Disable history for inbound or outbound messages

KeepMessageFileInbound=​False
KeepMessageFileOutbound=​False

Copy only messages for for specific domains

KeepMessageFileInboundToAddress=​@example1.com
KeepMessageFileInboundToAddress=​@example.2com
KeepMessageFileOutboundFromAddress=​@example1.com
KeepMessageFileOutboundFromAddress=​@example2.com

Exclude messages from being added to the white list

OutboundAddressWhiteListExclFromAddress=​@example1.com
OutboundAddressWhiteListExclToAddress=​@example.2com
OutboundAddressWhiteListExclSubject=​SomeText

Convert an Exchange IMCEAFAX address to a eFax SMTP address

SMTPAddressFaxTranslation=​True
SMTPAddressFaxTranslationDomain=​efaxsend.com

In Exchange you need to add the FAX address space to the SMTP connector so that Exchange send FAX messages to XWall.

In Outlook you can select a FAX address from a Contact or you use the extended format:
“[fax:​Donald Duck@+45 1020 3040]”

eFax is available from www.eFaxCorporate.com

Limit the bandwidth to send or receive the data part of a message

InboundSMTPBandwidthThrottling=​65536
OutboundSMTPBandwidthThrottling=​65536

The bandwidth is in bytes per second.

Common values are:

SMTP banner

SMTPTextBanner=WhatEverYouWant

This changes the greeting line that XWall sends to the client after the SMTP connection is established.

General information for Greylisting, SLS and SPF

SMTPTextGrey​=WhatEverYouWant
SMTPTextSLS​=WhatEverYouWant
SMTPTextSPF​=WhatEverYouWant

Convert an invalid MAIL FROM: e-mail address (return path) to a NULL-e-mail address

InboundESMTPConvInvalidReturnPathToBlank​=True

When the sender sends an invalid e-mail address in the MAIL FROM: command, then XWall sends back a 501 invalid return path error to the sender and does not accept the message.

However, some clients are sending invalid addresses and this setting tells XWall to convert the invalid e-mail address into a NULL-e-mail address ( MAIL FROM: <> )

Note: A NULL-e-mail address indicates a system messages and system messages are excluded from some blocking methods. So this setting may open a security hole.

Repair an invalid RCPT TO: e-mail address

InboundESMTPRepairInvalidRecipient=​False

By default XWall repairs invalid recipients addresses ( e.g. changes NAME@DOMAIN:COM to NAME@DOMAIN.COM )

Convert ESMTP DSN=NEVER to a NULL-e-mail address

InboundESMTPConvDSNNeverToNullSender=​True

OutboundESMTPConvDSNNeverToNullSender=​True

The sender uses DSN=NEVER to indicate that there is no interest on any reply to this messages. However, some MTA, like Exchange, honors this for non-delivery reports, but ignores it for out-of-office and automatic reply messages. To force Exchange to honor the setting for all kind of automatic messages, XWall sets the MAIL FROM to a NULL-e-mail address ( MAIL FROM: <> ). By default this setting is on for messages sent to your internal Exchange and off for outgoing messages.

Don't enforce a FQDN after the HELO / EHLO command

InboundESMTPEnforceFQDN=​False

The RFC requires that the HELO / EHLO command is followed by a FQDN and XWall will not accept a HELO / EHLO without the FQDN. However, some mail clients are not sending a FQDN and so they are not able to send to XWall without disabling it.

Add a delay of 3 seconds after the MAIL FROM and RCPT TO command

InboundSMTPThrottling=3

Spammers are trying to send their spam as fast as possible and usually have a limit on how much time they want to spend to send an e-mail. Inserting a delay between after the command makes the connection slower and so an impatient sender will simply give up.

Maximum message count in a single SMTP session

InboundSMTPMaxMsgCount=​5000

By default XWall accepts 5000 messages in a single SMTP session.

Maximum recipient count in a single message

InboundSMTPMaxSendToMessage=​5000

By default XWall accepts 5000 recipients in a single message.

Maximum bad recipient count in a single SMTP session

InboundSMTPMaxBadMailSession=50

XWall closes the connection after the sending MTA sent that many RCPT TO: with an bad e-mail address. By default XWall slows down, but doesn't close the connection after 50 bad e-mail addresses.

Reject internal From: address during the SMTP session

InboundBlockFromUsSMTPLevel=​True

If Check if the message has an internal From: address is enabled, then this setting rejects the message during the SMTP session.

Note: An exclusion for the recipients address will not work, because the message is rejected before the recipients address is known.

Don't set this value to low, because else you might have a problem getting newsletters.

Send the message back to the sender (echo service)

SMTPEchoAddress=​echo@yourdomain.com

XWall will send back every message to that e-mail address back to the user.

This is useful for testing XWall from outside.

Drop connection on failed SMPT authentication

InboundBlockAUIP=​True

InboundBlockAUIPThreshold=​2

XWall drop the connection from that IP address after two unsuccessful authentication attempts.

Route outbound messages based on the MAIL FROM e-mail address

FromStaticRoute=​newsletter@mydomain.com.au:​smarthost.somewhere.com:​0

Send all messages from an e-mail address to a specific smart host.

The double colon is the field delimiter, the first field is the from address, the second field is the smart host, the third field is ignored.

Set how many outbound connections for each priority XWall should create

SMTPSubObjectMax=1
ExchSubObjectMax=1

By default XWall creates one connection to each host for each priory and all messages with the same priority are sent serial. This settings allows you to set how many connection for the same priority XWall creates.

Send all outgoing messages to a smart host

SmartHost=mailer1.myisp.com
SmartHostPort=24

This sample defines the first smart host, using a non-standard port.

SmartHostAlias=​mailer2.myisp.com
SmartHostAliasPort=​24
SmartHostAlias=​mailer3.myisp.com
SmartHostAliasPort=​24
SmartHostAlias=​mailer4.myisp.com
SmartHostAliasPort=​24

This settings define additional smart hosts, also using a non-standard port.

In this sample XWall will try to connect to the first smart host (mailer1.myisp.com on port 24 ) and if this failes, XWall tries to connect to all other host until one of them accepts the message.

Send all outgoing messages to Virgin Media smart host

SmartHost=​smtp.virginmedia.com
SmartHostPort=​465
OutboundSMTPSendTyp=​0
OutboundSMTPAuthUser=​yourid@virginmedia.com
OutboundSMTPAuthPassword=​10yourpassword

In this sample XWall will try to connect to smtp.virginmedia.com on port 465, which is a SMTPS/TLS connection. XWall will then authenticate using your ID and password.

Note: This is only for customers of Virgin Media (virginmedia.com)

Connect to more than one Exchange

ExchHostAlias=​exchange2.​mydomain.com
ExchHostAlias=​exchange3.​mydomain.com

In this sample XWall will try to connect to the first Exchange and if this failes, XWall tries to connect to all other Exchange until one of them accepts the message.

Relay messages based on IP address or hostname and MAIL FROM e-mail address

SMTPRelayAllowRule=optionalIPAddress:​optionalHostname:​MAILFROM-EMail
SMTPRelayAllowRule=216.38.12.16:​www.mydomain.com:​newsletter@mydomain.com

Relay messages that are sent from that IP address or that hostname using the MAIL FROM e-mail address.

The double colon is the field delimiter, the first field is the optional IP address, the second field is the optional hostname, the third field is the e-mail address.

Dumps the connection statistic to the logfile every x minute

(MBAdmin Signal->Dump Connection Statistic)

DumpConnectionStatisticLogEvery​=5

This settings dumps the connection statistic to the logfile every 5 minute.

This is useful for collecting statistic data over along time period.

Cache the connection to Exchange

OutboundExchConnectionCache=​True

If enabled, XWall waits 10 seconds until the QUIT is sent and the connection is closed. If a new message arrives within that timeframe, the messages is sent to Exchange using the existing connection.

The benefit of the cache is that the TLS/SSL and ESMTP handshake is avoided for every message, which results in less traffic and CPU usage.

OutboundExchConnectionCacheWaitTime=10

The default wait time until the connection is closed is 10 seconds.

VerboseConnectionCache=​True

Show addititional information about the connection cache in the logfile

Cache the connection to any SMTP server

OutboundSMTPConnectionCache=​True

If enabled, XWall waits 10 seconds until the QUIT is sent and the connection is closed. If a new message arrives within that timeframe, the messages is sent to Exchange using the existing connection.

Usualy there is no benefit caching conentions to any SMTP server and it wastes a lot of memory.

OutboundSMTPConnectionCacheWaitTime​=10

The default wait time until the connection is closed is 10 seconds.

Bind XWall to IP address and/or port

The structure of the setting is:

SMTPIPAddress2=IPAddress:​Port:​notused:​FQDN:​NATIPAddress

Note: Repeat the lines for additional bindings

Bind to port 587 for Apple iPhone

SMTPIPAddress2=0.0.0.0:587

Apple iPhone supports RFC 4409 - Message Submission for Mail and so it expects to find the SMTP server at port 587 and not at the default port 25

Note: You also need to enable inbound authentication in Options->General->Authentication

Query the name server for the backup MX

CheckDNSQueryMX=​True

This setting is on by default.

By default XWall queries the name server for the backup MX for the domain. XWall excludes the backup MX from some spam checking, like Greylisting. Also the IP of the backup MX is ignored when XWall scans the Received: lines of the message header for the IP address of the sender.

Query a public name server for the backup MX

CheckDNSQueryMXPublicNS=​True

This setting is on by default.

XWall queries the name server of Google and opendns.org for the backup MX IP addresses. Sometimes the internal name server that XWall uses, has no definitions for the public MX records. By querying a public name server, XWall is able to get the IP addresses.

Set the public name server

CheckDNSQueryMXPublicNSIP=​8.8.4.4

By default XWall uses Google (8.8.8.8) and OpenDNS (208.67.222.222) as the public name server. Using this setting you can override the default.

Manually add a backup MX

InboundDomainMX=​192.116.177.10

This settings tells that a backup MX is running on 192.116.177.10. To define a second backup MX, add a second line with a different ip address.

By default XWall queries the name server for the backup MX for the domain. XWall excludes the backup MX from some spam checking, like Greylisting. Also the IP of the backup MX is ignored when XWall scans the Received: lines of the message header for the IP address of the sender.

Show Backup MX IP addresses

VerboseDomainMX=​True

This setting shows both the automatic and the manually collected backup MX IP addresses. The setting further shows for each messages the IP address that XWall treats as the sending server. The sending server is the server that sends the messages to the server bound to the MX records.

Define a inbound size limit for an e-mail address

InboundSizeLimitUser=​user1@domain1.com:​500000
InboundSizeLimitUser=​user2@domain1.com:​300000

This tells XWall that this e-mail addresses have a special size limit and that this limit overrules the global size limit. You can use wildcards in the e-mail address and the first one limit that matches will be used.

Define a inbound and outbound limit for message payload

InboundPayloadLimit=500000
OutboundPayloadLimit=500000

The message payload is calculated using the formula: message size in bytes x recipient count

If the payload is above the limit, then XWall rejects the message during the SMTP session.

Inbound and outbound reassemble message

InboundAssembleHdr=​X-SomeHeader
InboundAssembleHdr=​X-AnotherHeader
OutboundAssembleHdr=​X-SampleHeader
OutboundAssembleHdr=​X-AnotherSample

This setting tells XWall to adopt the header lines in case they exist in the original message.

By default XWall removes all unknown or unsafe header lines lines when reassembling a message. The reason is to safeguard from attacks with spoofed or faked headers lines.

Disable DSN to NEVER and/or MAIL FROM to a NULL-address for spam and OOF

InboundDSNNeverOnOFOAndSpam=​False
OutboundDSNNeverOnOFO=​False

By default XWall sets DSN to NEVER and/or MAIL FROM to a NULL-address for spam and out-of-office messages. This is to avoid automatic answers and out-of-office messages as a reply to a spam message. This setting disables this and sends spam messages as normal messages.

Add a header line to every message where the action was triggered

InboundSpamHeader=X-SomeHeader:​ AnyData

By default XWall adds the X-XWall-Spam: header line to every message where the action was triggered. This setting let's you add your own header line. This is useful if you want to create some special rules in your e-mail client or for e-mail clients that expect a fixed header line like GroupWise.

Block outbound messages that are not from an internal domain

OutboundBlockAddressOnlyInternal=​True

As spam typically originates from random sender addresses, this can be used to filter outgoing spam that are originated by a user that uses XWall as a relay.

Note: This also blocks auto-forwarded mails. As a consequence, this is the end of auto-forwarder loops, too. Some users will be disappointed that their forwarders to external web mailers are stopped, but administrators have one less issue to worry about.

Remove HTML part of the message if there is a script

InboundRemoveHTMLScript=​True

This setting forces XWall to remove the HTM part of the messages when a script is detected. The user then gets a plain text message without any harming HTML script.

Remove only the script from HTML part of the message if there is a script

InboundRemoveHTMLScriptV2=​True

This setting forces XWall to remove the script out of the HTML part of the messages when a script is detected. The user then gets a HTML message without any HTML script.

Remove HTML part of the message on action Mark Subject

InboundRemoveHTMLSpam=​True

This setting forces XWall to remove the HTM part of the messages when it triggers the Mark Subject action. The user then gets a plain text message without any harming HTML.

Destroy URL on action Mark Subject

InboundRemoveHTMLHyperlink=​True

This setting forces XWall to destroy any URL in both the HTML and the plain text part of the message when it triggers the Mark Subject action. The user then gets a message without any clickable URL.

The URL is still in the message, but spaces between the words make is impossible to click on the URL. However, the user can manually remove the spaces and then click on the URL.

Send a message to postmaster after XWall is started

(start service or mbserver.exe)

SendStartup=​True

XWall sends a message to postmaster after all configuration checking is done.

SendStartupTo=​other@domain.com

By default the messages is sent to postmaster, but this is where you can define an alternate address.

Send a message to postmaster after XWall is restarted

(internal restart because the configuration has changed )

SendStartupAlways=​True

XWall sends a message to postmaster after all configuration checking is done.

SendStartupTo=​other@domain.com

By default the messages is sent to postmaster, but this is where you can define an alternate address.

Send a message to postmaster after XWall is started when there is a configuration error or warning

SendStartupWarn=​True

XWall sends a message to postmaster after all configuration checking is done and there was a warning or error.

SendStartupToWarn=​other@domain.com

By default the messages is sent to postmaster, but this is where you can define an alternate address.

Add a delay at startup after a reboot

StartupDelayFresh=​30

Since November 2008 the DNS server of Windows 2003 doesn't work immediately after a reboot. As a result the DNS checking of XWall may fail. Adding a delay in XWall gives the DNS server enough time for housekeeping.

Send logfile to postmaster

(MBAdmin Signal->Send logfile)

SendLogFileTo=​youremail@domain.com

By default the logfile is sent to postmaster, but this is where you can define an alternate address.

Enforce TLS for domains

Note: Obsolete, use TLS Inbound Policy or TLS Outbound Policy

Enforce TLS for an IP address or a host name for inbound connections

InboundSMTPTLSRequiredHost=​mail.trusted-sender.com
InboundSMTPTLSRequiredIP=​176.12.17.0/24

This setting enforces TLS for the given IP address or host name.

In the case the connections omits TLS, XWall sends back error

530 5.7.0 must issue a STARTTLS command first

Define a special cipher list during a TLS connection

when acting as a server (obsolete because RC4 is no longer supported)

TLSServCipherList=ALL:​-RC4:​RC4-MD5:​RC4-SHA:​RC4:​!aNULL:​!eNULL:​!SSLv2:​!LOW:​!EXP:​!ADH:​!CAMELLIA:​!SEED:​@STRENGTH

when acting as a client

TLSClientCipherList=ALL:​-RC4:​RC4-MD5:​RC4-SHA:​RC4:​!aNULL:​!eNULL:​!SSLv2:​!LOW:​!EXP:​!ADH:​!CAMELLIA:​!SEED:​@STRENGTH

The list can represent a list of cipher suites containing a certain algorithm, or cipher suites of a certain type. A full description is at http://www.openssl.org/docs/apps/ciphers.html

Using RC4-MD5 and RC4-SHA for compatibility with old and unpached Windows 2003 IIS or Exchange

when acting as a server (obsolete because RC4 is no longer supported)

TLSServCipherList=ALL:​-RC4:​RC4-MD5:​RC4-SHA:​RC4:​!aNULL:​!eNULL:​!SSLv2:​!LOW:​!EXP:​!ADH:​!CAMELLIA:​!SEED:​@STRENGTH

when acting as a client

TLSClientCipherList=ALL:​-RC4:​RC4-MD5:​RC4-SHA:​RC4:​!aNULL:​!eNULL:​!SSLv2:​!LOW:​!EXP:​!ADH:​!CAMELLIA:​!SEED:​@STRENGTH

Define a protocol used during an inbound TLS connection (obsolete since v3.54e)

TLSServForceMethod=​3 ; SSLv3
TLSServForceMethod=​4 ; TLS 1.0
TLSServForceMethod=​5 ; TLS 1.1
TLSServForceMethod=​6 ; TLS 1.2

By default, the client and server negotiate on the highest possible protocol and at present this is TLS 1.2. With this setting the server accepts only that protocol and any other protocols are discarded.

Define a minimum and maximum protocol used during an inbound TLS connection

TLSServMethodMin=​4 ; TLS 1.0
TLSServMethodMin=​5 ; TLS 1.1
TLSServMethodMin=​6 ; TLS 1.2
TLSServMethodMin=​7 ; TLS 1.3

TLSServMethodMax=​4 ; TLS 1.0
TLSServMethodMax=​5 ; TLS 1.1
TLSServMethodMax=​6 ; TLS 1.2
TLSServMethodMax=​7 ; TLS 1.3

By default, the client and server negotiate on the highest possible protocol and at present this is TLS 1.2 or TLS 1.3. With this setting the server accepts only that protocol in this range.

The protocol has nothing to do with which ciphers are used. So it may be possible to use a strong protocl with a weak cipher or a weak protocol with a strong cipher.

From a securtiy standpoint, the cipher is the part that counts and not the protocol. The Logjam attack or the FREAK bug are against the cipher and not against the protocol. So to prevent a bug, the cipher must be changed and not the protocol.

Prevent from POODLE attack (obsolete because SSLv3 is no longer supported)

when acting as a server

TLSServCipherList=​@NOSSLV3

when acting as a client

TLSClientCipherList=​@NOSSLV3

The only way to prevent from POODLE attack, is to disable SSLv3. Unfortunately this also prevents older clients which use only SSLv3.

Announce inbound SMTP authentication only after TLS is established

InboundSMTPAuthTLS=​True

This setting hides ESMTP authentication announces (AUTH=LOGIN and AUTH PLAIN LOGIN) until a TLS connection is established. For a drive-by password cracker it looks like as if there is no authentication available. Only a client that establishes a TLS connection can authenticate.

Remove S/MIME signature for outbound messages

OutboundRemoveSMIMESign=​True

This setting forces XWall to remove a S/MIME signature before the message is signed or encrypted.

Sign a pre-singed message

OutboundSMIMESignPreSign=​True

This setting forces XWall to sign an already signed message.

By default the settings is False, because the result is not predictable.

Sign pre-encrypted message

OutboundSMIMESignPreCrypt=​True

This setting forces XWall to sign an already encrypted message.

By default the settings is False, because the result is not predictable.

Encrypt a pre-singed message

OutboundSMIMECryptPreSign=​True

This setting forces XWall to encrypt an already signed message.

By default the is True, because encrypting a singed messages is a good practice.

Encrypt a pre-encrypted message

OutboundSMIMECryptPreCrypt=​True

This setting forces XWall to encrypt an already encrypted message.

By default the settings is False, because the result is not predictable.

Verify signer certificate using SMIMEA

InboundSMIMEVerifySMIMEA=​True

This setting forces XWall to verify the certificate of the signer using SMIMEA with DANE rather than trusting a certificate chain with a certificate Certificate authority (CA).

Note: SMIMEA is defined in RFC 8162 - Using Secure DNS to Associate Certificates with Domain Names for S/MIME

Download the recipients certificate using SMIMEA

OutboundSMIMEVerifySMIMEA=​True

If the encryption rule for an outbound message has a wildcard ("*") for the certificate file, and the certificate file doesn't exist, then XWall will try to download the certificate using SMIMEA with DANE. If XWall could downlaod the certificate, it will place the certificate file in the CERT \ PUB directory.

XWall will first try a DNS SMIMEA query for the full e-mail address of the recipient (e.g. user@domain.com). If there is no SMIMEA certificate, then XWall will query a second time with a wildcard (e.g. *@domain.com). If a SMIMEA certificate is found, then XWall will use it as the certificate of the recipient.

Note: Using the second wildcard query allows the adminstrator of the recipients domain to pin a single certificate for the whole domain into DNS. This also fixes the chicken-and-egg problem how to get the certificate in first place.

Outlook displays the content of the x-message-flag Internet header line in the left upper part of the message dialog, right above the From: field. So this can be uses to show some information to the user.

XWall can show the following information:

Show the SPF status of the message

InboundXMessageFlagSPF=​True

Show the DomainKey status of the message

InboundXMessageFlagDKIM=​True

Show the S/MIME status of the message

InboundXMessageFlagSMIME=​True

Show the TLS status of the message

InboundXMessageFlagTLS=​True

Show the reason why the message was excluded from spam checking

InboundXMessageFlagExcl=​True

Show the format that was removed from the message

InboundXMessageFlagFormat=​True

Add support for RAR archive

UseUnRARDLL=​True

Download the latest UnRAR dll from http://www.rarlab.com/rar_add.htm and copy it into the XWall directory. Thereafter XWall will use the dll to extract the files from a RAR archive, the same way as it does for a zip archive.

Add support for TAR archive

UseTAR=​True

This setting forces XWall to extract the files from a TAR archive, the same way as it does for a zip archive.

Add support for GZip archive

UseGZip=​True

This setting forces XWall to extract the files from a GZip archive, the same way as it does for a zip archive.

Add support for 7Zip archive

Use7Zip=​True

This setting forces XWall to extract the files from a 7Zip archive, the same way as it does for a zip archive.

Add support for oleObjectxxx.bin embedded in an Microsoft Office doc/xls/docx/xlsx

UseMSOLEBin=​True

This setting forces XWall to extract the files from a oleObjectxxx.bin, the same way as it does for a zip archive.

The Central Checksum Service (CCS) is designed to detect bulk e-mail on a worldwide level, a full description is here.

Since v3.46 CCS also acts as a global heuristic spam repository.

XWall queries the CCS for the IP address of the sending MTA and gets back the threshold of heuristic spam for that IP address.

Further it reports the IP address of the sending MTA in the case a heuristic spam is detected.

Query the CCS for the IP address of the sending MTA

InboundBlockCCX=​False

This setting disables querying the CCS for the IP address of the sending MTA

Report heuristic spam to the CCS

InboundReportCCX=​False

This setting disables reporting of the IP address of the sending MTA in the case heuristic spam was detected

Enable the Blacklist

InboundAddressBlackList=​True

The Blacklist is similar to the White List, except that it blocks all messages that are sent by an e-mail addresses that is on the list. This allows your users to add e-mail addresses to the Blacklist by simply sending a command message to the Blacklist.

The action that is triggered when the e-mail is the same as in Options->Blocking->E-Mail

Maintain a separate Blacklist for each user

InboundAddressBlackListUserBased=​True

If enabled, XWall will create a separate Blacklist for each user, rather then one list for all users.

Reject the message during the SMTP session

InboundAddressBlackListBlockSMTPLevel=​True

If enabled, XWall will reject the message during the SMTP session and the message will not be accepted.

Note: This setting will not work when a separate list for each user is enabled. The reason is that at the time when the sender is checked, the recipient is not available yet.

Pack the Blacklist at midnight

InboundAddressBlackListASCII=​True

If enabled, XWall will sync AdrIBL-A.dat with AdrIBL-B.dat. More technically speaking XWall will remove outdated and duplicated entries from AdrIBL-A.dat

Max addresses to gather

InboundAddressBlackListMaxSlots=100000

Defines how large the Blacklist should become

Manage the Blacklist by sending a message with an e-mail

address in the subject to Add e-mail address or Delete e-mail address

InboundAddressBlackListFeedAdd=​add@blacklist.xxx
InboundAddressBlackListFeedDel=​del@blacklist.xxx

Defines an e-mail address that is NOT in your domain and that is used for manually adding or deleting of e-mail addresses.

If you are not sure what e-mail address you should use, then use add@blacklist.xxx and del@blacklist.xxx

To add an e-mail address, send a message to add@blacklist.xxx with the e-mail address that should be added in the subject. To delete an e-mail address send a message to del@blacklist.xxx with the e-mail address that should be deleted in the subject.

Suppress Received: header line from Exchange

SuppRecvLn=​True

By default XWall adds a Received: header line with the IP address and the host name of Exchange. This setting is to disable the Received: header line.

Remove X-Originating-IP header line for outbound messages

OutboundRemoveHeaderXOriginatingIP=​True

By default Exchange 2010 SP1 adds the originating IP address ( e.g. the IP address that Outlook uses ) to the header of every outgoing message.

With this setting enabled, XWall removes the header x-originating-ip line from outbound messages.

Add header line to outbound messages,

OutboundHeader=:​sender@yourdomain.com:​reciepient@outbound.com:​X-MYHEADER:​WhatEverIsNeeded

sender@yourdomain.com is the From: address. If it is blank, it matches all.
reciepient@outbound.com is the To: address. If it is blank, it matches all.
X-MYHEADER:​ WhatEverIsNeeded is the header line that is added

Add header line to inbound messages

InboundHeader=:​sender@yourdomain.com:​reciepient@outbound.com:​X-MYHEADER:​WhatEverIsNeeded

sender@yourdomain.com is the From: address. If it is blank, it matches all.
reciepient@outbound.com is the To: address. If it is blank, it matches all.
X-MYHEADER: WhatEverIsNeeded is the header line that is added

Delete header line from outbound messages

OutboundHeaderDel=:​sender@yourdomain.com:​reciepient@outbound.com:​X-MYHEADER

sender@yourdomain.com is the From: address. If it is blank, it matches all.
reciepient@outbound.com is the To: address. If it is blank, it matches all.
X-MYHEADER is the header line that is removed

Bind to IPv6

InboundSMTPIPv6=​True

Using this setting, XWall accepts IPv6 connections.

Use IPv6 for outgoing connections

OutboundSMTPIPv6=​True

Using this setting, XWall uses IPv6 for outgoing connections.

In the case IPv6 doesn't work, IPv4 is used.

Use IPv6 for Exchange connections

OutboundExchIPv6=​True

Using this setting, XWall uses IPv6 for Exchange connections.

In the case IPv6 doesn't work, IPv4 is used.

Connect to ClamAV

VirusScannerClamAVNative=​True
VirusScannerClamAVHost=​localhost
VirusScannerClamAVPort=​3310

This setting forces XWall to connect to ClamAV, the same way as clamdscan.exe connects to clamd.exe. In the case there is a problem, XWall starts the on-demand scanner, which is usually clamdscan.exe

Prevent check for On-Access scanner at startup

VirusScannerOnAccessStartupCheck=​False

This setting disables the check for the On-Access scanner at startup.

Run XWall under Linux

Install wine (sudo apt-get install wine) and then start XWall using:

wineconsole mbserver

Note: You need to use 'wineconsole' and not 'wine', because MBServer.exe is a console application and not a GUI application.