Global Settings

Global settings

Note: Most 'matching' settings take wild card lists as parameters, for example "fred*" will match "freddy" and "fred@bob". And "1.2.*,2.3.*" will match 1.2.4.4 and 2.3.99.100. Many settings will also accept a ! as a "not", and are processed from left to right. eg "!*,127.*,10.*" would first "deny all" then try and match on any 127.* or 10.* domains.

g_access_group - Access groups

Access rules defining groups of IP addresses with certain POP, IMAP and SMTP privileges. When a user is authenticated access is checked against group membership defined in the "mailaccess" field in the authentication database.

eg. this could allow you to charge webmail users for pop access privileges:
g_access_group group=paid_user access_pop=* access_imap=* access_smtp=*
g_access_group group=free_user access_pop=webmail.svr.ip access_imap=webmail.svr.ip access_smtp=webmail.svr.ip

g_admin_ip - Admin IP access

Mask of valid IP addresses for admin users (default *), this is a security setting you can use to restrict remote web admin access to trusted IP addresses, example setting would be "127.0.0.1,10.0.0.*"

g_allow_bodyless - Allow bodyless email

This will allow bodyless email to be accepted. These are usually spam. In particular Norton Antivirus in autoprotect mode closes the pop link which makes it appear that surgemail has terminated the connection when a bodyless email is encountered.

g_archive - Archive delivered mail

Archive rules allowing all mail delivered to be archived to a rotating archive. The archive consists of a directory containing 1MB bucket files. This allows you to retrieve messages that have been delivered if you need to retrieve a particular message for any reason. The maximum bucket size of the archive and the maximum individual message size can be set. Filtering is done based upon wildcard destination and source addresses.
eg. g_archive to="*" from="*" path="c:\mailarchive" size="10mb" maxitem="10k"

g_auth_hide - Disable SMTP Authentication

Per default smtp authentication is enabled. If a user matches this IP range/list they will NOT be shown the ESMTP extension for SMTP authentication. This will usually stop the mail client from prompting the user for authentication. We STRONGLY recommend you do NOT use this feature. It is much better to let users authenticate when sending email.

g_authent_process - Authent process

The command line of a NetWin authentication module. You can use one of our standard modules for LDAP, ODBCAuth, MYSQL etc or write your own, for more information on these modules see the authentication section of the manual

g_authent_domain - Authent domain

If this is 'true', the virtual domain name is appended to the username before it is passed to the authent process. This lets the authent process deal with virtual domains. As a general rule, this should ALWAYS be true.

g_authent_number - Authent number

The number of concurrent authent processes to run. If you are using a slow external authent module (e.g. sql) then it is probably worth running 3-4, there is no need to have more than 1 when using nwauth.exe. (Default = 1)

g_authent_info - Authent info

Defines a piece of information to store about the user in the user database (phone number, name, address, etc). Each piece of information is given a name, a field and an access mode. The name defines what appears in the web management display, the field is what is sent to the authent_process and the access mode can be one of the following: none, createonly, user, domadmin, or admin.

An access mode of 'admin' means that only the system admin can see the information, 'domadmin' means the sysadmin and any domain admin can see the information, 'user' means the user can see the information, 'createonly' means the user sets the information at creation time but cannot see it after that and 'none' ensures that no-one can see or modify the information (used for information that is handled by SurgeMail itself, either through the interface or otherwise) e.g.

g_authent_info name="Phone Number" field="phone" access="user"

g_authent_strip_domain - Strip domain when doing authent lookups

Domain string to be removed from the login when doing authentication eg. domain.com. This allows you to have the account names of the primary domain stored in the authentication database without domain information.

g_authent_restart - Cycle auth modules every 1000 lookups

This is useful if there are resource allocation issues in the authentication module. Eg OBDCAuth

g_authent_logall - Turns on logging of authent requests

If enabled, authentication requests are logged in mail.log as "<day> <time> Authent[<action> <info>]".

g_autologin_pop - Enables Webmail Autologin using POP when on another server

Webmail needs the ability to automatically login to SurgeMail to changes passwords etc. This setting will do this via an extension to the pop protocol allowing WebMail to autologin whilst running on another server. (Normally this is done using a temporary file)

g_ban_helo - Ban any machine that gives a matching 'helo' string

This is a simple spam protection system to block known spam/problem users based on the 'helo' name they send to your system. This name is recorded in the 'received' header along with the IP address. This name is very easy to 'fake' so is not a high security level of protection, but it is simple for stopping stupid robots, etc, that have gone insane.

Example: *junkmail.com

g_ban_from - Ban any matching MAIL FROM: envelope

Same as 'ban_helo' but applies to the from (return address) part of the mail envelope. This is NOT the same as the from/sender header in the message itself!!! This equates to the 'Return-path:' header that the mail server adds.

g_ban_rcpt - Ban any matching RCPT TO: envelope

Same as 'ban_helo' but applies to the recipient part of the envelope (destination users) this is NOT the same as the 'To:' header in the message itself!!! This can sometimes be used to block really simple spamming programs that always send to the same invalid users.

g_block_files - Block certain attachments

Allow you to block any mail with certain files attached.
g_block_files "*.exe,*.cmd,*.com"
g_bomb_max - Max messages to a single address per hour

Simple system to prevent intentional or, more likely, accidental mail loops or mail bombs where thousands of Emails are sent to a single user. A setting in the range of 100-1000 is generally good depending on your sensitivity to incorrectly blocking real mail. We suggest 1000 is a good setting if you are unsure.

This counts the messages from a single IP address to a single recipient. If a single IP sends more than this many messages to any single recipient then they will be tarpitted (slowed down and rejected).

Use spam_allow ip.address.list to over-ride the limit for known local systems that might exceed this limit (unlikely anything will).

g_bounce_disable - Bounce Disable

Disable all bounces. This is particularly useful when under spam attack.

g_con_perip - Connections per IP

Maximum number of connections allowed per IP address. Primarily this is used to prevent simple denial of service attacks where one user could otherwise use up all the channels your system can support and then do nothing with them.

g_con_perip_except - Connections per IP exception

IP list of exception addresses to g_con_perip.

g_con_persubnet - Maximum concurrent connections per subnet

Maximum number of concurrent connections per subnet. This limits concurrent connections from a sub net, great for automatically stopping professional spammers who use multiple addresses. A typical setting might be 20.

g_convert_percent - Convert % signs top @ in recipient addresses

Some Spam tests send mail user%spamdomain.com@localdomain.com to see if a server is an open relay. If a default address is set up for the local domain this will be delivered to this local address and the test assumes the mail server is an open relay. This setting prevents this.

g_create_strict - Whether to apply strict rules to usernames/passwords

Checking this causes surgemail to check usernames/passwords only contain characters in g_create_allow, passwords do not contain words longer than 4 characters from g_create_dictionary, as well as requiring the password to be 6+ characters, and usernames/passwords to contain more than 1 character.

g_create_allow - List of characters allowed in usernames/passwords

Defaults to A-Za-z0-9\-_. meaning usernames/password may contain letters, numbers, -, _ and . and nothing else. Only takes effect if g_create_strict is checked.

g_create_dictionary - File containing dictionary words to compare passwords to

Text file containing one word per line, passwords are compared to all words longer than 4 characters in this file, if a username or password contains a word in this file it is not allowed. Only takes effect if g_create_strict is checked.

g_create_badnames - List of illegal usernames

Comma separated list of illegal usernames, may contain wild cards, if username contains part of a non-wild card or matches a wildcard it is disallowed.

g_deny - Deny users from some IP ranges

Block known spammers, etc, by IP address. You can use wild cards and 'not' signs, e.g. "!*,127.*,10.*"

g_deny_msg - Deny message

Message to give to users who are disconnected due to the above 'deny' setting.

g_dlist_nostart - Disable dlist

If set disable (do not attempt to start) dlist for dmail compatibility mode..

g_dlist_path - Path for dlist

DList Path normally defaults to $g_home/dlist.

g_dns_host - DNS host(s) for MX lookups

This setting can normally be left blank as the mail server will find your system DNS settings. However, you can specify one or more DNS servers for the mail server to use instead to lookup names.

g_dns_nlookup - Concurrent MX lookups

Concurrent DNS lookups to send to DNS server (Default=20)

g_domain_separator - Separator characters for virtual pop

For POP logins where your virtual domain is NOT distinguished by IP address users can login with 'user@domain' or user/domain.name etc and the mail server will pickup the domain name correctly. By default only 'user@domain.name' is accepted unless this setting is used which can be useful for brain dead mail clients which don't allow the user to specify 'user@domain.name' as the username.

g_domuser_file - Domain users to thousands of virtual domains easily

Specifies a file which contains lines that translate an email address to the username that should be looked up in the database. This file can contain a domain name not previously specified in surgemail.ini allowing you to create unique sub-domain addresses.
Example entries...

*@domain.com postmaster@domain.com
userA@domain.com userB@domain.com
firstname@lastname.domain.com firstname@lastname.domain.com

g_fallback - Fallback address

Default address for all local domains. If a local delivery is not to any valid user Emails will be delivered to this address. There is also a per domain default.

g_filter_pipe - Filter pipe allowing external message processing

This allows external applications to filter and modify incoming messages. Example: Integration with Spam Assassin (on unix) could be achieved as follows:

g_filter_pipe "/usr/local/bin/spamassasin -P"

g_friends_only - Friends system

An anti-spam feature which screens incoming mail to ensure it comes from a human. For incoming mail from unknown addresses a message is sent to this person requesting them to reply to confirm they are human and the original message will be delivered. See this page for more details.

g_friends_name - What to call the friends system

This specifies what to call the friends system when referring to it on web pages and in email to our users, you can call it whatever you like

g_footer_file - Footer file

Footer file which is appended to all mail messages.

g_gateway - Gateway messages to a particular domain

Used to gateway messages to another local mail server. Typically this other server is inside a fire wall so it's local IP address is not known by the DNS server. You specify the domain and IP address to send messages to and this server is treated as 'local' rather than remote in terms of open relay restrictions. ie nonauthenticated users are able to send in mail. Open relay restrictions do not apply to messages sent to this domain because they are considered as if they were local users and not 'relaying'.

This setting has the fields domain(required), to(required), user(optional), pass(optional), relay(optional).

Normally "domain" and "to" are the only fields that need to be filled in. eg. To relay mail from anyone to user accounts in the domain somedomain.com to the host 1.2.3.4.
g_relay domain="somedomain.com" to="1.2.3.4"

If smtp authentication is required on the destination server the user and pass fields need to be completed.

As a safety measure to prevent accidental openrelays, SurgeMail will not relay for non authenticated users if the domain is "*". This can be overridden by placing "true" in the "relay" field. eg To relay all mail for all users to host 1.2.3.4:

g_relay domain="*" to="1.2.3.4" relay="true"

g_group_field - Group Field from authentication database

Based upon a match on an arbitrary field in the authentication database a user can be defined as being part of an access_group. All fields (field, value, group) are required. eg. To add the user to the access_group "paid_user" if the field "mystatus" has the value "fullaccess":

g_group_field field="mystatus" value="fullaccess" group="paid_user"

g_home - Root directory of the mail server

This setting controls where the mail server runs, including the many sub directories it creates below this directory for work files and log files for each domain. Not something you should generally change.

g_imap_log_protocol - Log IMAP protocol

Log imap protocol and other imap information to the mail.log file.

g_imap_port - IMAP Port (default 143)

Specifies the PORT to listen for IMAP connections on. IMAP is an alternative to POP protocol where the messages and folders all exist on the server. This is ideal when sharing a mail account between several users or when using Email from more than one computer. Use the keyword 'disabled' to disable this part of the surgemail service.

g_imap_secure_port - IMAP Port (default 993)

Specifies the PORT to listen for dedicated SSL IMAP connections.

g_log_flush - Flushing log - flush on every write

This makes the server flush log data after every write to the file. This affects performance but can sometimes be the only way to track down an unusual fault, e.g. if the server dies the log is completely up to date and shows the last thing the server did before dying.

g_log_level - Set logging level

Set the logging level. This is primarily intended for finding faults with the server. Info level logging is the default. Alternatives are 'error' and 'debug'

g_log_path - Path for log files

Sets the path for all surgemails generated logfiles. (except the delivery record logs)

g_log_reject_disable - Disable the logging of rejected mail

SurgeMail will normally log failed deliveries due to MFilter / SmiteSpam / etc in the delivery logs. This setting will restrict this logging to accepted mail only.

g_lookup_names - Lookup names for connecting IP addresses

This is one of those things that you very likely do not want to turn on. It makes the mail server lookup the IP name of any connecting user, however lookups can take 30-90 seconds so it can negatively impact apparent performance. Most of the access rules in the server can accept IP names if this setting is enabled, e.g. instead of specifying local users are 153.2.3.* you can say '*.netwinsite.com"

g_lf_fix - Attempt to fix naked Line Feed characters

Some mail clients send messages with bare LF characters without preceding them with CR characters. This is faulty behaviour and not permitted by the SMTP RFC. If this setting is enabled, SurgeMail will attempt to repair this.

g_maildir_standard - Use more standard maildir format

The maildir format is flawed in that it is not designed to be used on Windows systems. This setting will force SurgeMail to use a more standard maildir format, but does mean you cannot just copy mail from a unix box to a windows box as the ":" character is a reserved character on Windows systems.

g_manager - Email address of manager

Email address to send reports to.

g_manager_port - Manager port (default 7026)

This is the port the web manager and web mail access will run on. By default it is port 7026. Use the keyword 'disabled' to disable this part of the surgemail service.

g_manager_secure_port - Manager secure port (default 143)

This should be the main server management port and provides a secure server management connection. By default it is port 7025. https://your.mail.server:7025. Use the keyword 'disabled' to disable this part of the surgemail service.

g_manager_smtp - SMTP server for manager Emails about failures

For obvious reasons, if the server is not working it cannot use itself to send the manager an Email message, so for highest reliability you may want to define another mail server for fault reports to be Emailed to.

g_max_bad_to - Max bad recipients in a row

If a system sending your system Email sends more than the specified number of bad addresses in a row then it is assumed to be incoming spam and further messages are rejected.

g_mdir_prefix - Maildir folder prefix

Prefix for maildir folders, defaults to 'mdir', use '.' for compatibility with qmail.

g_mdir_hash - Surgemail hashing mode

Hashing mode for SurgeMail, default is 5, for compatibilty with /b/o/bob use 2.

g_mfilter_file - Path to mfilter.rul spam rule processing

This is the full path to the mfilter rule file which provides advanced message filtering capabilities. See mfilter.htm for more details.

g_mfilter_maxlen - Mfilter Max message length

Size to truncate messages to before processing with mfilter.

g_mfilter_addonly - Add headers only

If true, then only allow 'adding' headers, not changing them.

g_mfilter_localonly - Only filter local deliveries

If true then only run mfilter on local deliveries.

g_mirror_host - Mirror host

This unique SurgeMail feature allows you to setup two identical mail servers across a local or widearea network. The waiting mail messages & folders, etc, are duplicated continuously between the two systems, so users can use either system, and if either system fails for any hardware reason the other acts as an instant on line replacement without any interruption to the user. In addition, when the faulty system is replaced, the two automatically re-synchronize.

See this page for Mirror overview

g_mirror_nossl - Disable SSL for mirror protocol connection

Normally you would not enable this setting for security reasons.

g_mirror_nwauth - Mirror NWAuth data files

If true, this host will also send nwauth.* files to the other system. This is needed if you are using NWAuth authentication. It isn't needed if you are using some other network authentication method that both systems can use. TCPAuth can also be used to share a user database of other types.

g_mirror_secret - Mirror secret shared password

This password is required to prevent the mirroring mechanisms being abused. We recommend a random string of letters at least 10 characters long. e.g. "urcajfielsjfs"

g_monitor_disable - Disable the monitor process

This allows the monitor process to be completely disabled. The monitor process is the swatch executable and can be setup to monitor and automatically restart surgemail if it crashes. The monitor process is also used to start surgemail from the using the web interface if it has been shutdown.

g_monitor_port - SurgeMail monitor port (default 7027)

The port SurgeMail monitor runs on allowing SurgeMail to be remotely started. Typically you won't need to change this, however you can specify an IP address to bind to or a list of alternate ports, e.g. 10.3.2.3:7027 or 7027,8027 etc...

g_msg_max - Max size of a single message

Max size, in bytes, of a message, e.g. 20000000 for a 20mb limit. This setting is useful to prevent a single large message jamming up your system.

g_orbs_exception - Exceptions to Open Relay / Known Spam sites

This allows you to over-ride a response from an ORBS/RBL database. For example, if a site you wish to do business with is in the ORBS database you can add their IP address to this setting and then they can send you Email again.

g_orbs_service - Open Relay Blocking System RBL, service name (superceeded by g_orbs_list)

Set the name of the ORBS service you want to use. An ORBS service is a DNS database that has a record of all known spamming sites. If the server finds the connecting user's IP address in this database, all Email from their system is rejected. Also see the setting g_orbs_exception. Here are a few known RBL services, some charge and some are free!

www.orbl.org

inputs.orbs.org

g_orbs_testing - Orbs testing

If true, orbs lookups are recorded but not blocked.

g_orbs_timeout - Orbs timeout

Orbs lookup timeout in seconds (default=10). If the timeout is reached the message is accepted and the failure is logged to mail.log.

g_orbs_list - Multiple Open Relay Blocking System RBL databases

Allows the multiple ORBS services to be used and take different action for each database.

name=service action=deny,accept,stamp stamp="string to add to header ||remoteip||"

Where the stamp option adds the header:

X-ORBS-Stamp: string to add to header 1.2.3.4

The variable ||remoteip|| can be used to create a url to go directly to a spam database web site and give details on the offending ip address. e.g. stamp="Spamcop, http://spamcop.net/w3m?action=checkblock&ip=||remoteip||"

g_pop_lock - Lock out duplicate pop users with the file system

Use this setting if you are sharing a file system between multiple mail servers. This will make the mail server lock the users files to prevent a second user of the same name logging in and reading mail from one of the other systems.

g_pop_max - Max total POP users at any one time

This limits the channels that will be used at any one time for incoming POP connections. The purpose of this setting is to prevent a sudden burst of users reading mail from using up all available channels. Generally, setting this is a bad idea as there is a sensible default (dependent on the system resources available).

g_pop_port - Port to listen for POP connections (default 110)

Typically you won't need to change this, however you can specify an IP address to bind to or a list of alternate ports, e.g. 10.3.2.3:110 or 110,6110 etc... By default the mail server listens to port 110 on all adapters/addresses. Use the keyword 'disabled' to disable this part of the surgemail service.

g_pop_secure_port - Port to listen for secure POP connections (default 995)

Dedicated secure port to listen on for POP connections. Use the keyword 'disabled' to disable this part of the surgemail service.

g_popfetch - Fetch incoming mail from another POP server

Popfetch will retrieve mail from pop accounts on another server and store this locally locally. The pop fetch interval can be set using g_popfetch_interval. The parameters for this setting are host(required), user(required), pass(required) or localuser(required).

eg
g_popfetch host="netwin.co.nz" user="marijn" pass="secret" localuser="marijn@anydomain.com"

Alternatively popfetch is able to attempt local delivery based on headers. Delivery is attempted to "X-Rcpt-To:" with fallback of "To:" and "Cc:" headers. To enable this the local user needs to be defined as "*,userxxx". Fetched mail will be delivered as specified in the headers, or if no valid user is identified in the header, to the default user "userxxx".

g_popfetch_interval - Interval between POPfetch attempts

The interval (in seconds) between successive attempts to fetch mail from remote mailserver POP accounts (as per g_popfetch rules). (default is 5 minutes = 300)

g_ppd_port - PopPassD port (default 106)

Port to listen for PopPassD connections. Typically you won't need to change this, however you can specify an IP address to bind to or a list of alternate ports, e.g. 10.3.2.3:106 or 106,6106 etc... By default the mail server listens to port 106 on all adapters/addresses. Use the keyword 'disabled' to disable this part of the surgemail service.

g_proxy - Proxy mode

This enables the surgemail proxy mode, using 'tohost=xxx' received from the authentication to determine real host for SMTP/POP connections. Any incoming SMTP, POP or IMAP connections will be passed on directly to the specified server. This allows you to split a domain over several separate systems. This method is outlined in general terms here.

To setup a proxy server system with 4 machines (2 proxy, 2 backend) use the following steps, lets assume your hosts are PROXY1, PROXY2, SERVER1, SERVER2

1) Set on the proxy servers in surgemail.ini g_proxy "true"

2) Configure your authent database to return 'tohost=xxx' for each user on your system, e.g. in nwauth

nwauth
set testuser1@test.com test tohost=SERVER1
set testuser2@test.com test tohost=SERVER2
lookup testuser1@test.com
+OK testuser1@test.com config 0 tohost=SERVER1

3) Configure your load balancing router to send users to PROXY1 & PROXY2, ...

4) When new users are added, always define the 'tohost' setting to define which system they are added to, as load increases you can add more backend or frontend servers as needed.

g_proxy_default - Default proxy host

Default host to forward to if 'tohost' is not defined in user database for this user.

g_recent_bypass - Bypass recent login failure checking

This allows you to disable recent login failure checking for certain ip addresses. Normally there up to a maximum of 9 login attempts are allowed per connection.

g_record_days - Period delivery logs are stored

The number of days surgemail message delivery logs are stored.

g_record_hash - Hash delivery logs

Message delivery logs may be stored in hashed format within g_record_path as <surgemail dir> \recYYMM\msgYYMMDD.rec

g_record_path - Path for mail delivery logs

Sets the path for the surgemail delivery logs. Delivery logs contain entries for mail received and delivered in a single file per day. See Searching the Log Files for more information.

g_redirect - Redirect messages to 'was' to the 'new' address

Specifies global redirection rule. These rules are applied to local and remote addresses so should be used with 'care', for domain based redirection use the redirect rules within a domain. An example rule would be: fred@xx.com --> bob@yy.com or *@xx.com --> joe@xx.com

g_redirect_cc - Redirect & Carbon Copy message.

Same as 'redirect' but the message is still delivered to the original address as well.

g_relay_allow_ip - Allow relaying from these users

List the IP ranges of local users that you will allow to send 'OUTGOING' Email without using SMTP authentication, e.g. "127.0.0.1,10.0.*". In the past, mail servers used to permit this from any IP address, but since this was abused by 'spammers' all modern mail servers only allow this from known local IP addresses. Remote users should use 'smtp authentication' or login via POP protocol before sending Email, then SurgeMail will trust them. Do NOT set this to '*' If you do your system will be blocked as it will be assumed that spammers are using your system even if they are not!!!

g_relay_allow_from - Allow relaying for known from addresses

This setting allows users to send outgoing Email if their envelope 'from' address is a known local address. This is a very bad idea in general as spammers can do this too. So in general don't use this setting except as a lesser of two evils. It will be detected by some open relay checking systems and your site can then end up listed as an open relay. If this happens your Emails will be rejected by other peoples systems.

g_relay_dom_and_ip - Relay based on domain and ip

Allow relaying if the domain in the from envelope and ip address both match.

g_relay_window - Allow relaying after valid POP login

This sets the time after a valid POP login that you will allow a user on the same IP to send outgoing mail. In general it is safe to set this setting large and it can allow people using old mail clients (that do not know how to do SMTP authentication) to still send through your server without making your server an open relay.

g_relay_to - Relay to this domain from anyone

This setting allows mail from anyone to be relayed to the specified domain. The relaying is unconditional.

g_rename_files - Files to apply virus renaming to

Only takes effect if g_virus_rename is checked. Default is: "*.exe,*.pif,*.bat,*.com,*.cmd,*.jav,*.vbs,*.scr,*.wsh"

g_restart - Auto restart server

If turned on Swatch (a spawned second process) checks every 30 seconds to see if the server is still running. If it isn't running but it's pid file still exists (so if it died) this second process restarts the missing server and sends the manager account an Email reporting the fault.

For this to work on NT you need to set Dr Watson NOT to show visual notification of faults:
 This sets Dr Watson to be the default debugger)
         c:/> drwtsn32 /i   
 This brings up the Dr Watson settings, un-tick "Visual Notification"
         c:/> drwtsn32
Generally this setting is not needed and is probably best left off, but if an odd problem should develop, this setting can give you peace of mind for a few days while you wait for a problem resolution from NetWin.

g_retry_limit - Max hours to keep trying to deliver message.

Every hour the mail server will attempt to deliver any messages that fail for a reason that may be a temporary fault (for example the destination mail server doesn't respond). This setting limits how long these retries continue for. The default is 48 hours (2 days).

g_send_max - Max concurrent sending sessions

Maximum concurrent outgoing SMTP connections . You should not have to change this. The default is 100.

g_send_max_perdom - Max concurrent sending sessions to a single domain

Maximum concurrent outgoing SMTP connections to a single domain. The default is 6.

g_server_name - Wildcard "SERVER_NAME" translation for domain identification

The vdomain a user connects on is normally identified automatically for "user account self management" and for "webmail". In the event that the domain name is not the same as the host name (eg hostname = mail.domain.com, domainname = domain.com) the webmail webserver can automatically translate the SERVER_NAME variable.

This setting specifies a wild card list of urls 'url' with associated translated host name for "SERVER_NAME". If the url matches then SERVER_NAME is set to the second part of this setting 'name'. eg to host the domains domain.com and mail.domain.com on host mail.domain.com:

g_server_name url="*.domain.com" name="domain.com"

Note: If your server name is not the same as your domain name, also check the per domain setting url_host.

g_smite_level - Smite level to discard message

If SmiteSpam gives a message a "smite score" above this, throw it away.

g_share_home - Allow sharing of home directory

This allows sharing of the home directory in the unlikely situation that you might want to run separate surgemail processes. eg one process to cope with SMTP and another to cope with POP access.

g_smite_gateway - Add smite headers to gatewayed messages

Normally SmiteSpam headers are only added for locally delivered messages. This setting adds the headers for gatewayed messages too.

g_smite_level - Drop message if smite match above this value

The smitematch score reflects whether a message has been reported as spam to the smitespam database. A value of 1 = "has been reported", 2 = "has been reported multiple times". If smite match score is above this drop message. This is applied when the user downloads the email, not at delivery time.

g_smite_tag - Tag message if in SmiteSpam database

If set to true will tag messages already in the SmiteSpam database. A value of 1 = "has been reported", 2 = "has been reported multiple times".

g_sms_gateway - Address and port of your SMS gateway

This setting specifies the SMS gateway SurgeMail should use when trying to send SMS (cellphone text) messages to users, setting user_sms to true for a domain allows users to specify a phone number and subject keyword on which to notify them.

g_smtp_log_protocol - Log SMTP protocol

If enabled the SMTP protocol is logged to the mail.log file as "smtp: In" and "smtp: Out" entries.

g_smtp_max - Max total incoming SMTP connections

This limits the channels that will be used at any one time for incoming SMTP connections. The purpose of this setting is to prevent a sudden burst of spam from using up all available channels. Generally you do not need to change this. (Default = 250)

g_smtp_port - Port to listen for SMTP connections (default 25)

Typically you won't need to change this, however you can specify an IP address to bind to or a list of alternate ports, e.g. 10.3.2.3:25 or 110,2110 etc... By default the mail server listens to port 25 on all adapters/addresses. Use the keyword 'disabled' to disable this part of the surgemail service.

g_smtp_secure_port - Port to listen for secure SMTP connections (default 465)

Port to listen on for dedicated SSL SMTP connections.

g_spam_allow - IP wild card of sites to exempt from spam limits

Typically use this to allow known mailing list servers that use your system to send messages in without being tarpitted. e.g. "127.0.0.1,local.ip.number". This same setting is an exception to the other spam rules.

g_spam_body - Add SpamDetect header in body

If spamdetect score is above this, add spamdetect header at top of message body (in addition to the header). This allows mail clients that are not able to filter mail based on headers to filter out spam email. This can be set on a per user basis too.

g_spam_userconfig - Enable per user spam settings

Allow users to opt in / out of specific anti spam features.

g_spam_bounce - Bounce local delivery based on spamdetect score

If spamdetect score (number of '*'s) is above this, bounce message if local delivery. e.g. 7

g_spam_bounce_all - Bounce local and remote delivery based on spamdetect score

If spamdetect score is above this, bounce message if local or remote delivery. e.g. 7

g_ssl_allow - IP Wild card of connections to allow to use SSL

This setting controls which connecting IP numbers are permitted to use SSL on POP and IMAP. They will see TLS in the protocol extension command (etrn for smtp or capa for pop). Typically, to enable SSL you set this to "*" after getting a certificate. If you don't have a valid certificate then turning this on can cause problems as mail clients will try to use SSL and fail.

g_ssl_allow_imap - IP Wild card list to allow SSL encryption from for imap

This setting controls which connecting IP numbers are permitted to use SSL on IMAP.

g_ssl_per_domain - Create/use an SSL certificate for each domain

SurgeMail can be set to use a single SSL certificate for the server, or individual certificates on a per domain basis. Per domain SSL certificates can only be used with IP based vdomains.

SurgeMail will create private key / certificate pairs on demand. These can be replaced with your own trusted signed certificates by placing the appropriate private key and certificate pem files in the following location: <surgemail>/ssl for a single certificate for the whole server and under <surgemail>/ssl/<vdomain> for per vdomain certificates.

Some mail clients and web browsers will complain if the certificate domain does not match the domain they are connecting to.

g_ssl_require - IP Wild card of connections to require to use SSL

This forces all matching IP addresses to use SSL for SMTP, POP and IMAP connections. Typically you would use this for non local connections to increase security, local connections might be comparatively safe in un-encrypted mode.

g_ssl_require_imap - IP Wild card of connections to require to use SSL for imap

This forces all matching IP addresses to use SSL for IMAP connections.

g_ssl_require_login - IP wildcard of connections fur users needing to use SSL

This setting forces all matching IP addresses to use SSL for any action that requires a user login. ie pop, IMAP and SMTP authentication but not plain smtp. So this is ideal if you want all users to use ssl but still want email to come in from non ssl smtp servers.

g_ssl_require_out - Other machines we only send to using SSL

This forces all matching IP addresses to use SSL for SMTP outgoing connections. Typically you would use this for outgoing connections to increase security.

g_tarpit_blackhole - Reject email one recipient at a time to make spammers go away

If tarpit_blackhole is true then if it was going to drop the connection to that user, instead it will keep it and let the user talk and try and send messages, but will reject all recipients, it only does this for a max of 200 channels, any more are dropped.

g_tarpit_drop - Max recipients per hour from one IP

Drop link and ban for 1 hour if g_tarpit_max or g_max_bad_to has been exceeded.

g_tarpit_max - Max number of local recipients per hour from one IP

If this limit is exceeded, the offending client is "tarpitted". This means the mail server starts pretending to go slowly. This is better than simply closing the connection as that will not stop the sending system from trying to reconnect rapidly or send to other systems rapidly, but tarpitting jams the sending system and limits the damage they can do to you and others. Cool huh?

Unlike G_BOMB_MAX, the g_tarpit_max setting counts the total of all recipients to all addresses from this IP address.

A setting of about 200-10000 is probably good but be careful with mailing lists, it will break them. Use an exclusion for IP addresses of known mailing lists or set the limit higher than known mailing lists, e.g. 2000 is probably a good setting just to avoid disasters without disrupting many real users.

Use spam_allow ip.address.list to over-ride the limit for known systems (e.g. mailing list servers) that would be exceed the limit.

g_tarpit_max_remote - Max remote recipients from one IP

The maximum number of remote recipients before slowing down.

g_thread_max - Total maximum number of threads allowed

Total maximum number of threads allowed on this system. This should not normally be changed as you could get system lockups if this number is too high.

g_thread_reuse_real - Thread reuse

If enabled, the server will reuse existing threads instead of creating and destroying threads for each incoming/outgoing message. This has no affect on performance but does avoid a bug in some UNIX threading libraries which leak handles and cause problems if threads are not reused. Generally best disabled except on early Linux systems.

g_timezone - Timezone text

Text to be placed in the timezone part of the date string. e.g. +1200 NZT

g_user_domainlist - Show domains list on user pages.

This setting decides who will see the drop-down list of domains on the user check, add, login, and management pages. It has three possible values: user, domadmin and admin. A value of 'user' allows everyone to see the list, 'domadmin' allows domain admins and the admin to see the list, and 'admin' allows only the admin to see the domains list.

g_virus_cmd - Command line virus checker to run on mime parts

If defined, the mail server will extract mime parts in a multi part message and run the virus scanner over the extracted file. The command line can include $FILE$ which will be replaced with the actual file name of the extracted part. An intelligent cache is used so mailing lists, etc, will not require running the virus scanner on every message sent.

g_virus_filter - Virus checker or filter that takes commands on stdin and response on stdout

Virus filters use the following protocol, the process is run continuously and sent on STDIN a command of the form, "nnn CHECK fullfilename envelopefilename\r\n" and in response it must send back is "nnn OK|REJECT|ERROR reason text\r\n"

It can modify the file directly and then respond with 'ok', however if it does this it must maintain the crlf line terminated and dot stuffed nature of the file.

Here is an example test of a virus filter
		c:\surgemail> vfilter.exe
     	1 check c:\surgemail\work\a.itm c:\surgemail\work\a.hdr
     	1 REJECT Found something bad in that file
     	2 check c:\surgemail\work\a.itm c:\surgemail\work\a.hdr
     	2 OK send message along
a.hdr would contain:
		From: bob@domain.com
     	To: xyz@thisdomain.com
     	To: xyz3@thisdomain.com
g_virus_rename - Rename attached executables to prevent autorun

If enabled surgemail will rename dangerous executable files by replacing the '.' with an '_'. This will stop many autorun viruses. This is name translation is done for .exe, .pif, .bat, .com, .cmd, .jav, .vbs, .scr and .wsh files

g_vpipe_timeout - Timeout for firus filters (default 60s)

The timeout in second that surgemail will wait for a virus filter (defined by g_virus_filter) to complete. If after this time the virus filter has not responded the message will be let through and the following line logged in mail.log:

"Virus filter not responding, stuck on <msg file> allowing message through"

g_vpipe_skip - Skip virus filter checks per IP address

Disable virus and crc checking for known safe bulk mailers that would otherwise overload the server. This setting affects the virus checker (g_virus_cmd), virus filters (g_virus_filter) and filter program (g_filter_pipe).

g_webmail_port - WebMail port (default 7080)

This is the port that WebMail users should connect through (unless you want better security, then use the secure port and https protocol listed below) By default it is port 7080, but if you are not running a web server you probably want to change it or add port 80, e.g. "7025,80" so that people can get to it with a URL like this: http://your.mail.sever instead of http://your.mail.server:7080. Use the keyword 'disabled' to disable this part of the surgemail service.

g_webmail_secure_port - WebMail secure port (default 7443)

This is the port that WebMail users should connect through.. By default it is port 7443, but if you are not running a web server you probably want to change it or add port 443, e.g. "443" so that people can get to it with a url like this: https://your.mail.sever Instead of https://your.mail.server:7443. Use the keyword 'disabled' to disable this part of the surgemail service.

g_webmail_url - Url to the WebMail cgi

URL used by SurgeMail to pass users to WebMail interface.

g_webmail_urladd - Url data to append to WebMail auto-login link

Extra URL parameters and their values (separate each with an &), this is appended directly to the auto-login link to the WebMail interface.

g_webmail_workarea - Path to WebMail workarea

Path used by SurgeMail in WebMail auto-login.

g_work - Workarea Path

Work area for SurgeMail temporary work files.

g_xauthuser_hide - Hide X-Authenticated-User header

The header X-Authenticated-User is added to all local deliveries for users that login using SMTP authentication. This is the most reliable way to determine who actually sent this email. This setting will disable the addition of this header.

g_xrcptoriginal_hide - Hide X-Rcpt-Original header

The X-Rcpt header is added indicating which local account this message was delivered to. If the mail has been redirected for any reason the original delivery address is added as an X-Rcpt-Original header. This setting will disable the addition of this header.

spamlist - Spam Filter Rules

These rules allow simple filtering of Email messages for common or repetitive spam message. The form lets you specify whether a string is found in a specified header that all such messages be bounced or redirected. This form will write or modify your mfilter.rul file to include an auto generated section which obeys the rules you have defined, e.g.
D:\>type   \surgemail\mfilter.rul
# BEGIN_AUTO Generated section do NOT EDIT this bit
if (isin("Subject","bad words")) accept "fred@remote.domain"
if (isin("To","bad words")) accept "fred@remote.domain"
# END_AUTO Generated section do NOT EDIT this bit
You can write much more complex rules yourself manually, see mfilter.htm for more details.

Compatibility settings

g_authent_prefix_sep - Authent Prefix Separator (deprecated - for backward compatibility only)

Prefix separator for prefix based separator. Only relevant if enabled on a per vdomain basis using the "prefix" setting.

g_authent_fwdfile - Use dmail forward files (deprecated - for backward compatibility only)

Allows old style DMail forward files to be read.

g_dmail_filter - Run dmail compatible filter files (deprecated - for backward compatibility only)

Run DMail compatible filter files. Mfilter rule files should be used instead.

Specialist / debugging settings

g_backtrace_disable - Backtrace Disable

Disable backtrace information for unix systems.

g_crash_normal - Crash without catching exceptions

Crash without catching signals 10,11. In particular this will generate correct core files on freebsd systems.

g_mutex_timeout - Crash without catching exceptions

Default mutex timeout period in seconds (default=600 ie 10minutes). This is a self monitoring feature that if it has not received a mutex for some reason (usually a bug, but could be server overloading) surgemail will shut itself down. If g_restart is enabled this would restart surgemail.

g_shutdown_slow - Delay shutdown

Add 20 second delay to shutdown for testing purposes only.

g_slow_welcome - Delay the welcome message

Add 20 second delay to welcome message for testing purposes only.

g_vpipe_fail_crash - Crash if vpipe fails

Crash SurgeMail if vpipe fails. This is for debugging purposes only.