Also see the dedicated surgemail.com website with knowledge base and ticketing system

SurgeMail Configuration Settings Overview

This page is an automatically generated top level overview of all the surgemail settings.

Domain Specific Settings

abook - Define surgeweb shared address books for this domain
access_group_default - Default group to place users in
admin_access_default - Default admin features granted to domain admins in this domain
alias_file - Alias translation file for this domain, unix format
alias_max - Maximum number of aliases for this domain
assume_created_epoch - If user has no 'created' field assume they were created an arbitrarily large time in the past
att_in - Detach attachments for incoming messages
att_in_keep - Days to keep incoming attachments
att_send - Detach attachments when sending messages
att_send_keep - Days to keep sent attachments
blogs_max_per_user - Number of blogs each account can create
broad_sync - Broadsoft Sync Enable
centipaid - Enable CentiPaid feature for matching accounts
class - Define class of user for following commands to apply to
comment - Management notes and comments about the domain
create_block - Block new users from this ip
create_cleanup - Cleanup existing data before adding a user
create_delete_days - Number of days a disabled new account remains before deletion
create_disable_days - Number of days new accounts remain active for
create_image - Use verification image on signups
create_linkto - Link to redirect to after successful live account creation
create_max - Maximum signups from ip in time period
create_repass - Users must enter their password twice on creation
create_reqd - Required fields for new users, e.g. (phone,age)
create_subdomain - Allow users to have their own subdomain - NO LONGER SUPPORTED
create_tpl_dir - Relative directory (from /web) where 'netauth' pages are stored
create_user - Method for adding new users
delete_user_after - Number of days an account can remain unread before it is deleted
disable_smtp_after - Number of days an account can remain unread before delivery is disabled
disable_surgeplus - Disable SurgePlus Calendar/File Sharing
dmail_bin_path - Path for dmail bin files to automatically convert delivered mail
dmail_deliver - Deliver messages into dmail drop directories (not supported)
dmail_drop_path - Path for dmail / sendmail style drop files to automatically convert delivered mail
dmail_drop_prefix - Whether prefix is used on drop file names
dmail_hash - Hashing scheme used by dmail_drop_path and dmail_bin_path
dmail_skip_imap - Skip conversion of old imap *.mbx folders
encrypt_ifnew - Allow surgeweb ifnew options
encrypt_limit - Max encrypted msgs per user per day
encrypt_limitsz - Max size of encrypted msgs per user per day
encrypt_noconfirm - Disable confirmation for encrypted messages
encrypt_rule - Domain level rules
encrypt_smart - Encrypt smart features enabled for this domain
encrypt_subject - Subject when encrypted message sent - default is original subject
encrypt_surgeweb_hide - Hide lock icon on surgeweb
encrypt_token - This setting is not used, instead use smart and ifnew settings
enotify_from - From address to use in email notification messages
expire_age - Expire inbox mail older than (days) CAUTION!
expire_att_age - Remove attachments older than this
expire_att_size - And larger than this
expire_rule - Expire rules for specific folders, age is in days - Caution!
expire_size - and larger than this
fallback - Default address or catchall for this domain, NOT RECOMMENDED
fallback_always - Also relay to old system even if user does exist - not recommended
fallback_check - Check if user exists on fallback_relay host before accepting it
fallback_domain - Fallback domain, rcpt is rewritten @ this domain name
fallback_force - Use fallback even if user does exist as migration not started yet
fallback_mx - Use mx lookup to find ip address for fallback_relay setting
fallback_relay - Host to send messages to if user doesn't exist here
fallback_users - Path to file listing all users to user fallback_relay for
footer_file - Text footer file for this domain, FULL PATH required
footer_html - HTML footer file for this domain, FULL PATH required
forward_illegal - Ban forwards to these addresses
friends_at_rcpt - Whether to check users friends list at rcpt stage
friends_pending_name - The imap name of the friends_pending folder default is 'Friends Pending'
friends_url - Specify full url for friends release http://domain.name:port domain specific setting
from_exact - Check from matches authenticated user
gateway_to - Send all email to another server
header_add - Add header to posts 'from' this domain
host_alias - Alternate name(s) for this domain
imap_max_sync - Limit remote imap sync to this many items (not recommended)
imap_public - Share IMAP folders between users
imap_public_show - Auto subscribe public folders
inbox_archive - Archive old messages to Archives/yyyy/INBOX folder, age in days
language_default - Default language for user web interface
late_forward - Apply domain users forwarding rules after friends, spam, and filtering
ldap_anydomain - Lets users search other than their own domain in ldap
ldap_disable - Stops ldap logins by users of this domain
legal_archive_admin - Enable archive searching for domain admins
legal_archive_disable - Disable legal archive for this domain
legal_archive_hide - Hide legal archive for this domain
legal_archive_keep - Days to keep legal archive, units=days unless you specify years or months
list_disable - Disables creation of mailing lists.
list_max - Maximum number of mailing lists for this domain.
list_max_users - Maximum number of users allowed in all lists in this domain.
loginfails - Disconnect user after this many password guesses
lookup_relay_on_from - Looks up local from addresses to check for relay="true"
mailbox_path - Path to mailbox (inbox) files
manager_anyuser - Allow first domain admin to login to any users account
manager_email - Domain managers email address (for email based account creation confirmation)
manager_username - Domain managers username (for web based domain administration)
msg_max_in - Max size for messages to users in this domain, largest applied if multiple recipients
msg_max_out - Max size for messages sent by authenticated users of this domain
old_imaphost - Old IMAP server:port - transition IMAP accounts and folders if user doesn't exist
old_imaphost_always - Retrieve mail from old imap host on each login (slow - particularly for webmail)
old_imaphost_createuser_disable - Disable old_imaphost user creation on first login
old_imaphost_dom - Migration - Alternative domain on old server for login, also set fallback_domain.
old_imaphost_file - Migration based on file
old_imaphost_lowercase - Migration - All migrated folders are lowercase.
old_imaphost_nodelete - Leave mail on the old server (disables old_imaphost_always)
old_imaphost_nodomain - Strip domain from username when logging into old imap host
old_imaphost_pass - Migration based on file - password field
old_imaphost_prefix - Prefix for old imap server, e.g. mail//
old_imaphost_skip - Migration - Comma seperate wild card list of migrate folders to skip past.
old_imaphost_user - Migration based on file - user field
old_inbox_both - Use pop & imap to migrate the inbox
old_pophost - Old pop server:port - transition accounts and pending messages if user doesn't exist
old_pophost_always - Retrieve mail from old pop host on each login
old_pophost_bind - Bind outgoing connection during pop migration
old_pophost_createuser_disable - Disable old_pophost user creation on first login
old_pophost_inbox - Use pop to migrate the inbox and maintain uidls
old_pophost_nodelete - Leave mail on the old server (disables old_pophost_always)
old_pophost_nodomain - Strip domain from username when logging into old pop host
old_pophost_nofetch - Disable fetching messages from pop host
old_pophost_sep - Seperater, default is '@', e.g. some systems use %
old_smtphost - SMTP host to check for existing users (when creating new accounts)
old_smtphost_skip - Who to disable SMTP host checks for
old_xfile - Migration - Copy xfile data across
pop_min_time - Min seconds between pop logins (see warning)
pop_welcome - POP connection message
prefix - Database username prefix (deprecated, compatibility only)
proxy_pop_nodomain - Strip domain when talking to proxy pop host
quota_default - Default quota
quota_domain - Total quota for the domain, e.g. 300mb, 2gig
rcpt_msg - Response given for invalid recipient errors, message is prefixed by email address.
recycling_imap - Make recycling visible to IMAP users
redirect - Redirect messages from 'was' to the new 'to' address
redirect_cc - Send carbon copy to another address
redirect_hash - Share incoming message evenly between several accounts
redirect_max - Limits the number of redirect rules
security_suffix - Suffix for smtp/imap/pop login
send_helo - Mail host A Record name used when sending helo to other servers - requires g_send_helo_from true
sent_archive - Archive old messages to Archives/yyyy/Sent folder, age in days
sent_store - Store users message in named folder automatically, e.g. Sent
smtp_auth_off - Disable SMTP AUTH from unknown ip addresses
smtp_from_ip - Require incoming email from matching ip
smtp_welcome - SMTP connection message must start with hostname
smtp_welcome_name - SMTP welcome connection hostname
spam_block - Default for this domain to block spf etc failures
spam_noblock - Disable spf blocking for this domain
spam_strip - Strip spamdetect headers for this domain
ssl_alias - Alternate ssl host names, e.g. mail.xyz.com,pop.xyz.com,smtp.xyz.com
ssl_allow - IP Wild card list to allow SSL encryption from
ssl_hsts - Send HSTS header to prevent accidental http access. Dangerous security feature if HTTP is ever needed
ssl_pop_domain - Domain to use for ssl certificates for POP and IMAP
ssl_require_login - Require ssl for this domain if ip matches
ssl_require_web - Require https for most web features (excluding blogs file sharing and surgeplus)
ssl_wildcard - Use if your ssl certificate accepts wildcards, e.g. *.my.domain
status_url - Specify full url for status message e.g. http://domain.name:port domain specific setting
surgeplus_pop_server_name - Default POP server for SurgePlus clients
surgeplus_smtp_server_name - Default SMTP server for SurgePlus clients
surgewall - Surgewall - Proxy this domain to specified mail server
surgewall_auth - SurgeWall SMTP authentication
surgewall_capa_local - Just return local imap capa response rather than remote
surgewall_local_too - For web domain admin try local database too
surgewall_options - Various SurgeWall options
surgewall_saveusers - Save users in the local database as they login
surgeweb_backend_server - Backend server to connect to
surgeweb_backend_smtp - Backend smtp access (if non default)
surgeweb_backend_web - Backend web access - for usercgi /surgeplus (if non default)
surgeweb_custom - Surgeweb customisation level
suspend - Disable logins for entire domain
suspend_incoming - Disable delivery and give 450 retry message
url_alias - Allows translation from one url to another
url_blogs - BLOGS host A Record name (if different from MX Record name - eg. blogs.mydomain.com)
url_host - Mail host A Record name (if different from MX Record name - eg. mail.mydomain.com)
user_access_default - Default user features granted to users in this domain
user_alias - Number of aliases accounts can create
user_auto - Auto create users when a login attempt occurs
user_auto_always - Always create/reset password, other user* settings required.
user_auto_pass - Auto create users with this password on message delivery
user_centipaid - User Centipaid configuration options
user_hide_security - Hide security logs from users
user_list_quota - Number of mailing lists users can create
user_max - Maximum number of users in this domain
user_report - Daily,Weekly,Monthly, emailed to manager
user_send_max - Maximum number of emails per day (requires SMTP AUTH)
user_sms - Allow users to set up sms notifications
user_sms_quota - Number of sms messages per account
user_status_send - How often to send user status messages (0 = never)
web_access_ip - Restrict access to web ports based on ip
web_path - Path to web admin pages
web_url_path - Url to path translation with access specifier
webdav_quota - Webdav quota per user in this domain, e.g. 100mb
webmail_host - The ip address or name of the machine to instruct webmail to connect to.
webmail_url - Url to the WebMail cgi
webmail_urladd - Url data to append to WebMail auto-login link
webmail_workarea - Path to WebMail workarea
xfile_url - Url to xfile files (see surgeplus utility)

Global settings

g_about_disable - Disable about web page
g_access_group - Grouped per user access limitations
g_access_group_default - Default group to place users in
g_access_surgeweb - Apply g_access_group rules to surgeweb sessions based on client's address
g_access_surgeweb_ip - Ip addresses to allow access to surgeweb
g_access_webonly - Users in this group can only use web not imap or pop
g_acctlog_aliases - Log redirection & aliases in account usage too
g_acctlog_noauth - Log sending usage based on from which may be fake
g_acctlog_sum_inactive - Summarise local accounts that have not logged in yet as not_loggedin_yet@domain.com
g_admin_access - Domain admin features granted to access groups
g_admin_access_default - Default admin features granted to domain admins
g_admin_guesses - Max guesses per IP for web admin access, e.g. 15
g_admin_ip - Mask of valid IP addresses for web admin users (default *)
g_admin_localhost - Allow localhost web admin without user/pass
g_admin_login - Enable form based admin login
g_admin_login_ip - Limit form based login to these ip addresses
g_admin_readonly - System admins with readonly access to the management interface
g_admin_session_time - Admin session timeout (minutes)
g_admin_utoken_expire - Length of time a web admin session is valid for
g_admin_utoken_idle - Length of time a web admin session may remain idle for
g_alias_login_disable - Disable user login as alias
g_allow_bodyless - If true bodyless mail messages will be accepted (usually spam)
g_allow_passzip_from - A list of addresses to allow unmonitorable archive messages to be sent from
g_allow_passzip_to - A list of addresses to allow unmonitorable archive messages to be sent to
g_allow_user_authent_field_get - A space separated list of authent process fields that users are allowed to view for themself using the POP xauthent_field_get command
g_allow_user_authent_field_set - A space separated list of authent process fields that users are allowed to set for themself using the POP xauthent_field_set command
g_apple_bug1 - Apple bug allow content-length headers
g_apple_bug2 - Apple bug2 don't try and return bad if looping
g_arc_check - Check ARC signatures
g_arc_sign - Sign with ARC when forwarding a DKIM signed message
g_archive - Archive messages that match these rules
g_archive_bucketsize - Size for archive bucket files. Default is 1mb
g_archive_early - If true apply archiving before filtering is applied (superceeded by early flag on g_archive)
g_archive_files - Archive attachments to a directory
g_archive_on_delete_dir - Directory to archive user files to on delete
g_archive_on_delete_off - Disables archive and instead deletes the files immediately
g_archive_tcpip - Rules for TCPIP archive process
g_archive_tcpip_host - Host to send archive data too
g_aspam_headers - Add aspam information messages to messages.
g_aspam_need_ip - Require good matches to match external ip address
g_assume_created_epoch - If user has no 'created' field assume they were created an arbitrarily large time in the past
g_atrest_all - Auto encrypt all msgs when users next login
g_atrest_api - Enabe api for enabling atrest encryption - not needed
g_atrest_crazy - No recovery admin password needed
g_atrest_enable - At rest encryption. Unwise usually!
g_atrn_client - Define a rule for fetching email using ATRN protocol
g_atrn_port - Port to listen for 'atrn' (On Demand Relay) requests
g_atrn_server - On Demand Mail Relay settings to define user/pass for clients to fetch mail
g_att_enable - Allow users to enable attachment storage option
g_att_in - Enable for incoming (by default)
g_att_in_keep - Days to keep incoming attachments (2000)
g_att_info - One line text explaining about the attachments
g_att_local_only - Never detach if any recipient is non local
g_att_max - If total msg exceeds this reduce g_att_min/10
g_att_min - Min size to store, dflt 200k
g_att_path - Path to store attachments
g_att_send - Enable when sending (by default)
g_att_send_keep - Days to keep sent attachments (90)
g_attach_convert - Process matching attachments with specified command. Passed two files names
g_auth_hide - Disable SMTP Authentication for this IP List/Wild card address
g_auth_norelay - Ignore SMTP auth for relaying purposes
g_auth_norelay_webok - Allow surgeweb sessions anyway.
g_auth_path - Path to nwauth files
g_auth_skipgateway - Skip gateway rules if we get a proxy SMTP auth command
g_auth_trust - Trust authenticated user header from these servers
g_authent_addip - Send ip address as third parameter to authent module
g_authent_allow_badascii - Allow ascii chars outside the range 32 < 127
g_authent_always - Always lookup user, so virtual domains can exist just in authent module, looses existing users files
g_authent_any - Restore buggy behaviour of looking up users in domains that don't exist
g_authent_cachebad - Set the life in seconds that the cached failed lookups can be used, default 60 seconds
g_authent_cachelife - Set the life in seconds that cached authent lookups can be used, default 1 hour
g_authent_cachesize - Set the size of the authent cache, default is 500 entries
g_authent_case_sensitive - Make passwords case sensitive
g_authent_decrypt - Collect and store plain text passwords for migration in file pass.decrypted
g_authent_domain - If true add @virtual.domain.name to external user lookups, replaced with g_authent_nodomain setting
g_authent_encrypt_key - Encryption key config settings
g_authent_enforce - Days till we prevent user from logging in, NOT RECOMMENDED
g_authent_fwdfile - Enables reading of old dmail .fwd files
g_authent_info - User info names, fields and access rules
g_authent_info_grp - Fields to show to users in this group
g_authent_ip - Lookup ip numbers in authent database with @ip added, to find send_limit=n values, must define tarpit_max_remote and g_tarpit_drop
g_authent_last_login - Store users last login time in the database
g_authent_logall - Turns on logging of authent requests
g_authent_lookup - Check if accounts exist using g_authent_pass too
g_authent_nodomain - If true dont add @virtual.domain.name to external user lookups (NOT RECOMMENDED)
g_authent_number - Number of authent processes to run
g_authent_pass - Authent process to check passwords with
g_authent_path_broken - Allow authent module to return drop path, strongly discouraged, and BROKEN!!
g_authent_prefix_sep - Prefix separator, defaults to an underscore, a single character
g_authent_process - Authent process command line
g_authent_reminders - Days till we remind user to change password
g_authent_require - Days till we require user to change password
g_authent_restart - Cycle auth modules every 1000 lookups
g_authent_single - Allow local users with a single quote char in their name
g_authent_spaces - Allow spaces in passwords DO NOT USE
g_authent_strip_domain - Domain to strip when doing authent lookups
g_authent_timeout - Timeout for authent response, default 60 seconds
g_autologin_file - File to use to share auto login information on NFS based cluster
g_autologin_imap_disable - Disable IMAP based autologins
g_autologin_newlogic - Streamlined logic for surgeweb to user.cgi autologin handover
g_autologin_pop - Performs auto-logins using pop3, used by webmail
g_backtrace_disable - If true backtrace code is disabled on unix
g_bad_login_allow - Number of consecutive bad logins for a user before blocking that user
g_bad_login_dumb - Give login failures even if known address
g_bad_login_ip_allow - Number of bad logins from an ip before blocking that ip
g_bad_login_ip_ignore - IP address(es) to allow any number of bad logins from
g_bad_login_lockout - Lockout addresses permenantly - use if DOS attack
g_bad_login_mins - Minutes to block login for, if consecutive bad ones received
g_badfrom_badmx - If mx host is one of these addresses then drop the message, it's definitely spam (e.g. 127.*)
g_badfrom_check - Check env from by connecting to it, always tick 'stamp' rule too or messages will bounce! NOT RECOMMENDED. DISABLED NOW!
g_badfrom_from - From to use when doing the check, not normally needed, if set must be set to valid account
g_badfrom_noip - Check envelope from domain exists and is a valid ip number, if not reject message
g_badfrom_noip_temp - Makes g_badfrom_noip return a temporary error instead of a 501 error
g_badfrom_stamp - Instead of bouncing message, just stamp a header to show if from address is no good
g_badfrom_whitelist - List of domains that we don't try badfrom checking on (see g_smite_skip)
g_ban_blackhole - Leave connected but reject all recipients without looking them up
g_ban_from - Disconnect if this wild card matches the from envelope
g_ban_helo - Disconnect if user says 'helo xxx' (or wildcard)
g_ban_rcpt - Disconnect any user delivering to this address/wildcard
g_bank_debug - Log request to bank server
g_bank_group - Create price groups with descriptions
g_bank_log - Log lines matching this in response.
g_bank_ok - Find this in response, if found then charge was successful
g_bank_pass - Password for authenticated web request to banks system
g_bank_reason - This line is returned to user if it is found
g_bank_url - URL to charge a credit card (experimental)
g_bank_user - Username for authenticated web request to banks system
g_bind_authent_default - Bind to default if authenticated
g_bind_byfromip - Bind outgoing SMTP connections to the specified IP based on the sender IP
g_bind_from - Bind outgoing SMTP connections based on 'from' envelope
g_bind_in_always - Bind on incoming in preference to g_bind_from
g_bind_incoming - Bind outgoing SMTP connections based on incoming ip address
g_bind_out - Bind outgoing SMTP connections to this IP
g_bind_to - Bind outgoing SMTP if to address matches
g_bind_to_ip - The address to bind to
g_bind_to_name - The name to use in the ehlo
g_black_above - Level for spam detection for blacklisting ip number e.g. 10
g_black_count - Number of spam in a row before we blacklist ip for 30 minutes, e.g. 30
g_black_isspam - Blacklist ip address for any spam training event
g_black_nbad - Blacklist ip address if this many bad recipients in a row (e.g. 8)
g_black_to - Blacklist ip address if they deliver to these user@domain addresses
g_black_white - Whitelist to prevent blacklisting, e.g. 1.2.3.*,mail*.aol.com
g_block_files - Wild card list of files to bounce, e.g. *.exe,*.cmd
g_block_longok - If true allow long file names (more than 180 char)
g_block_skip - From or To address to bypass g_block_files
g_block_wild - Block wild cards in usernames
g_blogs_allow_links - Allow users to post comments that contain urls
g_blogs_cleanup_links - Delete existing posts that contain urls
g_blogs_comment_rev - Show blog comments newest first
g_blogs_default_template - Default template set that is used by newly created blogs
g_blogs_domonly - Only list blogs in a users domain
g_blogs_enable - Surgemail blogs
g_blogs_https - Use https for blog urls
g_blogs_image_optional - Allow users to specify if image verification is required for comments
g_blogs_max_per_user - Maximum number of blogs per user
g_blogs_maximum_image_size - Default maximum image size
g_blogs_maximum_image_width - Default maximum image width
g_blogs_maximum_items_in_top_page - Maximum number of items on the top blog page
g_blogs_no_suffix - Shortens URL, url_blogs must be defined for each domain
g_blogs_not_global - Only allows access to a blog onthe domain it is defined on
g_blogs_not_unique - Allow the same blog name in multiple domains
g_blogs_ping - Sites to ping on each post
g_blogs_sub_domain_prefix - Prefix to use instead of blogs. for blog subdomains. use ! to have no prefix.
g_blogs_use_sub_domains - Make blogs accessible at http://blog_name.domain/
g_body_filter - Enable user email body filtering
g_bomb_max - Max msgs to a single email address/hour
g_bomb_max_from - Max msgs from a single email address/hour
g_bomb_white - don't apply bomb_max limit if to address matches
g_bounce_bind - Use a specific ip address for outgoing bounces
g_bounce_disable - Disable all bounces (NOT A GOOD IDEA)
g_bounce_limit - Max size in bytes of message to send back as bounce, message is truncated if necessary
g_bounce_nodrop - Enables locally generated bounces for non local users
g_bounce_paranoid - Prevent external bounces going through surgemail
g_bounce_redirect - Send all bounces to a local address
g_bounce_reject - Reject bounces by ip address from known dumb mail servers
g_bounce_safe - Only send bounces to local domains
g_bounce_some_stop - Disables locally generated bounces for partial message failure - NEVER use this!
g_bounce_suggest - Send bounces to postmaster if spf cannot be verified
g_bounce_to - Domains to treat as local and send bounces to
g_bounce_to_recipient - Bounce suregewall failure to the recipient
g_breakin_enable - Stop multiple ip logins for one account in a few seconds
g_breakin_n - Number of different ip's that trigger a lockout, default is 8
g_breakin_short - Match on 1.2.3.* for ip addresses, helps with google sending
g_breakin_white - Email addresses that can send concurrently from mulltiple ips (use * to allow everyone)
g_breakin_window - Window in seconds, default is 300
g_broad_noadd - Disable buttons on message
g_broad_pass - BroadSoft pass
g_broad_port - BroadSoft port
g_broad_server - URL to BroadSoft server
g_broad_url - URL to this server
g_broad_user - BroadSoft user
g_bughunt_enable - Enable specific bughunt logs
g_bull_maxage - Delete bulletins over maxage days
g_bull_rule - Post bulletins to this domain
g_byname_old - Enable old slow domain lookup functions
g_calendar_version - CalDAV / SabreDAV calendaring configuration version number
g_callhome_disable - Disable misc features that reference netwinsite
g_centipaid - CentiPaid address and port
g_check_date - Reject messages if date is in the future
g_cid_skip_to - Skip CID score, good for lawyers etc
g_comment - Management notes and comments about the server
g_con_gateway - Connection limit per ip also applies to gateways
g_con_perip - Connection limit per ip - sum of SMTP/POP/IMAP (if over refuse connection)
g_con_perip_except - Exception IP addresses to g_con_perip
g_con_persubnet - Global concurrent connection limit per ip subnet x.x.x.*
g_con_peruser - Connection limit per user for imap/pop. Set above 20
g_con_peruser_except - Exception users to g_con_peruser, include domain name
g_convert_percent - Convert % to @ sign in rcpt address
g_cookie_secure - Set all cookies to secure mode on https connections
g_country_allow - user@domain list to bypass country_login rule
g_country_allowip - Ip addresses to bypass country_login rule
g_country_ip - Tag messages with country of origin
g_country_login - List of countries to allow logins from, 2 letter codes
g_country_url - Url service for geo location checking
g_cpu_notest - Disable cpu busy test
g_cpu_slow - Email warning if no cpu for this many seconds
g_crash_NOLOGGING - Crash without any logging on windows
g_crash_nomini - Crash without minidump on windows
g_crash_normal - Crash without catching signals 10,11 so good core dump on freebsd
g_crash_simple - Crash simpler for solaris to avoid deadlock situation
g_create_allow - List of characters allowed in usernames
g_create_allow_pass - List of characters allowed in passwords, - is a range
g_create_apply - List of user groups to apply create_* settings for.
g_create_apply_admin - Apply allow* rules to the administrator
g_create_badnames - List of illegal usernames
g_create_cleanup - Cleanup existing data before adding a user
g_create_dictionary - File containing dictionary words to compare passwords to
g_create_pass_digit - Require one digit and letter in a password
g_create_pass_length - Limit the length of user passwords
g_create_pass_mixed - Require mixed case passwords
g_create_pass_notuser - Ban password containing username
g_create_pass_recheck - Recheck passwords during login and warn user if g_hack_touser is true
g_create_pass_recheck_text - Added to end of recheck email to give users a url to a help page
g_create_pass_slack - Slacken restrictions on trivial password creation
g_create_pass_special - Require special character, e.g. !@#$%^&*(){}[];:?><.,
g_create_record_ip - Causes surgemail to store ipnum in the authent database
g_create_strict - Whether to apply strict rules to usernames/passwords
g_create_strict_admin - Enforce strict rules for admins too, set g_create_strict AS WELL!!
g_create_user_length - Limit the length of usernames
g_date_add_utc - Add UTC if date header is missing it
g_dbabble_links - Add web links to DBabble from other web interfaces (and vice versa)
g_dbabble_smtp_port - DBabble SMTP port (do not manually change this setting - it should be set from the DBabble section of the web admin interface only)
g_dbabble_smtp_prefix - DBabble SMTP prefix (do not manually change this setting - it should be set from the DBabble section of the web admin interface only)
g_debug_block - For catching bugs in block file processsing
g_debug_body - Save msg body during processing
g_debug_check - Use more dmalloc debugging, some performance impact. Also set g_debug_free
g_debug_crt - Some CRT debugging on windows, do not use
g_debug_free - Check free memory isn't corrupted - slows performance slightly
g_debug_freepc - 0-100 percent of malloc/free's to check later
g_debug_image - Save image thumbnail files to find bug
g_debug_imap - Log imap folder renames and deletes in kmsg.log
g_debug_ini - Debugging, don't use this
g_debug_ncpy - Debug ncpy function
g_debug_ncpy2 - Debug ncpy clear only
g_debug_padpc - 0-100 percent of malloc/free's to pad
g_debug_timing - Record dfopen timing, tellmail dfopen_stats
g_debug_vanished - Name of file to check for, if file vanishes, crash
g_delete_exclude - Field and value that excludes an account from g_delete_user_after
g_delete_user_after - Number of days an account can remain unread before it is deleted, NOT automatic! see docs!.
g_delete_user_mode - Action when account is due to delete (write a command file etc...)
g_delete_user_suspend - If suspending an unread account set this field/value.
g_deliver_robot - Robot/Script to run at delivery time $FILE$ AND $TO$ parameters
g_demo - Demo mode lock unsafe admin features
g_demo_to - Demo mode valid external destinations
g_deny - Block users from some ip addresses
g_deny_country - Block email from some countries, use 2 digit code not the full name, see IpToCountry.csv, turn on g_country_ip!
g_deny_log - Log g_deny rejections to msg.log - can clutter log
g_deny_login - Block users from some ip ranges logging in
g_deny_msg - Change the message for blocked ip addresses
g_deny_smtp - Block users from some ip ranges connecting to SMTP only
g_disable_exclude - Field and value that excludes an account from g_disable_smtp_after
g_disable_qnum - Disable qnum msg header
g_disable_skip - Ip address of senders to accept email from even if user account is disabled due to g_disable_smtp_after
g_disable_smtp_after - Number of days an account can remain unread before delivery is disabled
g_disable_surgeplus - Disable SurgePlus (SurgePlus is obsolete and not supported)
g_disable_surgeplus_updates - Disable automated downloading of new versions of SurgePlus client from netwinsite.com
g_disk_debug - Log slow disk access n
g_disk_warning - Give manager warning if disk % exceeded, default 95%
g_diskio_abort - Shutdown if diskIO failure on queue files
g_dkim_allow - From addresses to not enforce dkim for
g_dkim_allowip - From ip addresses to not enforce dkim for
g_dkim_alt_domains - Use selector 'alt_name' for these domains
g_dkim_alt_name - Name of selector to use
g_dkim_always_force - Always uses force from even for local domains
g_dkim_check - DKIM Check incoming DKIM signatures
g_dkim_exclude - DKIM Domains to not sign for outgoing email
g_dkim_force_from - Replacement from header to use for non local domains
g_dkim_headers - DKIM List which headers to sign (blank=default, and is usually best)
g_dkim_legacy_only - Revert pre 8.0f1 behaviour (DO NOT USE)
g_dkim_lockfail_retry - If dkim lock fails retry later (as opposed to sending without signing)
g_dkim_noforce - Don't replace from for these domains
g_dkim_nogateway - Don't sign if gateway rule used
g_dkim_only - DKIM Domains to sign for outgoing email (default is all)
g_dkim_return - Sign if 'return path' matches g_dkim_only
g_dkim_selector - DKIM Policy name for your server (used creating dns entry for dkim)
g_dkim_sign - DKIM Sign outgoing messages
g_dkim_skip - DKIM Destination Domains to not sign
g_dlist_nolocal - Remove add local button from mailing lists
g_dlist_nostart - If set then don't start dlist (dmail compatibility)
g_dlist_one - Only allow one recipient if message is to a mailing list
g_dlist_path - DList Path NOT SUPPORTED do not use! Also set in dlist.ini
g_dlist_spam - Link list to user account
g_dmail_filter - DMail compatible filter.txt file
g_dmarc_allow - Allow user@domains to bypass dmarc, e.g. *@xyz.com
g_dmarc_enforce - Enforce dmarc reject / quarantine more strictly do not use
g_dmarc_none_quarantine - Treat a 'none' policy as quarantine rule
g_dmarc_quarantine - If true store in spam folder if policy is quaratine
g_dmarc_use - Reject and quarantine based on DMARC use this
g_dmarc_whitelist - Use and share reputation data for dmarc whitelisting
g_dns_blank_fail - NEVER USE! Bounce email if dns response blank rather than retry
g_dns_cache_size - Set size of forward dns cache, default 7000
g_dns_disk - Enables DNS disk cache
g_dns_host - Host to send DNS lookups to
g_dns_match_msg - Message for stamp or bounce if forward and reverse lookup don't match
g_dns_nlookup - Concurrent DNS lookups to send to DNS server, default=20
g_dns_nocache - Disables DNS cache for spf lookups (20 minute life)
g_dns_noptr - Set to reject or retry, for ip addresses with no reverse dns entry (rdns)
g_dns_noptr_msg - Message for stamp or bounce if DNS lookup fails on ip address
g_dns_noptr_skip - Skip RDNS for these ip addresses
g_dns_paranoid - Compare forward and reverse dns lookup and check they match (set to STAMP or REJECT) not recomended
g_dns_require - Require MAIL FROM header matches senders ip reverse dns
g_dns_retryretry - Retry lookup on next server if retry error
g_dns_system - Use system code to do reverse lookups
g_dns_test_blank - Break dns lookups to test how it's handled
g_dns_threaded - Enable threaded dns lookups
g_dns_translate - If mx response is x.x.x.x translate to y.y.y.y:port
g_dns_unthreaded - Disable threaded dns lookups
g_domadmin_utoken_expire - Length of time a domain admin login token is valid for in seconds
g_domadmin_utoken_idle - Length of time a domain admin login token may remain idle for
g_domain_create_auto - Auto create domain if it doesn't exist when creating a user
g_domain_create_route - Auto create route to mx mail server
g_domain_default - Default domain if user does not enter a domain on pop/imap login
g_domain_list_max - Maximum number of domains to list at once
g_domain_separator - Separator character for virtual domains
g_domain_templates - Check for domain specific templates
g_domuser_file - Domain user file. Create thousands of virtual domains easily
g_dotlock_minutes - Minutes to wait for NFS lock file, default 20 minutes
g_dotstuff_fix - Debugging setting, do not change or bad things will happen
g_doweb - Do web part only
g_download - Fetch an http file and do an ini reload
g_drop_use_len - Use the content-len header for drop file processing (Solaris)
g_dsn_enable - Enable DSN (Delivery Status Notification) esmtp extension.
g_dsn_loggedin - Enable DSN (Delivery Status Notification) for trusted senders.
g_dsn_nofinal - Try not to show real final recepients but just original recipients
g_ehlo_8bitmime - Enable 8bitmime in ehlo response (NEVER USE)
g_ehlo_fault - Internal - for generating/testing faulty ehlo responses
g_ehlo_log - Log ehlo/bind to msg*.rec logs
g_ehlo_simple - Ip addresses to give simple ehlo respone to
g_ehlo_smtputf8 - Enable smtputf8 for matching ip addresses (NEVER USE)
g_emailreg_enable - Enable whitelist http://www.emailreg.org register to use
g_encrypt_config - Encrypt some config settings (passwords)
g_encrypt_disable - Disable encryption
g_encrypt_expire - Days to keep encrypted messages, default 60
g_encrypt_inline - Use INLINE method by default
g_encrypt_limit - Max encrypted msgs per user per hour
g_encrypt_max - Max encrypted per day server wide
g_encrypt_nodomain - Allow encryption for users without local domains
g_encrypt_nofwd - Don't encrypt forwarded
g_encrypt_noip - Don't encrypt if from this ip range
g_encrypt_nolate - Disable encryption on late forwarding
g_encrypt_none - Don't encrypt if subject starts with this
g_encrypt_nowater - Show this if no water mark defined yet
g_encrypt_path - Path to encrypted files, this is not supported when mirroring!
g_encrypt_prefix - Prefix for encrypted messages must match encrypt rule so replies are encrypted
g_encrypt_pw_host - Central host for encryption password storage
g_encrypt_pw_key - Central host password key
g_encrypt_reminders - Days before we send users a reminder to change passwords, not recommended
g_encrypt_reply_plain - Send plain message for local replies
g_encrypt_reset_easy - Send the reset request dirctly to the destination user - security risk!
g_encrypt_reset_msg - Msg Body sent when password has been reset
g_encrypt_reset_safe - When users password is reset, delete all messages to them
g_encrypt_reset_sender - Msg Body sent to sender when password reset requested
g_encrypt_reset_user - Msg to person when they click on reset password button
g_encrypt_rule - Matches will be encrypted when sent
g_encrypt_smart - Smart Encrypt Private Feature (not available)
g_encrypt_ssl_force - Require ssl on incoming encrypted messages
g_encrypt_ssl_noforce - Exceptions, e.g. surgeweb or localhost
g_encrypt_surgeweb_show - Show SurgeVault in SurgeWeb
g_encrypt_unlock - Unlock for these destinations. e.g. user@domain
g_encrypt_wall - Encrypt surgewall msgs
g_enotify_from - From address to use in email notification messages
g_eof_fix_off - Turns off auto stripping of control+Z
g_error_xlate - Change error messages
g_event_list - Events wanted by url
g_event_url - Send msg events to a url
g_everyone - Create alias $everyone@domain.name
g_expire_all_rules - Scan all users for rule files (not needed usually)
g_expire_every - Only expire spool once every 'n' days
g_expire_onlyunread - For the inbox only expire message if they are unread
g_expire_silent - Don't send users emails telling them what was expired.
g_expire_trash - Expire any messages found in trash folders after 7 days
g_expire_warning - Give warning 'n' days before deleting each file
g_external_all - Tag messages from friends too
g_external_dlist - Tag messages arriving for mailing lists
g_external_ip_disable - Do not add X-External-IP header
g_external_msg - Msg to insert at the top of external mails
g_external_only - Enable only these destinations
g_external_spam - Tag messages in spam folder too
g_external_style - css style for the warning
g_external_warn - Tag external messages from non friends
g_external_white - Disable for return path matches
g_external_white_to - Disable for these recipients
g_fallback - Default address for all local domains
g_fallback_relay_if_exists - Use FALLBACK_RELAY if not logged in but user exists (OLD_POPHOST_CREATEUSER_DISABLE)
g_fast_time_off - Disable faster time function
g_feat_testing - Testing setting do not use
g_filter_max - Max size for items to be sent to filter_pipe, or g_user_pipe, default no limit
g_filter_n - Concurrent filters to run at one time, default is 20
g_filter_pipe - Filter program that accepts msg on stdin and sends on stdout
g_filter_pipe_headers - Re-read headers after pipe finishes
g_filter_pipe_noauth - Skip for auth users
g_filter_pipe_skip - Skip filter if ip matches this
g_filter_timeout - Filter timeout in seconds, default is 360
g_find_wrong - Find domain based on IP even if url suggests other vdomain
g_fix_crcrlf - Fix email messages containing crcrlf for line termination, NEVER USE
g_fix_imap_lf - During IMAP import fix email messages containing lf
g_footer_auth - Only add footer for authenticated local users
g_footer_file - Footer file full path required
g_footer_html - HTML Footer file, full path required
g_footer_notfound - Only add footer if footer is not in message already
g_footer_send - Footer file added to outgoing messages only (do not use with DKIM)
g_footer_sendonly - If true only add footers when sending to non local users
g_footer_skip - Skip footers for these users
g_footer_skipfound - Only add footer if this text is not already in the message, requires g_footer_notfound
g_footer_trusted - Only add footers if sender is trusted
g_forward_attach - When late forwarding send as attachment to these domains
g_forward_fixfrom - When late forwarding rewrite from/return path as local user, use G_SPF_NOREWRITE
g_forward_illegal - Ban forwards to these addresses
g_forward_oops - Internal testing setting, not for general use sorry
g_friends_add_trusted - Add to friends list when if sender is trusted
g_friends_allow_spf - Allow all email through as if it was a friend during temporary allow
g_friends_always - Always use friends list.
g_friends_at_rcpt - Whether to check users friends list at rcpt stage
g_friends_autodom - Auto whitelist friends based on domain/ip
g_friends_bounce_friend - Allow exception rules to bounce a mesesage from a friend
g_friends_bounce_rej - Reject blank return path as friends failures
g_friends_bounce_second - Bounce the next time the user sends a message if waiting for confirm still
g_friends_byemail - Use old email based friends rejections
g_friends_check_spf - Disable friends bounces if SPF headers missing/failed to avoid backscatter.
g_friends_cleanup - Cleanup/repair large friend.lst files
g_friends_confirm_debug - Log sucessful friends confirmation responses
g_friends_confirm_subject - String to use as the subject of a friends confirmation email
g_friends_daemon_ok - Accept emails from any mailer deamon
g_friends_debug1 - NEVER USE, only for NetWin testing
g_friends_default_autoadd - Default auto addition when sending (recommended)
g_friends_default_mode - Default friends mode, smite (recommended) silent, or list
g_friends_global_add - Add to a global friends list if ip matches and sender doesn't match authenticated user
g_friends_global_auto - Enable global friendslist
g_friends_global_exclude - Addresses not to auto add, e.g. *@paypal.com
g_friends_ignore - List of addresses considered friends for all users on the system
g_friends_ignore_trusted - If from trusted ip still apply friends
g_friends_lang_auto - Set users language settings automatically based on observed emails from friends
g_friends_latest_headers - Causes friends to re-read message headers, allowing rules based on headers added during delivery
g_friends_local_match - If from!=returnpath and one is local, then block friends match
g_friends_long - In friends web release addresses use a longer url
g_friends_msg - Message used for friends bounce.
g_friends_msg_link - Message used for friends link bounce.
g_friends_name - What to call the friends system on pages and in email
g_friends_obey_spf - If SPF failed then no friends match allowed for local domains
g_friends_old_status_email - Use older status email & processing
g_friends_only - Enable friendonly features - must be enabled by users too
g_friends_pending_keep - Number of days to store users pending messages, default 14
g_friends_pending_max - Max items in pending before deleting them
g_friends_pending_name - The imap name of the friends_pending (and spam store) quarantine folder - should match surgeweb imap_spam_folder - default is 'Friends Pending'
g_friends_pending_vanish - Enable auto-vanish of pending messages on confirmation bounce
g_friends_release_wash - Clean any subject marking (ie stars) when releasing/allowing
g_friends_rotate - Rotate user level log file, default 30k
g_friends_safer - Make friends always avoid back scatter.
g_friends_silent - Disable friends responses to users
g_friends_silent_level - If spam score above this then don't send friends message
g_friends_skip_ip - List of ip addresses considered friends for all users on the system
g_friends_spam_score - Default level to quaranteen message in spam folder (Recommended 8 or 10)
g_friends_spf - Refine friends matching using spf/dmarc when possible
g_friends_spf_fail_bounce - Bounce SPF failures, do not send friends confirmations (Not recommended)
g_friends_status_sort - Sort friends status messages with low scores at the top
g_friends_testurl - Test g_friends_url and status_url and url_host work externally
g_friends_url - Specify default global url for friends release http://domain.name:port
g_friends_use_https - Use https port for friends urls
g_friends_warnonce - Give bounce on only the first message
g_from_allow - Other email addresses we allow, e.g. *@x.y.com,*@b.com,fred@bb.com
g_from_allow_ip - IP addresses to bypass local from check
g_from_allow_to - destination user to bypass local from check
g_from_bl - Domain Based Blacklist Zones, lookups FROM domain in dns
g_from_body_bounce - Reject if local from header address is probably faked
g_from_bounce - Reject if local from envelope address is probably faked
g_from_check - Check from domains match valid local domains if user is authenticated, or g_from_allow
g_from_domain - Default domain for from envelope
g_from_domain_match - Force domain of from and return path to match for outgoing email
g_from_exact - Check from matches authenticated user
g_from_force - From address for all sent messages
g_from_header - From header used in delivery bounces
g_from_list_too - Also enforce from rules from lists
g_from_must_exist - Require local from addresses to exist or reject mail
g_from_noforge - If envelope or from is local domain then the other must be too
g_from_noforge_some - If from matches this then from/envelope must match
g_from_noforgeme - If to==from then from and env from must match
g_from_noforgename - If from contains two addresses the domains must match
g_from_nofriend - If forge setting would bounce message then allow message but don't allow friend match
g_from_ok - Whitelist for invalid from addresses we will permit
g_from_relay - If not authenticated and g_relay_allow_ip matched then block if not local domain or whitelisted
g_from_relay_white - White list of domains for g_from_relay setting
g_from_rewrite - Rewrite from envelope for outgoing email, e.g. *@this.domain -> %1@another.domain
g_from_rewrite_header - Rewrite the from header as well
g_from_rewrite_sender - Rewrite the sender header as well
g_from_stamp - Stamp if local from address is probably faked
g_from_timeout - Timeout when checking bad from addresses, default 60 seconds
g_from_valid - Require an @ and dotted domain in all return addresses
g_gateway - Gateway messages for that domain to the specified address
g_gateway_allow - Known hosts that act as incoming SMTP or surgewall servers for us
g_gateway_always - Always send to gateway even if local domain exists
g_gateway_auth - Send SMTP auth requests to another host
g_gateway_data - Gateway at the data stage
g_gateway_from - Pass 'from' header thru during gatewawy check
g_gateway_helo - Header that must exist in incoming bounces (g_send_helo) or bounces are dropped
g_gateway_ifnot - Send local deliveries to scanner (using gateway rule) before delivering locally, deliver locally if from ip matches
g_gateway_ignorewild_ip - Ignore * gateway rules if from ip matches (allows outbound email scanning using gateway * to external scanner)
g_gateway_mx - If specified IP address is found in mx record for destination then allow relay (not recommended)
g_gateway_open - Allows an open relay setting in g_gateway
g_gateway_orcpt - Writes an original receipt header when forwarding a message, this may disclose multiple recipients, cc/bcc etc use only for tracking faults
g_gateway_shuffle - Round robbin shuffle of to ip addresses for gateway rules
g_gift_disable - Disable check for imap gift hacker
g_group_field - Auth field to add to group membership
g_gzip_disable - Disable gzip web compression
g_hack_detect_disable - Stop admin emails when users login with a weak password
g_hack_msg - Message to send to users with a weak password
g_hack_noemail - Disable weak password reports
g_hack_report - Address to send weak password reports to
g_hack_touser - Send warnings about hacking directly to users
g_hack_url - Url for users to change password
g_hacker_alert - Email manager if address is locked out
g_hacker_days - Days to keep ipaddress locked out, default 7
g_hacker_fwd - Email manager if user sets fowarding rule
g_hacker_max - Login guesses for one ip address before we lockout the ip address
g_hacker_more - Be more restrictive, don't allow /24 netblocks based on loginip
g_hacker_password - If hacker attempts to login with account name as password, then blacklist ip
g_hacker_passwords - Failed logins that use these passwords will lockout the ip address
g_hacker_poison - Poison accounts. Instantly blacklist ip address e.g. root@*
g_hacker_star - Lockout users who say * at us
g_hacker_timeout - Lockout users who timeout smtp connections
g_hacker_weak - If user tries weak password, lockout ip address
g_hacker_whitelist - Ip addresses to avoid guessing issues
g_header_out - Header to add to outgoing posts
g_header_strip - Strip listed headers from incoming messages
g_helo_optional - Helo is optional for SMTP protocol (not recommended)
g_help_local - Make all help references to the local help files
g_help_url - Link to another website for help instead of surgemail.com
g_home - Home path of server configs log etc
g_honeypot_key - Key for HTTP RBL service www.projecthoneypot.org - not recommended
g_honeypot_rbl - RBL name to lookup, typically dnsbl.httpbl.org
g_host_alias_sni - Fix fault where host_alias matches domain rather than ssl name
g_host_ip - This host public IP address
g_host_redirect - Redirection based on host for surgeweb's https_required redirection
g_http_11 - Use http 1.1 requests to netwinsite (do not use)
g_http_add_header - Add generic headers to web responses
g_http_proxy - Proxy web server for fetching files from netwinsite.com if direct access fails
g_imap_acl - Enable ACL (shared folders) in imap
g_imap_acl_prefix - Changes prefix from ~ to ^ to fix IOS bug
g_imap_allow_trailing - Allow leading/trailing spaces on folder names on linux, not a good idea
g_imap_auto_create - Create folders matching this list in response to 'select' commands
g_imap_auto_subscribe - Auto subscribe folders for users
g_imap_blacklist - Test if imap users are in rbl's and email admin
g_imap_capa - Where to get the CAPABILITY value from
g_imap_capa_strip - Capability values to hide
g_imap_cram_enable - Enable CRAM-MD5 authentication (requires nwauth 4.0h or greater)
g_imap_debug - For NetWin use only
g_imap_delay - Glob data into bigger packets, never use this
g_imap_expunge_close - Expunge on every close, not recommended
g_imap_folder - Type can be: Trash,Junk,Sent,Drafts,Archive
g_imap_folder_create - Auto create default folders for Trash/Sent etc
g_imap_friends - Make the friends_pending folder visible in imap
g_imap_idle_free - Releases threads in 'idle' state DO NOT USE
g_imap_idle_nsf - The number of seconds before a complete directory rescan. To be used on NFS network drives
g_imap_inactive_free - Releases threads not active DO NOT USE
g_imap_log - Enable imap.log logging
g_imap_log_body - Log imap fetch body commands to msg*.rec log files
g_imap_log_copy - Log imap copy commands to msg*.rec log files
g_imap_log_flush - Flush imap log on every write (for debugging)
g_imap_log_header - Log imap fetch header commands to msg*.rec log files (not usually needed)
g_imap_log_main - Log imap to mail.log too (not recommended)
g_imap_log_protocol - Log more of the protocol
g_imap_log_size - Size of imap.log file
g_imap_log_user - Log imap info to imap.log in users mdir folder
g_imap_loop_report - Report imap loops of bad email clients
g_imap_max_limit - Limits messages being put in folders
g_imap_max_messages - The number of messages in a single imap folder, default 200000
g_imap_maxbusy - Limit for concurrent requests per user, user is throttled if exceeded dflt 8
g_imap_maxdup - Max duplicate imap fetch commands before we throttle connection, default 500
g_imap_move - IMAP move extension
g_imap_no_internal_date - Disables internal date which helps stupid outlook client show correct dates
g_imap_old - Revert to old imap module
g_imap_old_ip - Revert to old imap module for some ip's
g_imap_pop_burst - Always burst using imap code
g_imap_port - IMAP port to listen on, default is 143 (needs restart)
g_imap_search_body - Build and use indexes for imap body searching
g_imap_search_index - Build and use indexes for imap header searching
g_imap_search_noattach - Skip non text attachments when searching
g_imap_search_text - Use only body and header indexes, fast but won't get all matches
g_imap_search_timeout - Limit on imap search, default is 180 seconds
g_imap_secure_port - IMAP SSL secure port to listen on, default is 993
g_imap_size_fetch - If true, will display message sizes on fetch command. (ie * 123 EXISTS)
g_imap_spam_train - Train if moving message to 'spam' folder, or from 'spam' folder to inbox
g_imap_status_cache - Cache imap status responses (Obsolete, use _stored setting)
g_imap_status_stored - Keep imap folder counts stored on disk
g_imap_sync_all - Apply imap_max_sync to all folders
g_imap_sync_nomax - Exception to imap_max_sync setting
g_imap_testing - Test imap module instead of normal one (not functional)
g_imap_throttle - Limit for sustained imap commands per second before warning admin, default is 5
g_imap_throttle_exclude - Users who are not limited
g_imap_throttle_limit - Daily mb download limit before applying throttle speed, e.g. 500
g_imap_throttle_speed - Limit to this speed in bytes per second when throttling, e.g. 50k
g_imap_timeout - Time, in minutes for imap timeout, RFC required default is 30
g_imap_timeout_login - Timeout prior to login in seconds
g_imap_timezone - Timezone to display - for testing purposes only NOT USED
g_imap_trash_nocopy - Prevent copying from Trash to Trash folder
g_imap_uidl_nofix - If true, disable auto repair of identical uidl entries
g_imap_unsub_auto - Unsubscribe if a folder doesn't exist
g_imap_use_nil - Give NIL instaed of empty response (do not use)
g_imap_user_flags - This setting may confuse some email clients (mac) use with cautioun
g_imap_user_moreflags - Allow unlimited flags
g_imap_warn_big - Warn user if inbox or sent has more than this many messages
g_inbox_archive - Archive old messages to Archives/yyyy/Inbox folder, age in days
g_inbox_max - Max messages permitted in inbox e.g. 5000
g_inbox_nolimit - Users with no limit on inbox
g_include - Include another ini file global settings only
g_iplimit - Untrusted local ip addresses e.g. web servers, special sending limits applied.
g_iplimit_islocal - Add domains to list of domains considered local for limit counting
g_iplimit_local - Max sends from untrusted ip to local domains per 30 minutes.
g_iplimit_remote - Max sends from untrusted ip to remote domains per 30 minutes.
g_iplimit_whitelist - List of 'from' addresses that should bypass limits
g_ipv4_only - List of hosts/mx that should NOT use IPV6 addresses
g_ipv6_enable - Enable IPV6 networking only use if you have an IPV6 address for some reason
g_ipv6_notrim - Prevent automatic conversion of ::ffff:x.x.x.x to x.x.x.x
g_ipv6_only - List of hosts/mx that should NOT use IPV4 addresses
g_kann_test - Testing spam module do not use
g_keepalive - Attempts to use keepalive for the web sessions (experimental & faulty currently)
g_key_manual - Try and activate automatically when the key expires
g_key_nowarning - Disable reminders to update your license
g_known_skip - Disable the bypass of known ip addresses from spf failures
g_language_default - Default language for user web interface
g_last_login - If true create last_login file each time user logs in via imap/pop. Do not use on MIRROR systems
g_last_login_days - If last login is more than this many days then reject email - do not use on mirrors
g_late_forward - Apply all users forwarding rules after friends, spam, and filtering
g_late_skiplocal - Skip late forwarding for local destinations
g_ldap_forward - Remote ldap server to forward requests to (only for testing do not use)
g_ldap_outlook_browse_max - Basic outlook ldap address browsing, max items (KEEP THIS SMALL eg <50): default=0 (disabled)
g_ldap_port - LDAP port, set to 389 to enable simple address book lookups only. (NOT YET FULLY FUNCTIONAL)
g_legal_archive_accesskey - Amazon s3 awsaccesskeyid
g_legal_archive_add - Users must belong to this group to get their email archived
g_legal_archive_body - Allow body searching, very very slow
g_legal_archive_bucket - bucket for for net service
g_legal_archive_early - Store to archive before phishing changes
g_legal_archive_enable - Enable legal archive
g_legal_archive_encrypt_key - Key for encrypting the data, you MUST never loose this
g_legal_archive_exclude - Accounts to exclude e.g. hr@xyz.com,*@doctor.com
g_legal_archive_hostid - Unique integer for this host 1-9 use if sharing mail spool
g_legal_archive_keep - Days to keep legal archive, units=days unless you specify years or months, default 5 years
g_legal_archive_local - Store files locally only
g_legal_archive_mirror - Mirror the archive, also use tellmail resync_archive
g_legal_archive_nofail - Don't bounce messages if archive fails
g_legal_archive_only - Drop all messages after archiving them!
g_legal_archive_path - Local path for archive indexes
g_legal_archive_secretkey - Amazon s3 awssecretkey
g_legal_archive_show - Users must belong to 'archive_show' group to see their own archive
g_legal_archive_spam - Store files even if identified as spam (OBSOLETE)
g_legal_archive_trim - Trim messages to max size e.g 20mb
g_letsencrypt - Path to find letsencrypt certificates (obsolete)
g_lf_fix_list - Enable lf fix for faulty email clients
g_lf_fix_off - Disable lf fix, obsolete SEE g_lf_fix_list
g_local_skipgateway - If true skip gateway rule for local messages (bounces etc)
g_log_bounce_disable - Stop bounce reject entries filling up log (typically from spam bounces)
g_log_date_old - Log old short date in log files
g_log_disable - Disable most logging - not recommended
g_log_dns - Log dns responses in gory detail
g_log_dns_mx - Only log MX lookups
g_log_dns_only - Only log lookups for this domain
g_log_dropped_disable - Don't log if no 'data' command sent
g_log_fakemid - Header to use instead of message-id in log files
g_log_flush - Flush log file after every write
g_log_fwd - This setting is obsolete and has no effect
g_log_level - Level of logging, info, debug, error
g_log_norcpt - Disable Log individual recipients in msg.rec files
g_log_password - Log password failures to login_failed.log
g_log_path - Directory for log files, defaults to G_HOME
g_log_pid - Log PID in log lines
g_log_quota - Log quota for specified user
g_log_reject_disable - If true then rejects are not recorded in .rec files
g_log_size - Size of each mail*.log file (e.g. 5mb)
g_log_slow - Do slower logging system
g_log_ssl_fail - Log SSL failures to msg.rec
g_log_start_norotate - Don't rotate log on startup
g_log_syslog - Send 'msg.rec' entries to syslog
g_log_syslog_debug - Send 'mail.log' entries to syslog as 'mail.debug' data
g_log_syslog_host - Specify host to send syslog entries to (windows only)
g_log_syslog_only - Disable writing to msg.rec
g_log_syslog_port - Default is 514 (windows only)
g_log_tcp_read - Log actual tcp read data - for matching ip addresses - avoid
g_log_tcp_write - Log actual tcp write data - for matching ip addresses - avoid
g_log_thid - Log thread id in .rec files
g_log_user - Log pop/imap/smtp protocol for specified user
g_login_log_size - Size of login.log file
g_lookup_names - Lookup ip names of connecting users (can be slow)
g_lookup_reject_fails - If lookup cannot get a name, reject user (not generally recommended)
g_lowdisk_mailbox - Disksize warning limit for mailbox_paths
g_lowdisk_warning - Disksize below which to send a warning to the system manager
g_mailbox_inbox - Path for inboxes (experimental, do not use!)
g_mailbox_path - Default directory to store mail
g_maildir_imap_max - Use imap max setting, defaults to 100,000
g_maildir_max - Max messages in a POP folder, do not adjust
g_maildir_netwin - Use NETWIN proprietry storage format - Not Recommended
g_maildir_report - Email manager on ndb errors
g_maildir_standard - Use more standard maildir layout (NOT SUPPORTED)
g_mailstatus_message - Error message to give when mailstatus is set to specified state
g_manager - Email address of manager
g_manager_port - HTTP Manager port to listen on, default is 7026
g_manager_secure_port - HTTPS secure Manager port, default is https 7025
g_manager_smtp - SMTP server for error reporting
g_manager_username - Global domain managers username (for web based domain administration)
g_max_bad_ip - Max bad recipients per ip address before blocking that ip
g_max_bad_ip_skip - Skip g_max_bad_ip tests
g_max_bad_ip_time - Seconds to block guessing hackers
g_max_bad_nolookup - Max bad recipients in a row, if exceeded skip user lookup
g_max_bad_to - Max bad recipients in a row
g_mdir_hash - Hashing mode for surgemail (not supported, use at your own risk)
g_mdir_prefix - Prefix for maildir folders DO NOT USE THIS SETTING, NOT SUPPORTED!!!
g_mfa_backup_email - Alternate MFA using recovery email address
g_mfa_backup_sms - Alternate backup MFA using SMS (requires g_twilio to be configured)
g_mfa_nicer - Nicer surgeweb MFA workflow (RECOMMENDED, enables settings below)
g_mfa_require - Force users to turn on MFA to use SurgeWeb
g_mfa_webtrust_disable - Disable 'Trust this browser' long duration MFA trust tokens
g_mfa_webtrust_duration - Session life of 'Trust this browser' in days (default = 14)
g_mfa_webtrust_scope - Scope (IP range) of 'Trust this browser' (default = country)
g_mfilter_addonly - If true, then only allow 'adding' headers, not changing them
g_mfilter_bounces - Run mfilter on bounce messages and responders etc
g_mfilter_disable - Disable mfilter.rul completely
g_mfilter_file - Mfilter rule file. For spam rule processing (mfilter.rul)
g_mfilter_localonly - If true then only run mfilter on local deliveries
g_mfilter_maxlen - Size to truncate messages to before processing with filter
g_mfilter_noisey - Do log anything in mfilter
g_mfilter_skip_from - From addresses (envelope) to skip mfilter processing for
g_mfilter_skip_ip - IP address(es) to skip mfilter processing for
g_mfilter_skip_to - To addresses to skip mfilter processing for
g_mfilter_trace - Log trace lines in mfilter
g_migrate_domain - The domain which g_migrate_password is for
g_migrate_email - Send each user email on start/end of migration
g_migrate_onsmtp - Migrate on smtp login events
g_migrate_password - Allows login to all accounts create hash with tellmail master_password
g_migrate_skip - Skip imap folders matching this, use for shared folders
g_migrate_translatet - Translate folder names during migration
g_mirror_config - Mirror surgemail.ini to/from mirror_host, must set on both systems!
g_mirror_config_except - Settings to ignore when accepting the incoming config
g_mirror_debug - Log more info to mirror log.
g_mirror_debug3 - NEVER USE, MAKES MIRROR FAIL.
g_mirror_email - Email manager list of fixes sent
g_mirror_host - Mirror other host name
g_mirror_lists_one - Mirror list changes only one way to slave
g_mirror_live - Mirror: Send incoming messages immediately
g_mirror_live_max - Limit size of mirror_live default 60k
g_mirror_lock - Lock PRIMARY during secondary bursts
g_mirror_max - Max items in one folder to mirror, default 160k currently
g_mirror_mode - Mirrorring mode (one system must be PRIMARY and the other SECONDARY)
g_mirror_nossl - Disable SSL for mirror protocol connection - recommended
g_mirror_nsend - Sending threads to use, default 8
g_mirror_nwauth - Mirror send nwauth database to other server, ONLY set on primary
g_mirror_nwauth_always - Mirror nwauth database files
g_mirror_others - BETA Other hosts, for 3,4 host mirrors,(DO NOT USE)
g_mirror_prune_age - Mirror minimum age for items to be pruned during sync_prune, default 14 days
g_mirror_repair - Run resync_prune once per month, only set on primary, TURN OFF DURING FAILURES
g_mirror_resync_inbox - BETA Resync inbox for active users once a day
g_mirror_secret - Mirror shared secret
g_mirror_threads - Max threads we can use during resync_fast, default 6
g_mirror_trash - Normally on a resync the trash folder is ignored.
g_modern_admin - More modern admin ui layout
g_modern_hicontrast - Easy to see color scheme, Control f5 to reload css after changing!
g_modern_surgeweb - More modern layout for surgeweb
g_modern_user - More modern layout for user self admin
g_monitor_disable - Disable monitor process completely (requires restart)
g_monitor_port - HTTP port for Surgemail Monitor to listen on, default is 7027
g_msg_hops_max - Maximum received lines or message is bounced, default 30
g_msg_log_body - Log body fetches too
g_msg_log_dkim - Log DKIM in msg*.rec
g_msg_log_extra - Extra user activity logging
g_msg_log_from - Log From in msg*.rec
g_msg_log_pop - Log all pop reads in msg*.rec
g_msg_max - Max size of a single message (if over refuse with 552 error)
g_msg_max_drop - Drop link if size exceeded (DO NOT USE)
g_msg_max_in - Max message size inbound
g_msg_max_send - Max size for authenticated local users
g_msg_max_total - Max size of a message * recipients
g_msg_nodup - Drop duplicate messages by msgid/user matching
g_msg_track - Message tracking - for debugging
g_mtasts - Enable MTA-STS ssl/tls rules
g_mtasts_report - Alert manager on MTASTS failures
g_mtasts_white - Domains to ignore MTA-STS rules
g_mutex_fast - Use fast mutex handling DEBUGGING option only
g_mutex_timeout - Default mutex timeout period in seconds default is 600
g_mutex_timing - Name of mutex to collect extra timing information for
g_mx_tryall - Try all mx hosts even if lower than own mx priority
g_myrbl_disable - Disable internal rbl database
g_myrbl_disable_rbl - Disable netwin rbl database
g_myrbl_fake - Fake myrbl response for testing
g_myrbl_share - Use and Share RBL reputation data with central NetWin server (Recommended)
g_myrbl_store - Size of internal myrbl database
g_myrbl_to - Debug setting for rbl sharing do not use
g_myurl_disable - Disable internal url database
g_naked_msg - Error message if body contains naked lf characters
g_newui_advanced - Always run new admin ui in advanced mode
g_newui_disable - Disable new admin ui (do not use)
g_no_bull - Special accounts that should not get bulletins
g_notag_notascii - Don't add x-notascii: charset to any non ascii message
g_notag_url_forgery - Don't add x-UrlForgery when a ref urls seem to not match
g_notlocal - Add ALERT to message subject if domain is local but origin is external NOT FUNCTIONAL!
g_notlocal_message - ALERT text to add to suspect messages that appear to be from a local domain
g_nwv_test - Test NetWin setting, best not played with)
g_oauth_bearer - Enable OAuth 2.0 bearer for SMTP and Imap (NOT IMPLEMENTED)
g_oauth_bearer_url - URL for OAuth bearer login (NOT IMPLEMENTED)
g_oauth_client_id - OAuth 2.0 client_id
g_oauth_client_secret - OAuth 2.0 client_secret
g_oauth_propagate_pass - OAuth 2.0 always propagate oauth password to local authent database
g_oauth_trim - OAuth 2.0 trim @domain.name
g_oauth_url - OAuth 2.0 server for password lookup, e.g. http://x.com/oauth
g_old_imap_headbody - Get head and body seperately
g_old_imap_nossl - Disable auto ssl mode
g_old_imap_skip - Skip these folders
g_old_pophost_debug - Log extra info when doing old pophost logins
g_old_user_check - Disable the account status enabled check on rcpt lines
g_old_webmail_links - Show webmail links in user cgi instead of surgeweb
g_orbs_cache_life - Time to keep RBL cached entries in seconds, default is 7200 seconds
g_orbs_check_all - Keep doing lookups even if found in a RBL, this is slower of course!
g_orbs_exception - Realtime Blackhole List, exception list of IP addresses
g_orbs_fake - Ip address to pretend we find in rbl database for testing
g_orbs_force - Force RBL check even if g_allow_ip matches this ip number
g_orbs_late - Do late disconnect so user has time to send SMTP authentication (Also applies G_SPF_SKIP_TO)
g_orbs_list - Realtime Blackhole Lists (RBL's), action=deny,accept,stamp
g_orbs_multi_thread - Use multithreaded code
g_orbs_nosubmit - Revert to old behaviour, orbs check before submit
g_orbs_rec - Log to record file if RBL deny action occurs (can fill logs up)
g_orbs_report - List of IP's to check in RBL(s)
g_orbs_service - Service Name - Obsolete - use g_orbs_list to define services
g_orbs_system - If true use system dns lookups instead of surgemails for orbs (not recommended)
g_orbs_test2 - Test block all addresses
g_orbs_testing - If true, RBL lookups are recorded but not blocked
g_orbs_timeout - Seconds to wait for RBL lookups, default is 10 seconds
g_outgoing_block - Block user if this many spam sent in one day
g_outgoing_n - Send manager email if more than this many spam from one user per day
g_outgoing_white - Whitelist for outgoing spam detector
g_pass_force - Force user to reset password if admin changes it
g_pass_twofactor - Enable two factor authentication
g_pass_twofactor_bypass - Bypass twofactor for ip addresses
g_pass_twofactor_life - Session life in minutes, dflt 4 hours
g_pass_twofactor_merged - Require +code for imap/pop logins sometimes
g_pass_twofactor_prefix - Short string to identify your site in Authenticator app eg Surge
g_perflog_disable - Completely disable 'perflog' historical performance logging
g_perflog_flush_interval - Interval in seconds to flush the performance log files to disk (default 1hr = 3600)
g_perflog_logall - Log all trend graph counters including undisplayed graphs (recommended)
g_perflog_lowres - Do low resolution perflog sampling (hiding hour scale)
g_perflog_surgeonly - Only log surgemail counters
g_phish_block - Replace most urls with a warning link to stop phishing
g_phish_friends - Replace urls for msgs from friends too
g_phish_key - Used in key generation, never change
g_phish_local - Replace urls for locally sent msgs too
g_phish_only - Email addresses to apply link rewrite, default is everyone
g_pipelining - Show pipelining in ehlo response - not recommended - has no behavior affect
g_policy_enable - Enable policy.dat rules, still testing
g_pop_add_size - Improves pop performance on nfs slightly
g_pop_blocksize - Size of packets to read pop messages (best left alone)
g_pop_cram_enable - Enable cram-md5 support
g_pop_delay - If true packets are sent in bunches, this slows down some mail clients
g_pop_flush_lines - Flush to tcp every line of message sent (slow)
g_pop_lock - Lock pop spool
g_pop_max - Max threads for POP or IMAP connections
g_pop_min_late - Give min time error on first command after login
g_pop_min_msg - Additional warning to give user when they login too soon
g_pop_min_skip - Skip ip addresses matching this list.
g_pop_min_time - Min time in seconds between consecutive POP logins, NEVER USE
g_pop_nolock - Allows concurrent pop logins, recommended
g_pop_notseen - Don't mark message as seen when pop reads message
g_pop_port - POP3 port to listen on, default is 110 (needs restart)
g_pop_secure_port - POP3 SSL secure port to listen on, default is 995
g_pop_warning - Send manager warning if this many sessions (pop or imap) reached (max 1 per hour)
g_popfetch - Fetch incoming mail from another pop server
g_popfetch_interval - Interval between popfetch attempts in seconds
g_popfetch_kick - If true then popfetch will try and open the link for 10 seconds, then retry, this should bring up ISDN lines.
g_popfetch_nodup - Drop duplicate messages
g_ppd_port - PopPassD port for setting passwords, default is 106
g_private - Enable a private customer specific feature
g_proxy - Proxy mode, best avoided for most situations
g_proxy_default - Proxy mode default forward to host
g_proxy_smtp - Proxy direct to gateway for listed domains, set webmail_secret too
g_proxy_to_gateways - Proxy pop/imap connections to matching gateway settings
g_proxy_usercgi - Proxy user.cgi requests to tohost (web_ref_text.txt & g_web_ref_path_extension must match on all servers)
g_proxy_webmail - Redirect webmail logins to external host name
g_pstat_disable - Disable pstat per user accounting (for debugging)
g_queue_all - Always queue local messages before delivery
g_queue_limit - If on disk queue exceeds this block incoming mail
g_queue_max - Size of internal que file cache, range 500-3000
g_queue_spawn - Run command on queue files before delivery ONLY if g_queue_all is true, filename is passed as parameter
g_queue_warning - If on disk queue exceeds this send manager a warning
g_quota - Disk quota for users in specified g_access_group
g_quota_550 - Give 550 quota response instead of 552
g_quota_at - Default is 80%
g_quota_before_forward - Do quota check before forwarding.
g_quota_default - Default quota
g_quota_disable - Disable quota system
g_quota_friends - Count friends pending messages as part of quota
g_quota_from - Return address for quota warning messages
g_quota_noemail - Disables all quota messages to the user
g_quota_notrash - Remove Trash folder from quota calculation
g_quota_rcpt_disable - Disables quota check at rcpt stage
g_quota_report - Send quota warnings to the manager
g_quota_skip - Skip quota for matching ip addresses
g_quota_try_later - Give 450 response if user is over quota so message will be resent
g_quota_warning_disable - Disables the 80% quota warning message
g_rbl_login - Server to lookup ips that should not be allowed to login
g_rcpt_bang - Allow bang character in addresses
g_rcpt_colon - Allow colon character in addresses
g_rcpt_max - Max recipients per message, default 1000, can only be lower than 3000.
g_rcpt_max_in - Limit for recipients of untrusted channels, default g_rcpt_max
g_rcpt_msg - Response given for invalid recipient errors, message is prefixed by email address.
g_rcpt_nodup - Ignore duplicate recipients to the same user
g_rcpt_ok - Whitelist for invalid rcpt addresses we will permit
g_rcpt_quote - Allow quote character(s) in addresses
g_rcpt_trace - Add X-Rcpt-Trace headers
g_rdns_timeout - Timeout for reverse DNS lookups default is 30 seconds
g_received_name - Name shown in received headers
g_received_names - List of valid received names for incoming email
g_received_skip - Skip local received header for trusted users (DO NOT USE)
g_received_skip_all - Skip local received header (DO NOT USE)
g_received_skip_spf - Skip spf received header (DO NOT USE)
g_recent_bypass - Bypass recent failure checking
g_record_days - Days to keep msg*.rec record of incoming messages, default 90
g_record_hash - Hash storage of daily .rec files
g_record_login - Log successful logins to msg*rec files
g_record_path - Directory for daily .rec files defaults to G_HOME
g_recover_noquestions - Remove question based password recovery system
g_recover_reminder - Send users reminder email monthly until they set a recovery email address
g_recycling - Keep deleted messages so users can undelete email
g_recycling_del - Allow usergroup to delete messages from the recycle folder
g_recycling_imap - Make visible to IMAP users, default is now ONLY surgeweb users
g_recycling_life - Days to keep imap deleted messages, default 30
g_recycling_pop - Do recycling for POP deletes too
g_recycling_visible - Only allow members of this group to see recycling folder
g_redirect - Redirect messages from 'was' to the new 'to' address
g_redirect_cc - Send carbon copy to another address
g_redirect_cc_attach - Redirect message as attachment if rule applies
g_redirect_from - Redirect if from envelope matches
g_redirect_from_cc - Send carbon copy if from envelope matches
g_redirect_hide - Hide the redirection in the output
g_redirect_iflocal - If local domain, then apply redirect
g_redirect_ignore_errors - Accept email even if redirected addresses fail
g_redirect_newmid - Generate new MID on redirection
g_redirect_noautocreate_rules - Don't create redirection rules for domains automatically
g_redirect_ses - If message is not local then apply redirect
g_relay_allow_from - Allow relaying from users if the from envelope and from header match this NEVER USE, SPAMMERS ABUSE THIS
g_relay_allow_ip - Allow relaying from users at this ip address
g_relay_dom_and_ip - Allow relaying if from envelope and ip address both match
g_relay_ifnot - Accept locally only if not from this ip
g_relay_message - Message to give to users who try to relay through your system
g_relay_nolocal - Do not automatically relay for 127.0.0.1
g_relay_process - Relay process, e.g. testip.exe $WHOIP, return 1 to allow relaying, 0=deny
g_relay_to - Relay to this domain from anyone
g_relay_to_user - Relay to specific user from anyone
g_relay_window - Minutes to allow relay after pop/imap login NOT RECOMMENDED
g_relay_window_from - Requires pop authed user is in from header of sent message
g_rename_content - Wild card list of mime types to rename, e.g. application*zip*
g_rename_files - Wild card list of files to rename, e.g. *.exe,*.cmd (see help for defaults) g_virus_rename setting required
g_report_host - Report facts to a central host
g_report_notspam - Send not spam samples to netwinsite.com automatically (unwise)
g_report_spam - Send spam samples to netwinsite.com when msg trained
g_responder_delay - Delay between responses to the same address.
g_responder_friends - Only respond if from known friends
g_responder_from - Send 'from' destination user.
g_responder_noreply - Send 'from' noreply@ destination domain, improves delivery
g_responder_safer - Only respond if the sender can be verified in some way (spf/domainkeys)
g_responder_score - Do not respond if spam score is above this
g_responder_sender - Responder whitelist for email from address
g_responder_skip - Skip responder if from matches
g_responder_source - Responder whitelist for from ip name or number
g_responder_to - Responder whitelist for destination user
g_responder_utf8 - Send response in utf8 format
g_restart - Restart server if it dies
g_restart_kill - Allow swatch to kill surgemail if not responding - beta
g_restart_malloc - Restart server if malloc exceeds this (in mb), e.g. 1000
g_restart_vmsize - Restart server if vmsize exceeds this (in mb), e.g. 1000
g_retry_bounces - Max hours to keep trying to deliver a bounce, default is 48hrs
g_retry_dns - Hours to keep trying if dns response suggested invalid domain name, default 0
g_retry_from - Time to keep messages from these domains
g_retry_limit - Max hours to keep trying to deliver a message, default is 48hrs
g_retry_minutes - Time between attempting resends, defaults to 60 minutes
g_retry_rule - Time to keep messages to these domains
g_retry_unwarn - Send user sent on confirmation if warning sent
g_retry_warn - Send user a warning if first send fails
g_retry_warn_n - Send user a warning if nth send fails
g_route - Route messages matching from and to both must be specified, * can be used
g_route_by_tohost - Route messages using server specified in 'tohost' in authent database
g_route_except - IP exception to g_route / g_route_by_tohost
g_route_local - Route messages for local domains if the rule applies
g_route_local_ifexists - CONFUSING NAME For non smtp auth sessions, prevent application of g_route rule for local address if account does not exist
g_route_local_keep - For local domains, if the route rule applies, deliver locally preferentially else route by rule (needs g_route_local too)
g_route_tous - Route messages back to our own ip
g_rules_msgtime - Use msg time rather than file time for expire rules
g_rules_old - Never use
g_run_cmd - Run command on all messages use $FILE$ in cmd parameters
g_sabre_version - SabreDAV version (DO NOT CHANGE, for debugging only)
g_safe_alert - Email manager when user fails to login from new ip
g_safe_country - White list use 2 char country code, e.g. US,NZ,AU a list is ok, use with g_safe_smtp
g_safe_country_nowarning - Whitelist countries for just this setting
g_safe_imap - Force users to prove they are real if logging in from pop/imap NEVER NEVER USE
g_safe_message - First line of email sent to user when login blocked
g_safe_smtp - Force users to prove they are real with each new address, whitelist email or ip with g_safe_white
g_safe_smtp_email - Email manager as remote ip addresses are added
g_safe_text - The first line of the warning email when a new login occurs
g_safe_warning - Email user for logins from new ip addresses
g_safe_white - White list for g_safe* settings
g_sample_get - Sample account to check if deliveries work
g_sample_show - Headers to show from sample messages
g_scan_action - Converts return value from g_scan_cmd, action=drop,accept,bounce
g_scan_cmd - Run command on message, and return integer, see g_scan_action
g_scan_cmd_failok - Don't reject if script fails
g_scan_cmd_skip - Skip for matching ip addresses
g_scan_cmd_testing - Don't reject, (for testing)
g_sched_utoken_timeout - Timeout for sched utokens in minutes
g_send_backoff - Seconds to leave slow responding host alone (default 900)
g_send_body_end_retry - Try again if connection fails after entire body sent
g_send_body_noretry - If a send fails during the body send give up at once.
g_send_body_once - Don't try 3 times if failure occurs sending body
g_send_bug1 - Fail while sending messages
g_send_conspeed - Outgoing connections per second per destination, default is 4
g_send_delay - Wait this many seconds after sending each item.
g_send_first_retry - Minutes for first retry, default is 16 minutes, do not adjust!
g_send_helo - Fully qualified domain to use for all outgoing SMTP helo commands and MessageIDs
g_send_helo_from - Use matching domain name if we have one if user is authenticated/trusted AVOID THIS!
g_send_helo_in - Lookup dns name of incoming ip connection on local interface, UNSAFE
g_send_lines - Send messages in single line packets, slow!
g_send_lowpriority - Ip address of bulk sending servers
g_send_max - How many concurrent sending sessions in total
g_send_max_perchan - Msgs to send on one open channel
g_send_max_perdom - How many concurrent sessions allowed to another domain, default is 3
g_send_max_rcpt - How many rcpt's to send per message when sending
g_send_no_domain - Message to show when domain points to us but can't find user or domain
g_send_nolimit - Don't apply g_max_perdom limit when sending to this domain
g_send_nopoll - Use sleep loop instead of poll (debugging only)
g_send_nosize - Don't send size with from envelope
g_send_noskipslow - Don't remember hosts that are slow to open and avoid them
g_send_onpopfetch - Only send outgoing while doing a popfetch (For dialup use)
g_send_open_timeout - Timeout, in seconds when opening a link
g_send_retry_550 - Retry on 550 responses (general failure)
g_send_retry_552 - Retry on 552 responses (typically quota exceeded)
g_send_rewrite - Rewrite envelope recipient at send stage, does not change destination server
g_send_speed - Bytes per second to limit each outgoing channel to, default no limit, eg 10k
g_send_sslheader - Add x-encrypted header when sending via ssl
g_send_store_disable - Disable sendstore smtp extenstion
g_send_strip - Headers to strip when sending
g_send_timeout - Timeout, in seconds when sending, default is 540 (9 minutes)
g_send_tolimit - Limit speed to send to one or more domains.
g_sent_archive - Archive old messages to Archives/yyyy/Sent folder, age in days
g_sent_nodup - Drop duplicates in Sent folder due to sent_store
g_sent_store - Store all sent messages in IMAP folder if smtp authenticated
g_server_name - SERVER_NAME to set for list of wildcard urls
g_server_stamp - Replaces SurgeMail and version string in received headers
g_setpassword_firstlogin - Accept any password on first POP login and set in database (EMERGENCY USE ONLY, requires nwauth -reasonfail parameter)
g_sf_binary - Use Binary Network
g_sf_disable - Smart Filter Disable
g_sf_generate - Build local smart filter
g_sf_ignore_users - Ignore user submissions just use automatic samples (obsolete)
g_sf_limit - Limit range of self training
g_sf_list - Use list mechanism for scoring
g_sf_nnet - Use Neural Network (Experimental, ONLY FOR TESTING)
g_sf_nosanity - Disables improved g_sf_binary with sanity checks
g_sf_obey_users - Obey user submissions about non spam, usually not a good idea
g_sf_rules - Use manual rules to improve scoring
g_sf_saneonly - Sane score only
g_sf_sanity2 - Enables improved sanity scoring
g_sf_sanity_test - Experimental setting never use
g_sf_test2 - Testing
g_share_home - Allow sharing of home directory
g_share_mail - Set true if mail area is shared (by nfs or other mechanism)
g_share_quota - Do quota on disk (e.g. when using nfs shared spool)
g_show_senders - Show top senders in domain admin pages
g_shutdown_ifmissing - Shutdown if specified file doesn't exist
g_shutdown_slow - Add 20 second delay to shutdown for debugging
g_skip_return - Skip return path
g_slow_welcome - Add 30 second delay to welcome message for debugging
g_smite_all - Add spamdetect and smitematch headers to all messages going past
g_smite_gateway - Add spamdetect and smitematch headers to gatewayed/redirected messages
g_smite_level - If smitematch score is above this drop message (just throw it away) e.g. 1
g_smite_skip - Whitelist/Skip spam scanner (and spf) if from matches this wild card (Whitelist)
g_smite_skip_auth - Skip spam scanner if user logged in
g_smite_skip_from - Skip spam scanner if from header/env matches this wild card
g_smite_skip_ip - Skip spam scanner if senders ip matches
g_smite_skip_only - Skip spam scanner if to matches this wild card and no other recipients that 'don't' match...
g_smite_skip_relay - Skip spam scanner if ip can relay
g_smite_skip_to - Skip spam scanner if to matches this wild card
g_smite_tag - Tag message with smitematch header if message is in spam database when read
g_sms_forward - Specifies IP's which are allowed to forward to SMS gateways
g_sms_gateway - Address and port of your sms gateway (use g_twilio instead)
g_sms_gateway_force - Force sms notifications to go to g_sms_gateway
g_sms_gateway_msgbytes - Maximum amount of message to send to g_sms_gatway (bytes)
g_sms_gateway_subjbytes - Maximum length of subject in sms message
g_sms_recover_text - Sent to users when SMS password recovery msg sent
g_smtp_allow_invalid - Allow messages with invalid headers
g_smtp_auth_debug - Auth Debug (do not use)
g_smtp_auth_ip - Ip Addresses to accept smtp authentication from
g_smtp_auth_off - Disable SMTP AUTH from unknown ip addresses (NOT RECOMMENDED)
g_smtp_big - Slow down incoming SMTP reads to get bigger packets (experimental)
g_smtp_bounce_nslow - Number of handles to use for doing slow rejections of smtp connections
g_smtp_chunking - Protocol Extension, never use
g_smtp_cmd_timeout - Seconds to wait after getting a message for next command (sendmail bug)
g_smtp_cram_enable - Enable CRAM-MD5 authentication (requires nwauth 4.0h or greater) - Not Recommended
g_smtp_data_bug - Fail on incoming emails for debugging
g_smtp_data_timeout - Seconds for timeout for data input, default 540 (9 minutes)
g_smtp_delay - Seconds to wait before responding to rcpts, 1-20, this reduces load on bulk senders
g_smtp_delay_stamp - Stamp header if sender sends data before seeing welcome response (usually spam)
g_smtp_etrn_auth - Only do etrn processing if user is authenticated
g_smtp_fast_bounce - Reject bad connections immediately
g_smtp_fix_nohead - Accept messages with no headers and try and cope
g_smtp_help_disable - Disable help in SMTP (minor security issue)
g_smtp_log_protocol - If true log SMTP protocol to log file
g_smtp_log_size - Size of smtp.log file
g_smtp_max - Max concurrent incoming SMTP connections
g_smtp_max_nolimit - Ip addresses that don't have max smtp limit applied
g_smtp_max_reason - Reason to give to user if g_smtp_max is exceeded
g_smtp_maxbad - Max bad command per session before dropping smtp link, default no limit
g_smtp_no_brackets - Allow from/rcpt without angle brackets
g_smtp_noauth - Limit SMTP to just these addresses (not generally useful) always include 127.0.0.1
g_smtp_noauth_msg - Message given when sender is told to use authentication because of g_smtp_noauth
g_smtp_noauthm - Limit SMTP to just these addresses (not generally useful)
g_smtp_noclear - Disable smtp buffer clear after starttls command
g_smtp_plain_hide - Hide 'plain' from the ehlo response
g_smtp_port - SMTP port to listen on, default is 25 (needs restart)
g_smtp_portauth - SMTP ports which require smtp authentication, typically 587,465
g_smtp_portforce - Block logins for ports not listed in g_smtp_portauth
g_smtp_secure_port - SMTP SSL secure port to listen on, default is 465
g_smtp_thread - Use seperate thread for incoming SMTP connections
g_smtp_vrfy_allow - Allow vrfy from these addresses, not recommended
g_smtp_vrfy_msg - Change Response to VRFY, e.g. 252 Not telling
g_smtp_warning - Send manager warning if this many sessions reached (max 1 per hour)
g_smtp_welcome_delay - Seconds to delay welcome message, drop if we get data before we send welcome, recommend 1-3 seconds
g_spam_alias_any - User aliase string e.g. "++" if defined then strip suffix from emails - not advised!
g_spam_allbad - Auto blacklist from/ip/to combinations
g_spam_allow - IP Wild card exceptions to spam limits
g_spam_allow_disable - Disable allow bounce messages
g_spam_allow_known - Unblock IP address if we have received messages from it for 3 days (so it's not a transient spammer)
g_spam_allow_msg - Template for unblock messages, use ||reason|| and ||allow|| and maybe a url
g_spam_allow_rbl - Give unblock message to RBL bounces too
g_spam_allow_rdns - Trust ip name for spam checking, not recommended
g_spam_allow_recent - Skip spam rules if recent pop ip number
g_spam_aspam - Scale for aspam, default is 1.0, Valid range is zero to two
g_spam_autotrain - Auto train spam filter good messages based on first 1000 outgoing emails
g_spam_black_auto - Auto blacklist for user when isspam pressed
g_spam_black_tospam - Put blacklist matches in spam folder
g_spam_block - Block spam (as decided by spf etc), if not set then user or domain can set
g_spam_block_gateway - Block spam gatewayed messages too
g_spam_block_msg - Template for spf blocked message if allow is disabled
g_spam_body - If spamdetect score is above this, add spamdetect header at top of message body NOT RECOMMENDED e.g. 7
g_spam_body_more - Add more info to spam body (ip address, ptr address, reply to and bounce address)
g_spam_body_url - Text part of info to add to body, usually a url to your site
g_spam_bounce - If spamdetect score (number of '*'s) is above this, bounce message. Never set below 14
g_spam_bounce_all - If spamdetect score is above this, bounce message, applies to all messages regardless of user settings. e.g. 7 NEVER USE THIS
g_spam_bounce_store - If true store rejected spam in Spam_Rejected folder
g_spam_bounce_text - Error to return to user when message is bounced due to g_spam_bounce setting
g_spam_bounce_trusted - If spamdetect score is above this, bounce message if trusted (spam_allow or authenticated)
g_spam_catcher - Addresses on web pages that shouldn't get any email (robot bait)
g_spam_char - Character to use instead of '*' for smitespam headers (best left alone if possible)
g_spam_check_auth - Don't skip spam rules for authenticated users
g_spam_cmd - Command line spam checker, use $FILE$ in cmd parameters
g_spam_cmd_if - If internal spam rating is below this number, then run external filter
g_spam_cmd_reject - If external filter returns number larger than this reject
g_spam_cmd_skip - If internal spam rating is below this number, then skip external filter
g_spam_content_disable - Disable aspam_content.txt rules
g_spam_flag - Add X-SPAM-FLAG: Yes header if smite score is above this level
g_spam_folders - Train on any message dropped into the relevant folders
g_spam_folders_show - List the special folders for all users
g_spam_from_blacklist - Fetch list of bad domains to reject email from - not recommended
g_spam_from_max - Max outgoing messages per ipaddress/return path pair, 30 minutes, e.g. 5000
g_spam_grey - OBSOLETE DO NOT USE, Enable old greylisting for spf mechanism
g_spam_grey_bounce - Bounce if message was allowed due to grey listing, and spam score is above this, default 8 (was 4)
g_spam_grey_classc - Apply grey listing to x.x.x.*
g_spam_grey_dflt - Enable greylisting for spf default accept events (not recommended)
g_spam_grey_dflt_bad - Enable greylisting instead of allow in some cases (recommended for block or strict)
g_spam_grey_nofive - Skip 5-6 minute black window for these domains
g_spam_grey_nohard - Avoid hard spf bounces always try and do a grey list instead
g_spam_grey_nseen - Number of messages from an unknown host, default is 6
g_spam_grey_size - Size of grey listing table, default is 3000
g_spam_grey_verify - Skip grey listing if host was not listening
g_spam_grey_window - Window to block bad messages, typically 60 seconds
g_spam_header_trust_ip - List of IP addresses from which to trust/accept existing X-SpamDetect headers in emails
g_spam_hold_hide - Hide spam hold settings for end users and other held2pend user.cgi tweaks
g_spam_hold_keep - Number of days to store users spam hold messages - OBSOLETE see G_FRIENDS_PENDING_KEEP
g_spam_info - Info line and url to explain aspam system
g_spam_info_hide - Removes the x-spamdetect-info header line
g_spam_internal - Enable new 'internal' spam processing
g_spam_isspam_ignore - Don't block messages from ip addresses recorded as a spam source
g_spam_isspam_kind - Allow isspam from recent pop, gateway to etc
g_spam_nobounce - Remove old user held/vanish but after 5.2 will allow bounce
g_spam_nolang - Don't add header with a guess at body language
g_spam_notrain - Disable isspam and notspam addresses for user training
g_spam_notspam - Address that non authenticated users can send non spam to.
g_spam_noupdate - Disable fetch of aspam filter rules etc from netwinsite
g_spam_phishing - Download list of known phishing addresses and block outgoing email to them
g_spam_phishing_ok - Allow to these addresses even if phishing database blocks them
g_spam_phrase - Enable auto spam phrase filter
g_spam_poly - Scale for poly word matching, default is 0.1, Valid range is zero to two, Use 1.0 to enable, EXPERIMENTAL
g_spam_poly_disable - Disable poly code.
g_spam_private - Enable users to define 'private' extensions user--STUFF@domain
g_spam_probe_enable - Probe suspect urls to find spammers - can cause RBL
g_spam_probe_friends - Probe even if email is from a friend
g_spam_probe_more - Probe even if email is from a known ip address
g_spam_probe_unknown - Probe any unknown url (dangerous)
g_spam_probe_whois - Do whois lookups on web pages found in probe
g_spam_share - Use and share some spam/aspam information with central server (netwin) experimental
g_spam_status_hour - Process all spam status messages at this time (disk io intensive)
g_spam_status_monthly - Send monthly spam status even if no messages pending
g_spam_subject - If score is above this, add spam rating to subject (Spam: ****) e.g. 8
g_spam_subject_dom - Destination domains to tag subject for
g_spam_subject_gateway - If true then spam_subject setting applies to gatewayed messages too
g_spam_subject_word - The word that gets added to subject, default is 'Spam', UCE is another good one
g_spam_url - Scale for url word matching, default is 1.0, Valid range is zero to two
g_spam_user_badto - Max bad recipients from authenticated user per 30 minutes, e.g. 50
g_spam_user_lockout - Lockout user until released with unlock_all command
g_spam_user_max - Max messages an authenticated user can send per 30 minutes, e.g. 5000
g_spam_user_skip - Users to skip g_spam_user_max limit for
g_spam_user_warn - Alert user when they send this many messages in one day, .8 to alert at 80% of max
g_spam_user_warn_msg - Message when user approaches send limit
g_spam_userconfig - Allow users to specify specific spam features
g_spam_vanish - If spamdetect score (number of '*'s) is above this, vanish message if local delivery. NEVER USE THIS
g_spam_vanish_all - If spamdetect score is above this, vanish message, applies to all messages regardless of user settings. NEVER USE THIS
g_spamdetect_some - Only show spamdetect header for bad scores
g_spawn_log - If true the spawns are logged to lib_spawn.log
g_speech_cmd - Command to convert sound file to text (append .txt to filename)
g_speech_end - End text after the converted text
g_speech_from - Only attempt conversion if from this email address
g_speech_group - Only attempt conversion if user is memeber of 'speech' group
g_speech_info - Intro text above the converted text
g_speech_size - Default 10mb, will not convert larger files
g_speech_to - Only attempt conversion if to this email address
g_spf_baddns_skip - If spf dns failure then allow message through (instead of giving retry error)
g_spf_byemail - Perform allow bounce confirmation via email.
g_spf_debug_log - Enable spf.log file
g_spf_default - (strict only) Default spf record if none found default 'mx/16 a ptr:%{d2} -all'
g_spf_default_noblock - (strict only) Only stamp headers if default spf record fails when no real spf header
g_spf_dns_timeout - Seconds to wait for dns lookups for spf, best not to change
g_spf_domain - Domain for SPF rewrite and allow messages (defaults to first domain on server)
g_spf_enforce - List of wildcard/domains to enforce spf for, e.g. paypal.com,*bank*
g_spf_enforce_auto - Enforce spf for commonly forged domains paypal.com,*bank*
g_spf_enforce_known - Enforce spf even if we think this ip address is safe
g_spf_enforce_local - If spf fails and it's a local domain then skip grey listing and bounce
g_spf_enforce_real - Enforce spf for domains with strong spf entries
g_spf_fake - Fake spf record to use for testing
g_spf_header - Use g_verify_mx_skip and apply to resulting ip
g_spf_mode - Do SPF check and then perform action, stamp | block | strict, action is conditional on [g_]spam_block settings
g_spf_noallow - Give hard bounce (no allow message) for spf failures for these domains & ignore friends
g_spf_nocache - Disable SPF cache
g_spf_nofriend - Ignore friends for spf
g_spf_nogrey - Skip SPF grey listing for these domains (require allow response)
g_spf_norewrite - Exceptions to rewrite rule, e.g. *@my.domain,bob@this.domain
g_spf_required - Require an spf entry for these domains
g_spf_rev_skip - Skip SPF checks if reverse ip name matches in this list, e.g. *.yahoo.com
g_spf_rewrite - Rewrite 'from' envelope in redirected mail (SRS)
g_spf_rewrite_gateway - Rewrite even if gateway rule applies
g_spf_rewrite_relay - Rewrite even if from ip is a host to relay for
g_spf_share - List of hosts to share allow ips with. Must all have same srs.secret file
g_spf_skip - Skip spf checks for these ip addresses, e.g. other mx hosts
g_spf_skip_from - Skip based on from, e.g. noreply@*paypal.com,..., Also skips RBL
g_spf_skip_to - Skip based on rcpt to, also skips RBL rules,...
g_spf_timeout - Seconds to wait for all spf lookups to finish, default 48 seconds
g_spf_trust_local - Skip spam checking for local domain that passes spf
g_spf_user_domain - Make allow bounces use destination user domain name
g_spf_very_strict - (strict only) Only give 'allow' option for default spf rule failures not real ones
g_spf_web_url - Specify full url for spf byweb commands http://domain.name:port
g_spflog_domains - Specify which domains should get spflog entries sent to them.
g_spflog_enable - Enable this if this server is a frontend for a SurgeMail server users log into.
g_spool_path - Scan this directory for *.msg files to send as emails
g_ssl_allow - IP Wild card list to allow SSL encryption from
g_ssl_allow_fix - Disable incoming ssl on ssl failure from an ip
g_ssl_allow_imap - IP Wild card list to allow SSL encryption from for imap
g_ssl_auto - Generate letsencrpt ssl certificates automatically for all domains
g_ssl_ciphers - List permitted ciphers, DANGEROUS
g_ssl_ciphers_add - More permitted ciphers (added to g_ssl_ciphers) DANGEROUS
g_ssl_ciphers_web - List permitted ciphers for web, DANGEROUS
g_ssl_disable - Disable protocols tlsv1,tlsv1_1,tlsv1_2,sslv2,sslv3 (restart surgemail)
g_ssl_disable_des - Disable DES ciphers, breaks outlook on XP
g_ssl_disable_port25 - Prevent ssl on port 25
g_ssl_disable_renegotiation - Disable SSL renegotiation.
g_ssl_disable_sslv2 - Disables ssl 2.0 support for enhanced security (obsolete use g_ssl_disable)
g_ssl_disable_sslv3 - Disables ssl 3.0 support for enhanced security (obsolete use g_ssl_disable)
g_ssl_disable_tlsv1 - Disables tls 1.0, not recommended (obsolete use g_ssl_disable)
g_ssl_disable_tlsv1_1 - BROKEN: Use g_ssl_disable setting instead
g_ssl_disable_tlsv1_2 - Disables tls 1.2 support, breaks LETSENCRYPT, NEVER USE
g_ssl_disable_web - Disable protocols for web only (restart surgemail)
g_ssl_dmalloc - Enable dmalloc tracking in ssl
g_ssl_fips - Enable FIPS mode crash if not available (DO NOT USE)
g_ssl_guess_domain - Guess domain using SSL hostname to allow login without @domain.name
g_ssl_honor - Honor server cipher order
g_ssl_lets_exclude - Domains urls to not update, user must copy from ssl to lets folder
g_ssl_lets_path - Path to webservers /.well-known folder for letsencrypt
g_ssl_lets_slave - Run letsencrypt on SLAVE too
g_ssl_per_domain - Create/use an SSL certificate for each domain
g_ssl_perfect - Apply good SSL settings, best to remove g_ssl_ciphers setting too
g_ssl_require - IP Wild card list to require SSL encryption from
g_ssl_require_imap - IP Wild card list to require SSL encryption from for IMAP
g_ssl_require_in - Local domains that must only receive SSL messages
g_ssl_require_login - IP Wild card list to require SSL encryption for POP/IMAP/SMTP don't use with broadworks
g_ssl_require_out - Remote ip, remote domain for which we must send using SSL
g_ssl_require_smtp - If IP matches then require SSL for incoming SMTP message
g_ssl_require_web - Require https for most web features (excluding blogs file sharing and surgeplus)
g_ssl_retry_seconds - Second to try and establish ssl connection, default is 5
g_ssl_sha1_sign - Obsolete, sha256 is now always used
g_ssl_test_fail - Break ssl to test auto downgrade
g_ssl_try_from - Try and start ssl mode if from this user, e.g. *@xyz.com
g_ssl_try_not - Skip ssl for these hosts
g_ssl_try_out - Try and start ssl mode to these hosts
g_ssl_verify - Domains that must have valid ssl certificates
g_ssl_warn - Send users weekly reminder if they keep using non SSL logins
g_ssl_warn_ignore - Don't give warnings if user is from this trusted host
g_ssl_warn_text - Last line of email warning sent to user if SSL not used
g_sstat_disable - Disable netwin statistics gathering.
g_stack - For testing only, NEVER SET THIS
g_stack_imap - For testing only, NEVER SET THIS
g_startup_delay - Seconds to wait before starting surgemail
g_status_login - Require login for spam status actions
g_status_url - Specify default global url for status messages
g_status_view_html - Obsolete setting
g_store_dropped - Store upto 5000 bad bounces in the dropped directory
g_subject_blank - Subject header if one is missing
g_suffix_report_admin - Report email to admin if suffix prevents login
g_suffix_report_user - Report email to user if suffix prevents login
g_surbl - SURBL Spam URI Realtime Blocklists
g_surbl_from - Also check the return path
g_surbl_reject - Reject email with SURBL hits
g_surbl_skip - URL's to allow even if listed in surbl
g_surbl_skip_ip - Skip SURBL check if sender is from listed ip
g_surbl_whois - Also check whois info on suspect urls - not for busy servers!
g_surgeblog - Specialize SurgeMail as a Blog server
g_surgeplus_delay_tell_upgrade - Delay informing existing users about new SurgePlus versions for
g_surgeplus_delay_tell_upgrade_exempt - Users exempt from delayed new version informing
g_surgeplus_hide_client_downloads - Hide the links to download and install SurgePlus Windows client
g_surgeplus_links - Add web links to SurgePlus from other web interfaces (and vice versa) for users allowed to use SurgePlus.
g_surgeplus_log_level - SurgePlus log level. 'none', 'info', or 'debug'. Default is 'info'
g_surgeplus_online - Enable online tracking in surgeplus
g_surgeplus_pop_server_name - Default pop server to set SurgePlus client download to connect to.
g_surgeplus_port - SurgePlus port to listen on, default is 7110
g_surgeplus_secure_port - SurgePlus SSL secure port, default is 7995
g_surgeplus_smtp_server_name - Default smtp server to set SurgePlus client download to connect to.
g_surgeplus_web_port - SurgePlus web port to listen. Default is to use HTTP webmail port
g_surgeplus_web_url - Direct SurgePlus users to access shared files at this url
g_surgewall_ignore_error - Deliver even if some rule sais bounce
g_surgewall_redirect - Allow redirect/responder for surgewall
g_surgewall_split - Split up surgewall messages, one per recipient
g_surgeweb_allow_abk_v2 - Accept v2.1 vcard format and treat is as a v3.0 vcard
g_surgeweb_auth_ok - Alow smtp auth for surgeweb even when disabled
g_surgeweb_backend_server - Backend machine to connect to
g_surgeweb_backend_web - Backend machine to connect to
g_surgeweb_benchmark - Log web request timing info for surgeweb benchmarking - matches ip addresses
g_surgeweb_cache_less - Reduce surgeweb caching
g_surgeweb_debug - Log surgeweb debug info - matches ip addresses or email addresses - avoid
g_surgeweb_disable - Disable access to SurgeWeb
g_surgeweb_forgot_show - Show forgot password link on surgeweb login page
g_surgeweb_ics - Surgeweb email/calendaring integration (ie ics file processing and sending)
g_surgeweb_idle_timeout - Idle timeout for surgeweb sessions (hours, default=48)
g_surgeweb_logall - For requests matching g_surgeweb_debug also leave all webio & temp files - avoid
g_surgeweb_login_revert - Revert to old surgeweb login logic (DO NOT USE, NETWIN TESTING ONLY)
g_surgeweb_path - Change surgeweb path
g_surgeweb_process - Run surgeweb in it's own process (beta)
g_surgeweb_remember_timeout - "Remember" timeout / max session length for surgeweb sessions (days, default=14)
g_surgeweb_restrict - Restrict surgeweb use to these accounts only
g_surgeweb_testing - NEVER USE
g_surgeweb_testrig - Disable session cache for testrig
g_surgeweb_work - Path to Surgeweb cache/work files
g_tarpit_badrcpt - Delay rejection of bad recipients (in seconds, default 4s)
g_tarpit_blackhole - Reject the email one recipient at a time
g_tarpit_drop - Drop link and ban for 1 hour if tarpit limits exceeded
g_tarpit_hacker - Slow DOS attacks in some situations
g_tarpit_max - Number of local recipients before slowing down per 30 minutes
g_tarpit_max_remote - Number of remote recipients before slowing down
g_tarpit_retry - Send retry error, 450 if tarpit limits exceeded
g_tarpit_skip - Skip tarpit limit for these destination users or domains, e.g. *@xyz.com
g_tarpit_skip_from - Skip tarpit limit for messages from these users e.g. *@xyz.com
g_tcp_bf_size - Set tcpip snd/rcv buffer sizes, best left blank
g_tcp_proxy_ip - Enable TCP proxy protocol for specific address
g_tcp_que_len - Length of listen queue for incoming connections
g_tcp_read_timeout - Timeout in 'seconds' on pop connections, do not adjust. (default 600)
g_tellmail_ip - Addresses to allow tellmail commands from (should never be *)
g_thread_log - Enable thread.log
g_thread_max - Max threads allowed on this system (best not changed)
g_thread_max_restart - Crash and restart if max threads exceeded from local ip on smtp
g_thread_pool - Keep all threads in a common pool - removed
g_thread_reuse2 - Reuse threads - fixes unix bug - not implemented
g_thread_smooth - Throttle thread creation as max hit to reduce peaks
g_thread_spinlock - Spin more before sleeping when waiting for mutex
g_timeout_try_later - If timeout while waiting for message to arrive tell other end to retry
g_timezone - Places in timezone part of date string, e.g. +1200 NZT. Please leave blank!
g_timezone_force - Hours offset to local time, e.g. 5 (best left blank)
g_tmalloc_log - write tmalloc.log for gd library memory access.
g_to_valid - Require an @ and dotted domain in all dest addresses
g_tohost_local - Authentication database tohost name entry to deliver locally (see g_proxy and g_route_by_tohost)
g_token_httponly - Use httponly flag, stop scripts using token, may break attachments
g_token_secure - Use secure flag for surgeweb, stops http access to token, so requires https to work
g_toscan_path - Path used for mime parts for virus scanner
g_trace_flush - Flush to trace_dump.log via monitor
g_train_store - Number of messages to store in each spam training directory (1000-5000)
g_twilio_from - Twilio SMS from phone number
g_twilio_sid - Twilio account SID
g_twilio_token - Twilio account TOKEN
g_uidl_big - Use random uidl if uidl not found
g_unique_name - A unique name for this server
g_url_alias - Allows translation from one url to another
g_url_enable - Enable widearea URL spam database
g_url_host_noscan - Disable the scan for url_host settings matching the domain in an incoming web request
g_url_master - Set if this is the central URL server (for netwin use only)
g_url_master_to - Central URL server email address (leave blank)
g_url_redirect - Sends http 301 redirect to tell browser resource has moved
g_user_access - User.cgi features granted to access groups
g_user_access_always - Run spam and filter regardless of access UI settings
g_user_access_default - Default user.cgi features granted to users
g_user_access_from - When sending use from for useraccess rules
g_user_access_webonly - Means user_access rules only stop web interface not actual spam checking etc
g_user_alias - Number of aliases accounts can create
g_user_alias_file - User aliases configuration file
g_user_block_time - Block chrisp from pop access for this time period
g_user_blogs - Number of blogs accounts can create
g_user_cookies - Enable browser cookies for user self management
g_user_delete - Let users delete themselves
g_user_disable - Filename listing users to disable
g_user_domainlist - Who to show domain dropdown list to on user.cgi login page and 'user' pages
g_user_filter_early - Process user exceptions/accept filters before tagging message as spam
g_user_friends_domain_log_disable - Disable domain level friend.log file
g_user_friends_log_disable - Disable user level friend.log file
g_user_hide_security - Hide user level security.log access
g_user_list_quota - Number of mailing lists users can create
g_user_mail_view - Whether an admin/manager can view/display users inbox mail
g_user_mfilter - Mfilter to run for individual user delivery, some features not supported
g_user_pipe - Pipe run on file just before delivery to user, $USER$ available on command line
g_user_receive_rule - Define valid source addresses for users in a group
g_user_report - Daily,Weekly,Monthly, emailed to managers of each domain
g_user_send_all - Apply all g_user_send_rules that match
g_user_send_ip - Block any ip that sends more than this many emails per day
g_user_send_max - Maximum number of emails per day (requires SMTP AUTH)
g_user_send_rule - Define valid recipient addresses for users in a group (requires SMTP AUTH)
g_user_send_warning - Warn manager if any user sends more than this many messages per day, e.g. 5000
g_user_send_white - No limit for these ip addresses/users
g_user_sms_quota - Number of sms messages accounts can send
g_user_status_from - Send status with return address of the user
g_user_status_fromhdr - Send status with return address of this
g_user_status_send - Number of days after which to send user status messages (0 = never)
g_user_utoken_days - Number of days a user self management login token is valid for
g_user_utoken_expire - Length of time a user self management login token is valid for
g_user_utoken_idle - Length of time a user self management login token may remain idle for
g_user_virus_scan - Allow virus scans for specific users instead of all users
g_utf8_case_insensitive - Use case insensitive compare for surgeweb and imap searches
g_vanish_any_bounce - Vanish all bounces, requires g_vanish_bad_bounces
g_vanish_bad_bounces - Vanish suspected spam bounces (requires g_received_name)
g_vanish_fake_local_bounces - Vanish spam masquerading as local bounces
g_vanish_relay - Vanish bad bounces before relaying email too
g_vanish_virus_bounces - Vanish suspected virus bounces (requires g_received_name)
g_verify_helo - Verify helo name translates to same network as sending system
g_verify_image_hard - Use extra difficult human verification image (used in blogs)
g_verify_mx - Verify MX records contain senders IP address (see g_verify_mx_skip)
g_verify_mx_skip - Use to define incoming mail gateway ips so the mx verify doesn't fail on them
g_verify_smtp2 - Verify we can talk back to the SMTP port on incoming ip address
g_verify_timeout - Seconds to wait for SMTP response, default is 10 seconds
g_vipre_enable - Enable vipre scanner on windows
g_virus_allow_unmonitorable - Allow unmonitorable content (avast antivirus)
g_virus_avast_attachments - Only scan messages with suspect attachments (windows only currently)
g_virus_avast_hour - Hour of day to update avast definitions, e.g. 9 = 9a.m.
g_virus_avast_old - Enable AVAST virus scanner integration, OBSOLETE, DO NOT USE
g_virus_cloud - Use cloud scanner, not recommended
g_virus_cloud_wild - File types to cloud scan *.exe,*.com
g_virus_cmd - Virus checker for mime parts, use $FILE$ in cmd
g_virus_cmd_body - Scan raw msg file too
g_virus_cmd_codes - List of return codes to bounce message, e.g. 1,2,3,4,5
g_virus_cmd_drop - Drop silently instead of reject at data stage - not recommended
g_virus_cmd_email - Set if scanner can understand email message files
g_virus_cmd_log - Log stdout of virus command line scanner to vcmd.log
g_virus_cmd_max - Max concurrent threads that should run this command, if exceeded messages are not checked
g_virus_cmd_nodel - Disables cleanup of scanned files, so you can test manually
g_virus_cmd_size - Max size of messages to scan
g_virus_cmd_sleep - Milli seconds to wait after g_virus_cmd incase delete is not immediate, e.g 500 = half a second
g_virus_cmd_test - Continue after virus found to compare scanners
g_virus_debug3 - Testing virus scanners do not use
g_virus_disable_local - Disable scanning for local trusted users
g_virus_disable_remote - Disable virus scans for non-local addresses
g_virus_filter - Virus checker which works like an authent module (talk to on stdin/stdout) - vpipe
g_virus_filter_require - If any g_virus_filter pipe fails bounce messages rather than allow to continue
g_virus_fprot - Port for FProt mail scanner (usually 11200)
g_virus_late - Run virus scan after most spam filter processing
g_virus_localhost - Don't skip virus checks for 127.0.0.1 originating emails
g_virus_recent_skip - Skip virus recent cache which attempts to speed up virus scanners
g_virus_rename - Rename executables by changing '.' to '_' prevents many auto run viruses
g_virus_rename_skip - Skip rename for these from/to addresses
g_virus_rename_skipauth - Skip rename if user sending is authenticated local user
g_virus_report - Report detected viruses to someone
g_virus_report_all - Report every virus using g_virus_report
g_virus_report_user - Report virus to recipients
g_virus_restart - Restart vpipe virus scanners every this many items
g_virus_scanner_list - List of files to be virus scanned *.exe,*.bat,etc...
g_virus_simple - Enable internal simple virus scanner
g_virus_simple_list - List of dangerous file extensions, *.exe,*.bat,etc...
g_virus_simple_skip - Skip simple check for from/to addresses
g_virus_simple_skipauth - Skip simple virus if user sending is authenticated local user
g_virus_simple_test - Compare with avast results
g_virus_simple_zip - Check zip files for executables and block
g_virus_skip - Skip virus scanner for matching from envelope
g_virus_skip_ip - Skip virus scanner for matching ip addresses
g_virus_strangers - Use simple attachment filter for non friends, turn off g_virus_simple
g_vpipe_concurrent - Concurrent requests to vpipe process, default is 7, set to 1 to debug vpipe issues
g_vpipe_fail_crash - If virus scanner fails, crash surgemail (for debugging)
g_vpipe_notag - Disable headers showing vpipe results in messages
g_vpipe_skip - Skip scanner for this IP address (e.g. trusted mailing lists)
g_vpipe_timeout - Timeout if scanner takes this long to respond default 60 seconds
g_warning_to - Addresses to treat as local and send warning bounces to
g_web_access_grp - Restrict user groups to specific web ports
g_web_access_ip - Restrict access to web ports based on ip
g_web_access_max - Maximum number of concurrent web logins for group
g_web_add - Add http headers
g_web_admin_max - Maximum number of concurrent web admin sessions
g_web_api_ip - Allow access to web based API for msg access
g_web_appsname - Apps url name on unified web interface
g_web_appsroot - Apply apps interface at web root ie /
g_web_charset - Charset for html pages
g_web_check_host - Check host matches valid domain
g_web_disable_delete - Disable web verb delete
g_web_disable_head - Disable web verb head
g_web_disable_mkcalendar - Disable web verb mkcalendar
g_web_disable_mkcol - Disable web verb mkcol
g_web_disable_options - Disable web verb options
g_web_disable_propfind - Disable web verb propfind
g_web_disable_report - Disable web verb report
g_web_force_doctype_first_disable - Disable webserver behaviour to force doctype definitions to be displayed first.
g_web_forwarded_test - Fake the forwarded-for header
g_web_forwarded_uselast - Use last address in multiple item forwarded-for header
g_web_hide_source_names - Hide the name of the source template page in output web pages.
g_web_max - Max concurrent web connections, default is 100
g_web_max_perip - Max concurrent web connections per-ip, default is 60
g_web_noserver - Disable Server header in http responses
g_web_old_behaviour - Revert to old style webserver behaviour
g_web_php_exe - Path to php.exe
g_web_policy_always - Break surgeweb with web policy feature :-)
g_web_policy_disable - Disable obscure web policy security headers
g_web_ref_path_extension - Path extension to add as suffix to web page image/css references.
g_web_timeout - Timeout for web requests
g_web_title - Title to use on specified web page
g_web_trust_ip - Trust ip address from rev proxy web server X-Forwarded-For
g_web_url_path - Url to path translation with access specifier
g_web_utf8 - Make sure all user.cgi handling is done in UTF8
g_webdav_enable - Enable webdav access for users (do not use)
g_webdav_group - Only allow webdav if member of webdav access group
g_webdav_path - Root path for webdav storage
g_webdav_public - Enable non authenticated access to pub folder (readonly)
g_webmail_limit - Maximum number of concurrent webmail requests
g_webmail_popmode - Use POP3 instead of IMAP in WebMail.
g_webmail_port - HTTP Webmail port to listen on, default is 7080
g_webmail_save - Write surgehost.ini and other obsolete webmail config info
g_webmail_secret - Secret string used by webmail when sending the ip address of connecting users
g_webmail_secure_port - HTTPS secure WebMail port, default is https 7443
g_webmail_select_domain - Send select_domain instead of host in webmail autologins
g_webmail_timeout - Timeout for webmail or any cgi process (in seconds, default 360)
g_webmail_url - Url to the WebMail cgi
g_webmail_urladd - Url data to append to WebMail auto-login link
g_webmail_useip - Use the ip address in g_webmail_port setting
g_webmail_workarea - Path to WebMail workarea
g_winmail_fix - Replace winmail.dat with normal attachments, requires tnef installed first http://netwinsite.com/tnef.htm
g_winmail_reject - Rejects all winmail.dat files - this is a bit harsh
g_winmail_reject_send - Stops your own users sending winmail.dat files so they can fix their email client settings
g_work - Workarea for temp files
g_xauthuser_hide - Hide X-Authenticated-User header in processed mail
g_xfile_allow - Allow xfile & web upload features for users. Set to '*'
g_xrcpt_hide - Hide X-Rcpt-To header in locally delivered mail (not recommended)
g_xrcptoriginal_hide - Hide X-Rcpt-Original header in locally delivered mail
g_xserver_hide - Hide X-Server header in processed mail

WebMail settings

see separate manual - further documentation to be completed


Search website:

Help Index

SurgeMail Configuration Settings Overview

Domain Specific Settings

Global settings

WebMail settings