Skip to main content

exim rewrite subject for email coming from External domain

for incoming email not from our domain (external domains) we want to add [EXTERNAL] to the subject but if it already contains [EXTERNAL] we do not want to add it again.

I made the changes on our Sophos UTM 9 system.  More than likely it will require rewriting these files after a update.  This should apply to other systems running exim.

If your exim is installed in chroot enviroment you want to place the files there
on Sophos UTM this is /var/chroot-smtp/etc/
on system with non chroot it may be /etc/exim/

created a file /var/chroot-smtp/etc/exim.system_filter
with following contents
change domains to match your enviroment.  The > placed on the end of the match sstring so it does not match email address spoofing in display name using your domain.

 /var/chroot-smtp/etc/exim.system_filter
if
$header_from: does not contain "@yourdomain.com>"
and $header_from: does not contain "@yourdomain.localdomain>"
and $header_from: does not contain "@additionaldomain.com>"
and $header_subject: does not contain "[EXTERNAL]"
then
headers add "Old-Subject: $h_subject:"
headers remove "Subject"
headers add "Subject: [EXTERNAL] $h_old-subject"
headers remove "Old-Subject"
endif

add to exim.conf
for Sophos UTM 9 this file is located in  /var/chroot-smtp/etc/exim.
system_filter = /etc/exim.system_filter

In sophos we are running exim in chroot under /var/chroot-smtp the exim.conf does not need that portion in the path since its jailed.

This file has worked for my environment , I hope this is helpful to you

Sam Saqr

Comments

Post a Comment

Popular posts from this blog

EXTERNAL domain warning for zimbra

With the phishing attempts that consonantly target users your company can get exposed to a possible infiltration because a user thought a representative of the company sent them an email asking to change the password or to cleanup a full inbox, etc. In the email they will have a link and a login page that is used to collect the users login name and password. Many companies are starting to implement some kind of indication to the user that the email originated outside the company. Some will add a tag to the subject like [EXTERNAL] if the mail system has capabilities for using transport rules, spamassasin header, postfix header_checks. Other phishing attempts would use CEO names in the name field with a different return email address. The way users fall for this is they do not look at the originating email address. It also does not help that most mail clients will only show display name when provided instead of the email. Currently zimbra does not have a way to creat...
4 comments
Read more

Remove EXTERNAL from subject on exim for email leaving your domain

In an earlier post I mentioned how to tag/add EXTERNAL to the subject header on exim.  I made the changes on our Sophos UTM which may require re-applying the configuration files after Sophos UTM update. I ended up adding and elif block to act on outgoing emails in the exim.system_filter file this is the block I added.  Change your domain as appropriate and add additional lines if you need to. elif  $header_from: contains "@yourdomain.com>"  and $header_to: does not contain "@yourdomain.com>"  and $header_subject: contains "[EXTERNAL]" then  headers add "Old-Subject: $h_subject:"  headers remove "Subject"  headers add "Subject: ${sg{$h_old-subject:}{[[]EXTERNAL[]]}{}}"  headers remove "Old-Subject" endif This is the full exim.system_filter file To have the $h_from or $header_from act on the domain part and not the display name part if someone was trying to spoof the from name I added the > at the ...
1 comment
Read more

Best Free Antivirus for Home use (updated 2025)

Figure 1: Modern antivirus protection concept for 2025. Best Free Antivirus for Home Use (2025 Edition) đź•’ Updated October 2025 — Sophos Home Free is no longer available to new users, but there are still great free antivirus options. If you’re looking for a trusted, no-cost antivirus solution for your home PC or Mac, here’s the 2025 reality: most vendors now offer free trials instead of fully free versions. However, a few excellent choices remain that deliver real-time protection without requiring a paid subscription. ⚙️ Top Recommended Free Antivirus Tools (2025) Microsoft Defender (Windows 10/11) — Built into Windows and now one of the best free antivirus options available. It includes real-time protection, ransomware defense, and smart cloud-based threat detection. No registration or ads. Avast One Essentials — Free tier with core antivirus, Wi-Fi inspector, and password protection. Lightweight and easy to use. Bitdefender Antivirus Free — S...
1 comment
Read more