• Home
  • The Song
  • The Avatar
  • The Cat
  • Contact the Cat

Gyp the Cat dot Com

How to Add Different Disclaimers using alterMIME and Postfix based on Domain
Computers, internet

How to Add Different Disclaimers using alterMIME and Postfix based on Domain

As you may have gathered from my previous blogs, I like Postfix, one thing I love about it is how modular it is.  This became especially evident today when I was asked to make sure that all emails go out with the appropiate disclaimer on it.  This company has one MS Exchange mail server which services a hand full of different companies’ domains.

It transpires that adding the pretty signature via a pretty Outlook stationary item is not an option, with the mix of ActiveSync enbaled devices among staff (ie iPhone & HTC), people using Webmail at home signatures were not always getting applied neatly via Outlook.  So we had to find a workaround to make sure the stationary gets attached.

My first thought was on the Exchange itself, I knew that it was possible to add stationary via the SMTP sink as per this Microsoft Article, but this didn’t strike me as being a particularly elegant solution on an already heavily utilised box, plus MSExchange.org indicated that it may increase the load on the server.

In the end we decided upon doing it at al MTA level on our existing Ubuntu Postfix MTA and then use alterMIME to add the necessary text.  We found two excellent resources that helped a great deal an article by Falko and another on the Zimbra Wiki.

We present here a combination of the steps we took with the direction from the two posts above and this would not have been possible without those guys sharing for the greater community.

Via your Ubuntu shell install alterMIME

apt-get install altermime

Next we need to create a user for alterMIME and set it up with a directory.

useradd -r -c “Postfix Filters” -d /var/spool/filter filter
mkdir /var/spool/filter
chown filter:filter /var/spool/filter
chmod 750 /var/spool/filter

Next we will install the default script that does the work.

cp /usr/share/doc/altermime/examples/postfix_filter.sh /etc/postfix/disclaimer

As discussed in the above articles alterMime requires some tweeking if you don’t want it to apply a standard disclaimer to all inbound and outbound email.  We start this by creating different lists who will use different disclaimers.  We’ll worry about populating later on.

touch /etc/postfix/disclaimer_addresses_companya
touch /etc/postfix/disclaimer_addresses_companyb
touch /etc/postfix/disclaimer_addresses_companyc
touch /etc/postfix/disclaimer_addresses_companyd

While we’re at it, we may as well copy across the default disclaimers that alterMime gives us (we can change them later with our specifics).

cp /usr/share/doc/altermime/examples/disclaimer.txt /etc/postfix/disclaimer_companya.txt
cp /usr/share/doc/altermime/examples/disclaimer.txt /etc/postfix/disclaimer_companyb.txt
cp /usr/share/doc/altermime/examples/disclaimer.txt /etc/postfix/disclaimer_companyc.txt
cp /usr/share/doc/altermime/examples/disclaimer.txt /etc/postfix/disclaimer_companyd.txt

Next we want to edit the configuartion file to take notice of the different email domains.

Lets backup the config file since we’re going to mess with it and it’s always nice to have a good copy of it.

cp /etc/postfix/disclaimer /etc/postfix/disclaimer.orig

Lets open the default config.

nano /etc/postfix/disclaimer

Delete all that in there already and replace with the following, txt version here.

#!/bin/sh
# Localize these.
INSPECT_DIR=/var/spool/filter
SENDMAIL=/usr/sbin/sendmail

# Define our company address lists
disclaimer_addresses_companya=/etc/postfix/disclaimer_addresses_companya
disclaimer_addresses_companyb=/etc/postfix/disclaimer_addresses_companyb
disclaimer_addresses_companyc=/etc/postfix/disclaimer_addresses_companyc
disclaimer_addresses_companyd=/etc/postfix/disclaimer_addresses_companyd

# Exit codes from <sysexits.h>
EX_TEMPFAIL=75
EX_UNAVAILABLE=69

# Clean up when done or when aborting.
trap “rm -f in.$$” 0 1 2 3 15

# Start processing.
cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit
$EX_TEMPFAIL; }

cat >in.$$ || { echo Cannot save mail to file; exit $EX_TEMPFAIL; }

# Obtain From address domain
from_address=`grep -m 1 “From:” in.$$ | cut -f 2 -d ‘@’ | cut -d “>” -f 1`

# If the from address matches companya then apply the appropiate disclaimed
if [ `grep -wi ^${from_address}$ ${disclaimer_addresses_companya}` ]; then
/usr/bin/altermime –input=in.$$
–disclaimer-html=/etc/postfix/disclaimer_companya.txt ||
{ echo Message content rejected; exit $EX_UNAVAILABLE; }

# If the from address matches companyb then apply the appropiate disclaimed
if [ `grep -wi ^${from_address}$ ${disclaimer_addresses_companyb}` ]; then
/usr/bin/altermime –input=in.$$
–disclaimer-html=/etc/postfix/disclaimer_companyb.txt ||
{ echo Message content rejected; exit $EX_UNAVAILABLE; }

# If the from address matches companyc then apply the appropiate disclaimed
if [ `grep -wi ^${from_address}$ ${disclaimer_addresses_companyc}` ]; then
/usr/bin/altermime –input=in.$$
–disclaimer-html=/etc/postfix/disclaimer_companyc.txt ||
{ echo Message content rejected; exit $EX_UNAVAILABLE; }

# If the from address matches companyd then apply the appropiate disclaimed
if [ `grep -wi ^${from_address}$ ${disclaimer_addresses_companyd}` ]; then
/usr/bin/altermime –input=in.$$
–disclaimer-html=/etc/postfix/disclaimer_companyd.txt ||
{ echo Message content rejected; exit $EX_UNAVAILABLE; }

fi

# Send the email on as per the Postfix stack
$SENDMAIL “[email protected]” <in.$$

exit $?

Now we need to make the file executable.

chgrp filter /etc/postfix/disclaimer
chmod 750 /etc/postfix/disclaimer

Now lets go and tell Postfix to use the alterMIME filter.  Make sure you backup the existing file incase you need to roll back:

cp /etc/postfix/master.cf /etc/postfix/mastercf.orig

Edit the master.cf file

nano /etc/postfix/master.cf

Right under the first not commented out section lets put the filter in there, so we add a line underneath:

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: “man 5 master”).
#
# Do not forget to execute “postfix reload” after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       –       –       –       –       smtpd
-o content_filter=dfilt:

Scroll all the way to the bottom and add the following to tell Postfix what variables to pass to alterMIME.  Add the following two lines on the bottom.

dfilt     unix    –       n       n       –       –       pipe
flags=Rq user=filter argv=/etc/postfix/disclaimer -f ${sender} — ${recipient}

Save and exit.

No you can go and populate the email lists by typing a seperate email address on it’s own.

nano /etc/postfix/disclaimer_addresses_companya

Add in something like this appropiate to your installation.

companya.com

Feel free to edit your disclaimer:

nano /etc/postfix/disclaimer_companya.txt

You could have something like this in your standard email disclaimer which will be interpreted as HTML.

<br />
The information contained in this document is strictly private & confidential and may also be privileged. If you are NOT the person to whom this email is addressed, please notify the sender immediately by reply. You should not copy the document or any of the attachments which may be contained herein, or use it for any purpose or disclose its contents to any third party.<br />
<br />
Employees of Company A are expressly required not to make any defamatory statements and not to infringe or authorise any infringements of copyright, or any other legal right, by email communication. Any such communication is contrary to the company’s policy and outside the scope of the employment of the individual concerned. The company will not accept any liability in respect of such communication, and the employee will be personally liable for any damages or other liability which may arise from it.<br />
<br />
Company A does not accept responsibility for changes made to this message after it was originally sent.<br />
<br />
Company A is the trading name of Company Alpha Limited, registered office: Company A House, Big Road, Big City, registered in England & Wales under company no 1234567.<br />

Save and close the document and you’re done.

Now reload Postfix:

postfix reload

Give it a test and you should now be attaching the statutory legal requirements onto your email. You may want to edit your email lists and your individual disclaimers too for each company.

Related

Written by gyp - November 9, 2010 - 15865 Views
Tags | altermime, internet, linux, postfix

You Might Also Like

How to fix Mail Loops Back to Myself

October 13, 2010

Backing Up All MySQL Databases Individually using Cron

November 11, 2012

How to Configure Windows 2012 NPS for Radius Authentication with Ubiquiti Unifi

May 17, 2016

20 Comments

  • Peter Larsen August 23, 2011 at 9:51 am

    Don’t you mean master.cf instead of main.cf? Anyways. very nice tutorial

    Reply
    • gyp August 23, 2011 at 1:26 pm

      Hi Peter,

      Thanks for the comments 🙂

      Yes, you are right I meant the master.cf when updating the SMTP pipes. Have corrected the main post.

      Thanks,
      Gyp

      Reply
  • Daniel June 11, 2012 at 1:03 pm

    Thank you! Nice tutorial! But you should careful about the quotation marks you are using: “ this is going to give you a syntax error.
    # Obtain From address domain
    from_address=`grep -m 1 “From:” in.$$ | cut -f 2 -d ‘@’ | cut -d “>” -f 1`

    Reply
    • gyp June 12, 2012 at 7:59 am

      Thanks for the tip Daniel, glad it came in useful 🙂

      Reply
  • Frank June 20, 2012 at 1:48 am

    In a postfix mysql environment, where accounts are stored in MYSQL, is it possible to have dynamic signatures on a per user basis?

    What I am trying to accomplish is storing email signatures on a per user basis directly in MYSQL and then having altermime insert the signature based on the sender. Does altermime work with mysql?

    I am using iRedMail’s postfix, dovecot, mysql setup.

    Reply
    • gyp June 20, 2012 at 12:11 pm

      Hi Frank,

      Thanks for dropping by.

      Wow, I can see that would make life quite a heck of a lot easier. To be truthful that would be overkill for the project I used and I didn’t do it that way.

      A search doesn’t seem to show anyone using Altermime with a MySQL database, I’m not sure if thats because Altermime doesn’t support it or if no one has even needed to do it. Finding nothing could indicate that it isn’t functionality that it supports.

      The options I think you’ve got (from my humble experience), could be:
      1) List all your users individually.
      2) Run a SQL script as a scheduled job to produce the mappings into a flat file which is then used my Altermime. This option could tick all the boxes for you.

      I’d be very interested to learn how you get on with this, and if you want somewhere to post a “how to” feel free to get in touch and you can post it on here as a guest author 🙂

      Gyp

      Reply
      • Frank June 30, 2012 at 11:19 am

        Got it to work with Amavis
        http://serverfault.com/questions/401900/amavis-atermime-dynamic-email-signatures-disclaimers/403664#403664

        The only glitch right now is that on replies the number of signatures (disclaimers) keep growing. Trying to figure out a quick and dirty way to prevent that. Thinking about adding a custom header, and then looking for it …

        Reply
        • gyp July 4, 2012 at 8:34 pm

          Oh wow, great work well done. Thanks for letting me know, I will be using that 🙂

          Reply
          • Frank July 4, 2012 at 10:31 pm

            It all started with your post. If you come up with a way to prevent duplicate signatures on subsquent replies let me know. Right now if we have a long conversation by email it keeps appending a new signature per response. Ideally it would also read the message or headers and only add them on first reply. Having signatures on mail server versus client makes lots of sense if we can get past these tiny issues.

          • gyp July 15, 2012 at 8:10 pm

            The old growing footer debate 🙂 Last time I had a conversation with some legal orientated people they thought it was better to attach the disclaimer on every email. I suppose you could check if some words already exist and not apply it if so.

            Also noticing quite a few more modern email clients (ie Gmail and Outlook) don’t display the footer if it already exists.

            Will happily let you know if I come up with a solution.

          • frank July 15, 2012 at 11:59 pm

            The more I play around with this the more I realize how broken email actually is. Imap / Pop are outdated and crappy protocols. They do not support features like push, (without activesync or other hacks), they do not allow for shared mailboxes properly, or even read notifications.

            I am working on building a new hybrid email system. Just right now for toying around, and if it works in production then perhaps an open source project on github. Its essentially setup as Dbmail as a mail store, with postfix to send the emails. Nothing too sexy about that, but it will support legacy clients such as outlook and ipads. Where it gets interesting is storing email in a db, we can then use HTML5 to build a robust email client. This allows for push via websockets. Also having the emails go through sql lets us build triggers that update the status of the email for shared email box environments. Trying to couple this wish the signatures, but actually read and modify the mime message (single disclaimer/signature) and tracking pixel for read notifications (similar to what is done with email marketing like mailchimp / mailgun). Last, trying to expand the dbmail schema to support contacts, calendar, tasks, and calls. The plan is to again support legacy protocals such as activesync and DAV (carddav, caldav) and add support for html push via rest api. The plan is to build an email system that is so developer friendly it can be used as the foundation for any application. All web apps need to support email / contacts/ calls / tasks . Trying in all these groupware options in a single image that can be deployed on any *x box.

            once I get the project going for our own internal use and get to where the foundation makes sense, Ill open it up on github as a public project.

            Frank

  • Anonymous September 14, 2012 at 10:59 am

    Can you please email me the code for this script or please inform me in detail in relation to this script?

    Reply
    • gyp September 14, 2012 at 9:14 pm

      It’s as above 🙂

      Reply
  • Golemus March 29, 2013 at 10:10 am

    dude , all the if commands in the example lack their fi (besides the last one)
    I lost some time figuring that out before my doh moment 8)

    Reply
    • gyp March 29, 2013 at 10:36 am

      Hi Golenus,

      Firstly thanks very much for taking the time to comment 🙂

      I was going to check the actual setup, but I no longer have access to that cients server unfortunately, but I believe it’s still working, but I could be wrong. This post could be starting to show it’s age a bit now.

      I can see your point entirely and my understanding of bash scripting it fairly basically functional at best. I suppose you could either close each if with the fi as you mention, or you could change all but the first if to an elif.

      Since it’s a long weekend this weekend I will set it up in my test lab and see what I get 🙂 Thanks again Golemus, will have a look.

      Gyp

      Reply
  • Mansur December 19, 2013 at 2:49 pm

    Can we have an image in Disclaimer ?

    Reply
    • gyp December 19, 2013 at 3:41 pm

      I don’t see why not, since you can use HTML you can insert and image with the standard IMG tag, ie

      <img src=”http://www.gypthecat.com/stationary/Gyp_Signature_Tune.jpg” alt=”Gyp the Cat dot Com Mascot”>

      You’ll obviously need to upload an image to a site you can get access to.

      I suppose the other way would be to encode your image with Base64 with a service such as http://www.base64-image.de/ and then paste it straight into your disclaimer through Postfix.

      Reply
  • Shiraz December 22, 2014 at 12:45 pm

    Hi Gyp,

    I’ve followed these instructions to the letter but am not successful, i reckon it’s only a small bit remaining. Kindly help me solve this.
    I’m running CentOS + Postfix + Amavisd + Altermime + Roundcube.
    My issue is that if i make the changes to the master.cf file (according to steps above) then i get an error message “SMTP Error (-1): Connection to server failed”.

    Reply
  • Matt January 31, 2015 at 9:38 pm

    I’m testing this out but it seems that the domainnames are not grabbed from the domain files.

    Without the IF statement altermime works fine, so what is wrong here ?

    Reply
  • ana May 27, 2015 at 10:22 am

    I was able to get the altermime option –disclaimer-text working direclty when I run the script /etc/postfix/disclaimer -f [email protected] — [email protected] < message.txt but I cannot get the html disclaimer version working –disclaimer-html. My goal is to attach an image to the disclaimer. Any help is much appreciate.

    Reply
  • Please Post Your Comments & Reviews
    Cancel reply

    Your email address will not be published. Required fields are marked *

    Previous Post
    Next Post

    Latest Posts

    • Kusto Geolocation IP Lookup
    • Monitoring Tor Usage in Azure Sentinel, ASC, MDATP and ALA
    • HTTP to HTTPS Redirect on Azure CDN
    • Strongswan IPSec (Including Cryptomap) to Microsoft Azure Virtual Network Gateway
    • Black Ops 3 NAT Type Strict & PS4 NAT Type 3 with pfSense Fixed!
    • Sorry for the lack of posts
    • How to Block Internet Access with Group Policy (GPO)
    • Enforcing Microsoft Office 365 and Azure Tennancy with McAfee Web Gateway (MWG)
    • Scanning Subnet for Issuing Certificate Authority with OpenSSL
    • How to Configure Windows 2012 NPS for Radius Authentication with Ubiquiti Unifi

    Top Posts & Pages

    • How to Block Internet Access with Group Policy (GPO)
      How to Block Internet Access with Group Policy (GPO)
    • How to Configure Windows 2012 NPS for Radius Authentication with Ubiquiti Unifi
      How to Configure Windows 2012 NPS for Radius Authentication with Ubiquiti Unifi
    • Kusto Geolocation IP Lookup
      Kusto Geolocation IP Lookup
    • Tinyproxy A Quick and Easy Proxy Server on Ubuntu
      Tinyproxy A Quick and Easy Proxy Server on Ubuntu
    • Monitoring Tor Usage in Azure Sentinel, ASC, MDATP and ALA
      Monitoring Tor Usage in Azure Sentinel, ASC, MDATP and ALA
    • How to DNSPerf on Ubuntu 14.04 with Installation and Quick Start
      How to DNSPerf on Ubuntu 14.04 with Installation and Quick Start
    • How to Add Different Disclaimers using alterMIME and Postfix based on Domain
      How to Add Different Disclaimers using alterMIME and Postfix based on Domain
    • Blocking Countries on Nginx without the GeoIP Module
      Blocking Countries on Nginx without the GeoIP Module
    • How to Enable Squid Anonymous Stealth Mode
      How to Enable Squid Anonymous Stealth Mode
    • Configuring Suite B, VPN-A and VPN-B in IPSec with Strongswan
      Configuring Suite B, VPN-A and VPN-B in IPSec with Strongswan

    Tags

    apache2 azure azure log analytics blops business centos cheating cissp cloudflare cryptography dns game google gyp internet iphone ipsec isc linux mac marketing microsoft mw2 mx mysql nginx pfsense postfix proxy ps3 qualification radius revision security seo smtp socks squid ssh strongswan tinyproxy ubuntu windows 2012 wordpress xdecrypt.com
    Gyp the Cat dot Com

    Some rights retained Gyp the Cat Dot Com