This lists all the settings in the preferences.php file, which is normally found in /opt/zendto/config/preferences.php. Do not change values in this file unless you need to, and then only after carefully reading the comments in the file.

If you want to change the text in the user interface, then edit /opt/zendto/config/zendto.conf and not this file. It is mostly self-explanatory.

The preferences.php settings you are most likely to need to change are:

File Locations & System

All of these are set to the correct values by default. Don't change them unless you really need to.

This is the location of the top of the directory tree containing the www, lib, template and so on directories.
This is the location of the ZendTo "lib" directory.
This is the location of the ZendTo data directories, containing the log file, SQLite database file and files contained in each drop-off.
The is the ZendTo version number as reported in the footer.tpl template that appears at the bottom of each web page.
This is the location of the directory containing the statistics gathered about the usage of your ZendTo installation, which are viewable by any of your ZendTo administrators.
This is the location of the file containing the usage statistics.
This is the location of the rrdtool binary used by ZendTo to process its statistics into graphs.
This is the directory where all the files dropped off are stored. Significant amounts of storage must be available here to hold the files that have been dropped off and have not yet been expired.
This is the location of the ZendTo log file. All transactions are logged here.


This can be "SQLite3" (the default), "SQLite" or "MySQL". It defines which database back-end ZendTo is using. I would advise SQLite3 as it requires no manual configuration or setup at all. If you are going to use MySQL, then you will need to read /opt/zendto/sql/README.MySQL to configure it.
This sets the filename of the SQLite database, if SQLite3 or SQLite is being used. Otherwise this setting is ignored.
This is the name of the server hosting the MySQL database, if MySQL is being used.
This is the username used to connect to the MySQL database server, if MySQL is being used.
This is the password used to connect to the MySQL database server, if MySQL is being used.
This is the name of the MySQL database, if MySQL is being used.

Drop-off Properties

After a file has been dropped off, it will remain available for download until either it is deleted by the recipient (if there was only 1 recipient) or the sender, or until this number of days have passed. Increasing this number will require more drop-off storage.
When a drop-off is being downloaded, should the list of recipients be displayed? Possible values are "TRUE" or "FALSE".
The maximum total number of bytes that can be uploaded in the sum of all the files dropped off in 1 drop-off. This should be less than 2GB on any 32-bit ZendTo server. Provided PHP has been rebuilt, or you have PHP 7 or above, you may set this value as large as you like.
The maximum size of any 1 file in a drop-off. This should be less than 2GB on any 32-bit ZendTo server. Provided PHP has been rebuilt, or you have PHP 7 or above, you may set this value as large as you like.

Uploads & Requests

When the "Send a Request" feature has been used, this is the number of seconds the recipient has in which to respond by uploading some files. After this time, the Request expires and the request will have to be re-generated. 86400 seconds = 1 day. 604800 seconds = 1 week.
If this is set to anything other than the empty string, all drop-offs sent in response to Requests will be delivered to this email address, instead of the email address of the person who sent the Request in the first place. This can be used to force all files submitted in response to the "Send a Request" feature to go into a customer service ticketing system, rather than personally to the staff member who sent the Request.
This is the maximum length of the "Subject:" line sent in the email when the "Send a Request" feature is being used.
This is the maximum length of the "Short Note" that can be added to all drop-offs.

Library of Files

If you frequently send one or more of a small set of files to recipients, you don't want to have to upload each file to ZendTo every time. So this "Library of Files" feature allows you to have a directory of frequently-used files. When you come to choose what files to send to a recipient, you can choose to either upload a file or pick from a file already in the library. You can have a per-user library as well as a default one, and the library feature will only be presented to the user if there are files in their library. Also, the description used for each file is remembered, so when you next send a particular library file to a recipient, you won't even have to enter the description. To enable the library feature, set this to true.
This points to the directory used by the "Library of Files" feature. All files in this directory must be at least readable by the web server user. The default set of files presented to a user should be placed in this directory. Sub-directories of this are named after the username they correspond to, and contain the set of files available to that user. The per-user directory contents over-rides the default directory, it does not add to it. A good way for users to manage their library would be to create a WebDAV share that points to it, which is widely documented elsewhere.

Protection Against Robots

The test to prove that ZendTo is being used by a person and not some automated spamming program is done using a test called "reCAPTCHA". To operate, this needs to have a public key and a private key. So go to reCAPTCHA and log in. Then "Add a New Site" and enter the full name of your ZendTo website (not the real hostname of the box hosting it). I advise you leave the "global key" box unticked. Then simply copy and paste the 2 long strings it generates into your preferences.php.
Note: I strongly advise against this, but if you must disable the "reCAPTCHA", set both of these to the string "disabled". Note that if you disable this, you will get spammed by malware and viruses being sent to your users.
This should normally be set to true to help protect your ZendTo server against distributed denial-of-service (DDoS) attacks. It forces any unauthenticated user to prove they are a real person before they can download any file from a drop-off. If the drop-off contains multiple files, they only have to pass the test once, regardless of how many files they download. If it is set to false then this protection is removed, but it is slightly quicker for people to use as they don't have to pass a CAPTCHA test.

Authentication & Administrators

This is the list of usernames who have administrative rights over your ZendTo server. They will be able to see statistics about the service's use, and they will be able to see and delete every drop-off.
This sets the type of authentication your ZendTo will use. It must be one of "Local", "IMAP", "AD" or "LDAP". The available authentication systems, together with their configuration settings, are described here.

Domains & Usernames

The root URL of your ZendTo installation. If at all possible, set up an https site as well as the default http one created by the Installer. This URL must end in a '/'.<
Sometimes users forget to enter full email addresses and just enter the username. If that happens, this is the string added after an "@" to turn them into addresses for your organisation.
When a user has not logged in, they can only send files to users whose email addresses belong to your organisation. This setting can either be the full path to a file, or a regular expression.
If it is a file, then that file must be a plain text file listing your domain names, one per line. You do not need to list all your sub-domains, just your top-level domain, as an entry of "" will allow all addresses like "*" and also "*@*". By default it points to /opt/zendto/config/internaldomains.conf.
If it is a regular expression, then it must match everything to the right of the "@" symbol in your email addresses.
This defines what strings are valid usernames on the login page.
This defines what are valid email addresses for anyone.
This lists all the IP address prefixes which are occupied by your own network. It is used to slightly change the appearance of the ZendTo home page to reflect whether users should be encouraged to login or not.

Sending E-mail

The fully qualified hostname of your SMTP server, or else its IP address. If this value is set to an empty string, then the old method of sending email will be used, which requires a working sendmail/Postfix setup on the server.
The port number to use for talking to your SMTP server defined above. Almost always one of 25, 587 or 465. If you can, use 587 and set the SMTPusername and SMTPpassword values below. The default value is 25, for which your SMTP server may not require any authentication.
This must be either an empty string '' or the string 'tls' (or else 'ssl' which is deprecated). If set to 'tls' then TLS encryption will be used for the connection to your SMTP server.
The username to use if authenticating to your SMTP server. If set to an empty string, authentication will not be attempted.
The password to use if authenticating to your SMTP server.
The character set used in e-mail messages. If at all possible, leave it at the default 'utf-8'. If you have problems with e-mail messages appearing incorrectly, try changing this to 'iso-8859-1'.
If this is set to TRUE then the progress of each SMTP connection will be shown in detail on the user's web browser whenever an email message is ent. Ensure it is set to FALSE on production systems.

Logins & Sessions

These define how long a user is locked out of ZendTo if they repeatedly enter an incorrect password. This provides security against malicious programs trying to guess your users' passwords by repeatedly trying to log in to ZendTo. If a user fails to enter the correct password "loginFailMax" times in "loginFailTime" seconds, they are locked out completely for a further "loginFailTime" seconds. 86400 seconds = 1 day. 604800 seconds = 1 week.
This is the name of the cookie stored in each user's web browser to track their session.
This is a secret string used to protect ZendTo from sessions being faked by malicious users. It should be generated by running "/opt/zendto/sbin/genCookieSecret.php".
This sets the maximum length of a ZendTo user session.

Virus Scanning

This is the command used to call the virus scanner. You should use the "clamd" virus scanner daemon, which is part of ClamAV, an excellent free virus scanner. It runs very fast, and is used to scan all uploaded files for viruses. Any drop-off containing infected files is rejected and deleted immediately. This is the only content check ZendTo performs on uploaded files.