the server unstable
Syntax: g_stack_imap int
Seconds to wait before accepting inbound connections when starting SurgeMail .
Syntax: g_startup_delay int
This setting has no further documentation currently available
Syntax: g_status_login bool
Normally the default will work.
Syntax: g_status_url string
Setting is no longer used.
Syntax: g_status_view_html bool
This is useful to check if vanish_bad_bounces is working correctly
Syntax: g_store_dropped bool
Used if the message has no Subject header
Syntax: g_subject_blank string
This is useful to check if vanish_bad_bounces is working correctly
Syntax: g_suffix_report_admin bool
This is useful to check if vanish_bad_bounces is working correctly
Syntax: g_suffix_report_user bool
This looks up each url found in each mail message and checks it against the SURBL database of your choice, the multi database can be used. See http://www.surbl.org/, adds headers of the form: X-Surbl: stamp urlfound nameofsurbl. PLEASE NOTE: Access to surbl is only provided freely in some conditions, larger ISP's may need to purchase a feed, see http://www.surbl.org/usage-policy
Syntax: g_surbl name=string stamp=string
Example: g_surbl name="multi.surbl.org" stamp="sc.surbl.org,ws.surbl.org,phishing,ob.surbl.org,ab.surbl.org,jp"
Adds return path domain/from check in the surbl database, use with Spamhaus DBL
Syntax: g_surbl_from bool
This can reduce spam on your server by completely rejecting all email containing surbl web links...
Syntax: g_surbl_reject bool
Sometimes you will want to whitelist a url that is listed in one or more surbl databases, use this setting to do that.
Syntax: g_surbl_skip string
Sometimes you will want to whitelist an ip from SURBL checks. Use this setting to do this.
Syntax: g_surbl_skip_ip string
This setting searches whois information and compares what it finds to a list of known persistent spammers who register new domains regularly - if a match is found a surbl header is added. The whois servers don't like getting heavy load so don't use this setting if your server is very busy. A cache is used to minimize the load.
Syntax: g_surbl_whois bool
This setting causes SurgeMail's interface to specialize itself for the purposes of being a Blog server.
Syntax: g_surgeblog bool
Delay informing existing users about new versions of SurgePlus for this long after the new version is downloaded to your server. SurgePlus clients poll the server once an hour so they won't be informed about the new version for up to an hour longer than the value of this setting. Use this setting combined with the g_surgeplus_delay_tell_upgrade_exempt setting so that only administrator users are informed about new versions at first so you can confirm the new version works fine with your existing server configuration before everyone upgrades. Example values: "3 hours" or "2 days"
Syntax: g_surgeplus_delay_tell_upgrade string
See the above setting for information. Example value: "user1@domain.name,user2@domain.name"
Syntax: g_surgeplus_delay_tell_upgrade_exempt string
Use this setting if you don't want your users to know about the SurgePlus Windows client. All this setting does is to hide the download links from the web interface.
Syntax: g_surgeplus_hide_client_downloads bool
This causes links to appear in the SurgePlus interface to switch to using WebMail (and DBabble if you have the g_dbabble_links setting on).
Syntax: g_surgeplus_links bool
Sets the amount of logging done for SurgePlus. When using 'debug' level, data is logged to surgeplusd.log in addition to surgeplus.log
Syntax: g_surgeplus_log_level string
Example: debug
Not recommended.
Syntax: g_surgeplus_online bool
SurgePlus Windows client downloads are set to connect to this POP server by default. This setting only applies if the user is downloading the client from a URL that does not match a valid domain on the server. If the URL does match a domain on the server, the domain specific version of this setting applies instead.
Syntax: g_surgeplus_pop_server_name string
SurgePlus uses the POP protocol to communicate with SurgeMail. However, some virus scanners running on the clients machine prevent the SurgePlus client from using POP commands that the virus scanner does not know about. In order to avoid this problem, SurgePlus uses port 7110 by default instead of port 110. However, clients not using a virus scanner (or clients using some virus scanners we have made SurgePlus work with - e.g. Norton) can safely use port 110 if they would otherwise be prevented from connecting to SurgeMail by a firewall. The SurgePlus client will quietly switch to using port 110 if it is not able to connect to the server using port 7110.
Syntax: g_surgeplus_secure_port int
SurgePlus Windows client downloads are set to connect to this SMTP server by default. This setting only applies if the user is downloading the client from a URL that does not match a valid domain on the server. If the URL does match a domain on the server, the domain specific version of this setting applies instead.
Syntax: g_surgeplus_smtp_server_name string
If you want your SurgePlus users to view shared files over a different port than WebMail uses give this setting a value.
Syntax: g_surgeplus_web_port int
Use this to override the default location that users are directed to to view shared SurgePlus web files. If you don't specify a value for this setting then it defaults to using the non-secure webmail port.
Syntax: g_surgeplus_web_url string
Example: https://||domain||:7443
This setting should never be used we think...
Syntax: g_surgewall_ignore_error bool
Allows redirect/responder settings to work for surgewall
Syntax: g_surgewall_redirect bool
Split up incoming messages so subject tagging should work
Syntax: g_surgewall_split bool
This setting has no further documentation currently available
Syntax: g_surgeweb_allow_abk_v2 bool
This setting has no further documentation currently available
Syntax: g_surgeweb_auth_ok bool
This specifies the backend machine where Surgeweb connects for email and to store user settings. Surgeweb will cache data here but store the primary copy of anything on the backend machine.
Syntax: g_surgeweb_backend_server string
This specifies the internet resolvable hostnaem or url for all user.cgi access connected to a backend server eg. myserver.com or https://myserver.com:7443
Syntax: g_surgeweb_backend_web string
Netwin testing use only
Syntax: g_surgeweb_benchmark string
Reduce the length of time that surgeweb caches message bodies in its g_surgeweb_work folder to save disk space usage
Syntax: g_surgeweb_cache_less bool
Note this setting should be used minimally as it affects performance
Syntax: g_surgeweb_debug string
Completely disable surgeweb access for whatever reason.
Syntax: g_surgeweb_disable bool
Default for forgot password link visibility on surgeweb login page. (note: gets overidden by older showlink_forget_pass surgeweb setting, see g_recover* settings)
Syntax: g_surgeweb_forgot_show bool
Enable surgeweb ICS handling smarts to allow calender invites to be replied to and to allow calender invites to be sent
Syntax: g_surgeweb_ics bool
If no manual action is taken during this time the surgeweb session gets logged out
Syntax: g_surgeweb_idle_timeout int
Netwin testing use only
Syntax: g_surgeweb_logall bool
This setting has no further documentation currently available
Syntax: g_surgeweb_path string
Intended to increase resilience
Syntax: g_surgeweb_process bool
Maximum time for Remember me and for single sessions
Syntax: g_surgeweb_remember_timeout int
Allow surgeweb access to a matching set of email addresses
Syntax: g_surgeweb_restrict string
Not for general use
Syntax: g_surgeweb_testing bool
This setting has no further documentation currently available
Syntax: g_surgeweb_testrig bool
This is where Surgeweb stores it's temporary or working files, default I_G_HOME\surgeweb\work
Syntax: g_surgeweb_work string
Delay rejection of bad recipients (in seconds, default 4s).
Syntax: g_tarpit_badrcpt int
If tarpit_blackhole is true then if it was going to drop the connection to that user. Instead it will keep it and let the user talk and try and send messages, but will reject all recipients, it only does this for a max of 200 channels, any more are dropped.
Syntax: g_tarpit_blackhole bool
Drop link and ban for 1 hour if g_tarpit_max or g_max_bad_to has been exceeded.
Syntax: g_tarpit_drop bool
This setting has no further documentation currently available
Syntax: g_tarpit_hacker bool
If this limit is exceeded, the offending client is "tarpitted". This means the mail server starts pretending to go slowly. This is better than simply closing the connection as that will not stop the sending system from trying to reconnect rapidly or send to other systems rapidly, but tarpitting jams the sending system and limits the damage they can do to you and others. Cool huh?
Unlike G_BOMB_MAX, the g_tarpit_max setting counts the total of all recipients to all addresses from this IP address.
A setting of about 200-10,000 is probably good but be careful with mailing lists it will break them. Use an exclusion for IP addresses of known mailing lists or set the limit higher than known mailing lists, eg: 2,000 is probably a good setting just to avoid disasters without disrupting many real users.
Use spam_allow ip.address.list to over-ride the limit for known systems (eg: mailing list servers) that would be exceed the limit.
Syntax: g_tarpit_max int
The maximum number of remote recipients before slowing down.
Syntax: g_tarpit_max_remote int
This setting has no further documentation currently available
Syntax: g_tarpit_retry bool
This setting has no further documentation currently available
Syntax: g_tarpit_skip string
This setting has no further documentation currently available
Syntax: g_tarpit_skip_from string
This setting has no further documentation currently available
Syntax: g_tcp_bf_size int
Enables the tcp proxy protocol on new connections for this address for pop,imap,smtp.
Syntax: g_tcp_proxy_ip string
Default is 25 or 200 on windows, to reduce non paged pool on windows reduce to 20
Syntax: g_tcp_que_len int
Timeout in 'seconds' on POP connections, do not adjust. (default 600).
Syntax: g_tcp_read_timeout int
Restrict remote tellmail commands to these IP addresses.
Syntax: g_tellmail_ip string
This setting has no further documentation currently available
Syntax: g_thread_log bool
Total maximum number of threads allowed on this system. This should not normally be changed. If you do increase it start small, eg: 400 is a safe number on most systems. Generally if you need to increase it more than that then you have a performance problem that needs fixing and increasing it more is unlikely to be a good idea. On Linux if your thread_max setting is above 500 then you must modify surgemail_start.sh to increase the handle limit from 1024 to 2048 (at least twice the g_thread_max value). If you get crashes with 'handle_limit' recorded in the logs then it's likely that your operating system handle limit is too small for your g_thread_max setting. On Solaris you will need the 64 bit build of SurgeMail to increase this limit as the Solaris 32 bit 'c' libraries are limited to 256 file handles (I kid you not :-)
See FAQ section on session limits
Syntax: g_thread_max int
This setting has no further documentation currently available
Syntax: g_thread_max_restart bool
This setting has no further documentation currently available
Syntax: g_thread_pool bool
If enabled the server will reuse existing threads instead of creating and destroying threads for each incoming/outgoing message. This has no affect on performance but does avoid a bug in some UNIX threading libraries which leak handles and cause problems if threads are not reused. Generally best disabled except on early Linux systems.
Syntax: g_thread_reuse2 bool
This setting has no further documentation currently available
Syntax: g_thread_smooth bool
This setting has no further documentation currently available
Syntax: g_thread_spinlock bool
This 'may' cause faulty servers to endlessly retry a message. But should be ok. Normally this sort of timeout is very rare but can be caused by faulty virus scanner so retrying won't always help
Syntax: g_timeout_try_later bool
Text to be placed in the timezone part of the date string. e.g. +1200 NZT
Syntax: g_timezone string
This setting has no further documentation currently available
Syntax: g_timezone_force string
This forces all destination addresses to contain a domain name (breaks cron job emails on unix)
Syntax: g_tmalloc_log bool
This forces all destination addresses to contain a domain name (breaks cron job emails on unix)
Syntax: g_to_valid bool
Authentication database tohost name entry to deliver locally. This setting only applies if g_proxy or g_route_by_tohost is enabled. This is useful to allow the configuration of multisite systems using g_route_tohost with a single shared authentication database.
Syntax: g_tohost_local string
This setting has no further documentation currently available
Syntax: g_token_httponly bool
This setting has no further documentation currently available
Syntax: g_token_secure bool
The default is the toscan directory under the home path, using this setting can help sometimes if permissions are a problem
Syntax: g_toscan_path string
This setting has no further documentation currently available
Syntax: g_trace_flush bool
We recommend about 10000 - dont get carried away, more is not necessarily better!
Syntax: g_train_store int
This setting has no further documentation currently available
Syntax: g_twilio_from string
This setting has no further documentation currently available
Syntax: g_twilio_sid string
This setting has no further documentation currently available
Syntax: g_twilio_token string
This can avoid uid collisions if uidl files are lost mysteriously
Syntax: g_uidl_big bool
This name is used in place of the machine hostname in message filenames and thus friends confirmation message subjects
Syntax: g_unique_name string
Allows translation from one URL or beginning of a URL to another. eg:
g_url_alias from="/cgi-bin/" to="/scripts/"
will cause the URL http://localhost:7025/cgi-bin/fred.cgi to reference the same file as http://localhost:7025/scripts/fred.cgi would have, the fred.cgi in the SurgeMail 'scripts' directory. The domain url_alias settings are checked before these, the first matching rule is used, settings are checked in the order specified.
Syntax: g_url_alias from=string to=string ports=string
Syntax: g_url_enable <true/false>
If set then SurgeMail fetches the
url database and updates from netwinsite.com every few
hours. Messages which contain matches will get a
header X-SpamUrl:... which will be used in the spam
score. Once enabled you will contribute to Netwin's
central server and also download from their once every
couple of days.
Additions to your isspam/notspam training addresses
are also sent to netwinsite.com (just the url's for
white list/blacklist)
Syntax: g_url_enable bool
SurgeMail uses g_server_name and url_host settings to determine the default domain to select for web requests, this setting stops it using the url_host settings (which may be slow on systems with a large number of domains)
Syntax: g_url_host_noscan bool
Used by netwin to manage the master
server. Sorry this doesn't allow you to run your own
master.
Should be left blank
Syntax: g_url_master bool
Not for general use. Used by netwin for testing.
Syntax: g_url_master_to string
Typical usage to move users from http to https automatically, e.g. g_url_redirect from="http://*/surgeweb" to="https://%1:7443/surgeweb" ports="80,7080"
Syntax: g_url_redirect from=string to=string ports=string
g_user_access group="wildcard" access="list"
This setting matches the g_access_group the user is in to the wildcard specified and applies the specified list to that user, giving / restricting thier access to certain features. The list may include any of the following:
Value | Result |
---|---|
alias | Access to the "Alias" page and features. |
blog | Access to the "Blogs" page and features. |
centipaid | Access to the "Centipaid" page and features. |
delete | Access to the "Delete" button, which deletes the email account. |
enotify | Access to the "Email Notification" page and features. |
exceptions | Access to the "Exceptions" page. |
filter | Access to filtering of messages. (g_filter_pipe, g_mfilter_file, g_dmail_filter) |
friends | Access to the "Friends" pages, and system. |
fwd | Access to the "Forwarding" features, forwarding, auto-responder. |
fwdonly | Access to the "Forwarding" features. Without this only the auto responder is shown on the forwarding page |
lists | Access to the "Lists" page and features. |
log | Access to the "Log" page. |
mailbox | Access to the "Mailbox" page, view mailbox, setup rules. |
main | Access to the "Main" page containing user details. |
pass | Access to the "Password" features, change password, password retrieval. |
sms | Access to the "Sms" page. |
spam | Access to the "Spam" page, and SmiteSpam and Aspam processing of messages. |
spampriv | Access to the "Spam" pages' spam private feature |
spf | Access to the "Spf" page and features. |
surgeplus | Able to connect to SurgeMail using the SurgePlus client. |
virus | Access to virus scanning of messages. (g_virus_cmd, g_virus_filter, g_virus_avast, g_scan_cmd) |
webmail | Access to the "WebMail" button which logs the user into WebMail. |
In addition you can prefix any of the above with ! to deny access. There are two other special case values, "all" and "none" which mean exactly what they say, access to "all" or "none" of the features.
Example:
g_user_access group="simple" access="all,!spam,!virus"
The above setting gives users in the 'simple' group access to all the features except spam and virus features.
Syntax: g_user_access group=string access=string
This setting has no further documentation currently available
Syntax: g_user_access_always bool
This setting is a default access list for all users on the server, it is specified in the same maner as the g_user_access settings 'access' parameter. eg:
g_user_access_default "all,!spam,!virus"
Syntax: g_user_access_default string
When sending a message the user access rules which are applied can be based on the 'from' header, this is not secure but is sometimes useful.
Syntax: g_user_access_from bool
This setting has no further documentation currently available
Syntax: g_user_access_webonly bool
This setting specifies the maximum number of account aliases an account (optionally in specified group) can create. The format of these aliases is specified in the file specified by the g_user_alias_file setting. eg.
g_user_alias quota="10" group=""
g_user_alias quota="20" group="grp1"
g_user_alias quota="30" group="grp2"
Syntax: g_user_alias group=string quota=int
This setting specifies the configuration file for user aliases. This file is in the following format:
domain alias_domain,access[,access]...
where domain is the domain name eg: email.com, alias_domain is the domain in which aliases can be created, and access specifies who is allowed to create these aliases, it can have one of the following values:
user | Users can create these aliases. |
domadmin | Domain administrators can create these aliases. |
admin | The Administrator can create these aliases. |
private | Same as domadmin,admin. The Administrator and the Domain administrators can create these aliases. |
public | Same as user,domadmin,admin. Everyone can create these aliases. |
Example alias.dat file:
email.com *.email.com,public email.com sport.email.com,public internal.email.com email.com,private internal.email.com internal.email.com,admin
Syntax: g_user_alias_file string
Specifies blog limit based on user group.
Syntax: g_user_blogs group=string quota=int
Example: g_user_blogs group=premium quota=15
Enable browser cookies for user self management.
Syntax: g_user_cookies bool
Enables the user delete button in the user self management page, assuming the use access rules also allow it
Syntax: g_user_delete bool
This setting has no further documentation currently available
Syntax: g_user_disable string
This setting decides who will see the drop-down list of domains on the user check, add, login, and management pages. It has three possible values: user, domadmin and admin. A value of 'user' allows everyone to see the list, 'domadmin' allows domain admins and the admin to see the list, and 'admin' allows only the admin to see the domains list.
Syntax: g_user_domainlist string
Causes the users exception rules to be processed before tagging the message as spam, meaning, if a rule matches to 'accept' a message, that message not to be tagged as spam.
Syntax: g_user_filter_early bool
By default a friend.log file is written to each domain mailbox_path. This file is a collection of all users friends.log entries that rotates when it reaches 2mb in size.
Syntax: g_user_friends_domain_log_disable bool
By default a friend.log file and 1 rotation is written for each user. Each log should only be approx 10k in size.
Syntax: g_user_friends_log_disable bool
This setting has no further documentation currently available
Syntax: g_user_hide_security bool
g_user_list_quota group="" quota="100"
This setting configures the number of mailing lists a user can create on this server. The group field is optional, specifying none effects all users globally, otherwise it matches this against the users access group. See also user_list_quota which can set quota per domain. Also the list_quota authent field can set quota per user.
Syntax: g_user_list_quota group=string quota=int
This setting enables the 'view' links on the users mailbox page. These links will show the content of the users email. They also log the access to the users log file, identifying the IP from which the admin viewed the message.
Syntax: g_user_mail_view bool
Mfilter rules to run late in the delivery process after the email messages have become "user specirfic", In particular this allows filtering based on the output of g_user_pipe.
Syntax: g_user_mfilter string
Pipe run on file just before delivery to user, $USER$ available on command line. This allows the message to be modified (also see g_filter_pipe).
Syntax: g_user_pipe string
This setting has no further documentation currently available
Syntax: g_user_receive_rule group=string from=string
This setting has no further documentation currently available
Syntax: g_user_report string
This setting has no further documentation currently available
Syntax: g_user_send_all bool
This does not apply to g_user_send_white addresses. This will also enable counting of sends for users using g_relay_window. Whitelist ip addresses with g_user_send_white setting. This limit is 'per day'
Syntax: g_user_send_ip int
This rule allows you to define which domains users in the specified group can send email to.
g_user_send_rule group="wildcard" to="number"
If 'group' is set to '*' then it applies to users who are not in a group (see g_access_group), and/or whose group does not match another g_user_send_rule setting. The 'to' field contains a wildcard list of allowed email addresses.
Syntax: g_user_send_max group=string max=int
Restricts to whom a user can send email, useful for students who may only be permitted to send to their own domain
Syntax: g_user_send_rule group=string to=string
This setting is useful to detect a spammer sending out bulk email from your system, this setting only applies to authenticated users, so someone who has figured out the password of one of your users (or a virus on their computer) or a registered user of some sort. If g_user_send_ip is defined then warnings will also be sent if an ip address exceeds this limit.
Syntax: g_user_send_warning int
This is a white list for the ip and user send limits.
Syntax: g_user_send_white string
Number of SMS messages accounts can send.
Syntax: g_user_sms_quota group=string initial=int period=string
Adding a return address can assist with delivery in some situations
Syntax: g_user_status_from bool
Adding a return address can assist with delivery in some situations
Syntax: g_user_status_fromhdr string
When the user enables friends then this setting will send them a regular report on what is pending and what filter rules have done. User Spam report.
Syntax: g_user_status_send int
Length of time a user self management login token is valid for. Length of time a user self management cookie is valid for. After this time period the login token will stop allowing the user access and they will need to login again.
Syntax: g_user_utoken_days int
This setting has no further documentation currently available
Syntax: g_user_utoken_expire int
This setting has no further documentation currently available
Syntax: g_user_utoken_idle int
This setting adds a tickbox to the Spam page in user self administration that allows the user to enable and disable the virus scanner for them selves.
Syntax: g_user_virus_scan bool
This setting has no further documentation currently available
Syntax: g_utf8_case_insensitive bool
This setting will vanish spam pretending to be a bounce, it is possible it will vanish a real but badly formed bounce (badly formed as it contains no indication that it came from this server). Note: You MUST have g_vanish_bad_bounces true as well!
Syntax: g_vanish_any_bounce bool
Vanish suspected spam bounces (requires g_received_name).
Syntax: g_vanish_bad_bounces bool
Requires g_vanish_bad_bounces too, and g_received_name must be set to something other than the email domain, e.g. bounces.your.domain
Syntax: g_vanish_relay bool
This setting gets rid of most of those stupid virus bounces you get from emails you haven't sent. It works by checking incoming virus bounces for the received header that must exist if it was sent with your mail server. If the header is not found, the message is dropped. Recomended.
Syntax: g_vanish_virus_bounces bool
Syntax: g_verify_helo "true/false"
It will skip this check for any trusted connection (smtp authenticated, or any ip it would allow to forward)
It adds this header:
X-Verify-Helo
It simply takes the helo name, and turns
it into a number a.b.c.d, then it checks that the
connection is coming from 'a.b.*.*'
if it isn't it adds a header saying as much.
Syntax: g_verify_helo bool
This setting has no further documentation currently available
Syntax: g_verify_image_hard bool
Verify MX records contain senders IP address (also see g_verify_mx_skip).
Syntax: g_verify_mx bool
Use to define incoming mail gateway IPs so the MX verify doesn't fail on them.
Syntax: g_verify_mx_skip string
This setting has no further documentation currently available
Syntax: g_verify_smtp2 bool
As the verification of incoming addresses is done while the message is arriving at the 'data' stage, it is critical that it not take more than 30-60 seconds or the sending server will give up and the message will be lost. Generally this setting should not be changed.
Syntax: g_verify_timeout int
Enable the vipre scanner module
Syntax: g_vipre_enable bool
By default messages that cannot be scanned (eg as they contain password protected archive files) are blocked by the avast virus scanner. This setting allows unmonitorable contect to be sent.
Syntax: g_virus_allow_unmonitorable bool
This setting has no further documentation currently available
Syntax: g_virus_avast_attachments bool
Not recommended, now use the anti virus config page to configure surgemail to use your system scanner.
This is a string based setting that allows you to specify when Avast updates are attempted.
eg: to update at 12 midnight, 6am,12noon and 6 pm.
g_virus_avast_hour "0,6,12,18"
Syntax: g_virus_avast_hour int
This setting has no further documentation currently available
Syntax: g_virus_avast_old bool
Enables the cloud scanner for inbox delivered messages if clamav is in use, this does send samples to an external system for scanning so may not be appropriate in all situations. It should only be used on systems where 'clamav' is the primary scanner with less than 1000 users.
Syntax: g_virus_cloud bool
Best left as default
Syntax: g_virus_cloud_wild string
If defined the mail server will extract MIME parts in a multi part message and run the virus scanner over the extracted file. The command line can include $FILE$ which will be replaced with the actual file name of the extracted part. An intelligent cache is used so mailing lists, etc, will not require running the virus scanner on every message sent. If you set this to "do_not_run" then SurgeMail will extract the MIME parts but not actually run any program, some virus scanners scan all files on the system so the file is deleted magically and SurgeMail will notice and bounce the message. If your scanner supports the returning of return codes if a virus is found then you should use g_virus_cmd_codes with this setting as this is more reliable than having to detect if a file is deleted and also means also will work on viruses in archives which a lot of scanners won't delete.
Syntax: g_virus_cmd string
This setting has no further documentation currently available
Syntax: g_virus_cmd_body bool
Accept return codes from virus scanner as a confirmation that the scanned file is infected, eg: 1,2,3,4,5.
Lets SurgeMail check the return code
from g_virus_cmd and if the code matches
one in the above setting assumes its a virus and bounces
it.
g_virus_cmd_codes "10,12"
This would assume its a virus if the scanner returns return code 10 or 12 and then will bounce the message.
Syntax: g_virus_cmd_codes string
This should only be used when your front end server is not scanning for viruses and your back end server then rejects the message generating back scatter on the front end server.
Syntax: g_virus_cmd_drop bool
If this is set then then the scanner is responsible for extracting the mime parts of a message and scanning them
Syntax: g_virus_cmd_email bool
This setting has no further documentation currently available
Syntax: g_virus_cmd_log bool
Syntax: g_virus_cmd_max "number of threads"
This sets the maximum number of threads that be used for running the virus scanner set by g_virus_cmd. Some scanners can take a while to scan a message and if the server is very busy this can tie up many channels and drain the cpu slowing down the entire mail server. When the maximum has been reached any messages coming in will be passed on without being run through the scanner - although this is not the best, it's better than the mail server grinding to a halt.
Syntax: g_virus_cmd_max int
Disables cleanup of scanned files, so you can test manually. The files are extracted to the "toscan" directory inside the SurgeMail directory. You should never normally need this on unless for debugging purposes.
Syntax: g_virus_cmd_nodel bool
Useful to stop scanning of huge files, e.g. 1mb or bigger
Syntax: g_virus_cmd_size int
Milli seconds to wait after g_virus_cmd incase delete is not immediate, eg: 500 = half a second.
Syntax: g_virus_cmd_sleep int
This setting has no further documentation currently available
Syntax: g_virus_cmd_test bool
Do not use
Syntax: g_virus_debug3 bool
Skip virus scanner for authenticated users and 127.0.0.1
Syntax: g_virus_disable_local bool
By default SurgeMail scans incoming messages from non-local senders, this disables that behaviour so scans will only occur if any recipient has virus scan access. You will probably need g_user_virus_scan true as well.
Syntax: g_virus_disable_remote bool
Virus filters use the following protocol the process is
run continuously and sent on STDIN a command of the
form, "nnn CHECK fullfilename envelopefilename\r\n" and
in response it must send back is "nnn
OK|REJECT|ERROR reason text\r\n"
It can modify the file directly and then respond with 'ok', however if it does this it must maintain the crlf line terminated and dot stuffed nature of the file.
Here is an example test of a virus filter
c:\surgemail> vfilter.exe 1 check c:\surgemail\work\a.itm c:\surgemail\work\a.hdr 1 REJECT Found something bad in that file 2 check c:\surgemail\work\a.itm c:\surgemail\work\a.hdr 2 OK send message along
a.hdr would contain:
From: bob@domain.com To: xyz@thisdomain.com To: xyz3@thisdomain.com
Syntax: g_virus_filter cmd=string type=string
If any g_virus_filter pipe fails bounce messages rather than allow to continue.
Syntax: g_virus_filter_require bool
Typically set this to 11200
First install f-prot virus scanner, exact steps will vary depending on platform so follow your F-Prot install instructions, but as an example on Linux we did this:
cd /usr/local gunzip DISTRIBUTION.tar.gz tar -xvf DISTRIBUTION.tar cd f-prot ./install-f-prot.pl cd tools # Now start mail scanner as user 'mail' su mail -c"/usr/local/f-prot/tools/scan-mail.pl -server -daemon" |
Your will also need to start the scanner as above in your startup scripts (e.g. rc.local)
Then lastly in surgemail.ini set
g_virus_fprot 11200
When a message is scanned a header X-Fprot: ... is added giving some informational status.
Syntax: g_virus_fprot int
This can reduce load on virus scanner which is often a slow process
Syntax: g_virus_late bool
This setting should not normally be used, it will make it scan locally generated emails, dlist messages etc...
Syntax: g_virus_localhost bool
Skip virus recent cache which attempts to speed up virus scanners.
Syntax: g_virus_recent_skip bool
If enabled SurgeMail will rename dangerous executable files by replacing the '.' with an '_'. This will stop many autorun viruses. This is name
Syntax: g_virus_rename bool
This setting has no further documentation currently available
Syntax: g_virus_rename_skip string
This setting has no further documentation currently available
Syntax: g_virus_rename_skipauth bool
Sends an email report to the specified address when a virus comes in.
Syntax: g_virus_report string
This setting has no further documentation currently available
Syntax: g_virus_report_all bool
This setting has no further documentation currently available
Syntax: g_virus_report_user bool
Restart vpipe virus scanners every this many items.
Syntax: g_virus_restart int
Use this to over-ride the default
Syntax: g_virus_scanner_list string
This scanner simply blocks dangerous attachments, it's fast, and effective.
Syntax: g_virus_simple bool
Use this setting to replace the default list
Syntax: g_virus_simple_list string
This setting has no further documentation currently available
Syntax: g_virus_simple_skip string
This setting has no further documentation currently available
Syntax: g_virus_simple_skipauth bool
This scanner simply blocks dangerous attachments, it's fast, and effective.
Syntax: g_virus_simple_test bool
This can be used to stop many types of viruses
Syntax: g_virus_simple_zip bool
This setting has no further documentation currently available
Syntax: g_virus_skip string
This setting has no further documentation currently available
Syntax: g_virus_skip_ip string
This setting can stop zero hour attacks as it blocks any attachment that might be a virus if it's not from a friend
Syntax: g_virus_strangers bool
Concurrent requests to vpipe process, default is 7, set to 1 to debug vpipe issues
Syntax: g_vpipe_concurrent int
Crash SurgeMail if vpipe fails. This is for debugging purposes only.
Syntax: g_vpipe_fail_crash bool
Disable headers showing vpipe results in messages.
Syntax: g_vpipe_notag bool
Disable virus and crc checking for known safe bulk
mailers that would otherwise overload the server. This
setting affects the virus checker.
Example: g_vpipe_skip "20.0.0.2"
Syntax: g_vpipe_skip string
The timeout in second that SurgeMail will wait for a virus filter (defined by g_virus_filter) to complete. If after this time the virus filter has not responded the message will be let through and the following line logged in mail.log:
"Virus filter not responding, stuck on <msg file> allowing message through"
Syntax: g_vpipe_timeout int
This may cause back scatter to use with caution
Syntax: g_warning_to string
Specifies a user group or groups and a list of valid web ports for that group.
Syntax: g_web_access_grp group=string ports=string
Specifies a list of ports and a wildcard list of valid ip addresses who can connect to those ports.
Syntax: g_web_access_ip ports=string ip=string
Specifies the maximum number of concurrent web logins for a certain group of users.
Syntax: g_web_access_max group=string max=int
This setting has no further documentation currently available
Syntax: g_web_add string
Web admin requests are recorded, the remote IP and local port are used to identify a particular session. This setting places a limit on the number of sessions at any one time.
Syntax: g_web_admin_max int
This setting has no further documentation currently available
Syntax: g_web_api_ip string
This setting has no further documentation currently available
Syntax: g_web_appsname string
This setting has no further documentation currently available
Syntax: g_web_appsroot bool
Sets the charset to use for each language i.e. e.g. iso-8859-1
Syntax: g_web_charset lang=string charset=string
This setting has no further documentation currently available
Syntax: g_web_check_host bool
This setting has no further documentation currently available
Syntax: g_web_disable_delete bool
This setting has no further documentation currently available
Syntax: g_web_disable_head bool
This setting has no further documentation currently available
Syntax: g_web_disable_mkcalendar bool
This setting has no further documentation currently available
Syntax: g_web_disable_mkcol bool
This setting has no further documentation currently available
Syntax: g_web_disable_options bool
This setting has no further documentation currently available
Syntax: g_web_disable_propfind bool
This setting has no further documentation currently available
Syntax: g_web_disable_report bool
Comments displayed on the webpages (including template filenames), mean IE does not use the doctype definiton. Surgemail tries to display doctype first. This setting reverts to old behaviour.
Syntax: g_web_force_doctype_first_disable bool
This setting has no further documentation currently available
Syntax: g_web_forwarded_test bool
This setting has no further documentation currently available
Syntax: g_web_forwarded_uselast bool
To aid tailoring each web page in the web admin shows it's own address so you can find it to modify it. Some admins consider this a security issue, or just a bit ugly, so use this setting to hide this information when you don't need it.
Syntax: g_web_hide_source_names bool
This includes web admin, webmail etc...., The default limit should be sufficient for most systems. Although a limit of 10 would be tons for most systems we had to set the default high as this setting was added recently.
Syntax: g_web_max int
This includes web admin, webmail etc...., The default limit should be sufficient for most systems unless all your users are coming through a common proxy
Syntax: g_web_max_perip int
Some security firms require this in order to hide the software application information
Syntax: g_web_noserver bool
To pass various auditing tests admin interface no longer responds to arbitrary url. This restores old behaviour.
Syntax: g_web_old_behaviour bool
Experimental support for php
Syntax: g_web_php_exe string
This setting has no further documentation currently available
Syntax: g_web_policy_always bool
This setting has no further documentation currently available
Syntax: g_web_policy_disable bool
This setting is used for caching purposes. See SurgeMail template caching for details
Syntax: g_web_ref_path_extension string
Timeout for web requests, the default is 180 seconds, generally it should not be set below 61 seconds
Syntax: g_web_timeout int
This lets you customize the title of each management web page.
Syntax: g_web_title page=string title=string
This setting has no further documentation currently available
Syntax: g_web_trust_ip string
This lets you set up aliases and translations of urls partly based on the access rights of the user.
Syntax: g_web_url_path url=string path=string access=string
Make sure user.cgi handlign is all done in UTF8 rather than paged character sets.
Syntax: g_web_utf8 bool
Enable 'webdav' features so users can store data, you must also define g_webdav_path
Syntax: g_webdav_enable bool
Require that users be members of the webdav group
Syntax: g_webdav_group bool
For example c:\surgemail\webdav
Syntax: g_webdav_path string
This setting enables the user to place web pages (static) up on their email account, the public url would be http://your.server/wd/username/pub/...
Syntax: g_webdav_public bool
This should not generally be adjusted, it is simply a limit to prevent DOS attacks or overloading from web requests. A value of 10-300 would be reasonable. The default is 200
Syntax: g_webmail_limit int
This results in pophost being passed to webmails domain configuration file, surgehost.ini. If you change this setting you should delete surgehost.ini and run "tellmail surgehost_update" to rebuild it.
Syntax: g_webmail_popmode bool
This is the port that WebMail users should connect through (unless you want better security, then use the secure port and HTTPS protocol listed below) By default it is port 7080, but if you are not running a web server you probably want to change it or add port 80, eg:"7025,80" so that people can get to it with a URL like this: http://your.mail.server instead of http://your.mail.server:7080. Use the keyword 'disabled' to disable this part of the SurgeMail service.
Syntax: g_webmail_port int
This setting enables writing the webmail surgehost.ini file, it is not needed generally unless your users keep using the old webmail (which they shouldn't)
Syntax: g_webmail_save bool
This is used with webmail when you want surgemail access rules to apply to webmail users, webmail has a matching setting which makes it pass the ip address through
Syntax: g_webmail_secret string
This is the port that WebMail users should connect through.. By default it is port 7443, but if you are not running a web server you probably want to change it or add port 443, eg:"443" so that people can get to it with a URL like this: https://your.mail.sever Instead of https://your.mail.server:7443. Use the keyword 'disabled' to disable this part of the SurgeMail service.
Syntax: g_webmail_secure_port int
Recommended. This uses the select_domain method of auto-logins with WebMail, it often works where the old method fails.
Syntax: g_webmail_select_domain bool
If he webmail cgi fails to respond this limits how long SurgeMail will wait before killing the process.
Syntax: g_webmail_timeout int
If WebMail is not in the default place and/or is not on the SurgeMail machine then this setting tells SurgeMail where it is so links to WebMail from SurgeMail function correctly.
Syntax: g_webmail_url string
This setting allows you to specify additional information and settings which are passed to WebMail when SurgeMail links to it.
Syntax: g_webmail_urladd string
By default it will use the same url as the user connects on which is generally better.
Syntax: g_webmail_useip bool
If WebMail is not installed in the default location on this SurgeMail machine this setting tells SurgeMail where to find it.
Syntax: g_webmail_workarea string
First install tnef, on unix use: apt-get install tnef, on windows download tnef.exe from our website
Syntax: g_winmail_fix bool
First install tnef, on unix use: apt-get install tnef, on windows download tnef.exe from our website
Syntax: g_winmail_reject bool
First install tnef, on unix use: apt-get install tnef, on windows download tnef.exe from our website
Syntax: g_winmail_reject_send bool
Work area for SurgeMail temporary work files.
Syntax: g_work string
The header X-Authenticated-User is added to all local deliveries for users that login using SMTP authentication. This is the most reliable way to determine who actually sent this email. This setting will disable the addition of this header.
Syntax: g_xauthuser_hide bool
Allow xfile & web upload features for users. Set to '*' or the WebMail servers IP address.
Syntax: g_xfile_allow string
The X-Rcpt header is added indicating which local
account this message was delivered to. This setting will
disable the addition of this header.
Syntax: g_xrcpt_hide bool
The X-Rcpt header is added indicating which local
account this message was delivered to. If the mail has
been redirected for any reason the original delivery
address is added as an X-Rcpt-Original header. This
setting will disable the addition of this header.
Syntax: g_xrcptoriginal_hide bool
This wil hide the X-Server header.
These rules allow simple filtering of Email messages
for common or repetitive spam message. The form
lets you specify whether a string is found in a
specified header that all such messages be bounced or
redirected. This form will write or modify your
mfilter.rul file to include an auto generated section
which obeys the rules you have defined, e.g.
D:\>type \surgemail\mfilter.rul # BEGIN_AUTO Generated section do NOT EDIT this bit if (isin("Subject","bad words")) accept "fred@remote.domain" if (isin("To","bad words")) accept "fred@remote.domain" # END_AUTO Generated section do NOT EDIT this bit
You can write much more complex rules yourself manually, see mfilter.htm for more details.
Syntax: g_xserver_hide bool