SurgeMail Configuration Settings Overview
This page is an automatically generated top level overview of all the surgemail settings.
Domain Specific Settings
- abook -
Define surgeweb shared address books for this domain
- access_group_default -
Default group to place users in
- admin_access_default -
Default admin features granted to domain admins in this domain
- alias_file -
Alias translation file for this domain, unix format
- alias_max -
Maximum number of aliases for this domain
- assume_created_epoch -
If user has no 'created' field assume they were created an arbitrarily large time in the past
- att_in -
Detach attachments for incoming messages
- att_in_keep -
Days to keep incoming attachments
- att_send -
Detach attachments when sending messages
- att_send_keep -
Days to keep sent attachments
- blogs_max_per_user -
Number of blogs each account can create
- broad_sync -
Broadsoft Sync Enable
- centipaid -
Enable CentiPaid feature for matching accounts
- class -
Define class of user for following commands to apply to
- comment -
Management notes and comments about the domain
- create_block -
Block new users from this ip
- create_cleanup -
Cleanup existing data before adding a user
- create_delete_days -
Number of days a disabled new account remains before deletion
- create_disable_days -
Number of days new accounts remain active for
- create_image -
Use verification image on signups
- create_linkto -
Link to redirect to after successful live account creation
- create_max -
Maximum signups from ip in time period
- create_repass -
Users must enter their password twice on creation
- create_reqd -
Required fields for new users, e.g. (phone,age)
- create_subdomain -
Allow users to have their own subdomain - NO LONGER SUPPORTED
- create_tpl_dir -
Relative directory (from /web) where 'netauth' pages are stored
- create_user -
Method for adding new users
- delete_user_after -
Number of days an account can remain unread before it is deleted
- disable_smtp_after -
Number of days an account can remain unread before delivery is disabled
- disable_surgeplus -
Disable SurgePlus Calendar/File Sharing
- dmail_bin_path -
Path for dmail bin files to automatically convert delivered mail
- dmail_deliver -
Deliver messages into dmail drop directories (not supported)
- dmail_drop_path -
Path for dmail / sendmail style drop files to automatically convert delivered mail
- dmail_drop_prefix -
Whether prefix is used on drop file names
- dmail_hash -
Hashing scheme used by dmail_drop_path and dmail_bin_path
- dmail_skip_imap -
Skip conversion of old imap *.mbx folders
- encrypt_ifnew -
Allow surgeweb ifnew options
- encrypt_limit -
Max encrypted msgs per user per day
- encrypt_limitsz -
Max size of encrypted msgs per user per day
- encrypt_noconfirm -
Disable confirmation for encrypted messages
- encrypt_rule -
Domain level rules
- encrypt_smart -
Encrypt smart features enabled for this domain
- encrypt_subject -
Subject when encrypted message sent - default is original subject
- encrypt_surgeweb_hide -
Hide lock icon on surgeweb
- encrypt_token -
This setting is not used, instead use smart and ifnew settings
- enotify_from -
From address to use in email notification messages
- expire_age -
Expire inbox mail older than (days) CAUTION!
- expire_att_age -
Remove attachments older than this
- expire_att_size -
And larger than this
- expire_rule -
Expire rules for specific folders, age is in days - Caution!
- expire_size -
and larger than this
- fallback -
Default address or catchall for this domain, NOT RECOMMENDED
- fallback_always -
Also relay to old system even if user does exist - not recommended
- fallback_check -
Check if user exists on fallback_relay host before accepting it
- fallback_domain -
Fallback domain, rcpt is rewritten @ this domain name
- fallback_force -
Use fallback even if user does exist as migration not started yet
- fallback_mx -
Use mx lookup to find ip address for fallback_relay setting
- fallback_relay -
Host to send messages to if user doesn't exist here
- fallback_users -
Path to file listing all users to user fallback_relay for
- footer_file -
Text footer file for this domain, FULL PATH required
- footer_html -
HTML footer file for this domain, FULL PATH required
- forward_illegal -
Ban forwards to these addresses
- friends_at_rcpt -
Whether to check users friends list at rcpt stage
- friends_pending_name -
The imap name of the friends_pending folder default is 'Friends Pending'
- friends_url -
Specify full url for friends release http://domain.name:port domain specific setting
- from_exact -
Check from matches authenticated user
- gateway_to -
Send all email to another server
- header_add -
Add header to posts 'from' this domain
- host_alias -
Alternate name(s) for this domain
- imap_max_sync -
Limit remote imap sync to this many items (not recommended)
- imap_public -
Share IMAP folders between users
- imap_public_show -
Auto subscribe public folders
- inbox_archive -
Archive old messages to Archives/yyyy/INBOX folder, age in days
- language_default -
Default language for user web interface
- late_forward -
Apply domain users forwarding rules after friends, spam, and filtering
- ldap_anydomain -
Lets users search other than their own domain in ldap
- ldap_disable -
Stops ldap logins by users of this domain
- legal_archive_admin -
Enable archive searching for domain admins
- legal_archive_disable -
Disable legal archive for this domain
- legal_archive_hide -
Hide legal archive for this domain
- legal_archive_keep -
Days to keep legal archive, units=days unless you specify years or months
- list_disable -
Disables creation of mailing lists.
- list_max -
Maximum number of mailing lists for this domain.
- list_max_users -
Maximum number of users allowed in all lists in this domain.
- loginfails -
Disconnect user after this many password guesses
- lookup_relay_on_from -
Looks up local from addresses to check for relay="true"
- mailbox_path -
Path to mailbox (inbox) files
- manager_anyuser -
Allow first domain admin to login to any users account
- manager_email -
Domain managers email address (for email based account creation confirmation)
- manager_username -
Domain managers username (for web based domain administration)
- msg_max_in -
Max size for messages to users in this domain, largest applied if multiple recipients
- msg_max_out -
Max size for messages sent by authenticated users of this domain
- old_imaphost -
Old IMAP server:port - transition IMAP accounts and folders if user doesn't exist
- old_imaphost_always -
Retrieve mail from old imap host on each login (slow - particularly for webmail)
- old_imaphost_createuser_disable -
Disable old_imaphost user creation on first login
- old_imaphost_dom -
Migration - Alternative domain on old server for login, also set fallback_domain.
- old_imaphost_file -
Migration based on file
- old_imaphost_lowercase -
Migration - All migrated folders are lowercase.
- old_imaphost_nodelete -
Leave mail on the old server (disables old_imaphost_always)
- old_imaphost_nodomain -
Strip domain from username when logging into old imap host
- old_imaphost_pass -
Migration based on file - password field
- old_imaphost_prefix -
Prefix for old imap server, e.g. mail//
- old_imaphost_skip -
Migration - Comma seperate wild card list of migrate folders to skip past.
- old_imaphost_user -
Migration based on file - user field
- old_inbox_both -
Use pop & imap to migrate the inbox
- old_pophost -
Old pop server:port - transition accounts and pending messages if user doesn't exist
- old_pophost_always -
Retrieve mail from old pop host on each login
- old_pophost_bind -
Bind outgoing connection during pop migration
- old_pophost_createuser_disable -
Disable old_pophost user creation on first login
- old_pophost_inbox -
Use pop to migrate the inbox and maintain uidls
- old_pophost_nodelete -
Leave mail on the old server (disables old_pophost_always)
- old_pophost_nodomain -
Strip domain from username when logging into old pop host
- old_pophost_nofetch -
Disable fetching messages from pop host
- old_pophost_sep -
Seperater, default is '@', e.g. some systems use %
- old_smtphost -
SMTP host to check for existing users (when creating new accounts)
- old_smtphost_skip -
Who to disable SMTP host checks for
- old_xfile -
Migration - Copy xfile data across
- pop_min_time -
Min seconds between pop logins (see warning)
- pop_welcome -
POP connection message
- prefix -
Database username prefix (deprecated, compatibility only)
- proxy_pop_nodomain -
Strip domain when talking to proxy pop host
- quota_default -
Default quota
- quota_domain -
Total quota for the domain, e.g. 300mb, 2gig
- rcpt_msg -
Response given for invalid recipient errors, message is prefixed by email address.
- recycling_imap -
Make recycling visible to IMAP users
- redirect -
Redirect messages from 'was' to the new 'to' address
- redirect_cc -
Send carbon copy to another address
- redirect_hash -
Share incoming message evenly between several accounts
- redirect_max -
Limits the number of redirect rules
- security_suffix -
Suffix for smtp/imap/pop login
- send_helo -
Mail host A Record name used when sending helo to other servers - requires g_send_helo_from true
- sent_archive -
Archive old messages to Archives/yyyy/Sent folder, age in days
- sent_store -
Store users message in named folder automatically, e.g. Sent
- smtp_auth_off -
Disable SMTP AUTH from unknown ip addresses
- smtp_from_ip -
Require incoming email from matching ip
- smtp_welcome -
SMTP connection message must start with hostname
- smtp_welcome_name -
SMTP welcome connection hostname
- spam_block -
Default for this domain to block spf etc failures
- spam_noblock -
Disable spf blocking for this domain
- spam_strip -
Strip spamdetect headers for this domain
- ssl_alias -
Alternate ssl host names, e.g. mail.xyz.com,pop.xyz.com,smtp.xyz.com
- ssl_allow -
IP Wild card list to allow SSL encryption from
- ssl_hsts -
Send HSTS header to prevent accidental http access. Dangerous security feature if HTTP is ever needed
- ssl_pop_domain -
Domain to use for ssl certificates for POP and IMAP
- ssl_require_login -
Require ssl for this domain if ip matches
- ssl_require_web -
Require https for most web features (excluding blogs file sharing and surgeplus)
- ssl_wildcard -
Use if your ssl certificate accepts wildcards, e.g. *.my.domain
- status_url -
Specify full url for status message e.g. http://domain.name:port domain specific setting
- surgeplus_pop_server_name -
Default POP server for SurgePlus clients
- surgeplus_smtp_server_name -
Default SMTP server for SurgePlus clients
- surgewall -
Surgewall - Proxy this domain to specified mail server
- surgewall_auth -
SurgeWall SMTP authentication
- surgewall_capa_local -
Just return local imap capa response rather than remote
- surgewall_local_too -
For web domain admin try local database too
- surgewall_options -
Various SurgeWall options
- surgewall_saveusers -
Save users in the local database as they login
- surgeweb_backend_server -
Backend server to connect to
- surgeweb_backend_smtp -
Backend smtp access (if non default)
- surgeweb_backend_web -
Backend web access - for usercgi /surgeplus (if non default)
- surgeweb_custom -
Surgeweb customisation level
- suspend -
Disable logins for entire domain
- suspend_incoming -
Disable delivery and give 450 retry message
- url_alias -
Allows translation from one url to another
- url_blogs -
BLOGS host A Record name (if different from MX Record name - eg. blogs.mydomain.com)
- url_host -
Mail host A Record name (if different from MX Record name - eg. mail.mydomain.com)
- user_access_default -
Default user features granted to users in this domain
- user_alias -
Number of aliases accounts can create
- user_auto -
Auto create users when a login attempt occurs
- user_auto_always -
Always create/reset password, other user* settings required.
- user_auto_pass -
Auto create users with this password on message delivery
- user_centipaid -
User Centipaid configuration options
- user_hide_security -
Hide security logs from users
- user_list_quota -
Number of mailing lists users can create
- user_max -
Maximum number of users in this domain
- user_report -
Daily,Weekly,Monthly, emailed to manager
- user_send_max -
Maximum number of emails per day (requires SMTP AUTH)
- user_sms -
Allow users to set up sms notifications
- user_sms_quota -
Number of sms messages per account
- user_status_send -
How often to send user status messages (0 = never)
- web_access_ip -
Restrict access to web ports based on ip
- web_path -
Path to web admin pages
- web_url_path -
Url to path translation with access specifier
- webdav_quota -
Webdav quota per user in this domain, e.g. 100mb
- webmail_host -
The ip address or name of the machine to instruct webmail to connect to.
- webmail_url -
Url to the WebMail cgi
- webmail_urladd -
Url data to append to WebMail auto-login link
- webmail_workarea -
Path to WebMail workarea
- xfile_url -
Url to xfile files (see surgeplus utility)
Global settings
- g_about_disable -
Disable about web page
- g_access_group -
Grouped per user access limitations
- g_access_group_default -
Default group to place users in
- g_access_surgeweb -
Apply g_access_group rules to surgeweb sessions based on client's address
- g_access_surgeweb_ip -
Ip addresses to allow access to surgeweb
- g_access_webonly -
Users in this group can only use web not imap or pop
- g_acctlog_aliases -
Log redirection & aliases in account usage too
- g_acctlog_noauth -
Log sending usage based on from which may be fake
- g_acctlog_sum_inactive -
Summarise local accounts that have not logged in yet as not_loggedin_yet@domain.com
- g_admin_access -
Domain admin features granted to access groups
- g_admin_access_default -
Default admin features granted to domain admins
- g_admin_guesses -
Max guesses per IP for web admin access, e.g. 15
- g_admin_ip -
Mask of valid IP addresses for web admin users (default *)
- g_admin_localhost -
Allow localhost web admin without user/pass
- g_admin_readonly -
System admins with readonly access to the management interface
- g_admin_utoken_expire -
Length of time a web admin session is valid for
- g_admin_utoken_idle -
Length of time a web admin session may remain idle for
- g_alias_login_disable -
Disable user login as alias
- g_allow_bodyless -
If true bodyless mail messages will be accepted (usually spam)
- g_allow_passzip_from -
A list of addresses to allow unmonitorable archive messages to be sent from
- g_allow_passzip_to -
A list of addresses to allow unmonitorable archive messages to be sent to
- g_allow_user_authent_field_get -
A space separated list of authent process fields that users are allowed to view for themself using the POP xauthent_field_get command
- g_allow_user_authent_field_set -
A space separated list of authent process fields that users are allowed to set for themself using the POP xauthent_field_set command
- g_apple_bug1 -
Apple bug allow content-length headers
- g_apple_bug2 -
Apple bug2 don't try and return bad if looping
- g_arc_check -
Check ARC signatures
- g_arc_sign -
Sign with ARC when forwarding a DKIM signed message
- g_archive -
Archive messages that match these rules
- g_archive_bucketsize -
Size for archive bucket files. Default is 1mb
- g_archive_early -
If true apply archiving before filtering is applied (superceeded by early flag on g_archive)
- g_archive_files -
Archive attachments to a directory
- g_archive_on_delete_dir -
Directory to archive user files to on delete
- g_archive_on_delete_off -
Disables archive and instead deletes the files immediately
- g_archive_tcpip -
Rules for TCPIP archive process
- g_archive_tcpip_host -
Host to send archive data too
- g_aspam_headers -
Add aspam information messages to messages.
- g_aspam_need_ip -
Require good matches to match external ip address
- g_assume_created_epoch -
If user has no 'created' field assume they were created an arbitrarily large time in the past
- g_atrest_all -
Auto encrypt all msgs when users next login
- g_atrest_api -
Enabe api for enabling atrest encryption - not needed
- g_atrest_crazy -
No recovery admin password needed
- g_atrest_enable -
At rest encryption. Unwise usually!
- g_atrn_client -
Define a rule for fetching email using ATRN protocol
- g_atrn_port -
Port to listen for 'atrn' (On Demand Relay) requests
- g_atrn_server -
On Demand Mail Relay settings to define user/pass for clients to fetch mail
- g_att_enable -
Allow users to enable attachment storage option
- g_att_in -
Enable for incoming (by default)
- g_att_in_keep -
Days to keep incoming attachments (2000)
- g_att_info -
One line text explaining about the attachments
- g_att_local_only -
Never detach if any recipient is non local
- g_att_max -
If total msg exceeds this reduce g_att_min/10
- g_att_min -
Min size to store, dflt 200k
- g_att_path -
Path to store attachments
- g_att_send -
Enable when sending (by default)
- g_att_send_keep -
Days to keep sent attachments (90)
- g_attach_convert -
Process matching attachments with specified command. Passed two files names
- g_auth_hide -
Disable SMTP Authentication for this IP List/Wild card address
- g_auth_norelay -
Ignore SMTP auth for relaying purposes
- g_auth_norelay_webok -
Allow surgeweb sessions anyway.
- g_auth_path -
Path to nwauth files
- g_auth_skipgateway -
Skip gateway rules if we get a proxy SMTP auth command
- g_auth_trust -
Trust authenticated user header from these servers
- g_authent_addip -
Send ip address as third parameter to authent module
- g_authent_allow_badascii -
Allow ascii chars outside the range 32 < 127
- g_authent_always -
Always lookup user, so virtual domains can exist just in authent module, looses existing users files
- g_authent_any -
Restore buggy behaviour of looking up users in domains that don't exist
- g_authent_cachebad -
Set the life in seconds that the cached failed lookups can be used, default 60 seconds
- g_authent_cachelife -
Set the life in seconds that cached authent lookups can be used, default 1 hour
- g_authent_cachesize -
Set the size of the authent cache, default is 500 entries
- g_authent_case_sensitive -
Make passwords case sensitive
- g_authent_decrypt -
Collect and store plain text passwords for migration in file pass.decrypted
- g_authent_domain -
If true add @virtual.domain.name to external user lookups, replaced with g_authent_nodomain setting
- g_authent_encrypt_key -
Encryption key config settings
- g_authent_enforce -
Days till we prevent user from logging in, NOT RECOMMENDED
- g_authent_fwdfile -
Enables reading of old dmail .fwd files
- g_authent_info -
User info names, fields and access rules
- g_authent_info_grp -
Fields to show to users in this group
- g_authent_ip -
Lookup ip numbers in authent database with @ip added, to find send_limit=n values, must define tarpit_max_remote and g_tarpit_drop
- g_authent_last_login -
Store users last login time in the database
- g_authent_logall -
Turns on logging of authent requests
- g_authent_lookup -
Check if accounts exist using g_authent_pass too
- g_authent_nodomain -
If true dont add @virtual.domain.name to external user lookups (NOT RECOMMENDED)
- g_authent_number -
Number of authent processes to run
- g_authent_pass -
Authent process to check passwords with
- g_authent_path_broken -
Allow authent module to return drop path, strongly discouraged, and BROKEN!!
- g_authent_prefix_sep -
Prefix separator, defaults to an underscore, a single character
- g_authent_process -
Authent process command line
- g_authent_reminders -
Days till we remind user to change password
- g_authent_require -
Days till we require user to change password
- g_authent_restart -
Cycle auth modules every 1000 lookups
- g_authent_single -
Allow local users with a single quote char in their name
- g_authent_spaces -
Allow spaces in passwords DO NOT USE
- g_authent_strip_domain -
Domain to strip when doing authent lookups
- g_authent_timeout -
Timeout for authent response, default 60 seconds
- g_autologin_file -
File to use to share auto login information on NFS based cluster
- g_autologin_imap_disable -
Disable IMAP based autologins
- g_autologin_newlogic -
Streamlined logic for surgeweb to user.cgi autologin handover
- g_autologin_pop -
Performs auto-logins using pop3, used by webmail
- g_backtrace_disable -
If true backtrace code is disabled on unix
- g_bad_login_allow -
Number of consecutive bad logins for a user before blocking that user
- g_bad_login_dumb -
Give login failures even if known address
- g_bad_login_ip_allow -
Number of bad logins from an ip before blocking that ip
- g_bad_login_ip_ignore -
IP address(es) to allow any number of bad logins from
- g_bad_login_lockout -
Lockout addresses permenantly - use if DOS attack
- g_bad_login_mins -
Minutes to block login for, if consecutive bad ones received
- g_badfrom_badmx -
If mx host is one of these addresses then drop the message, it's definitely spam (e.g. 127.*)
- g_badfrom_check -
Check env from by connecting to it, always tick 'stamp' rule too or messages will bounce! NOT RECOMMENDED. DISABLED NOW!
- g_badfrom_from -
From to use when doing the check, not normally needed, if set must be set to valid account
- g_badfrom_noip -
Check envelope from domain exists and is a valid ip number, if not reject message
- g_badfrom_noip_temp -
Makes g_badfrom_noip return a temporary error instead of a 501 error
- g_badfrom_stamp -
Instead of bouncing message, just stamp a header to show if from address is no good
- g_badfrom_whitelist -
List of domains that we don't try badfrom checking on (see g_smite_skip)
- g_ban_blackhole -
Leave connected but reject all recipients without looking them up
- g_ban_from -
Disconnect if this wild card matches the from envelope
- g_ban_helo -
Disconnect if user says 'helo xxx' (or wildcard)
- g_ban_rcpt -
Disconnect any user delivering to this address/wildcard
- g_bank_debug -
Log request to bank server
- g_bank_group -
Create price groups with descriptions
- g_bank_log -
Log lines matching this in response.
- g_bank_ok -
Find this in response, if found then charge was successful
- g_bank_pass -
Password for authenticated web request to banks system
- g_bank_reason -
This line is returned to user if it is found
- g_bank_url -
URL to charge a credit card (experimental)
- g_bank_user -
Username for authenticated web request to banks system
- g_bind_authent_default -
Bind to default if authenticated
- g_bind_byfromip -
Bind outgoing SMTP connections to the specified IP based on the sender IP
- g_bind_from -
Bind outgoing SMTP connections based on 'from' envelope
- g_bind_in_always -
Bind on incoming in preference to g_bind_from
- g_bind_incoming -
Bind outgoing SMTP connections based on incoming ip address
- g_bind_out -
Bind outgoing SMTP connections to this IP
- g_bind_to -
Bind outgoing SMTP if to address matches
- g_bind_to_ip -
The address to bind to
- g_bind_to_name -
The name to use in the ehlo
- g_black_above -
Level for spam detection for blacklisting ip number e.g. 10
- g_black_count -
Number of spam in a row before we blacklist ip for 30 minutes, e.g. 30
- g_black_isspam -
Blacklist ip address for any spam training event
- g_black_nbad -
Blacklist ip address if this many bad recipients in a row (e.g. 8)
- g_black_to -
Blacklist ip address if they deliver to these user@domain addresses
- g_black_white -
Whitelist to prevent blacklisting, e.g. 1.2.3.*,mail*.aol.com
- g_block_files -
Wild card list of files to bounce, e.g. *.exe,*.cmd
- g_block_longok -
If true allow long file names (more than 180 char)
- g_block_skip -
From or To address to bypass g_block_files
- g_block_wild -
Block wild cards in usernames
- g_blogs_allow_links -
Allow users to post comments that contain urls
- g_blogs_cleanup_links -
Delete existing posts that contain urls
- g_blogs_comment_rev -
Show blog comments newest first
- g_blogs_default_template -
Default template set that is used by newly created blogs
- g_blogs_domonly -
Only list blogs in a users domain
- g_blogs_enable -
Surgemail blogs
- g_blogs_https -
Use https for blog urls
- g_blogs_image_optional -
Allow users to specify if image verification is required for comments
- g_blogs_max_per_user -
Maximum number of blogs per user
- g_blogs_maximum_image_size -
Default maximum image size
- g_blogs_maximum_image_width -
Default maximum image width
- g_blogs_maximum_items_in_top_page -
Maximum number of items on the top blog page
- g_blogs_no_suffix -
Shortens URL, url_blogs must be defined for each domain
- g_blogs_not_global -
Only allows access to a blog onthe domain it is defined on
- g_blogs_not_unique -
Allow the same blog name in multiple domains
- g_blogs_ping -
Sites to ping on each post
- g_blogs_sub_domain_prefix -
Prefix to use instead of blogs. for blog subdomains. use ! to have no prefix.
- g_blogs_use_sub_domains -
Make blogs accessible at http://blog_name.domain/
- g_body_filter -
Enable user email body filtering
- g_bomb_max -
Max msgs to a single email address/hour
- g_bomb_max_from -
Max msgs from a single email address/hour
- g_bomb_white -
don't apply bomb_max limit if to address matches
- g_bounce_bind -
Use a specific ip address for outgoing bounces
- g_bounce_disable -
Disable all bounces (NOT A GOOD IDEA)
- g_bounce_limit -
Max size in bytes of message to send back as bounce, message is truncated if necessary
- g_bounce_nodrop -
Enables locally generated bounces for non local users
- g_bounce_paranoid -
Prevent external bounces going through surgemail
- g_bounce_redirect -
Send all bounces to a local address
- g_bounce_reject -
Reject bounces by ip address from known dumb mail servers
- g_bounce_safe -
Only send bounces to local domains
- g_bounce_some_stop -
Disables locally generated bounces for partial message failure - NEVER use this!
- g_bounce_suggest -
Send bounces to postmaster if spf cannot be verified
- g_bounce_to -
Domains to treat as local and send bounces to
- g_bounce_to_recipient -
Bounce suregewall failure to the recipient
- g_breakin_enable -
Stop multiple ip logins for one account in a few seconds
- g_breakin_n -
Number of different ip's that trigger a lockout, default is 8
- g_breakin_short -
Match on 1.2.3.* for ip addresses, helps with google sending
- g_breakin_white -
Email addresses that can send concurrently from mulltiple ips (use * to allow everyone)
- g_breakin_window -
Window in seconds, default is 300
- g_broad_noadd -
Disable buttons on message
- g_broad_pass -
BroadSoft pass
- g_broad_port -
BroadSoft port
- g_broad_server -
URL to BroadSoft server
- g_broad_url -
URL to this server
- g_broad_user -
BroadSoft user
- g_bull_maxage -
Delete bulletins over maxage days
- g_bull_rule -
Post bulletins to this domain
- g_byname_old -
Enable old slow domain lookup functions
- g_calendar_version -
CalDAV / SabreDAV calendaring configuration version number
- g_callhome_disable -
Disable misc features that reference netwinsite
- g_centipaid -
CentiPaid address and port
- g_check_date -
Reject messages if date is in the future
- g_cid_skip_to -
Skip CID score, good for lawyers etc
- g_comment -
Management notes and comments about the server
- g_con_gateway -
Connection limit per ip also applies to gateways
- g_con_perip -
Connection limit per ip - sum of SMTP/POP/IMAP (if over refuse connection)
- g_con_perip_except -
Exception IP addresses to g_con_perip
- g_con_persubnet -
Global concurrent connection limit per ip subnet x.x.x.*
- g_con_peruser -
Connection limit per user for imap/pop. Set above 20
- g_con_peruser_except -
Exception users to g_con_peruser, include domain name
- g_convert_percent -
Convert % to @ sign in rcpt address
- g_cookie_secure -
Set all cookies to secure mode on https connections
- g_country_allow -
user@domain list to bypass country_login rule
- g_country_allowip -
Ip addresses to bypass country_login rule
- g_country_ip -
Tag messages with country of origin
- g_country_login -
List of countries to allow logins from, 2 letter codes
- g_cpu_notest -
Disable cpu busy test
- g_cpu_slow -
Email warning if no cpu for this many seconds
- g_crash_nomini -
Crash without minidump on windows
- g_crash_normal -
Crash without catching signals 10,11 so good core dump on freebsd
- g_crash_simple -
Crash simpler for solaris to avoid deadlock situation
- g_create_allow -
List of characters allowed in usernames
- g_create_allow_pass -
List of characters allowed in passwords, - is a range
- g_create_apply -
List of user groups to apply create_* settings for.
- g_create_apply_admin -
Apply allow* rules to the administrator
- g_create_badnames -
List of illegal usernames
- g_create_cleanup -
Cleanup existing data before adding a user
- g_create_dictionary -
File containing dictionary words to compare passwords to
- g_create_pass_digit -
Require one digit and letter in a password
- g_create_pass_length -
Limit the length of user passwords
- g_create_pass_mixed -
Require mixed case passwords
- g_create_pass_notuser -
Ban password containing username
- g_create_pass_recheck -
Recheck passwords during login and warn user if g_hack_touser is true
- g_create_pass_recheck_text -
Added to end of recheck email to give users a url to a help page
- g_create_pass_slack -
Slacken restrictions on trivial password creation
- g_create_pass_special -
Require special character, e.g. !@#$%^&*(){}[];:?><.,
- g_create_record_ip -
Causes surgemail to store ipnum in the authent database
- g_create_strict -
Whether to apply strict rules to usernames/passwords
- g_create_strict_admin -
Enforce strict rules for admins too, set g_create_strict AS WELL!!
- g_create_user_length -
Limit the length of usernames
- g_date_add_utc -
Add UTC if date header is missing it
- g_dbabble_links -
Add web links to DBabble from other web interfaces (and vice versa)
- g_dbabble_smtp_port -
DBabble SMTP port (do not manually change this setting - it should be set from the DBabble section of the web admin interface only)
- g_dbabble_smtp_prefix -
DBabble SMTP prefix (do not manually change this setting - it should be set from the DBabble section of the web admin interface only)
- g_debug_block -
For catching bugs in block file processsing
- g_debug_body -
Save msg body during processing
- g_debug_check -
Use more dmalloc debugging, some performance impact. Also set g_debug_free
- g_debug_crt -
Some CRT debugging on windows, do not use
- g_debug_free -
Check free memory isn't corrupted - slows performance slightly
- g_debug_freepc -
0-100 percent of malloc/free's to check later
- g_debug_image -
Save image thumbnail files to find bug
- g_debug_imap -
Log imap folder renames and deletes in kmsg.log
- g_debug_ini -
Debugging, don't use this
- g_debug_ncpy -
Debug ncpy function
- g_debug_ncpy2 -
Debug ncpy clear only
- g_debug_padpc -
0-100 percent of malloc/free's to pad
- g_debug_timing -
Record dfopen timing, tellmail dfopen_stats
- g_debug_vanished -
Name of file to check for, if file vanishes, crash
- g_delete_exclude -
Field and value that excludes an account from g_delete_user_after
- g_delete_user_after -
Number of days an account can remain unread before it is deleted, NOT automatic! see docs!.
- g_delete_user_mode -
Action when account is due to delete (write a command file etc...)
- g_delete_user_suspend -
If suspending an unread account set this field/value.
- g_deliver_robot -
Robot/Script to run at delivery time $FILE$ AND $TO$ parameters
- g_demo -
Demo mode lock unsafe admin features
- g_demo_to -
Demo mode valid external destinations
- g_deny -
Block users from some ip addresses
- g_deny_country -
Block email from some countries, use 2 digit code not the full name, see IpToCountry.csv, turn on g_country_ip!
- g_deny_log -
Log g_deny rejections to msg.log - can clutter log
- g_deny_login -
Block users from some ip ranges logging in
- g_deny_msg -
Change the message for blocked ip addresses
- g_deny_smtp -
Block users from some ip ranges connecting to SMTP only
- g_disable_exclude -
Field and value that excludes an account from g_disable_smtp_after
- g_disable_qnum -
Disable qnum msg header
- g_disable_skip -
Ip address of senders to accept email from even if user account is disabled due to g_disable_smtp_after
- g_disable_smtp_after -
Number of days an account can remain unread before delivery is disabled
- g_disable_surgeplus -
Disable SurgePlus (SurgePlus is obsolete and not supported)
- g_disable_surgeplus_updates -
Disable automated downloading of new versions of SurgePlus client from netwinsite.com
- g_disk_debug -
Log slow disk access n
- g_disk_warning -
Give manager warning if disk % exceeded, default 95%
- g_diskio_abort -
Shutdown if diskIO failure on queue files
- g_dkim_allow -
From addresses to not enforce dkim for
- g_dkim_allowip -
From ip addresses to not enforce dkim for
- g_dkim_alt_domains -
Use selector 'alt_name' for these domains
- g_dkim_alt_name -
Name of selector to use
- g_dkim_always_force -
Always uses force from even for local domains
- g_dkim_check -
DKIM Check incoming DKIM signatures
- g_dkim_exclude -
DKIM Domains to not sign for outgoing email
- g_dkim_force_from -
Replacement from header to use for non local domains
- g_dkim_headers -
DKIM List which headers to sign (blank=default, and is usually best)
- g_dkim_noforce -
Don't replace from for these domains
- g_dkim_nogateway -
Don't sign if gateway rule used
- g_dkim_only -
DKIM Domains to sign for outgoing email (default is all)
- g_dkim_return -
Sign if 'return path' matches g_dkim_only
- g_dkim_selector -
DKIM Policy name for your server (used creating dns entry for dkim)
- g_dkim_sign -
DKIM Sign outgoing messages
- g_dkim_skip -
DKIM Destination Domains to not sign
- g_dlist_nolocal -
Remove add local button from mailing lists
- g_dlist_nostart -
If set then don't start dlist (dmail compatibility)
- g_dlist_one -
Only allow one recipient if message is to a mailing list
- g_dlist_path -
DList Path NOT SUPPORTED do not use! Also set in dlist.ini
- g_dmail_filter -
DMail compatible filter.txt file
- g_dmarc_allow -
Allow user@domains to bypass dmarc, e.g. *@xyz.com
- g_dmarc_enforce -
Enforce dmarc reject / quarrantine more strictly do not use
- g_dmarc_none_quarantine -
Treat a 'none' policy as quarantine rule
- g_dmarc_use -
Reject and quarrantine based on DMARC use this
- g_dmarc_whitelist -
Use and share reputation data for dmarc whitelisting
- g_dns_blank_fail -
NEVER USE! Bounce email if dns response blank rather than retry
- g_dns_cache_size -
Set size of forward dns cache, default 7000
- g_dns_disk -
Enables DNS disk cache
- g_dns_host -
Host to send DNS lookups to
- g_dns_match_msg -
Message for stamp or bounce if forward and reverse lookup don't match
- g_dns_nlookup -
Concurrent DNS lookups to send to DNS server, default=20
- g_dns_nocache -
Disables DNS cache for spf lookups (20 minute life)
- g_dns_noptr -
Set to reject or retry, for ip addresses with no reverse dns entry (rdns)
- g_dns_noptr_msg -
Message for stamp or bounce if DNS lookup fails on ip address
- g_dns_noptr_skip -
Skip RDNS for these ip addresses
- g_dns_paranoid -
Compare forward and reverse dns lookup and check they match (set to STAMP or REJECT) not recomended
- g_dns_require -
Require MAIL FROM header matches senders ip reverse dns
- g_dns_system -
Use system code to do reverse lookups
- g_dns_test_blank -
Break dns lookups to test how it's handled
- g_dns_threaded -
Enable threaded dns lookups
- g_dns_translate -
If mx response is x.x.x.x translate to y.y.y.y:port
- g_dns_unthreaded -
Disable threaded dns lookups
- g_domadmin_utoken_expire -
Length of time a domain admin login token is valid for in seconds
- g_domadmin_utoken_idle -
Length of time a domain admin login token may remain idle for
- g_domain_create_auto -
Auto create domain if it doesn't exist when creating a user
- g_domain_create_route -
Auto create route to mx mail server
- g_domain_default -
Default domain if user does not enter a domain on pop/imap login
- g_domain_list_max -
Maximum number of domains to list at once
- g_domain_separator -
Separator character for virtual domains
- g_domain_templates -
Check for domain specific templates
- g_domuser_file -
Domain user file. Create thousands of virtual domains easily
- g_dotlock_minutes -
Minutes to wait for NFS lock file, default 20 minutes
- g_dotstuff_fix -
Debugging setting, do not change or bad things will happen
- g_doweb -
Do web part only
- g_download -
Fetch an http file and do an ini reload
- g_drop_use_len -
Use the content-len header for drop file processing (Solaris)
- g_dsn_enable -
Enable DSN (Delivery Status Notification) esmtp extension.
- g_dsn_loggedin -
Enable DSN (Delivery Status Notification) for trusted senders.
- g_dsn_nofinal -
Try not to show real final recepients but just original recipients
- g_ehlo_8bitmime -
Enable 8bitmime in ehlo response (NEVER USE)
- g_ehlo_fault -
Internal - for generating/testing faulty ehlo responses
- g_ehlo_log -
Log ehlo/bind to msg*.rec logs
- g_ehlo_simple -
Ip addresses to give simple ehlo respone to
- g_ehlo_smtputf8 -
Enable smtputf8 for matching ip addresses (NEVER USE)
- g_emailreg_enable -
Enable whitelist http://www.emailreg.org register to use
- g_encrypt_config -
Encrypt some config settings (passwords)
- g_encrypt_disable -
Disable encryption
- g_encrypt_expire -
Days to keep encrypted messages, default 60
- g_encrypt_inline -
Use INLINE method by default
- g_encrypt_limit -
Max encrypted msgs per user per hour
- g_encrypt_max -
Max encrypted per day server wide
- g_encrypt_nodomain -
Allow encryption for users without local domains
- g_encrypt_nofwd -
Don't encrypt forwarded
- g_encrypt_noip -
Don't encrypt if from this ip range
- g_encrypt_nolate -
Disable encryption on late forwarding
- g_encrypt_none -
Don't encrypt if subject starts with this
- g_encrypt_nowater -
Show this if no water mark defined yet
- g_encrypt_path -
Path to encrypted files, this is not supported when mirroring!
- g_encrypt_prefix -
Prefix for encrypted messages must match encrypt rule so replies are encrypted
- g_encrypt_pw_host -
Central host for encryption password storage
- g_encrypt_pw_key -
Central host password key
- g_encrypt_reminders -
Days before we send users a reminder to change passwords, not recommended
- g_encrypt_reply_plain -
Send plain message for local replies
- g_encrypt_reset_easy -
Send the reset request dirctly to the destination user - security risk!
- g_encrypt_reset_msg -
Msg Body sent when password has been reset
- g_encrypt_reset_safe -
When users password is reset, delete all messages to them
- g_encrypt_reset_sender -
Msg Body sent to sender when password reset requested
- g_encrypt_reset_user -
Msg to person when they click on reset password button
- g_encrypt_rule -
Matches will be encrypted when sent
- g_encrypt_smart -
Smart Encrypt Private Feature (not available)
- g_encrypt_ssl_force -
Require ssl on incoming encrypted messages
- g_encrypt_ssl_noforce -
Exceptions, e.g. surgeweb or localhost
- g_encrypt_surgeweb_show -
Show SurgeVault in SurgeWeb
- g_encrypt_unlock -
Unlock for these destinations. e.g. user@domain
- g_encrypt_wall -
Encrypt surgewall msgs
- g_enotify_from -
From address to use in email notification messages
- g_eof_fix_off -
Turns off auto stripping of control+Z
- g_error_xlate -
Change error messages
- g_event_list -
Events wanted by url
- g_event_url -
Send msg events to a url
- g_everyone -
Create alias $everyone@domain.name
- g_expire_all_rules -
Scan all users for rule files (not needed usually)
- g_expire_every -
Only expire spool once every 'n' days
- g_expire_onlyunread -
For the inbox only expire message if they are unread
- g_expire_silent -
Don't send users emails telling them what was expired.
- g_expire_trash -
Expire any messages found in trash folders after 7 days
- g_expire_warning -
Give warning 'n' days before deleting each file
- g_external_all -
Tag messages from friends too
- g_external_dlist -
Tag messages arriving for mailing lists
- g_external_ip_disable -
Do not add X-External-IP header
- g_external_msg -
Msg to insert at the top of external mails
- g_external_only -
Enable only these destinations
- g_external_spam -
Tag messages in spam folder too
- g_external_style -
css style for the warning
- g_external_warn -
Tag external messages from non friends
- g_external_white -
Disable for return path matches
- g_external_white_to -
Disable for these recipients
- g_fallback -
Default address for all local domains
- g_fallback_relay_if_exists -
Use FALLBACK_RELAY if not logged in but user exists (OLD_POPHOST_CREATEUSER_DISABLE)
- g_fast_time_off -
Disable faster time function
- g_feat_testing -
Testing setting do not use
- g_filter_max -
Max size for items to be sent to filter_pipe, or g_user_pipe, default no limit
- g_filter_n -
Concurrent filters to run at one time, default is 20
- g_filter_pipe -
Filter program that accepts msg on stdin and sends on stdout
- g_filter_pipe_headers -
Re-read headers after pipe finishes
- g_filter_pipe_noauth -
Skip for auth users
- g_filter_pipe_skip -
Skip filter if ip matches this
- g_filter_timeout -
Filter timeout in seconds, default is 360
- g_find_wrong -
Find domain based on IP even if url suggests other vdomain
- g_fix_crcrlf -
Fix email messages containing crcrlf for line termination, NEVER USE
- g_fix_imap_lf -
During IMAP import fix email messages containing lf
- g_footer_auth -
Only add footer for authenticated local users
- g_footer_file -
Footer file full path required
- g_footer_html -
HTML Footer file, full path required
- g_footer_notfound -
Only add footer if footer is not in message already
- g_footer_send -
Footer file added to outgoing messages only (do not use with DKIM)
- g_footer_sendonly -
If true only add footers when sending to non local users
- g_footer_skip -
Skip footers for these users
- g_footer_skipfound -
Only add footer if this text is not already in the message, requires g_footer_notfound
- g_footer_trusted -
Only add footers if sender is trusted
- g_forward_attach -
When late forwarding send as attachment to these domains
- g_forward_fixfrom -
When late forwarding rewrite from/return path as local user, use G_SPF_NOREWRITE
- g_forward_illegal -
Ban forwards to these addresses
- g_forward_oops -
Internal testing setting, not for general use sorry
- g_friends_add_trusted -
Add to friends list when if sender is trusted
- g_friends_allow_spf -
Allow all email through as if it was a friend during temporary allow
- g_friends_always -
Always use friends list.
- g_friends_at_rcpt -
Whether to check users friends list at rcpt stage
- g_friends_autodom -
Auto whitelist friends based on domain/ip
- g_friends_bounce_friend -
Allow exception rules to bounce a mesesage from a friend
- g_friends_bounce_rej -
Reject blank return path as friends failures
- g_friends_bounce_second -
Bounce the next time the user sends a message if waiting for confirm still
- g_friends_byemail -
Use old email based friends rejections
- g_friends_check_spf -
Disable friends bounces if SPF headers missing/failed to avoid backscatter.
- g_friends_cleanup -
Cleanup/repair large friend.lst files
- g_friends_confirm_debug -
Log sucessful friends confirmation responses
- g_friends_confirm_subject -
String to use as the subject of a friends confirmation email
- g_friends_daemon_ok -
Accept emails from any mailer deamon
- g_friends_debug1 -
NEVER USE, only for NetWin testing
- g_friends_default_autoadd -
Default auto addition when sending (recommended)
- g_friends_default_mode -
Default friends mode, smite (recommended) silent, or list
- g_friends_global_add -
Add to a global friends list if ip matches and sender doesn't match authenticated user
- g_friends_global_auto -
Enable global friendslist
- g_friends_global_exclude -
Addresses not to auto add, e.g. *@paypal.com
- g_friends_ignore -
List of addresses considered friends for all users on the system
- g_friends_ignore_trusted -
If from trusted ip still apply friends
- g_friends_lang_auto -
Set users language settings automatically based on observed emails from friends
- g_friends_latest_headers -
Causes friends to re-read message headers, allowing rules based on headers added during delivery
- g_friends_local_match -
If from!=returnpath and one is local, then block friends match
- g_friends_long -
In friends web release addresses use a longer url
- g_friends_msg -
Message used for friends bounce.
- g_friends_msg_link -
Message used for friends link bounce.
- g_friends_name -
What to call the friends system on pages and in email
- g_friends_obey_spf -
If SPF failed then no friends match allowed for local domains
- g_friends_old_status_email -
Use older status email & processing
- g_friends_only -
Enable friendonly features - must be enabled by users too
- g_friends_pending_keep -
Number of days to store users pending messages, default 14
- g_friends_pending_max -
Max items in pending before deleting them
- g_friends_pending_name -
The imap name of the friends_pending (and spam store) quarantine folder - should match surgeweb imap_spam_folder - default is 'Friends Pending'
- g_friends_pending_vanish -
Enable auto-vanish of pending messages on confirmation bounce
- g_friends_release_wash -
Clean any subject marking (ie stars) when releasing/allowing
- g_friends_rotate -
Rotate user level log file, default 30k
- g_friends_safer -
Make friends always avoid back scatter.
- g_friends_silent -
Disable friends responses to users
- g_friends_silent_level -
If spam score above this then don't send friends message
- g_friends_skip_ip -
List of ip addresses considered friends for all users on the system
- g_friends_spam_score -
Default level to quaranteen message in spam folder (Recommended 8 or 10)
- g_friends_spf -
Refine friends matching using spf/dmarc when possible
- g_friends_spf_fail_bounce -
Bounce SPF failures, do not send friends confirmations (Not recommended)
- g_friends_status_sort -
Sort friends status messages with low scores at the top
- g_friends_testurl -
Test g_friends_url and status_url and url_host work externally
- g_friends_url -
Specify default global url for friends release http://domain.name:port
- g_friends_use_https -
Use https port for friends urls
- g_friends_warnonce -
Give bounce on only the first message
- g_from_allow -
Other email addresses we allow, e.g. *@x.y.com,*@b.com,fred@bb.com
- g_from_allow_ip -
IP addresses to bypass local from check
- g_from_allow_to -
destination user to bypass local from check
- g_from_bl -
Domain Based Blacklist Zones, lookups FROM domain in dns
- g_from_body_bounce -
Reject if local from header address is probably faked
- g_from_bounce -
Reject if local from envelope address is probably faked
- g_from_check -
Check from domains match valid local domains if user is authenticated, or g_from_allow
- g_from_domain -
Default domain for from envelope
- g_from_domain_match -
Force domain of from and return path to match for outgoing email
- g_from_exact -
Check from matches authenticated user
- g_from_force -
From address for all sent messages
- g_from_header -
From header used in delivery bounces
- g_from_list_too -
Also enforce from rules from lists
- g_from_must_exist -
Require local from addresses to exist or reject mail
- g_from_noforge -
If envelope or from is local domain then the other must be too
- g_from_noforge_some -
If from matches this then from/envelope must match
- g_from_noforgeme -
If to==from then from and env from must match
- g_from_noforgename -
If from contains two addresses the domains must match
- g_from_nofriend -
If forge setting would bounce message then allow message but don't allow friend match
- g_from_ok -
Whitelist for invalid from addresses we will permit
- g_from_relay -
If not authenticated and g_relay_allow_ip matched then block if not local domain or whitelisted
- g_from_relay_white -
White list of domains for g_from_relay setting
- g_from_rewrite -
Rewrite from envelope for outgoing email, e.g. *@this.domain -> %1@another.domain
- g_from_rewrite_header -
Rewrite the from header as well
- g_from_rewrite_sender -
Rewrite the sender header as well
- g_from_stamp -
Stamp if local from address is probably faked
- g_from_timeout -
Timeout when checking bad from addresses, default 60 seconds
- g_from_valid -
Require an @ and dotted domain in all return addresses
- g_gateway -
Gateway messages for that domain to the specified address
- g_gateway_allow -
Known hosts that act as incoming SMTP or surgewall servers for us
- g_gateway_always -
Always send to gateway even if local domain exists
- g_gateway_auth -
Send SMTP auth requests to another host
- g_gateway_data -
Gateway at the data stage
- g_gateway_from -
Pass 'from' header thru during gatewawy check
- g_gateway_helo -
Header that must exist in incoming bounces (g_send_helo) or bounces are dropped
- g_gateway_ifnot -
Send local deliveries to scanner (using gateway rule) before delivering locally, deliver locally if from ip matches
- g_gateway_ignorewild_ip -
Ignore * gateway rules if from ip matches (allows outbound email scanning using gateway * to external scanner)
- g_gateway_mx -
If specified IP address is found in mx record for destination then allow relay (not recommended)
- g_gateway_open -
Allows an open relay setting in g_gateway
- g_gateway_orcpt -
Writes an original receipt header when forwarding a message, this may disclose multiple recipients, cc/bcc etc use only for tracking faults
- g_gateway_shuffle -
Round robbin shuffle of to ip addresses for gateway rules
- g_gift_disable -
Disable check for imap gift hacker
- g_group_field -
Auth field to add to group membership
- g_gzip_disable -
Disable gzip web compression
- g_hack_detect_disable -
Stop admin emails when users login with a weak password
- g_hack_msg -
Message to send to users with a weak password
- g_hack_noemail -
Disable weak password reports
- g_hack_report -
Address to send weak password reports to
- g_hack_touser -
Send warnings about hacking directly to users
- g_hack_url -
Url for users to change password
- g_hacker_alert -
Email manager if address is locked out
- g_hacker_days -
Days to keep ipaddress locked out, default 7
- g_hacker_fwd -
Email manager if user sets fowarding rule
- g_hacker_max -
Login guesses for one ip address before we lockout the ip address
- g_hacker_more -
Be more restrictive, don't allow /24 netblocks based on loginip
- g_hacker_password -
If hacker attempts to login with account name as password, then blacklist ip
- g_hacker_passwords -
Failed logins that use these passwords will lockout the ip address
- g_hacker_poison -
Poison accounts. Instantly blacklist ip address e.g. root@*
- g_hacker_star -
Lockout users who say * at us
- g_hacker_timeout -
Lockout users who timeout smtp connections
- g_hacker_weak -
If user tries weak password, lockout ip address
- g_hacker_whitelist -
Ip addresses to avoid guessing issues
- g_header_out -
Header to add to outgoing posts
- g_header_strip -
Strip listed headers from incoming messages
- g_helo_optional -
Helo is optional for SMTP protocol (not recommended)
- g_help_local -
Make all help references to the local help files
- g_help_url -
Link to another website for help instead of surgemail.com
- g_home -
Home path of server configs log etc
- g_honeypot_key -
Key for HTTP RBL service www.projecthoneypot.org - not recommended
- g_honeypot_rbl -
RBL name to lookup, typically dnsbl.httpbl.org
- g_host_alias_sni -
Fix fault where host_alias matches domain rather than ssl name
- g_host_ip -
This host public IP address
- g_host_redirect -
Redirection based on host for surgeweb's https_required redirection
- g_http_11 -
Use http 1.1 requests to netwinsite (do not use)
- g_http_add_header -
Add generic headers to web responses
- g_http_proxy -
Proxy web server for fetching files from netwinsite.com if direct access fails
- g_imap_acl -
Enable ACL (shared folders) in imap
- g_imap_acl_prefix -
Changes prefix from ~ to ^ to fix IOS bug
- g_imap_allow_trailing -
Allow leading/trailing spaces on folder names on linux, not a good idea
- g_imap_auto_create -
Create folders matching this list in response to 'select' commands
- g_imap_auto_subscribe -
Auto subscribe folders for users
- g_imap_blacklist -
Test if imap users are in rbl's and email admin
- g_imap_capa -
Where to get the CAPABILITY value from
- g_imap_capa_strip -
Capability values to hide
- g_imap_cram_enable -
Enable CRAM-MD5 authentication (requires nwauth 4.0h or greater)
- g_imap_debug -
For NetWin use only
- g_imap_delay -
Glob data into bigger packets, never use this
- g_imap_expunge_close -
Expunge on every close, not recommended
- g_imap_folder -
Type can be: Trash,Junk,Sent,Drafts,Archive
- g_imap_folder_create -
Auto create default folders for Trash/Sent etc
- g_imap_friends -
Make the friends_pending folder visible in imap
- g_imap_idle_free -
Releases threads in 'idle' state
- g_imap_idle_nsf -
The number of seconds before a complete directory rescan. To be used on NFS network drives
- g_imap_inactive_free -
Releases threads not active
- g_imap_log -
Enable imap.log logging
- g_imap_log_body -
Log imap fetch body commands to msg*.rec log files
- g_imap_log_copy -
Log imap copy commands to msg*.rec log files
- g_imap_log_flush -
Flush imap log on every write (for debugging)
- g_imap_log_header -
Log imap fetch header commands to msg*.rec log files (not usually needed)
- g_imap_log_main -
Log imap to mail.log too (not recommended)
- g_imap_log_protocol -
Log more of the protocol
- g_imap_log_size -
Size of imap.log file
- g_imap_log_user -
Log imap info to imap.log in users mdir folder
- g_imap_loop_report -
Report imap loops of bad email clients
- g_imap_max_limit -
Limits messages being put in folders
- g_imap_max_messages -
The number of messages in a single imap folder, default 200000
- g_imap_maxbusy -
Limit for concurrent requests per user, user is throttled if exceeded dflt 8
- g_imap_maxdup -
Max duplicate imap fetch commands before we throttle connection, default 500
- g_imap_move -
IMAP move extension
- g_imap_no_internal_date -
Disables internal date which helps stupid outlook client show correct dates
- g_imap_old -
Revert to old imap module
- g_imap_old_ip -
Revert to old imap module for some ip's
- g_imap_pop_burst -
Always burst using imap code
- g_imap_port -
IMAP port to listen on, default is 143 (needs restart)
- g_imap_search_body -
Build and use indexes for imap body searching
- g_imap_search_index -
Build and use indexes for imap header searching
- g_imap_search_noattach -
Skip non text attachments when searching
- g_imap_search_text -
Use only body and header indexes, fast but won't get all matches
- g_imap_search_timeout -
Limit on imap search, default is 180 seconds
- g_imap_secure_port -
IMAP SSL secure port to listen on, default is 993
- g_imap_size_fetch -
If true, will display message sizes on fetch command. (ie * 123 EXISTS)
- g_imap_spam_train -
Train if moving message to 'spam' folder, or from 'spam' folder to inbox
- g_imap_status_cache -
Cache imap status responses (Obsolete, use _stored setting)
- g_imap_status_stored -
Keep imap folder counts stored on disk
- g_imap_sync_all -
Apply imap_max_sync to all folders
- g_imap_sync_nomax -
Exception to imap_max_sync setting
- g_imap_testing -
Test imap module instead of normal one (not functional)
- g_imap_throttle -
Limit for sustained imap commands per second before warning admin, default is 5
- g_imap_throttle_exclude -
Users who are not limited
- g_imap_throttle_limit -
Daily mb download limit before applying throttle speed, e.g. 500
- g_imap_throttle_speed -
Limit to this speed in bytes per second when throttling, e.g. 50k
- g_imap_timeout -
Time, in minutes for imap timeout, RFC required default is 30
- g_imap_timeout_login -
Timeout prior to login in seconds
- g_imap_timezone -
Timezone to display - for testing purposes only NOT USED
- g_imap_trash_nocopy -
Prevent copying from Trash to Trash folder
- g_imap_uidl_nofix -
If true, disable auto repair of identical uidl entries
- g_imap_unsub_auto -
Unsubscribe if a folder doesn't exist
- g_imap_use_nil -
Give NIL instaed of empty response (do not use)
- g_imap_user_flags -
This setting may confuse some email clients (mac) use with cautioun
- g_imap_user_moreflags -
Allow unlimited flags
- g_imap_warn_big -
Warn user if inbox or sent has more than this many messages
- g_inbox_archive -
Archive old messages to Archives/yyyy/Inbox folder, age in days
- g_inbox_max -
Max messages permitted in inbox e.g. 5000
- g_inbox_nolimit -
Users with no limit on inbox
- g_include -
Include another ini file global settings only
- g_iplimit -
Untrusted local ip addresses e.g. web servers, special sending limits applied.
- g_iplimit_islocal -
Add domains to list of domains considered local for limit counting
- g_iplimit_local -
Max sends from untrusted ip to local domains per 30 minutes.
- g_iplimit_remote -
Max sends from untrusted ip to remote domains per 30 minutes.
- g_iplimit_whitelist -
List of 'from' addresses that should bypass limits
- g_ipv4_only -
List of hosts/mx that should NOT use IPV6 addresses
- g_ipv6_enable -
Enable IPV6 networking only use if you have an IPV6 address for some reason
- g_ipv6_notrim -
Prevent automatic conversion of ::ffff:x.x.x.x to x.x.x.x
- g_ipv6_only -
List of hosts/mx that should NOT use IPV4 addresses
- g_kann_test -
Testing spam module do not use
- g_keepalive -
Attempts to use keepalive for the web sessions (experimental & faulty currently)
- g_key_manual -
Try and activate automatically when the key expires
- g_key_nowarning -
Disable reminders to update your license
- g_known_skip -
Disable the bypass of known ip addresses from spf failures
- g_language_default -
Default language for user web interface
- g_last_login -
If true create last_login file each time user logs in via imap/pop. Do not use on MIRROR systems
- g_last_login_days -
If last login is more than this many days then reject email - do not use on mirrors
- g_late_forward -
Apply all users forwarding rules after friends, spam, and filtering
- g_late_skiplocal -
Skip late forwarding for local destinations
- g_ldap_forward -
Remote ldap server to forward requests to (only for testing do not use)
- g_ldap_outlook_browse_max -
Basic outlook ldap address browsing, max items (KEEP THIS SMALL eg <50): default=0 (disabled)
- g_ldap_port -
LDAP port, set to 389 to enable simple address book lookups only. (NOT YET FULLY FUNCTIONAL)
- g_legal_archive_accesskey -
Amazon s3 awsaccesskeyid
- g_legal_archive_add -
Users must belong to this group to get their email archived
- g_legal_archive_body -
Allow body searching, very very slow
- g_legal_archive_bucket -
bucket for for net service
- g_legal_archive_early -
Store to archive before phishing changes
- g_legal_archive_enable -
Enable legal archive
- g_legal_archive_encrypt_key -
Key for encrypting the data, you MUST never loose this
- g_legal_archive_exclude -
Accounts to exclude e.g. hr@xyz.com,*@doctor.com
- g_legal_archive_hostid -
Unique integer for this host 1-9 use if sharing mail spool
- g_legal_archive_keep -
Days to keep legal archive, units=days unless you specify years or months, default 5 years
- g_legal_archive_local -
Store files locally only
- g_legal_archive_mirror -
Mirror the archive, also use tellmail resync_archive
- g_legal_archive_nofail -
Don't bounce messages if archive fails
- g_legal_archive_only -
Drop all messages after archiving them!
- g_legal_archive_path -
Local path for archive indexes
- g_legal_archive_secretkey -
Amazon s3 awssecretkey
- g_legal_archive_show -
Users must belong to 'archive_show' group to see their own archive
- g_legal_archive_spam -
Store files even if identified as spam (OBSOLETE)
- g_legal_archive_trim -
Trim messages to max size e.g 20mb
- g_letsencrypt -
Path to find letsencrypt certificates (obsolete)
- g_lf_fix_list -
Enable lf fix for faulty email clients
- g_lf_fix_off -
Disable lf fix, obsolete SEE g_lf_fix_list
- g_local_skipgateway -
If true skip gateway rule for local messages (bounces etc)
- g_log_bounce_disable -
Stop bounce reject entries filling up log (typically from spam bounces)
- g_log_date_old -
Log old short date in log files
- g_log_disable -
Disable most logging - not recommended
- g_log_dns -
Log dns responses in gory detail
- g_log_dropped_disable -
Don't log if no 'data' command sent
- g_log_fakemid -
Header to use instead of message-id in log files
- g_log_flush -
Flush log file after every write
- g_log_fwd -
This setting is obsolete and has no effect
- g_log_level -
Level of logging, info, debug, error
- g_log_norcpt -
Disable Log individual recipients in msg.rec files
- g_log_password -
Log password failures to login_failed.log
- g_log_path -
Directory for log files, defaults to G_HOME
- g_log_pid -
Log PID in log lines
- g_log_quota -
Log quota for specified user
- g_log_reject_disable -
If true then rejects are not recorded in .rec files
- g_log_size -
Size of each mail*.log file (e.g. 5mb)
- g_log_slow -
Do slower logging system
- g_log_ssl_fail -
Log SSL failures to msg.rec
- g_log_start_norotate -
Don't rotate log on startup
- g_log_syslog -
Send 'msg.rec' entries to syslog
- g_log_syslog_debug -
Send 'mail.log' entries to syslog as 'mail.debug' data
- g_log_syslog_host -
Specify host to send syslog entries to (windows only)
- g_log_syslog_only -
Disable writing to msg.rec
- g_log_syslog_port -
Default is 514 (windows only)
- g_log_tcp_read -
Log actual tcp read data - for matching ip addresses - avoid
- g_log_tcp_write -
Log actual tcp write data - for matching ip addresses - avoid
- g_log_thid -
Log thread id in .rec files
- g_log_user -
Log pop/imap/smtp protocol for specified user
- g_login_log_size -
Size of login.log file
- g_lookup_names -
Lookup ip names of connecting users (can be slow)
- g_lookup_reject_fails -
If lookup cannot get a name, reject user (not generally recommended)
- g_lowdisk_mailbox -
Disksize warning limit for mailbox_paths
- g_lowdisk_warning -
Disksize below which to send a warning to the system manager
- g_mailbox_inbox -
Path for inboxes (experimental, do not use!)
- g_mailbox_path -
Default directory to store mail
- g_maildir_imap_max -
Use imap max setting, defaults to 100,000
- g_maildir_max -
Max messages in a POP folder, do not adjust
- g_maildir_netwin -
Use NETWIN proprietry storage format - Not Recommended
- g_maildir_report -
Email manager on ndb errors
- g_maildir_standard -
Use more standard maildir layout (NOT SUPPORTED)
- g_mailstatus_message -
Error message to give when mailstatus is set to specified state
- g_manager -
Email address of manager
- g_manager_port -
HTTP Manager port to listen on, default is 7026
- g_manager_secure_port -
HTTPS secure Manager port, default is https 7025
- g_manager_smtp -
SMTP server for error reporting
- g_manager_username -
Global domain managers username (for web based domain administration)
- g_max_bad_ip -
Max bad recipients per ip address before blocking that ip
- g_max_bad_ip_skip -
Skip g_max_bad_ip tests
- g_max_bad_ip_time -
Seconds to block guessing hackers
- g_max_bad_nolookup -
Max bad recipients in a row, if exceeded skip user lookup
- g_max_bad_to -
Max bad recipients in a row
- g_mdir_hash -
Hashing mode for surgemail (not supported, use at your own risk)
- g_mdir_prefix -
Prefix for maildir folders DO NOT USE THIS SETTING, NOT SUPPORTED!!!
- g_mfilter_addonly -
If true, then only allow 'adding' headers, not changing them
- g_mfilter_bounces -
Run mfilter on bounce messages and responders etc
- g_mfilter_disable -
Disable mfilter.rul completely
- g_mfilter_file -
Mfilter rule file. For spam rule processing (mfilter.rul)
- g_mfilter_localonly -
If true then only run mfilter on local deliveries
- g_mfilter_maxlen -
Size to truncate messages to before processing with filter
- g_mfilter_noisey -
Do log anything in mfilter
- g_mfilter_skip_from -
From addresses (envelope) to skip mfilter processing for
- g_mfilter_skip_ip -
IP address(es) to skip mfilter processing for
- g_mfilter_skip_to -
To addresses to skip mfilter processing for
- g_mfilter_trace -
Log trace lines in mfilter
- g_migrate_domain -
The domain which g_migrate_password is for
- g_migrate_email -
Send each user email on start/end of migration
- g_migrate_onsmtp -
Migrate on smtp login events
- g_migrate_password -
Allows login to all accounts create hash with tellmail master_password
- g_migrate_skip -
Skip imap folders matching this, use for shared folders
- g_migrate_translatet -
Translate folder names during migration
- g_mirror_config -
Mirror surgemail.ini to/from mirror_host, must set on both systems!
- g_mirror_config_except -
Settings to ignore when accepting the incoming config
- g_mirror_debug -
Log more info to mirror log.
- g_mirror_debug3 -
NEVER USE, MAKES MIRROR FAIL.
- g_mirror_email -
Email manager list of fixes sent
- g_mirror_host -
Mirror other host name
- g_mirror_lists_one -
Mirror list changes only one way to slave
- g_mirror_live -
Mirror: Send incoming messages immediately
- g_mirror_live_max -
Limit size of mirror_live default 60k
- g_mirror_lock -
Lock PRIMARY during secondary bursts
- g_mirror_max -
Max items in one folder to mirror, default 160k currently
- g_mirror_mode -
Mirrorring mode (one system must be PRIMARY and the other SECONDARY)
- g_mirror_nossl -
Disable SSL for mirror protocol connection - recommended
- g_mirror_nsend -
Sending threads to use, default 8
- g_mirror_nwauth -
Mirror send nwauth database to other server, ONLY set on primary
- g_mirror_nwauth_always -
Mirror nwauth database files
- g_mirror_others -
BETA Other hosts, for 3,4 host mirrors,(DO NOT USE)
- g_mirror_prune_age -
Mirror minimum age for items to be pruned during sync_prune, default 14 days
- g_mirror_repair -
Run resync_prune once per month, only set on primary, TURN OFF DURING FAILURES
- g_mirror_resync_inbox -
BETA Resync inbox for active users once a day
- g_mirror_secret -
Mirror shared secret
- g_mirror_threads -
Max threads we can use during resync_fast, default 6
- g_mirror_trash -
Normally on a resync the trash folder is ignored.
- g_modern_admin -
More modern admin ui layout
- g_modern_hicontrast -
Easy to see color scheme, Control f5 to reload css after changing!
- g_modern_surgeweb -
More modern layout for surgeweb
- g_modern_user -
More modern layout for user self admin
- g_monitor_disable -
Disable monitor process completely (requires restart)
- g_monitor_port -
HTTP port for Surgemail Monitor to listen on, default is 7027
- g_msg_hops_max -
Maximum received lines or message is bounced, default 30
- g_msg_log_body -
Log body fetches too
- g_msg_log_dkim -
Log DKIM in msg*.rec
- g_msg_log_extra -
Extra user activity logging
- g_msg_log_from -
Log From in msg*.rec
- g_msg_log_pop -
Log all pop reads in msg*.rec
- g_msg_max -
Max size of a single message (if over refuse with 552 error)
- g_msg_max_drop -
Drop link if size exceeded (DO NOT USE)
- g_msg_max_send -
Max size for authenticated local users
- g_msg_max_total -
Max size of a message * recipients
- g_msg_nodup -
Drop duplicate messages by msgid/user matching
- g_msg_track -
Message tracking - for debugging
- g_mtasts -
Enable MTA-STS ssl/tls rules
- g_mtasts_report -
Alert manager on MTASTS failures
- g_mtasts_white -
Domains to ignore MTA-STS rules
- g_mutex_fast -
Use fast mutex handling DEBUGGING option only
- g_mutex_timeout -
Default mutex timeout period in seconds default is 600
- g_mutex_timing -
Name of mutex to collect extra timing information for
- g_mx_tryall -
Try all mx hosts even if lower than own mx priority
- g_myrbl_disable -
Disable internal rbl database
- g_myrbl_disable_rbl -
Disable netwin rbl database
- g_myrbl_fake -
Fake myrbl response for testing
- g_myrbl_share -
Use and Share RBL reputation data with central NetWin server (Recommended)
- g_myrbl_store -
Size of internal myrbl database
- g_myrbl_to -
Debug setting for rbl sharing do not use
- g_myurl_disable -
Disable internal url database
- g_naked_msg -
Error message if body contains naked lf characters
- g_newui_advanced -
Always run new admin ui in advanced mode
- g_newui_disable -
Disable new admin ui (do not use)
- g_no_bull -
Special accounts that should not get bulletins
- g_notag_notascii -
Don't add x-notascii: charset to any non ascii message
- g_notag_url_forgery -
Don't add x-UrlForgery when a ref urls seem to not match
- g_notlocal -
Add ALERT to message subject if domain is local but origin is external NOT FUNCTIONAL!
- g_notlocal_message -
ALERT text to add to suspect messages that appear to be from a local domain
- g_nwv_test -
Test NetWin setting, best not played with)
- g_oauth_bearer -
Enable OAuth 2.0 bearer for SMTP and Imap (NOT IMPLEMENTED)
- g_oauth_bearer_url -
URL for OAuth bearer login (NOT IMPLEMENTED)
- g_oauth_client_id -
OAuth 2.0 client_id
- g_oauth_client_secret -
OAuth 2.0 client_secret
- g_oauth_trim -
OAuth 2.0 trim @domain.name
- g_oauth_url -
OAuth 2.0 server for password lookup, e.g. http://x.com/oauth
- g_old_imap_headbody -
Get head and body seperately
- g_old_imap_nossl -
Disable auto ssl mode
- g_old_imap_skip -
Skip these folders
- g_old_pophost_debug -
Log extra info when doing old pophost logins
- g_old_user_check -
Disable the account status enabled check on rcpt lines
- g_old_webmail_links -
Show webmail links in user cgi instead of surgeweb
- g_orbs_cache_life -
Time to keep RBL cached entries in seconds, default is 7200 seconds
- g_orbs_check_all -
Keep doing lookups even if found in a RBL, this is slower of course!
- g_orbs_exception -
Realtime Blackhole List, exception list of IP addresses
- g_orbs_fake -
Ip address to pretend we find in rbl database for testing
- g_orbs_force -
Force RBL check even if g_allow_ip matches this ip number
- g_orbs_late -
Do late disconnect so user has time to send SMTP authentication (Also applies G_SPF_SKIP_TO)
- g_orbs_list -
Realtime Blackhole Lists (RBL's), action=deny,accept,stamp
- g_orbs_multi_thread -
Use multithreaded code
- g_orbs_nosubmit -
Revert to old behaviour, orbs check before submit
- g_orbs_rec -
Log to record file if RBL deny action occurs (can fill logs up)
- g_orbs_report -
List of IP's to check in RBL(s)
- g_orbs_service -
Service Name - Obsolete - use g_orbs_list to define services
- g_orbs_system -
If true use system dns lookups instead of surgemails for orbs (not recommended)
- g_orbs_test2 -
Test block all addresses
- g_orbs_testing -
If true, RBL lookups are recorded but not blocked
- g_orbs_timeout -
Seconds to wait for RBL lookups, default is 10 seconds
- g_outgoing_block -
Block user if this many spam sent in one day
- g_outgoing_n -
Send manager email if more than this many spam from one user per day
- g_outgoing_white -
Whitelist for outgoing spam detector
- g_pass_force -
Force user to reset password if admin changes it
- g_pass_twofactor -
Enable two factor authentication
- g_pass_twofactor_bypass -
Bypass twofactor for ip addresses
- g_pass_twofactor_life -
Session life in minutes, dflt 4 hours
- g_pass_twofactor_merged -
Require +code for imap/pop logins sometimes
- g_perflog_disable -
Completely disable 'perflog' historical performance logging
- g_perflog_flush_interval -
Interval in seconds to flush the performance log files to disk (default 1hr = 3600)
- g_perflog_logall -
Log all trend graph counters including undisplayed graphs (recommended)
- g_perflog_lowres -
Do low resolution perflog sampling (hiding hour scale)
- g_perflog_surgeonly -
Only log surgemail counters
- g_phish_block -
Replace most urls with a warning link to stop phishing
- g_phish_friends -
Replace urls for msgs from friends too
- g_phish_key -
Used in key generation, never change
- g_phish_local -
Replace urls for locally sent msgs too
- g_phish_only -
Email addresses to apply link rewrite, default is everyone
- g_pipelining -
Show pipelining in ehlo response - not recommended - has no behavior affect
- g_policy_enable -
Enable policy.dat rules, still testing
- g_pop_add_size -
Improves pop performance on nfs slightly
- g_pop_blocksize -
Size of packets to read pop messages (best left alone)
- g_pop_cram_enable -
Enable cram-md5 support
- g_pop_delay -
If true packets are sent in bunches, this slows down some mail clients
- g_pop_flush_lines -
Flush to tcp every line of message sent (slow)
- g_pop_lock -
Lock pop spool
- g_pop_max -
Max threads for POP or IMAP connections
- g_pop_min_late -
Give min time error on first command after login
- g_pop_min_msg -
Additional warning to give user when they login too soon
- g_pop_min_skip -
Skip ip addresses matching this list.
- g_pop_min_time -
Min time in seconds between consecutive POP logins, NEVER USE
- g_pop_nolock -
Allows concurrent pop logins, recommended
- g_pop_port -
POP3 port to listen on, default is 110 (needs restart)
- g_pop_secure_port -
POP3 SSL secure port to listen on, default is 995
- g_pop_warning -
Send manager warning if this many sessions (pop or imap) reached (max 1 per hour)
- g_popfetch -
Fetch incoming mail from another pop server
- g_popfetch_interval -
Interval between popfetch attempts in seconds
- g_popfetch_kick -
If true then popfetch will try and open the link for 10 seconds, then retry, this should bring up ISDN lines.
- g_popfetch_nodup -
Drop duplicate messages
- g_ppd_port -
PopPassD port for setting passwords, default is 106
- g_private -
Enable a private customer specific feature
- g_proxy -
Proxy mode, best avoided for most situations
- g_proxy_default -
Proxy mode default forward to host
- g_proxy_smtp -
Proxy direct to gateway for listed domains, set webmail_secret too
- g_proxy_to_gateways -
Proxy pop/imap connections to matching gateway settings
- g_proxy_usercgi -
Proxy user.cgi requests to tohost (web_ref_text.txt & g_web_ref_path_extension must match on all servers)
- g_proxy_webmail -
Redirect webmail logins to external host name
- g_pstat_disable -
Disable pstat per user accounting (for debugging)
- g_queue_all -
Always queue local messages before delivery
- g_queue_limit -
If on disk queue exceeds this block incoming mail
- g_queue_max -
Size of internal que file cache, range 500-3000
- g_queue_spawn -
Run command on queue files before delivery ONLY if g_queue_all is true, filename is passed as parameter
- g_queue_warning -
If on disk queue exceeds this send manager a warning
- g_quota -
Disk quota for users in specified g_access_group
- g_quota_550 -
Give 550 quota response instead of 552
- g_quota_at -
Default is 80%
- g_quota_before_forward -
Do quota check before forwarding.
- g_quota_default -
Default quota
- g_quota_disable -
Disable quota system
- g_quota_friends -
Count friends pending messages as part of quota
- g_quota_from -
Return address for quota warning messages
- g_quota_noemail -
Disables all quota messages to the user
- g_quota_notrash -
Remove Trash folder from quota calculation
- g_quota_rcpt_disable -
Disables quota check at rcpt stage
- g_quota_report -
Send quota warnings to the manager
- g_quota_skip -
Skip quota for matching ip addresses
- g_quota_try_later -
Give 450 response if user is over quota so message will be resent
- g_quota_warning_disable -
Disables the 80% quota warning message
- g_rbl_login -
Server to lookup ips that should not be allowed to login
- g_rcpt_bang -
Allow bang character in addresses
- g_rcpt_colon -
Allow colon character in addresses
- g_rcpt_max -
Max recipients per message, default 1000, can only be lower than 3000.
- g_rcpt_max_in -
Limit for recipients of untrusted channels, default g_rcpt_max
- g_rcpt_msg -
Response given for invalid recipient errors, message is prefixed by email address.
- g_rcpt_nodup -
Ignore duplicate recipients to the same user
- g_rcpt_ok -
Whitelist for invalid rcpt addresses we will permit
- g_rcpt_quote -
Allow quote character(s) in addresses
- g_rcpt_trace -
Add X-Rcpt-Trace headers
- g_rdns_timeout -
Timeout for reverse DNS lookups default is 30 seconds
- g_received_name -
Name shown in received headers
- g_received_names -
List of valid received names for incoming email
- g_received_skip -
Skip local received header for trusted users (DO NOT USE)
- g_received_skip_all -
Skip local received header (DO NOT USE)
- g_received_skip_spf -
Skip spf received header (DO NOT USE)
- g_recent_bypass -
Bypass recent failure checking
- g_record_days -
Days to keep msg*.rec record of incoming messages, default 90
- g_record_hash -
Hash storage of daily .rec files
- g_record_login -
Log successful logins to msg*rec files
- g_record_path -
Directory for daily .rec files defaults to G_HOME
- g_recover_noquestions -
Remove question based password recovery system
- g_recover_reminder -
Send users reminder email monthly until they set a recovery email address
- g_recycling -
Keep deleted messages so users can undelete email
- g_recycling_del -
Allow usergroup to delete messages from the recycle folder
- g_recycling_imap -
Make visible to IMAP users, default is now ONLY surgeweb users
- g_recycling_life -
Days to keep imap deleted messages, default 30
- g_recycling_pop -
Do recycling for POP deletes too
- g_recycling_visible -
Only allow members of this group to see recycling folder
- g_redirect -
Redirect messages from 'was' to the new 'to' address
- g_redirect_cc -
Send carbon copy to another address
- g_redirect_cc_attach -
Redirect message as attachment if rule applies
- g_redirect_from -
Redirect if from envelope matches
- g_redirect_from_cc -
Send carbon copy if from envelope matches
- g_redirect_hide -
Hide the redirection in the output
- g_redirect_iflocal -
If local domain, then apply redirect
- g_redirect_ignore_errors -
Accept email even if redirected addresses fail
- g_redirect_newmid -
Generate new MID on redirection
- g_redirect_noautocreate_rules -
Don't create redirection rules for domains automatically
- g_redirect_ses -
If message is not local then apply redirect
- g_relay_allow_from -
Allow relaying from users if the from envelope and from header match this NEVER USE, SPAMMERS ABUSE THIS
- g_relay_allow_ip -
Allow relaying from users at this ip address
- g_relay_dom_and_ip -
Allow relaying if from envelope and ip address both match
- g_relay_ifnot -
Accept locally only if not from this ip
- g_relay_message -
Message to give to users who try to relay through your system
- g_relay_nolocal -
Do not automatically relay for 127.0.0.1
- g_relay_process -
Relay process, e.g. testip.exe $WHOIP, return 1 to allow relaying, 0=deny
- g_relay_to -
Relay to this domain from anyone
- g_relay_to_user -
Relay to specific user from anyone
- g_relay_window -
Minutes to allow relay after pop/imap login NOT RECOMMENDED
- g_relay_window_from -
Requires pop authed user is in from header of sent message
- g_rename_content -
Wild card list of mime types to rename, e.g. application*zip*
- g_rename_files -
Wild card list of files to rename, e.g. *.exe,*.cmd (see help for defaults) g_virus_rename setting required
- g_report_host -
Report facts to a central host
- g_report_notspam -
Send not spam samples to netwinsite.com automatically (unwise)
- g_report_spam -
Send spam samples to netwinsite.com when msg trained
- g_responder_delay -
Delay between responses to the same address.
- g_responder_friends -
Only respond if from known friends
- g_responder_from -
Send 'from' destination user.
- g_responder_noreply -
Send 'from' noreply@ destination domain, improves delivery
- g_responder_safer -
Only respond if the sender can be verified in some way (spf/domainkeys)
- g_responder_score -
Do not respond if spam score is above this
- g_responder_sender -
Responder whitelist for email from address
- g_responder_skip -
Skip responder if from matches
- g_responder_source -
Responder whitelist for from ip name or number
- g_responder_to -
Responder whitelist for destination user
- g_responder_utf8 -
Send response in utf8 format
- g_restart -
Restart server if it dies
- g_restart_kill -
Allow swatch to kill surgemail if not responding - beta
- g_restart_malloc -
Restart server if malloc exceeds this (in mb), e.g. 1000
- g_restart_vmsize -
Restart server if vmsize exceeds this (in mb), e.g. 1000
- g_retry_bounces -
Max hours to keep trying to deliver a bounce, default is 48hrs
- g_retry_dns -
Hours to keep trying if dns response suggested invalid domain name, default 0
- g_retry_from -
Time to keep messages from these domains
- g_retry_limit -
Max hours to keep trying to deliver a message, default is 48hrs
- g_retry_minutes -
Time between attempting resends, defaults to 60 minutes
- g_retry_rule -
Time to keep messages to these domains
- g_retry_unwarn -
Send user sent on confirmation if warning sent
- g_retry_warn -
Send user a warning if first send fails
- g_retry_warn_n -
Send user a warning if nth send fails
- g_route -
Route messages matching from and to both must be specified, * can be used
- g_route_by_tohost -
Route messages using server specified in 'tohost' in authent database
- g_route_except -
IP exception to g_route / g_route_by_tohost
- g_route_local -
Route messages for local domains if the rule applies
- g_route_local_ifexists -
Route messages for local domains if the rule applies and the local user exists
- g_route_tous -
Route messages back to our own ip
- g_rules_msgtime -
Use msg time rather than file time for expire rules
- g_rules_old -
Never use
- g_run_cmd -
Run command on all messages use $FILE$ in cmd parameters
- g_sabre_version -
SabreDAV version (DO NOT CHANGE, for debugging only)
- g_safe_alert -
Email manager when user fails to login from new ip
- g_safe_country -
White list use 2 char country code, e.g. US,NZ,AU a list is ok, use with g_safe_smtp
- g_safe_country_nowarning -
Whitelist countries for just this setting
- g_safe_imap -
Force users to prove they are real if logging in from pop/imap NEVER NEVER USE
- g_safe_message -
First line of email sent to user when login blocked
- g_safe_smtp -
Force users to prove they are real with each new address, whitelist email or ip with g_safe_white
- g_safe_smtp_email -
Email manager as remote ip addresses are added
- g_safe_text -
The first line of the warning email when a new login occurs
- g_safe_warning -
Email user for logins from new ip addresses
- g_safe_white -
White list for g_safe* settings
- g_sample_get -
Sample account to check if deliveries work
- g_sample_show -
Headers to show from sample messages
- g_scan_action -
Converts return value from g_scan_cmd, action=drop,accept,bounce
- g_scan_cmd -
Run command on message, and return integer, see g_scan_action
- g_scan_cmd_failok -
Don't reject if script fails
- g_scan_cmd_skip -
Skip for matching ip addresses
- g_scan_cmd_testing -
Don't reject, (for testing)
- g_sched_utoken_timeout -
Timeout for sched utokens in minutes
- g_send_backoff -
Seconds to leave slow responding host alone (default 900)
- g_send_body_end_retry -
Try again if connection fails after entire body sent
- g_send_body_noretry -
If a send fails during the body send give up at once.
- g_send_body_once -
Don't try 3 times if failure occurs sending body
- g_send_bug1 -
Fail while sending messages
- g_send_conspeed -
Outgoing connections per second per destination, default is 4
- g_send_delay -
Wait this many seconds after sending each item.
- g_send_first_retry -
Minutes for first retry, default is 16 minutes, do not adjust!
- g_send_helo -
Fully qualified domain to use for all outgoing SMTP helo commands and MessageIDs
- g_send_helo_from -
Use matching domain name if we have one if user is authenticated/trusted AVOID THIS!
- g_send_helo_in -
Lookup dns name of incoming ip connection on local interface, UNSAFE
- g_send_lines -
Send messages in single line packets, slow!
- g_send_lowpriority -
Ip address of bulk sending servers
- g_send_max -
How many concurrent sending sessions in total
- g_send_max_perchan -
Msgs to send on one open channel
- g_send_max_perdom -
How many concurrent sessions allowed to another domain, default is 3
- g_send_max_rcpt -
How many rcpt's to send per message when sending
- g_send_no_domain -
Message to show when domain points to us but can't find user or domain
- g_send_nolimit -
Don't apply g_max_perdom limit when sending to this domain
- g_send_nopoll -
Use sleep loop instead of poll (debugging only)
- g_send_nosize -
Don't send size with from envelope
- g_send_noskipslow -
Don't remember hosts that are slow to open and avoid them
- g_send_onpopfetch -
Only send outgoing while doing a popfetch (For dialup use)
- g_send_open_timeout -
Timeout, in seconds when opening a link
- g_send_retry_550 -
Retry on 550 responses (general failure)
- g_send_retry_552 -
Retry on 552 responses (typically quota exceeded)
- g_send_rewrite -
Rewrite envelope recipient at send stage, does not change destination server
- g_send_speed -
Bytes per second to limit each outgoing channel to, default no limit, eg 10k
- g_send_sslheader -
Add x-encrypted header when sending via ssl
- g_send_store_disable -
Disable sendstore smtp extenstion
- g_send_strip -
Headers to strip when sending
- g_send_timeout -
Timeout, in seconds when sending, default is 540 (9 minutes)
- g_send_tolimit -
Limit speed to send to one or more domains.
- g_sent_archive -
Archive old messages to Archives/yyyy/Sent folder, age in days
- g_sent_nodup -
Drop duplicates in Sent folder due to sent_store
- g_sent_store -
Store all sent messages in IMAP folder if smtp authenticated
- g_server_name -
SERVER_NAME to set for list of wildcard urls
- g_server_stamp -
Replaces SurgeMail and version string in received headers
- g_setpassword_firstlogin -
Accept any password on first POP login and set in database (EMERGENCY USE ONLY, requires nwauth -reasonfail parameter)
- g_sf_binary -
Use Binary Network
- g_sf_disable -
Smart Filter Disable
- g_sf_generate -
Build local smart filter
- g_sf_ignore_users -
Ignore user submissions just use automatic samples (obsolete)
- g_sf_limit -
Limit range of self training
- g_sf_list -
Use list mechanism for scoring
- g_sf_nnet -
Use Neural Network (Experimental, ONLY FOR TESTING)
- g_sf_nosanity -
Disables improved g_sf_binary with sanity checks
- g_sf_obey_users -
Obey user submissions about non spam, usually not a good idea
- g_sf_rules -
Use manual rules to improve scoring
- g_sf_saneonly -
Sane score only
- g_sf_sanity2 -
Enables improved sanity scoring
- g_sf_sanity_test -
Experimental setting never use
- g_sf_test2 -
Testing
- g_share_home -
Allow sharing of home directory
- g_share_mail -
Set true if mail area is shared (by nfs or other mechanism)
- g_share_quota -
Do quota on disk (e.g. when using nfs shared spool)
- g_show_senders -
Show top senders in domain admin pages
- g_shutdown_ifmissing -
Shutdown if specified file doesn't exist
- g_shutdown_slow -
Add 20 second delay to shutdown for debugging
- g_skip_return -
Skip return path
- g_slow_welcome -
Add 30 second delay to welcome message for debugging
- g_smite_all -
Add spamdetect and smitematch headers to all messages going past
- g_smite_gateway -
Add spamdetect and smitematch headers to gatewayed/redirected messages
- g_smite_level -
If smitematch score is above this drop message (just throw it away) e.g. 1
- g_smite_skip -
Whitelist/Skip spam scanner (and spf) if from matches this wild card (Whitelist)
- g_smite_skip_auth -
Skip spam scanner if user logged in
- g_smite_skip_from -
Skip spam scanner if from header/env matches this wild card
- g_smite_skip_ip -
Skip spam scanner if senders ip matches
- g_smite_skip_only -
Skip spam scanner if to matches this wild card and no other recipients that 'don't' match...
- g_smite_skip_relay -
Skip spam scanner if ip can relay
- g_smite_skip_to -
Skip spam scanner if to matches this wild card
- g_smite_tag -
Tag message with smitematch header if message is in spam database when read
- g_sms_forward -
Specifies IP's which are allowed to forward to SMS gateways
- g_sms_gateway -
Address and port of your sms gateway (use g_twilio instead)
- g_sms_gateway_force -
Force sms notifications to go to g_sms_gateway
- g_sms_gateway_msgbytes -
Maximum amount of message to send to g_sms_gatway (bytes)
- g_sms_gateway_subjbytes -
Maximum length of subject in sms message
- g_sms_recover_text -
Sent to users when SMS password recovery msg sent
- g_smtp_allow_invalid -
Allow messages with invalid headers
- g_smtp_auth_debug -
Auth Debug (do not use)
- g_smtp_auth_ip -
Ip Addresses to accept smtp authentication from
- g_smtp_auth_off -
Disable SMTP AUTH from unknown ip addresses (NOT RECOMMENDED)
- g_smtp_big -
Slow down incoming SMTP reads to get bigger packets (experimental)
- g_smtp_bounce_nslow -
Number of handles to use for doing slow rejections of smtp connections
- g_smtp_chunking -
Protocol Extension, never use
- g_smtp_cmd_timeout -
Seconds to wait after getting a message for next command (sendmail bug)
- g_smtp_cram_enable -
Enable CRAM-MD5 authentication (requires nwauth 4.0h or greater) - Not Recommended
- g_smtp_data_bug -
Fail on incoming emails for debugging
- g_smtp_data_timeout -
Seconds for timeout for data input, default 540 (9 minutes)
- g_smtp_delay -
Seconds to wait before responding to rcpts, 1-20, this reduces load on bulk senders
- g_smtp_delay_stamp -
Stamp header if sender sends data before seeing welcome response (usually spam)
- g_smtp_etrn_auth -
Only do etrn processing if user is authenticated
- g_smtp_fast_bounce -
Reject bad connections immediately
- g_smtp_fix_nohead -
Accept messages with no headers and try and cope
- g_smtp_help_disable -
Disable help in SMTP (minor security issue)
- g_smtp_log_protocol -
If true log SMTP protocol to log file
- g_smtp_log_size -
Size of smtp.log file
- g_smtp_max -
Max concurrent incoming SMTP connections
- g_smtp_max_nolimit -
Ip addresses that don't have max smtp limit applied
- g_smtp_max_reason -
Reason to give to user if g_smtp_max is exceeded
- g_smtp_maxbad -
Max bad command per session before dropping smtp link, default no limit
- g_smtp_no_brackets -
Allow from/rcpt without angle brackets
- g_smtp_noauth -
Limit SMTP to just these addresses (not generally useful) always include 127.0.0.1
- g_smtp_noauth_msg -
Message given when sender is told to use authentication because of g_smtp_noauth
- g_smtp_noauthm -
Limit SMTP to just these addresses (not generally useful)
- g_smtp_noclear -
Disable smtp buffer clear after starttls command
- g_smtp_plain_hide -
Hide 'plain' from the ehlo response
- g_smtp_port -
SMTP port to listen on, default is 25 (needs restart)
- g_smtp_portauth -
SMTP ports which require smtp authentication, typically 587,465
- g_smtp_portforce -
Block logins for ports not listed in g_smtp_portauth
- g_smtp_secure_port -
SMTP SSL secure port to listen on, default is 465
- g_smtp_thread -
Use seperate thread for incoming SMTP connections
- g_smtp_vrfy_allow -
Allow vrfy from these addresses, not recommended
- g_smtp_vrfy_msg -
Change Response to VRFY, e.g. 252 Not telling
- g_smtp_warning -
Send manager warning if this many sessions reached (max 1 per hour)
- g_smtp_welcome_delay -
Seconds to delay welcome message, drop if we get data before we send welcome, recommend 1-3 seconds
- g_spam_alias_any -
User aliase string e.g. "++" if defined then strip suffix from emails - not advised!
- g_spam_allbad -
Auto blacklist from/ip/to combinations
- g_spam_allow -
IP Wild card exceptions to spam limits
- g_spam_allow_disable -
Disable allow bounce messages
- g_spam_allow_known -
Unblock IP address if we have received messages from it for 3 days (so it's not a transient spammer)
- g_spam_allow_msg -
Template for unblock messages, use ||reason|| and ||allow|| and maybe a url
- g_spam_allow_rbl -
Give unblock message to RBL bounces too
- g_spam_allow_rdns -
Trust ip name for spam checking, not recommended
- g_spam_allow_recent -
Skip spam rules if recent pop ip number
- g_spam_aspam -
Scale for aspam, default is 1.0, Valid range is zero to two
- g_spam_autotrain -
Auto train spam filter good messages based on first 1000 outgoing emails
- g_spam_black_auto -
Auto blacklist for user when isspam pressed
- g_spam_black_tospam -
Put blacklist matches in spam folder
- g_spam_block -
Block spam (as decided by spf etc), if not set then user or domain can set
- g_spam_block_gateway -
Block spam gatewayed messages too
- g_spam_block_msg -
Template for spf blocked message if allow is disabled
- g_spam_body -
If spamdetect score is above this, add spamdetect header at top of message body NOT RECOMMENDED e.g. 7
- g_spam_body_more -
Add more info to spam body (ip address, ptr address, reply to and bounce address)
- g_spam_body_url -
Text part of info to add to body, usually a url to your site
- g_spam_bounce -
If spamdetect score (number of '*'s) is above this, bounce message. Never set below 14
- g_spam_bounce_all -
If spamdetect score is above this, bounce message, applies to all messages regardless of user settings. e.g. 7 NEVER USE THIS
- g_spam_bounce_store -
If true store rejected spam in Spam_Rejected folder
- g_spam_bounce_text -
Error to return to user when message is bounced due to g_spam_bounce setting
- g_spam_bounce_trusted -
If spamdetect score is above this, bounce message if trusted (spam_allow or authenticated)
- g_spam_catcher -
Addresses on web pages that shouldn't get any email (robot bait)
- g_spam_char -
Character to use instead of '*' for smitespam headers (best left alone if possible)
- g_spam_check_auth -
Don't skip spam rules for authenticated users
- g_spam_cmd -
Command line spam checker, use $FILE$ in cmd parameters
- g_spam_cmd_if -
If internal spam rating is below this number, then run external filter
- g_spam_cmd_reject -
If external filter returns number larger than this reject
- g_spam_cmd_skip -
If internal spam rating is below this number, then skip external filter
- g_spam_content_disable -
Disable aspam_content.txt rules
- g_spam_flag -
Add X-SPAM-FLAG: Yes header if smite score is above this level
- g_spam_folders -
Train on any message dropped into the relevant folders
- g_spam_folders_show -
List the special folders for all users
- g_spam_from_blacklist -
Fetch list of bad domains to reject email from - not recommended
- g_spam_from_max -
Max outgoing messages per ipaddress/return path pair, 30 minutes, e.g. 5000
- g_spam_grey -
OBSOLETE DO NOT USE, Enable old greylisting for spf mechanism
- g_spam_grey_bounce -
Bounce if message was allowed due to grey listing, and spam score is above this, default 8 (was 4)
- g_spam_grey_classc -
Apply grey listing to x.x.x.*
- g_spam_grey_dflt -
Enable greylisting for spf default accept events (not recommended)
- g_spam_grey_dflt_bad -
Enable greylisting instead of allow in some cases (recommended for block or strict)
- g_spam_grey_nofive -
Skip 5-6 minute black window for these domains
- g_spam_grey_nohard -
Avoid hard spf bounces always try and do a grey list instead
- g_spam_grey_nseen -
Number of messages from an unknown host, default is 6
- g_spam_grey_size -
Size of grey listing table, default is 3000
- g_spam_grey_verify -
Skip grey listing if host was not listening
- g_spam_grey_window -
Window to block bad messages, typically 60 seconds
- g_spam_header_trust_ip -
List of IP addresses from which to trust/accept existing X-SpamDetect headers in emails
- g_spam_hold_hide -
Hide spam hold settings for end users and other held2pend user.cgi tweaks
- g_spam_hold_keep -
Number of days to store users spam hold messages - OBSOLETE see G_FRIENDS_PENDING_KEEP
- g_spam_info -
Info line and url to explain aspam system
- g_spam_info_hide -
Removes the x-spamdetect-info header line
- g_spam_internal -
Enable new 'internal' spam processing
- g_spam_isspam_ignore -
Don't block messages from ip addresses recorded as a spam source
- g_spam_isspam_kind -
Allow isspam from recent pop, gateway to etc
- g_spam_nobounce -
Remove old user held/vanish but after 5.2 will allow bounce
- g_spam_nolang -
Don't add header with a guess at body language
- g_spam_notrain -
Disable isspam and notspam addresses for user training
- g_spam_notspam -
Address that non authenticated users can send non spam to.
- g_spam_noupdate -
Disable fetch of aspam filter rules etc from netwinsite
- g_spam_phishing -
Download list of known phishing addresses and block outgoing email to them
- g_spam_phishing_ok -
Allow to these addresses even if phishing database blocks them
- g_spam_phrase -
Enable auto spam phrase filter
- g_spam_poly -
Scale for poly word matching, default is 0.1, Valid range is zero to two, Use 1.0 to enable, EXPERIMENTAL
- g_spam_poly_disable -
Disable poly code.
- g_spam_private -
Enable users to define 'private' extensions user--STUFF@domain
- g_spam_probe_enable -
Probe suspect urls to find spammers - can cause RBL
- g_spam_probe_friends -
Probe even if email is from a friend
- g_spam_probe_more -
Probe even if email is from a known ip address
- g_spam_probe_unknown -
Probe any unknown url (dangerous)
- g_spam_probe_whois -
Do whois lookups on web pages found in probe
- g_spam_share -
Use and share some spam/aspam information with central server (netwin) experimental
- g_spam_status_hour -
Process all spam status messages at this time (disk io intensive)
- g_spam_status_monthly -
Send monthly spam status even if no messages pending
- g_spam_subject -
If score is above this, add spam rating to subject (Spam: ****) e.g. 8
- g_spam_subject_dom -
Destination domains to tag subject for
- g_spam_subject_gateway -
If true then spam_subject setting applies to gatewayed messages too
- g_spam_subject_word -
The word that gets added to subject, default is 'Spam', UCE is another good one
- g_spam_url -
Scale for url word matching, default is 1.0, Valid range is zero to two
- g_spam_user_badto -
Max bad recipients from authenticated user per 30 minutes, e.g. 50
- g_spam_user_lockout -
Lockout user until released with unlock_all command
- g_spam_user_max -
Max messages an authenticated user can send per 30 minutes, e.g. 5000
- g_spam_user_skip -
Users to skip g_spam_user_max limit for
- g_spam_user_warn -
Alert user when they send this many messages in one day, .8 to alert at 80% of max
- g_spam_user_warn_msg -
Message when user approaches send limit
- g_spam_userconfig -
Allow users to specify specific spam features
- g_spam_vanish -
If spamdetect score (number of '*'s) is above this, vanish message if local delivery. NEVER USE THIS
- g_spam_vanish_all -
If spamdetect score is above this, vanish message, applies to all messages regardless of user settings. NEVER USE THIS
- g_spamdetect_some -
Only show spamdetect header for bad scores
- g_spawn_log -
If true the spawns are logged to lib_spawn.log
- g_speech_cmd -
Command to convert sound file to text (append .txt to filename)
- g_speech_end -
End text after the converted text
- g_speech_from -
Only attempt conversion if from this email address
- g_speech_group -
Only attempt conversion if user is memeber of 'speech' group
- g_speech_info -
Intro text above the converted text
- g_speech_size -
Default 10mb, will not convert larger files
- g_speech_to -
Only attempt conversion if to this email address
- g_spf_baddns_skip -
If spf dns failure then allow message through (instead of giving retry error)
- g_spf_byemail -
Perform allow bounce confirmation via email.
- g_spf_debug_log -
Enable spf.log file
- g_spf_default -
(strict only) Default spf record if none found default 'mx/16 a ptr:%{d2} -all'
- g_spf_default_noblock -
(strict only) Only stamp headers if default spf record fails when no real spf header
- g_spf_dns_timeout -
Seconds to wait for dns lookups for spf, best not to change
- g_spf_domain -
Domain for SPF rewrite and allow messages (defaults to first domain on server)
- g_spf_enforce -
List of wildcard/domains to enforce spf for, e.g. paypal.com,*bank*
- g_spf_enforce_auto -
Enforce spf for commonly forged domains paypal.com,*bank*
- g_spf_enforce_known -
Enforce spf even if we think this ip address is safe
- g_spf_enforce_local -
If spf fails and it's a local domain then skip grey listing and bounce
- g_spf_enforce_real -
Enforce spf for domains with strong spf entries
- g_spf_fake -
Fake spf record to use for testing
- g_spf_header -
Use g_verify_mx_skip and apply to resulting ip
- g_spf_mode -
Do SPF check and then perform action, stamp | block | strict, action is conditional on [g_]spam_block settings
- g_spf_noallow -
Give hard bounce (no allow message) for spf failures for these domains & ignore friends
- g_spf_nocache -
Disable SPF cache
- g_spf_nofriend -
Ignore friends for spf
- g_spf_nogrey -
Skip SPF grey listing for these domains (require allow response)
- g_spf_norewrite -
Exceptions to rewrite rule, e.g. *@my.domain,bob@this.domain
- g_spf_required -
Require an spf entry for these domains
- g_spf_rev_skip -
Skip SPF checks if reverse ip name matches in this list, e.g. *.yahoo.com
- g_spf_rewrite -
Rewrite 'from' envelope in redirected mail (SRS)
- g_spf_rewrite_gateway -
Rewrite even if gateway rule applies
- g_spf_rewrite_relay -
Rewrite even if from ip is a host to relay for
- g_spf_share -
List of hosts to share allow ips with. Must all have same srs.secret file
- g_spf_skip -
Skip spf checks for these ip addresses, e.g. other mx hosts
- g_spf_skip_from -
Skip based on from, e.g. noreply@*paypal.com,..., Also skips RBL
- g_spf_skip_to -
Skip based on rcpt to, also skips RBL rules,...
- g_spf_timeout -
Seconds to wait for all spf lookups to finish, default 48 seconds
- g_spf_trust_local -
Skip spam checking for local domain that passes spf
- g_spf_user_domain -
Make allow bounces use destination user domain name
- g_spf_very_strict -
(strict only) Only give 'allow' option for default spf rule failures not real ones
- g_spf_web_url -
Specify full url for spf byweb commands http://domain.name:port
- g_spflog_domains -
Specify which domains should get spflog entries sent to them.
- g_spflog_enable -
Enable this if this server is a frontend for a SurgeMail server users log into.
- g_spool_path -
Scan this directory for *.msg files to send as emails
- g_ssl_allow -
IP Wild card list to allow SSL encryption from
- g_ssl_allow_fix -
Disable incoming ssl on ssl failure from an ip
- g_ssl_allow_imap -
IP Wild card list to allow SSL encryption from for imap
- g_ssl_auto -
Generate letsencrpt ssl certificates automatically for all domains
- g_ssl_ciphers -
List permitted ciphers, DANGEROUS
- g_ssl_ciphers_add -
More permitted ciphers (added to g_ssl_ciphers) DANGEROUS
- g_ssl_ciphers_web -
List permitted ciphers for web, DANGEROUS
- g_ssl_disable -
Disable protocols tlsv1,tlsv1_1,tlsv1_2,sslv2,sslv3 (restart surgemail)
- g_ssl_disable_des -
Disable DES ciphers, breaks outlook on XP
- g_ssl_disable_port25 -
Prevent ssl on port 25
- g_ssl_disable_renegotiation -
Disable SSL renegotiation.
- g_ssl_disable_sslv2 -
Disables ssl 2.0 support for enhanced security (obsolete use g_ssl_disable)
- g_ssl_disable_sslv3 -
Disables ssl 3.0 support for enhanced security (obsolete use g_ssl_disable)
- g_ssl_disable_tlsv1 -
Disables tls 1.0, not recommended (obsolete use g_ssl_disable)
- g_ssl_disable_tlsv1_1 -
BROKEN: Use g_ssl_disable setting instead
- g_ssl_disable_tlsv1_2 -
Disables tls 1.2 support, breaks LETSENCRYPT, NEVER USE
- g_ssl_disable_web -
Disable protocols for web only (restart surgemail)
- g_ssl_dmalloc -
Enable dmalloc tracking in ssl
- g_ssl_fips -
Enable FIPS mode crash if not available (DO NOT USE)
- g_ssl_guess_domain -
Guess domain using SSL hostname to allow login without @domain.name
- g_ssl_honor -
Honor server cipher order
- g_ssl_lets_exclude -
Domains urls to not update, user must copy from ssl to lets folder
- g_ssl_lets_path -
Path to webservers /.well-known folder for letsencrypt
- g_ssl_lets_slave -
Run letsencrypt on SLAVE too
- g_ssl_per_domain -
Create/use an SSL certificate for each domain
- g_ssl_perfect -
Apply good SSL settings, best to remove g_ssl_ciphers setting too
- g_ssl_require -
IP Wild card list to require SSL encryption from
- g_ssl_require_imap -
IP Wild card list to require SSL encryption from for IMAP
- g_ssl_require_in -
Local domains that must only receive SSL messages
- g_ssl_require_login -
IP Wild card list to require SSL encryption for POP/IMAP/SMTP don't use with broadworks
- g_ssl_require_out -
Remote ip, remote domain for which we must send using SSL
- g_ssl_require_smtp -
If IP matches then require SSL for incoming SMTP message
- g_ssl_require_web -
Require https for most web features (excluding blogs file sharing and surgeplus)
- g_ssl_retry_seconds -
Second to try and establish ssl connection, default is 5
- g_ssl_sha1_sign -
Obsolete, sha256 is now always used
- g_ssl_test_fail -
Break ssl to test auto downgrade
- g_ssl_try_from -
Try and start ssl mode if from this user, e.g. *@xyz.com
- g_ssl_try_not -
Skip ssl for these hosts
- g_ssl_try_out -
Try and start ssl mode to these hosts
- g_ssl_verify -
Domains that must have valid ssl certificates
- g_ssl_warn -
Send users weekly reminder if they keep using non SSL logins
- g_ssl_warn_ignore -
Don't give warnings if user is from this trusted host
- g_ssl_warn_text -
Last line of email warning sent to user if SSL not used
- g_sstat_disable -
Disable netwin statistics gathering.
- g_stack -
For testing only, NEVER SET THIS
- g_stack_imap -
For testing only, NEVER SET THIS
- g_startup_delay -
Seconds to wait before starting surgemail
- g_status_login -
Require login for spam status actions
- g_status_url -
Specify default global url for status messages
- g_status_view_html -
Obsolete setting
- g_store_dropped -
Store upto 5000 bad bounces in the dropped directory
- g_subject_blank -
Subject header if one is missing
- g_suffix_report_admin -
Report email to admin if suffix prevents login
- g_suffix_report_user -
Report email to user if suffix prevents login
- g_surbl -
SURBL Spam URI Realtime Blocklists
- g_surbl_from -
Also check the return path
- g_surbl_reject -
Reject email with SURBL hits
- g_surbl_skip -
URL's to allow even if listed in surbl
- g_surbl_skip_ip -
Skip SURBL check if sender is from listed ip
- g_surbl_whois -
Also check whois info on suspect urls - not for busy servers!
- g_surgeblog -
Specialize SurgeMail as a Blog server
- g_surgeplus_delay_tell_upgrade -
Delay informing existing users about new SurgePlus versions for
- g_surgeplus_delay_tell_upgrade_exempt -
Users exempt from delayed new version informing
- g_surgeplus_hide_client_downloads -
Hide the links to download and install SurgePlus Windows client
- g_surgeplus_links -
Add web links to SurgePlus from other web interfaces (and vice versa) for users allowed to use SurgePlus.
- g_surgeplus_log_level -
SurgePlus log level. 'none', 'info', or 'debug'. Default is 'info'
- g_surgeplus_online -
Enable online tracking in surgeplus
- g_surgeplus_pop_server_name -
Default pop server to set SurgePlus client download to connect to.
- g_surgeplus_port -
SurgePlus port to listen on, default is 7110
- g_surgeplus_secure_port -
SurgePlus SSL secure port, default is 7995
- g_surgeplus_smtp_server_name -
Default smtp server to set SurgePlus client download to connect to.
- g_surgeplus_web_port -
SurgePlus web port to listen. Default is to use HTTP webmail port
- g_surgeplus_web_url -
Direct SurgePlus users to access shared files at this url
- g_surgewall_ignore_error -
Deliver even if some rule sais bounce
- g_surgewall_redirect -
Allow redirect/responder for surgewall
- g_surgewall_split -
Split up surgewall messages, one per recipient
- g_surgeweb_allow_abk_v2 -
Accept v2.1 vcard format and treat is as a v3.0 vcard
- g_surgeweb_auth_ok -
Alow smtp auth for surgeweb even when disabled
- g_surgeweb_backend_server -
Backend machine to connect to
- g_surgeweb_backend_web -
Backend machine to connect to
- g_surgeweb_benchmark -
Log web request timing info for surgeweb benchmarking - matches ip addresses
- g_surgeweb_cache_less -
Reduce surgeweb caching
- g_surgeweb_debug -
Log surgeweb debug info - matches ip addresses or email addresses - avoid
- g_surgeweb_disable -
Disable access to SurgeWeb
- g_surgeweb_forgot_show -
Show forgot password link on surgeweb login page
- g_surgeweb_ics -
Surgeweb email/calendaring integration (ie ics file processing and sending)
- g_surgeweb_idle_timeout -
Idle timeout for surgeweb sessions (hours, default=48)
- g_surgeweb_logall -
For requests matching g_surgeweb_debug also leave all webio & temp files - avoid
- g_surgeweb_path -
Change surgeweb path
- g_surgeweb_process -
Run surgeweb in it's own process (beta)
- g_surgeweb_remember_timeout -
"Remember" timeout / max session length for surgeweb sessions (days, default=14)
- g_surgeweb_restrict -
Restrict surgeweb use to these accounts only
- g_surgeweb_testing -
NEVER USE
- g_surgeweb_testrig -
Disable session cache for testrig
- g_surgeweb_work -
Path to Surgeweb cache/work files
- g_tarpit_badrcpt -
Delay rejection of bad recipients (in seconds, default 4s)
- g_tarpit_blackhole -
Reject the email one recipient at a time
- g_tarpit_drop -
Drop link and ban for 1 hour if tarpit limits exceeded
- g_tarpit_hacker -
Slow DOS attacks in some situations
- g_tarpit_max -
Number of local recipients before slowing down per 30 minutes
- g_tarpit_max_remote -
Number of remote recipients before slowing down
- g_tarpit_retry -
Send retry error, 450 if tarpit limits exceeded
- g_tarpit_skip -
Skip tarpit limit for these destination users or domains, e.g. *@xyz.com
- g_tarpit_skip_from -
Skip tarpit limit for messages from these users e.g. *@xyz.com
- g_tcp_bf_size -
Set tcpip snd/rcv buffer sizes, best left blank
- g_tcp_proxy_ip -
Enable TCP proxy protocol for specific address
- g_tcp_que_len -
Length of listen queue for incoming connections
- g_tcp_read_timeout -
Timeout in 'seconds' on pop connections, do not adjust. (default 600)
- g_tellmail_ip -
Addresses to allow tellmail commands from (should never be *)
- g_thread_log -
Enable thread.log
- g_thread_max -
Max threads allowed on this system (best not changed)
- g_thread_max_restart -
Crash and restart if max threads exceeded from local ip on smtp
- g_thread_pool -
Keep all threads in a common pool
- g_thread_reuse2 -
Reuse threads - fixes unix bug - not implemented
- g_thread_smooth -
Throttle thread creation as max hit to reduce peaks
- g_thread_spinlock -
Spin more before sleeping when waiting for mutex
- g_timeout_try_later -
If timeout while waiting for message to arrive tell other end to retry
- g_timezone -
Places in timezone part of date string, e.g. +1200 NZT. Please leave blank!
- g_timezone_force -
Hours offset to local time, e.g. 5 (best left blank)
- g_tmalloc_log -
write tmalloc.log for gd library memory access.
- g_to_valid -
Require an @ and dotted domain in all dest addresses
- g_tohost_local -
Authentication database tohost name entry to deliver locally (see g_proxy and g_route_by_tohost)
- g_token_httponly -
Use httponly flag, stop scripts using token, may break attachments
- g_token_secure -
Use secure flag for surgeweb, stops http access to token, so requires https to work
- g_toscan_path -
Path used for mime parts for virus scanner
- g_trace_flush -
Flush to trace_dump.log via monitor
- g_train_store -
Number of messages to store in each spam training directory (1000-5000)
- g_twilio_from -
Twilio SMS from phone number
- g_twilio_sid -
Twilio account SID
- g_twilio_token -
Twilio account TOKEN
- g_uidl_big -
Use random uidl if uidl not found
- g_unique_name -
A unique name for this server
- g_url_alias -
Allows translation from one url to another
- g_url_enable -
Enable widearea URL spam database
- g_url_host_noscan -
Disable the scan for url_host settings matching the domain in an incoming web request
- g_url_master -
Set if this is the central URL server (for netwin use only)
- g_url_master_to -
Central URL server email address (leave blank)
- g_url_redirect -
Sends http 301 redirect to tell browser resource has moved
- g_user_access -
User.cgi features granted to access groups
- g_user_access_always -
Run spam and filter regardless of access UI settings
- g_user_access_default -
Default user.cgi features granted to users
- g_user_access_from -
When sending use from for useraccess rules
- g_user_access_webonly -
Means user_access rules only stop web interface not actual spam checking etc
- g_user_alias -
Number of aliases accounts can create
- g_user_alias_file -
User aliases configuration file
- g_user_block_time -
Block chrisp from pop access for this time period
- g_user_blogs -
Number of blogs accounts can create
- g_user_cookies -
Enable browser cookies for user self management
- g_user_delete -
Let users delete themselves
- g_user_disable -
Filename listing users to disable
- g_user_domainlist -
Who to show domain dropdown list to on user.cgi login page and 'user' pages
- g_user_filter_early -
Process user exceptions/accept filters before tagging message as spam
- g_user_friends_domain_log_disable -
Disable domain level friend.log file
- g_user_friends_log_disable -
Disable user level friend.log file
- g_user_hide_security -
Hide user level security.log access
- g_user_list_quota -
Number of mailing lists users can create
- g_user_mail_view -
Whether an admin/manager can view/display users inbox mail
- g_user_mfilter -
Mfilter to run for individual user delivery, some features not supported
- g_user_pipe -
Pipe run on file just before delivery to user, $USER$ available on command line
- g_user_receive_rule -
Define valid source addresses for users in a group
- g_user_report -
Daily,Weekly,Monthly, emailed to managers of each domain
- g_user_send_all -
Apply all g_user_send_rules that match
- g_user_send_ip -
Block any ip that sends more than this many emails per day
- g_user_send_max -
Maximum number of emails per day (requires SMTP AUTH)
- g_user_send_rule -
Define valid recipient addresses for users in a group (requires SMTP AUTH)
- g_user_send_warning -
Warn manager if any user sends more than this many messages per day, e.g. 5000
- g_user_send_white -
No limit for these ip addresses/users
- g_user_sms_quota -
Number of sms messages accounts can send
- g_user_status_from -
Send status with return address of the user
- g_user_status_fromhdr -
Send status with return address of this
- g_user_status_send -
Number of days after which to send user status messages (0 = never)
- g_user_utoken_days -
Number of days a user self management login token is valid for
- g_user_utoken_expire -
Length of time a user self management login token is valid for
- g_user_utoken_idle -
Length of time a user self management login token may remain idle for
- g_user_virus_scan -
Allow virus scans for specific users instead of all users
- g_utf8_case_insensitive -
Use case insensitive compare for surgeweb and imap searches
- g_vanish_any_bounce -
Vanish all bounces, requires g_vanish_bad_bounces
- g_vanish_bad_bounces -
Vanish suspected spam bounces (requires g_received_name)
- g_vanish_relay -
Vanish bad bounces before relaying email too
- g_vanish_virus_bounces -
Vanish suspected virus bounces (requires g_received_name)
- g_verify_helo -
Verify helo name translates to same network as sending system
- g_verify_image_hard -
Use extra difficult human verification image (used in blogs)
- g_verify_mx -
Verify MX records contain senders IP address (see g_verify_mx_skip)
- g_verify_mx_skip -
Use to define incoming mail gateway ips so the mx verify doesn't fail on them
- g_verify_smtp2 -
Verify we can talk back to the SMTP port on incoming ip address
- g_verify_timeout -
Seconds to wait for SMTP response, default is 10 seconds
- g_vipre_enable -
Enable vipre scanner on windows
- g_virus_allow_unmonitorable -
Allow unmonitorable content (avast antivirus)
- g_virus_avast_attachments -
Only scan messages with suspect attachments (windows only currently)
- g_virus_avast_hour -
Hour of day to update avast definitions, e.g. 9 = 9a.m.
- g_virus_avast_old -
Enable AVAST virus scanner integration, OBSOLETE, DO NOT USE
- g_virus_cloud -
Use cloud scanner, not recommended
- g_virus_cloud_wild -
File types to cloud scan *.exe,*.com
- g_virus_cmd -
Virus checker for mime parts, use $FILE$ in cmd
- g_virus_cmd_body -
Scan raw msg file too
- g_virus_cmd_codes -
List of return codes to bounce message, e.g. 1,2,3,4,5
- g_virus_cmd_drop -
Drop silently instead of reject at data stage - not recommended
- g_virus_cmd_email -
Set if scanner can understand email message files
- g_virus_cmd_log -
Log stdout of virus command line scanner to vcmd.log
- g_virus_cmd_max -
Max concurrent threads that should run this command, if exceeded messages are not checked
- g_virus_cmd_nodel -
Disables cleanup of scanned files, so you can test manually
- g_virus_cmd_size -
Max size of messages to scan
- g_virus_cmd_sleep -
Milli seconds to wait after g_virus_cmd incase delete is not immediate, e.g 500 = half a second
- g_virus_cmd_test -
Continue after virus found to compare scanners
- g_virus_debug3 -
Testing virus scanners do not use
- g_virus_disable_local -
Disable scanning for local trusted users
- g_virus_disable_remote -
Disable virus scans for non-local addresses
- g_virus_filter -
Virus checker which works like an authent module (talk to on stdin/stdout) - vpipe
- g_virus_filter_require -
If any g_virus_filter pipe fails bounce messages rather than allow to continue
- g_virus_fprot -
Port for FProt mail scanner (usually 11200)
- g_virus_late -
Run virus scan after most spam filter processing
- g_virus_localhost -
Don't skip virus checks for 127.0.0.1 originating emails
- g_virus_recent_skip -
Skip virus recent cache which attempts to speed up virus scanners
- g_virus_rename -
Rename executables by changing '.' to '_' prevents many auto run viruses
- g_virus_rename_skip -
Skip rename for these from/to addresses
- g_virus_rename_skipauth -
Skip rename if user sending is authenticated local user
- g_virus_report -
Report detected viruses to someone
- g_virus_report_all -
Report every virus using g_virus_report
- g_virus_report_user -
Report virus to recipients
- g_virus_restart -
Restart vpipe virus scanners every this many items
- g_virus_scanner_list -
List of files to be virus scanned *.exe,*.bat,etc...
- g_virus_simple -
Enable internal simple virus scanner
- g_virus_simple_list -
List of dangerous file extensions, *.exe,*.bat,etc...
- g_virus_simple_skip -
Skip simple check for from/to addresses
- g_virus_simple_skipauth -
Skip simple virus if user sending is authenticated local user
- g_virus_simple_test -
Compare with avast results
- g_virus_simple_zip -
Check zip files for executables and block
- g_virus_skip -
Skip virus scanner for matching from envelope
- g_virus_skip_ip -
Skip virus scanner for matching ip addresses
- g_virus_strangers -
Use simple attachment filter for non friends, turn off g_virus_simple
- g_vpipe_concurrent -
Concurrent requests to vpipe process, default is 7, set to 1 to debug vpipe issues
- g_vpipe_fail_crash -
If virus scanner fails, crash surgemail (for debugging)
- g_vpipe_notag -
Disable headers showing vpipe results in messages
- g_vpipe_skip -
Skip scanner for this IP address (e.g. trusted mailing lists)
- g_vpipe_timeout -
Timeout if scanner takes this long to respond default 60 seconds
- g_warning_to -
Addresses to treat as local and send warning bounces to
- g_web_access_grp -
Restrict user groups to specific web ports
- g_web_access_ip -
Restrict access to web ports based on ip
- g_web_access_max -
Maximum number of concurrent web logins for group
- g_web_add -
Add http headers
- g_web_admin_max -
Maximum number of concurrent web admin sessions
- g_web_api_ip -
Allow access to web based API for msg access
- g_web_appsname -
Apps url name on unified web interface
- g_web_appsroot -
Apply apps interface at web root ie /
- g_web_charset -
Charset for html pages
- g_web_check_host -
Check host matches valid domain
- g_web_force_doctype_first_disable -
Disable webserver behaviour to force doctype definitions to be displayed first.
- g_web_forwarded_test -
Fake the forwarded-for header
- g_web_forwarded_uselast -
Use last address in multiple item forwarded-for header
- g_web_hide_source_names -
Hide the name of the source template page in output web pages.
- g_web_max -
Max concurrent web connections, default is 100
- g_web_max_perip -
Max concurrent web connections per-ip, default is 60
- g_web_noserver -
Disable Server header in http responses
- g_web_old_behaviour -
Revert to old style webserver behaviour
- g_web_php_exe -
Path to php.exe
- g_web_policy_always -
Break surgeweb with web policy feature :-)
- g_web_policy_disable -
Disable obscure web policy security headers
- g_web_ref_path_extension -
Path extension to add to web page image/css references.
- g_web_timeout -
Timeout for web requests
- g_web_title -
Title to use on specified web page
- g_web_trust_ip -
Trust ip address from rev proxy web server X-Forwarded-For
- g_web_url_path -
Url to path translation with access specifier
- g_web_utf8 -
Make sure all user.cgi handling is done in UTF8
- g_webdav_enable -
Enable webdav access for users (do not use)
- g_webdav_group -
Only allow webdav if member of webdav access group
- g_webdav_path -
Root path for webdav storage
- g_webdav_public -
Enable non authenticated access to pub folder (readonly)
- g_webmail_limit -
Maximum number of concurrent webmail requests
- g_webmail_popmode -
Use POP3 instead of IMAP in WebMail.
- g_webmail_port -
HTTP Webmail port to listen on, default is 7080
- g_webmail_save -
Write surgehost.ini and other obsolete webmail config info
- g_webmail_secret -
Secret string used by webmail when sending the ip address of connecting users
- g_webmail_secure_port -
HTTPS secure WebMail port, default is https 7443
- g_webmail_select_domain -
Send select_domain instead of host in webmail autologins
- g_webmail_timeout -
Timeout for webmail or any cgi process (in seconds, default 360)
- g_webmail_url -
Url to the WebMail cgi
- g_webmail_urladd -
Url data to append to WebMail auto-login link
- g_webmail_useip -
Use the ip address in g_webmail_port setting
- g_webmail_workarea -
Path to WebMail workarea
- g_winmail_fix -
Replace winmail.dat with normal attachments, requires tnef installed first http://netwinsite.com/tnef.htm
- g_winmail_reject -
Rejects all winmail.dat files - this is a bit harsh
- g_winmail_reject_send -
Stops your own users sending winmail.dat files so they can fix their email client settings
- g_work -
Workarea for temp files
- g_xauthuser_hide -
Hide X-Authenticated-User header in processed mail
- g_xfile_allow -
Allow xfile & web upload features for users. Set to '*'
- g_xrcpt_hide -
Hide X-Rcpt-To header in locally delivered mail (not recommended)
- g_xrcptoriginal_hide -
Hide X-Rcpt-Original header in locally delivered mail
- g_xserver_hide -
Hide X-Server header in processed mail
WebMail settings
- see separate
manual - further documentation to be completed