In an earlier post I mentioned how to tag/add EXTERNAL to the subject header on exim. I made the changes on our Sophos UTM which may require re-applying the configuration files after Sophos UTM update.
I ended up adding and elif block to act on outgoing emails in the exim.system_filter file
this is the block I added. Change your domain as appropriate and add additional lines if you need to.
elif
$header_from: contains "@yourdomain.com>"
and $header_to: does not contain "@yourdomain.com>"
and $header_subject: contains "[EXTERNAL]"
then
headers add "Old-Subject: $h_subject:"
headers remove "Subject"
headers add "Subject: ${sg{$h_old-subject:}{[[]EXTERNAL[]]}{}}"
headers remove "Old-Subject"
endif
This is the full exim.system_filter file
To have the $h_from or $header_from act on the domain part and not the display name part if someone was trying to spoof the from name I added the > at the end of the domain. If you have alert domains that do not add display name they will get tagged with EXTERNAL. You can add the full email address for those from addresses.
you will need to edit the exim.conf and add the line
system_filter = /etc/exim.system_filter
then restart exim
On Sophos UTM 9 to restart exim
/var/mdw/scripts/smtp restart
if
$header_from: does not contain "@yourdomain.com>"
and $header_from: does not contain "name@internaldomain.localdomain"
and $header_from: does not contain "@anotherdomain.com"
and $header_from: does not contain "@rt.tricongeophysics.com>"
and $header_subject: does not contain "[EXTERNAL]"
then
headers add "Old-Subject: $h_subject:"
headers remove "Subject"
headers add "Subject: [EXTERNAL] $h_old-subject"
headers remove "Old-Subject"
elif
$header_from: contains "@yourdomain.com>"
and $header_to: does not contain "@yourdomain.com>"
and $header_subject: contains "[EXTERNAL]"
then
headers add "Old-Subject: $h_subject:"
headers remove "Subject"
headers add "Subject: ${sg{$h_old-subject:}{[[]EXTERNAL[]]}{}}"
headers remove "Old-Subject"
endif
Sam Saqr
I ended up adding and elif block to act on outgoing emails in the exim.system_filter file
this is the block I added. Change your domain as appropriate and add additional lines if you need to.
elif
$header_from: contains "@yourdomain.com>"
and $header_to: does not contain "@yourdomain.com>"
and $header_subject: contains "[EXTERNAL]"
then
headers add "Old-Subject: $h_subject:"
headers remove "Subject"
headers add "Subject: ${sg{$h_old-subject:}{[[]EXTERNAL[]]}{}}"
headers remove "Old-Subject"
endif
This is the full exim.system_filter file
To have the $h_from or $header_from act on the domain part and not the display name part if someone was trying to spoof the from name I added the > at the end of the domain. If you have alert domains that do not add display name they will get tagged with EXTERNAL. You can add the full email address for those from addresses.
you will need to edit the exim.conf and add the line
system_filter = /etc/exim.system_filter
then restart exim
On Sophos UTM 9 to restart exim
/var/mdw/scripts/smtp restart
if
$header_from: does not contain "@yourdomain.com>"
and $header_from: does not contain "name@internaldomain.localdomain"
and $header_from: does not contain "@anotherdomain.com"
and $header_from: does not contain "@rt.tricongeophysics.com>"
and $header_subject: does not contain "[EXTERNAL]"
then
headers add "Old-Subject: $h_subject:"
headers remove "Subject"
headers add "Subject: [EXTERNAL] $h_old-subject"
headers remove "Old-Subject"
elif
$header_from: contains "@yourdomain.com>"
and $header_to: does not contain "@yourdomain.com>"
and $header_subject: contains "[EXTERNAL]"
then
headers add "Old-Subject: $h_subject:"
headers remove "Subject"
headers add "Subject: ${sg{$h_old-subject:}{[[]EXTERNAL[]]}{}}"
headers remove "Old-Subject"
endif
Sam Saqr
This comment has been removed by the author.
ReplyDelete