1 Topic by anatomism

  • anatomism
  • Member
  • Offline
  • Registered: 2017-11-15
  • Posts: 2

Topic: Add warning to incoming email from external sources

==== Required information ====
- iRedMail version (check /etc/iredmail-release):  0.9.7
- Linux/BSD distribution name and version: Debian 9
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Does anyone know of a way to insert a warning message into the body of the email for all email received from external mail servers, to the effect of "Warning, this email originated from outside of MY COMPANY'S network, please exercise caution when opening links".

This is mainly to help prevent spoofing when mails are sent from external addresses, pretending to be an internal user. I already have SPF and DKIM setup to prevent spoofing on the actual domain, but it doesn't stop emails coming from @comcast.net etc.

Thanks

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,466

Re: Add warning to incoming email from external sources

anatomism wrote:

This is mainly to help prevent spoofing when mails are sent from external addresses, pretending to be an internal user.

This should be rejected by iRedAPD plugin "reject_sender_login_mismatch". Do you have it enabled in /opt/iredapd/settings.py?

3 Reply by anatomism

  • anatomism
  • Member
  • Offline
  • Registered: 2017-11-15
  • Posts: 2

Re: Add warning to incoming email from external sources

ZhangHuangbin wrote:
anatomism wrote:

This is mainly to help prevent spoofing when mails are sent from external addresses, pretending to be an internal user.

This should be rejected by iRedAPD plugin "reject_sender_login_mismatch". Do you have it enabled in /opt/iredapd/settings.py?

Hi Zhang,

Thanks for the reply, but that's not what I mean.  Sure if someone tries to use the email Joe.bloggs@mycompany.com then it will be rejected, but if someone uses the name Joe Bloggs, but the email Joe.bloggs@gmail.com it will obviously come through, but some of my users aren't diligent enough to check the actual address, and only go by the send Firstname Lastname of the person. Thats what I'm trying to avoid by adding the warning that it originated outside of our mail server

Thanks

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,466

Re: Add warning to incoming email from external sources

You may need a milter program to check the sender addresses in email message.

iRedAPD doesn't get mail headers or mail body, it just gets some info of the smtp session. Check this document to see what it gets:
http://www.postfix.org/SMTPD_POLICY_README.html

5 Reply by moro

  • moro
  • Member
  • Offline
  • Registered: 2020-08-12
  • Posts: 7

Re: Add warning to incoming email from external sources

Has adding content at the beginning of an email for messages coming from external domains been included in the latest release of iRedMail?

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,466

Re: Add warning to incoming email from external sources

moro wrote:

Has adding content at the beginning of an email for messages coming from external domains been included in the latest release of iRedMail?

No.

7 Reply by WhoAmI68

  • WhoAmI68
  • Member
  • Offline
  • Registered: 2024-11-12
  • Posts: 10

Re: Add warning to incoming email from external sources

You can add a warning message to the subject.

Enable Sieve plugin with editheader extension.

sudo nano /etc/dovecot/dovecot.conf

plugin {
    # sieve external mail
    sieve_extensions = +editheader
}

Add 'editheader' to the require statement.

require ["fileinto", "variables", "editheader"];

Add the script below. Also, make sure to change the domain to your own.

if allof(not address :domain :is ["from"] ["example.com", "localhost", "mx.example.com""], not header :contains "Subject" ["External Email"])
{
    if header :matches "Subject" "*"
    {
        set "subject" "${1}";
        deleteheader "Subject";
        addheader :last "Subject" "External Email  ${1}";
    }
}
Post's attachments

Example.png
Example.png 23.24 kb, 1 downloads since 2025-09-12 

You don't have the permssions to download the attachments of this post.