Adding disclaimer to emails originating externally

llars-int

New Member
Feb 13, 2023
5
1
3
Hi all,

I've been trying to get a disclaimer added to all emails that are originating from external sources/not our own domain...

I've tried a couple different methods, such as creating a mail filter with a regex that should match any emails other than @example1.co.uk and @example2.co.uk. but it didnt seem to work.

This was one of the regex i was using: ^[A-Za-z0-9._%+-]+@(?!(example1|example2)\.co\.uk)[A-Za-z0-9.-]+\.[A-Za-z]{2,}$

Any ideas? Or is this even possible?

Thank you
 
Usually this works by creating a simple rule with appropriate priority:
* Action Object - your Disclaimer
* direction In (not In & Out)

If all of your internal systems use the internal port for relaying this should work.
 
Hi Stoiko,

Thank you for the quick response.

Its worth mentioning, we have a bit of a more complex system.

For example, we have two postfix MX servers (load-balanced - not proxmox) located in our DMZ zone, which also act as relays. They relay external email traffic to our PMG server located in our internal LAN zone, as well as relaying email traffic from other servers located in our DMZ zone. So the issue we have is, that external email traffic isnt coming into the "External port", as its being relayed from an internal server first. So technically all email traffic is coming in via the "Internal SMTP port".

I know this probably isn't a traditional setup for PMG, but im wondering if there is any workaround for this? We are currently using this PMG server in a testing/development environment, but if everything goes to plan and works well for our environment, we will be purchasing the Premium support plan and deploying it to production. So far everything works really well, besides figuring out how to set these disclaimers.

Thank you!
 
. So technically all email traffic is coming in via the "Internal SMTP port".
You could configure your DMZ-postfix servers - or any of the routers on the way to PMG to route those mails to the external port?

else - how do you distinguish between internal and external mails for the disclaimer?

if it's by the email-address, and if your mails always use an envelope sender in the domains - you should be able to accomplish this with 2 rules:
* From your internal domains (Who object) - action accept
* lower priority - no From object (for the external mails) , action Disclaimer (and if appropriate Accept)
 
Hello everyone!
An interesting topic!
And can someone tell me how to make the disclaimer appear at the beginning of the letter, and not at the end?
 
  • Like
Reactions: llars-int
Maybe someone will need it. I found a way!
To do this, edit the disclaimer config /usr/share/perl5/PMG/RuleDB/Disclaimer.pm. Here is the link https://imanudin.net/2023/02/16/add...odies-in-proxmox-mail-gateway-a-simple-guide/
In fact, you just need to move the disclaimer display commands higher in this sub add_data block than the commands for displaying the main text of the letter.
For the settings to take effect, in addition to restarting the service pmg-smtp-filter restart, you will need to change something in the text of the new disclaimer and save it. It didn't work for me without the last step)

sub add_data {
my ($self, $entity, $data) = @_;

$entity->bodyhandle || return undef;

my $fh;

# always use the decoded data
if (my $path = $entity->{PMX_decoded_path}) {
$fh = IO::File->new("<$path");
} else {
$fh = $entity->open("r");
}

return undef if !$fh;

# in memory (we can't modify the file, because
# a.) that would modify all entities (see ModGroup)
# b.) bad performance
my $body = new MIME::Body::InCore || return undef;

my $newfh = $body->open ("w") || return undef;

$newfh->print($data);
$newfh->print("\n\n\n"); # add final \n


while (defined($_ = $fh->getline())) {
$newfh->print($_); # copy contents
}

#$newfh->print("\n\n\n"); # add final \n

#$newfh->print($data);


$newfh->close || return undef;

$entity->bodyhandle($body);

return 1;
}
 
I just tried this, but unfortunatly it also moved my main disclaimer to the top of the email too. It would be nice if there was a way to only set the external email disclaimer at the top, and leave the default disclaimer at the bottom.
 
I just tried this, but unfortunatly it also moved my main disclaimer to the top of the email too. It would be nice if there was a way to only set the external email disclaimer at the top, and leave the default disclaimer at the bottom.

I have only one alert about the danger of attachments from external mail.
In your case, it's probably harder. I'm afraid here it is necessary to thoroughly redo the PMG code itself, and this is for the developers)
 
  • Like
Reactions: llars-int
I just tried this, but unfortunatly it also moved my main disclaimer to the top of the email too. It would be nice if there was a way to only set the external email disclaimer at the top, and leave the default disclaimer at the bottom.

If you use Roundcube as webmail check out the banner-warn plugin

Result:

1680750223186.png
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!