Email Body Prepending in 2023

Discussion in 'General' started by Paul Webb, Aug 26, 2023.

  1. Paul Webb

    Paul Webb New Member

    Editing to add server info:
    • Ubuntu 20.04.6 LTS (Focal Fossa)
    • ISPConfig 3.2.9p1

    We've been experiencing a very real problem that needs a real solution, and it looks like this is nothing new. It's mentioned in at least one previous post from 2019. See

    The issue has to do with well crafted emails that look like they come from an internal email source, from a real person in authority in that organization, asking the user to do something. The something can be as simple as "reply to this email" (so the malicious party knows they have potentially hooked a target) to "wire transfer this money from our account" (for a quick payday). The point is, these schemes are becoming more and more common.

    The suggestion from the OP in the above thread was to use Mail-Sieve to alert the user that this is potentially spam. In fact, his code for Mail-Sieve is better than anything I would have thought to produce. But the problem as I see it is, Mail-Sieve does not seem to have the capability to modify the body of an email.

    The suggestion from an ISPConfig Developer was to use AlterMime. In fact, I looked into this solution and @falko wrote a HowTo on it ages ago. See But there's some problems with this solution. They are:
    1. AlterMIME's last stable release was written in 2008, and there were still issues to be sorted. So it appears to be an abandoned project.

    2. In Falco's walkthrough, he explains that this just puts a disclaimer on all emails, so he (ingeniously for the time) put a file in line where you could include email addresses that you wanted the disclaimer added to. In this case, we want to list domains (not email addresses) that the disclaimer should be Excluded from, so internal emails between those on our ISPConfig server are not modified. I'm sure this is a simple change in Falco's script, but I'd be hesitant to make it without some more advanced coding help.

    3. From my playing around with this, I believe it puts the disclaimer at the bottom of the email, not the top. The need is something that grabs the user's attention from the start, and the best way to do that is to put it at the top of the body of the email. Preferably in a highlighted text color. Modifying the subject line to say [EXTERNAL] used to work, but it breaks DKIM (more on that later).

    4. Similar to #3, there's a place for adding a disclaimer to the bottom of an email. One that says "this is confidential blah blah" and this was likely the original intent of the HowTo Falco wrote. But #3 and this one, #4, have the potential to break DKIM calculations before the email is even sent out or received. DKIM has to be the last thing that happens when an email goes out, and the first thing that happens when an email comes in prior to the modification being made.
    So, I'm asking for some help from the community. Does anyone have a suggestion for how to:
    1. Prepend a message from emails coming from the outside world
    2. Append a message to emails going out to the outside world
    3. All while still allowing DKIM to do it's job and validate the message is coming from a trusted server?
    Thank you, in advance!
    Last edited: Aug 27, 2023

Share This Page