Skip to main content

exim rewrite subject for email coming from External domain

for incoming email not from our domain (external domains) we want to add [EXTERNAL] to the subject but if it already contains [EXTERNAL] we do not want to add it again.

I made the changes on our Sophos UTM 9 system.  More than likely it will require rewriting these files after a update.  This should apply to other systems running exim.

If your exim is installed in chroot enviroment you want to place the files there
on Sophos UTM this is /var/chroot-smtp/etc/
on system with non chroot it may be /etc/exim/

created a file /var/chroot-smtp/etc/exim.system_filter
with following contents
change domains to match your enviroment.  The > placed on the end of the match sstring so it does not match email address spoofing in display name using your domain.

 /var/chroot-smtp/etc/exim.system_filter
if
$header_from: does not contain "@yourdomain.com>"
and $header_from: does not contain "@yourdomain.localdomain>"
and $header_from: does not contain "@additionaldomain.com>"
and $header_subject: does not contain "[EXTERNAL]"
then
headers add "Old-Subject: $h_subject:"
headers remove "Subject"
headers add "Subject: [EXTERNAL] $h_old-subject"
headers remove "Old-Subject"
endif

add to exim.conf
for Sophos UTM 9 this file is located in  /var/chroot-smtp/etc/exim.
system_filter = /etc/exim.system_filter

In sophos we are running exim in chroot under /var/chroot-smtp the exim.conf does not need that portion in the path since its jailed.

This file has worked for my environment , I hope this is helpful to you

Sam Saqr

Comments

Popular posts from this blog

EXTERNAL domain warning for zimbra

With the phishing attempts that consonantly target users your company can get exposed to a possible infiltration because a user thought a representative of the company sent them an email asking to change the password or to cleanup a full inbox, etc. In the email they will have a link and a login page that is used to collect the users login name and password. Many companies are starting to implement some kind of indication to the user that the email originated outside the company. Some will add a tag to the subject like [EXTERNAL] if the mail system has capabilities for using transport rules, spamassasin header, postfix header_checks. Other phishing attempts would use CEO names in the name field with a different return email address. The way users fall for this is they do not look at the originating email address. It also does not help that most mail clients will only show display name when provided instead of the email. Currently zimbra does not have a way to creat

zimbra change domain ham spam galsync and virus accounts

Do the domain that was created by default is not the domain that you intended.  Or when you setup zimbra you were not paying attention and server name got added in front of the domain ie mail.domain.com instead of just domain.com. Now you need to setup the ham, spam, galsync, and virus-quarantine accounts to your new domain. Lets start with ham and spam. From zimbra webadmin find the spam and ham accounts under manage and then search individually for ham and spam.  They will have random characters after the name.  We will need the full name of both accounts.  Right click to edit the account and under account name change the domain to your newly created domain and save.  Do this for both accounts.  Also get the names of both accounts.  You can copy and paste them to use in the following command line. As zimbra user on the mail server run these commands. You can also check the current spam accounts with zmprov gcf zimbraSpamIsSpamAccount zimbraSpamIsSpamAccount: spam@old.doma

Best Free Antivirus for Home use

Best Free Antivirus Are you looking for a good anti-virus that is free.  My current recommendation is Free Sophos Home. https://home.sophos.com/en-us/free-anti-virus-windows.aspx Sophos Home the free version comes with Real Time Antivirus, Parental Website Filtering, Web protection, Remote management, and support for 10 PC's and Macs from one free account. I have used the Sophos Endpoint paid version for several years at my work and has been a great product. Web Protection and Parental Website Filtering are useful from keeping all computers from known infected websites.  Sophos makes this easy by having categories.  You want to block all know malware/spyware infected websites.