How To Automatically Add A Disclaimer To Outgoing Emails With alterMIME (Postfix On Debian Etch)

Want to support HowtoForge? Become a subscriber!
 
Submitted by falko (Contact Author) (Forums) on Mon, 2008-01-07 17:39. :: Debian | Postfix

How To Automatically Add A Disclaimer To Outgoing Emails With alterMIME (Postfix On Debian Etch)

Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Last edited 12/20/2007

This tutorial shows how to install and use alterMIME. alterMIME is a tool that can automatically add a disclaimer to emails. In this article I will explain how to install it as a Postfix filter on Debian Etch.

I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

I'm assuming that Postfix is already installed and fully functional - I will not explain how to set up Postfix and configure email accounts in this tutorial.

 

2 Installing alterMIME

alterMIME can be installed as follows:

apt-get install altermime

Next we create the user filter with the home directory /var/spool/filter filter - alterMIME will be run as that user:

useradd -r -c "Postfix Filters" -d /var/spool/filter filter
mkdir /var/spool/filter
chown filter:filter /var/spool/filter
chmod 750 /var/spool/filter

Afterwards we create the script /etc/postfix/disclaimer which executes alterMIME. Debian's alterMIME package comes with a sample script that we can simply copy to /etc/postfix/disclaimer:

cp /usr/share/doc/altermime/examples/postfix_filter.sh /etc/postfix/disclaimer
chgrp filter /etc/postfix/disclaimer
chmod 750 /etc/postfix/disclaimer

Now the problem with this script is that it doesn't distinguish between incoming and outgoing emails - it simply adds a disclaimer to all mails. Typically you want disclaimers only for outgoing emails, and even then not for all sender addresses. Therefore I've modified the /etc/postfix/disclaimer script a little bit - we'll come to that in a minute.

Right now, we create the file /etc/postfix/disclaimer_addresses which holds all sender email addresses (one per line) for which alterMIME should add a disclaimer:

vi /etc/postfix/disclaimer_addresses

falko@example.com
joe@example.org
tom@example.net

Now we open /etc/postfix/disclaimer and modify it as follows (I have marked the parts that I've changed):

vi /etc/postfix/disclaimer

#!/bin/sh
# Localize these.
INSPECT_DIR=/var/spool/filter
SENDMAIL=/usr/sbin/sendmail

####### Changed From Original Script #######
DISCLAIMER_ADDRESSES=/etc/postfix/disclaimer_addresses
####### Changed From Original Script END #######

# Exit codes from <sysexits.h>
EX_TEMPFAIL=75
EX_UNAVAILABLE=69

# Clean up when done or when aborting.
trap "rm -f in.$$" 0 1 2 3 15

# Start processing.
cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit
$EX_TEMPFAIL; }

cat >in.$$ || { echo Cannot save mail to file; exit $EX_TEMPFAIL; }

####### Changed From Original Script #######
# obtain From address
from_address=`grep -m 1 "From:" in.$$ | cut -d "<" -f 2 | cut -d ">" -f 1`

if [ `grep -wi ^${from_address}$ ${DISCLAIMER_ADDRESSES}` ]; then
  /usr/bin/altermime --input=in.$$ \
                   --disclaimer=/etc/postfix/disclaimer.txt \
                   --disclaimer-html=/etc/postfix/disclaimer.txt \
                   --xheader="X-Copyrighted-Material: Please visit http://www.company.com/privacy.htm" || \
                    { echo Message content rejected; exit $EX_UNAVAILABLE; }
fi
####### Changed From Original Script END #######

$SENDMAIL "$@" <in.$$

exit $?

Next we need the text file /etc/postfix/disclaimer.txt which holds our disclaimer text. Debian's alterMIME package comes with a sample text that we can use for now (of course, you can modify it if you like):

cp /usr/share/doc/altermime/examples/disclaimer.txt /etc/postfix/disclaimer.txt

Finally we have to tell Postfix that it should use the /etc/postfix/disclaimer script to add disclaimers to outgoing emails. Open /etc/postfix/master.cf and add -o content_filter=dfilt: to the smtp line:

vi /etc/postfix/master.cf

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd
   -o content_filter=dfilt:
[...]

At the end of the same file, add the following two lines:

[...]
dfilt     unix    -       n       n       -       -       pipe
    flags=Rq user=filter argv=/etc/postfix/disclaimer -f ${sender} -- ${recipient}

Restart Postfix afterwards:

/etc/init.d/postfix restart

That's it! Now a disclaimer should be added to outgoing emails sent from the addresses listed in /etc/postfix/disclaimer_addresses.

 

3 Links


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by papon (registered user) on Tue, 2014-05-27 04:20.

I have a working disclaimer but I need to create diferent disclaimer by domain

I have modified disclaimer file as follow

/etc/postfix/disclaimer

####### Changed From Original Script #######
DISCLAIMER_ADDRESSES=/etc/postfix/disclaimer_addresses
DISCLAIMER_ADDRESSES_B=/etc/postfix/disclaimer_addresses_B
####### Changed From Original Script END #######
 and also added more conditions
####### Changed From Original Script #######
# obtain From address
from_address=`grep -m 1 "From:" in.$$ | cut -d "<" -f 2 | cut -d ">" -f 1`
if [ `grep -wi ^${from_address}$ ${DISCLAIMER_ADDRESSES}` ]; then
  /usr/bin/altermime --input=in.$$ \
                   --disclaimer=/etc/postfix/disclaimer.txt \
                   --disclaimer-html=/etc/postfix/disclaimer.html \
                   --xheader="X-Copyrighted-Material: Please visit http://www.company.com/privacy.htm" || \
                    { echo Message content rejected; exit $EX_UNAVAILABLE; } 

 

if [ `grep -wi ^${from_address}$ ${DISCLAIMER_ADDRESSES_B}` ]; then
  /usr/bin/altermime --input=in.$$ \
                   --disclaimer=/etc/postfix/disclaimer_b.txt \
                   --disclaimer-html=/etc/postfix/disclaimer_b.html \
                   --xheader="X-Copyrighted-Material: Please visit http://www.company.com/privacy.htm" || \
                    { echo Message content rejected; exit $EX_UNAVAILABLE; }

 

MY PROBLEM IS THAT WHEN postfix reload

my email does not get sent

			The Postfix program

 Command died with status 2:
    "/etc/postfix/disclaimer". Command output: /etc/postfix/disclaimer: line
    48: syntax error: unexpected end of file

 

PLEASE HELP 

what I'm doing wrong!!!

Submitted by Anonymous (not registered) on Wed, 2012-09-12 13:45.

after making the changes ...i am sending mails using the mail command ...is that right?

 also when i run the script file i get ... Cant write to file error...any help would be appreciated

Thanks

Amit

Submitted by Fasil (not registered) on Mon, 2012-06-25 09:23.

Hi,

I have setup a mail server (ubuntu, postfix, dovecot, altermime) successfully. The disclaimer is getting added to all outgoing mails including the local domain. I would like the disclaimer to be appended only for outgoing mails to the external domains (which completes the actual purpose of a disclaimer). 

 # Generated by Zentyal

#

# Postfix master process configuration file.  For details on the format

# of the file, see the master(5) manual page (command: "man 5 master").

#

# Do not forget to execute "postfix reload" after editing this file.

#

# ==========================================================================

# service type  private unpriv  chroot  wakeup  maxproc command + args

#               (yes)   (yes)   (yes)   (never) (100)

# ==========================================================================

smtp      inet  n       -       -       -       -       smtpd -o content_filter=dfilt:

dfilt     unix    -       n       n       -       -       pipe

    flags=Rq user=filter argv=/etc/postfix/disclaimer -f ${sender} -- ${recipient}

submission inet n       -       -       -       -       smtpd -o smtpd_recipient_restrictions=submission_recipient_restrictions

tlsmgr    unix  -       -       -       1000?   1       tlsmgr

smtps     inet  n       -       -       -       -       smtpd

  -o smtpd_enforce_tls=yes

  -o smtpd_sasl_auth_enable=yes

  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

#628      inet  n       -       -       -       -       qmqpd

pickup    fifo  n       -       -       60      1       pickup

cleanup   unix  n       -       -       -       0       cleanup

qmgr      fifo  n       -       n       300     1       qmgr

#qmgr     fifo  n       -       -       300     1       oqmgr

rewrite   unix  -       -       -       -       -       trivial-rewrite

bounce    unix  -       -       -       -       0       bounce

defer     unix  -       -       -       -       0       bounce

trace     unix  -       -       -       -       0       bounce

verify    unix  -       -       -       -       1       verify

flush     unix  n       -       -       1000?   0       flush

proxymap  unix  -       -       n       -       -       proxymap

proxywrite unix -       -       n       -       1       proxymap

smtp      unix  -       -       -       -       -       smtp

# When relaying mail as backup MX, disable fallback_relay to avoid MX loops

relay     unix  -       -       -       -       -       smtp

-o smtp_fallback_relay=

#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5

showq     unix  n       -       -       -       -       showq

error     unix  -       -       -       -       -       error

retry     unix  -       -       -       -       -       error

discard   unix  -       -       -       -       -       discard

local     unix  -       n       n       -       -       local

virtual   unix  -       n       n       -       -       virtual

lmtp      unix  -       -       -       -       -       lmtp

anvil     unix  -       -       -       -       1       anvil

scache    unix  -       -       -       -       1       scache

dovecot unix    -       n       n       -       -       pipe

  flags=DRhu user=ebox:ebox argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -n -m ${extension}



#

# ====================================================================

# Interfaces to non-Postfix software. Be sure to examine the manual

# pages of the non-Postfix software to find out what options it wants.

#

# Many of the following services use the Postfix pipe(8) delivery

# agent.  See the pipe(8) man page for information about ${recipient}

# and other message envelope options.

# ====================================================================

#

# maildrop. See the Postfix MAILDROP_README file for details.

# Also specify in main.cf: maildrop_destination_recipient_limit=1

#

maildrop  unix  -       n       n       -       -       pipe

  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}

#

# ====================================================================

#

# Recent Cyrus versions can use the existing "lmtp" master.cf entry.

#

# Specify in cyrus.conf:

#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4

#

# Specify in main.cf one or more of the following:

#  mailbox_transport = lmtp:inet:localhost

#  virtual_transport = lmtp:inet:localhost

#

# ====================================================================

#

# Cyrus 2.1.5 (Amos Gouaux)

# Also specify in main.cf: cyrus_destination_recipient_limit=1

#

#cyrus     unix  -       n       n       -       -       pipe

#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}

#

# ====================================================================

# Old example of delivery via Cyrus.

#

#old-cyrus unix  -       n       n       -       -       pipe

#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}

#

# ====================================================================

#

# See the Postfix UUCP_README file for configuration details.

#

uucp      unix  -       n       n       -       -       pipe

  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)

#

# Other external delivery methods.

#

ifmail    unix  -       n       n       -       -       pipe

  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)

bsmtp     unix  -       n       n       -       -       pipe

  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient

scalemail-backend unix - n n - 2 pipe

  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}

mailman   unix  -       n       n       -       -       pipe

  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py

  ${nexthop} ${user}


smtp-amavis     unix    -       -       y       -       2       smtp -o smtp_data_done_timeout=1200 -o disable_dns_lookup=yes

127.0.0.1:10025 inet    n       -       y       -       -       smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -osmtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8,127.0.0.1/32 -o strict_rfc821_envelopes=yes -o receive_override_options=no_address_mappings

Thanks in advance. Fasil 

Submitted by Rahul Amaram (not registered) on Tue, 2012-03-13 11:16.

The bug addressed in the previous comment has already been tracked and fixed in Debian altermime package.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=569046

Submitted by Rahul (not registered) on Tue, 2012-03-13 11:03.

In the disclaimer script,

$SENDMAIL "$@" <in.$$

should rather be

$SENDMAIL -i "$@" <in.$$

This is to handle the cases where the email messages consists of line with only a single dot (.). If "-i" option is not given, then the line with single dot is treated by sendmail as end of the message and everything after that is ignored.

Request the author of this article to update this in the script.

Submitted by JUBAiR (not registered) on Tue, 2011-11-29 10:24.

Hello,

 

first of all thanks for this wonderful tutorial. its working as it should be. but what i want is to simply the process by adding disclaimer to all outgoing mails without modifying the disclaimer_addresses file. for example i want all the mails from domain.com to have disclaimer in its outgoing mails. the solution you gave is working 100%. i just dont want to add 1800 email addresses to the list. i just want to add just the domain. can you give me a solution please.

Submitted by OJS (not registered) on Tue, 2011-11-22 12:11.

Hi Guys,

Thanks for all your wonderful submissions. I have done all that is explained above and for the first time, the disclaimer is being added to ALL emails!!. Please help, after doing all that is said above, every incoming message including internal emails (from ips in the disclaimer_addresses) are having the disclaimer added.

How can I stop the system from attaching my disclaimer to all incoming emails, even from yahoo!

Thanks

 

 

Submitted by chrisphotonic (registered user) on Tue, 2011-08-09 15:54.

If you see something like this in the bottom of your /etc/postfix/master.cf, you'll need to some different tricks.

127.0.0.1:10025 inet n - - - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtpd_bind_address=127.0.0.1

The hack seems terribly annoying to me, but if someone has a better way please let me know. Add another fake network device via the command line ( or in /etc/sysconfig/network-scripts/ifcfg-eth0:0 ):

ifconfig eth0:0 192.168.0.3 netmask 255.255.255.0

Next update /etc/postfix/master.cf and assign an IP address to your public current smtp line. Example, make it:

xx.xx.xx.xx:smtp      inet  n       -       -       -       -       smtpd

Then add:

192.168.0.3:smtp inet n - n - - smtpd
  -o content_filter=dfilt

You'll still need at the bottom:

dfilt     unix    -       n       n       -       -       pipe
    flags=Rq user=filter argv=/etc/postfix/disclaimer -f ${sender} -- ${recipient}

To get local webmail working like roundcube, just specify the 192.168.0.3 as the smtp mail server. You can also use a real a route-able IP address instead of 192.168.0.3.

Submitted by Antonello (not registered) on Mon, 2011-04-18 13:35.

With the suggested /etc/postfix/disclamer file, altermime doesn't alter the mail written in html.

I had to change the grep line whit this one:

from_address=`grep -m 1 "From:" in.$$ | grep -o '[0-9a-zA-Z\.]*@mydomain.com'`

and now it works perfectly.

 Regards

 

Submitted by btarry docks (not registered) on Fri, 2011-04-15 08:04.

is it possible to use wildcard in the disclamer_addresses file in order to add a disclaimer to all outgoing e-mails from a given domain?

ie

*@mydomain.com

 

Thanks

Submitted by Jack Douglas (not registered) on Sun, 2010-08-29 00:27.

in /etc/postfix/disclaimer SENDMAIL=/usr/sbin/sendmail should be SENDMAIL="/usr/sbin/sendmail -G -i" the -i at least is essential if you don't want emails getting truncated whenever there is a period (.) on its own on a line, taking any attachments with it

Submitted by Anonymous (not registered) on Fri, 2010-11-26 04:52.

Also, you need to change the grep line for this one:

  from_address=`grep -m 1 "From:" in.$$ | cut -d "<" -f 2 | cut -d ">" -f 1  | sed 's/^From: //g' | awk '{print $1}'`

please see the 'sed' command, without that, the system will return address of the form:

From: user@domain.com

or

user@domain.com

 using awk 'print $2' will return an email or a blank field, so you must first remove the "^From" and then awk the first field, which is in fact the only field

Submitted by Dave (not registered) on Wed, 2010-05-12 15:44.
Thanks for the tutorial, this worked perfectly for me first time. :)
Submitted by Adrian (not registered) on Wed, 2009-12-02 14:12.

Just wanted to mention that if you have users submitting mail via SMTPS on port 465 you will also need to add the altermime filter to master.cf for SMTPS or they won't have the disclaimer added, see example below:

<snip>

smtps    inet    n    -    -    -    -    smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# Altermime filter
 -o content_filter=dfilt:

</snip>