Difference between revisions of "External eMail Warnings"

(Step 2)
(Customizing Amavis To Add Warning Messages To External Emails)
 
Line 1: Line 1:
 
=Customizing Amavis To Add Warning Messages To External Emails=  
 
=Customizing Amavis To Add Warning Messages To External Emails=  
 
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 9.0}}|}}
 
{{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 9.0}}|}}
{{WIP}} 
 
  
'''Note:'''  This is a customization and not supported officially. Try this on your staging environment before implementing on production server. This will not survive any upgrade.
+
In this article you can learn how to add an external email warning message in Zimbra when receiving an email from an external domain. Tested on Zimbra 9 patch 19. The solution is by way of a Sieve filter, it can be enabled per account,cos,domain,server.
  
====Requirement====
+
Create <code>/tmp/myfilters</code>
How can we add banner in the mail header for all emails from external domains
 
  
====Solution====
+
<pre>  su - zimbra
We have to do customization of Amavis in order to achieve this.
+
  nano /tmp/myfilters</pre>
 +
With the following contents:
  
=====Step 1=====
+
<pre>require [&quot;fileinto&quot;, &quot;reject&quot;, &quot;tag&quot;, &quot;flag&quot;, &quot;editheader&quot;, &quot;variables&quot;];
*Create external_disclaimer.conf file
 
su - zimbra
 
vi /opt/zimbra/conf/external_disclaimer.conf
 
*Edit with the below contents
 
use strict;
 
 
$altermime='/opt/zimbra/common/bin/altermime';
 
@altermime_args_disclaimer = qw(--verbose --pretext=/opt/zimbra/data/altermime/_OPTION_.txt --pretext-html=/opt/zimbra/data/altermime/_OPTION_.html --force-for-bad-html);
 
$defang_maps_by_ccat{+CC_CATCHALL} = ['disclaimer'];
 
$allow_disclaimers = 1;
 
@local_domains_maps = (["."]);
 
@disclaimer_options_bysender_maps = ({
 
        '.' => 'external_domains',
 
},);
 
 
1;
 
*Create external_domains.html and external_domains.txt files and edit with your desired message
 
vi /opt/zimbra/data/altermime/external_domains.txt
 
CAUTION: This email originated from an external domain, click links or open attachments once you recognize the sender and know the content is safe.
 
  
vi /opt/zimbra/data/altermime/external_domains.html
+
# add an external domain header to all email not coming from our own domains
<div style="background-color: #40E0D0; width: 100%; padding: 2pt; font-size: 10pt; line-height: 12pt; font-family: 'Calibri'; color: black; text-align: left; border: 1pt solid #9C6500;"><span style="color: #DE3163;">CAUTION:</span> This email originated from an external domain, click links or open attachments once you recognize the sender and know the content is safe.</div>
+
if allof(
 +
  not address :domain :is [&quot;from&quot;] [&quot;example.com&quot;],
 +
  not header :contains &quot;Subject&quot; [&quot;[External Email]&quot;]
 +
)
 +
{
 +
  addheader &quot;X-External-Domain&quot; &quot;This Message originated outside of mind.&quot;;
 +
  # Match the entire subject ...
 +
  if header :matches &quot;Subject&quot; &quot;*&quot; {
 +
    # ... to get it in a match group that can then be stored in a variable:
 +
    set &quot;subject&quot; &quot;${1}&quot;;
 +
  }
  
"'Note:"' Refer to this link for HTML color codes [https://htmlcolorcodes.com/ htmlcolorcodes]
+
  # We can't &quot;replace&quot; a header, but we can delete (all instances of) it and
 +
  # re-add (a single instance of) it:
 +
  deleteheader &quot;Subject&quot;;
 +
  # Append/prepend as you see fit
 +
  addheader :last &quot;Subject&quot; &quot;[External Email] ${subject}&quot;;
 +
  # Note that the header is added &quot;:last&quot; (so it won't appear before possible
 +
  # &quot;Received&quot; headers).
  
=====Step 2===== 
+
}</pre>
 +
Replace <code>example.com</code> with your Zimbra domain name, you can also add additional trusted domains where you do not want the external email warning to be displayed using:
  
Next we have to configure amavis to execute external_disclaimer.conf file for each email
+
<pre>not address :domain :is [&quot;from&quot;] [&quot;example.com&quot;,&quot;supermodel.com&quot;,&quot;gamer.tech&quot;],</pre>
 +
Enable it on a test account using
 +
 
 +
<pre> zmprov mc default zimbraSieveEditHeaderEnabled TRUE
 +
cat /tmp/myfilters |xargs -0 zmprov ma test@example.com zimbraAdminSieveScriptBefore</pre>
 +
Example screenshots when receiving email from outside/external domains:
 +
 
 +
<blockquote>[[File:screenshots/external-email-warning.png|image]] ''Email with validated DKIM and [External Email] added to the subject.''
 +
</blockquote>
 +
<blockquote>[[File:screenshots/gmail.png|image]] ''Also works with GMail.''
 +
</blockquote>
 +
<blockquote>[[File:screenshots/i18n-subject.png|image]] ''Also works in languages with a different alphabet''
 +
</blockquote>
 +
= Gotchas =
 +
 
 +
# Modifying the message like this will break DKIM in case the user wants to re-validate DKIM manually after it was verified and the subject was changed, but not many people do this.
 +
# This is in itself not a protection against spoofing, you will have to reject email with a FROM domain that comes from untrusted locations, but that should have been done anyway.
 +
# In a multi-tenant environment, it would be best to configure this on the domain. Even if domains are on the same environment, they may be external to one another!
 +
 
 +
= Further reading =
 +
 
 +
* https://www.sparkpost.com/momentum/3/3-reference/sieve-syntax-basic/
 +
* https://blog.zimbra.com/2021/07/zimbra-skillz-using-sieve-filters-on-zimbra/
  
*Open file amavisd.conf.in
 
vi /opt/zimbra/conf/amavisd.conf.in
 
*Add the following line at the end of the file, just above the line "1;  # insure a defined return value"
 
include_config_files('/opt/zimbra/conf/disclaimer-external.conf');
 
 
1; # insure a defined return value
 
*Save and restart Amavis
 
zmamavisdctl restart
 
{{SubmittedBy|Samrat Sarkar}}
 
  
 
{{Article Footer|ZCS 8.8.15 ZCS 9.0||2021-09-15}}
 
{{Article Footer|ZCS 8.8.15 ZCS 9.0||2021-09-15}}

Latest revision as of 20:34, 28 December 2021

Customizing Amavis To Add Warning Messages To External Emails

   KB 24353        Last updated on 2021-12-28  




0.00
(0 votes)

In this article you can learn how to add an external email warning message in Zimbra when receiving an email from an external domain. Tested on Zimbra 9 patch 19. The solution is by way of a Sieve filter, it can be enabled per account,cos,domain,server.

Create /tmp/myfilters

  su - zimbra
  nano /tmp/myfilters

With the following contents:

require ["fileinto", "reject", "tag", "flag", "editheader", "variables"];

# add an external domain header to all email not coming from our own domains
if allof(
  not address :domain :is ["from"] ["example.com"],
  not header :contains "Subject" ["[External Email]"]
)
{
  addheader "X-External-Domain" "This Message originated outside of mind.";
  # Match the entire subject ...
  if header :matches "Subject" "*" {
     # ... to get it in a match group that can then be stored in a variable:
     set "subject" "${1}";
  }

  # We can't "replace" a header, but we can delete (all instances of) it and
  # re-add (a single instance of) it:
  deleteheader "Subject";
  # Append/prepend as you see fit
  addheader :last "Subject" "[External Email] ${subject}";
  # Note that the header is added ":last" (so it won't appear before possible
  # "Received" headers).

}

Replace example.com with your Zimbra domain name, you can also add additional trusted domains where you do not want the external email warning to be displayed using:

not address :domain :is ["from"] ["example.com","supermodel.com","gamer.tech"],

Enable it on a test account using

 zmprov mc default zimbraSieveEditHeaderEnabled TRUE
cat /tmp/myfilters |xargs -0 zmprov ma test@example.com zimbraAdminSieveScriptBefore

Example screenshots when receiving email from outside/external domains:

image Email with validated DKIM and [External Email] added to the subject.
image Also works with GMail.
image Also works in languages with a different alphabet

Gotchas

  1. Modifying the message like this will break DKIM in case the user wants to re-validate DKIM manually after it was verified and the subject was changed, but not many people do this.
  2. This is in itself not a protection against spoofing, you will have to reject email with a FROM domain that comes from untrusted locations, but that should have been done anyway.
  3. In a multi-tenant environment, it would be best to configure this on the domain. Even if domains are on the same environment, they may be external to one another!

Further reading


Verified Against: ZCS 8.8.15 ZCS 9.0 Date Created:
Article ID: https://wiki.zimbra.com/index.php?title=External_eMail_Warnings Date Modified: 2021-12-28



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »


Jump to: navigation, search