Mailing List Archive

Subject rewriting
Hi,

I need to change the subject when the message is considered as spam,
*and* when there is an SPF problem.

I use the following method:

1 - for SPF:
# remove old subject
remove_header=Subject
# create a new subject
add_header = Subject: *** SPF Error *** $rh_Subject:

2 - for SPAM:
# remove old subject
remove_header=Subject
# create a new subject
add_header = Subject: ***SPAM (score: $spam_score)*** $rh_Subject:

It works fine when either of these two cases occur.
But when both occur at the same time, I don't get the expected result.
In this case, I get two "Subject" headers.

Is there a way to have a subject like:
Subject: ***SPAM (score: $spam_score)*** *** SPF Error *** xxxxxxxxxx
xxxxxxx being the original subject

Furthermore, would it be better to use $h_header?

Thanks in advance for any idea.

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Subject rewriting [ In reply to ]
On 26/08/2021 20:46, nb via Exim-users wrote:
> It works fine when either of these two cases occur.
> But when both occur at the same time, I don't get the expected result.
> In this case, I get two "Subject" headers.

That follows logically from the documented behaviour of
those ACL modifiers.

Use a temporary variable.
--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Subject rewriting [ In reply to ]
On 2021-08-26, nb via Exim-users <exim-users@exim.org> wrote:
> Hi,
>
> I need to change the subject when the message is considered as spam,
> *and* when there is an SPF problem.
>
> I use the following method:
>
> 1 - for SPF:
> # remove old subject
> remove_header=Subject
> # create a new subject
> add_header = Subject: *** SPF Error *** $rh_Subject:
>
> 2 - for SPAM:
> # remove old subject
> remove_header=Subject
> # create a new subject
> add_header = Subject: ***SPAM (score: $spam_score)*** $rh_Subject:
>
> It works fine when either of these two cases occur.
> But when both occur at the same time, I don't get the expected result.
> In this case, I get two "Subject" headers.

One way would be to build up the prefix in an ACL variable.

# 1 - for SPF:
# add this to subject
set acl_m_subj_prefix = $acl_m_subj_prefix *** SPF Error ***

# 2 - for SPAM:
# add this to subject
set acl_m_subj_prefix = $acl_m_subj_prefix ***SPAM (score: $spam_score)***


warn
condition = ${if!eq{}{$acl_m_subj_prefix}}
logwrite = subject rewritten
# remove old subject
remove_header=Subject
# create a new subject
add_header = Subject: $acl_m_subj_prefix $h_Subject:
# discard the variable
set acl_m_subj_prefix =

> Furthermore, would it be better to use $h_header?

If your exim configuration supports UTF-8, then yes.
(headers_charset setting in main configurarion)

--
Jasen.

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Subject rewriting [ In reply to ]
I would personally use the "Keywords:" header instead:

warn
condition = ${if
forany{${listnamed_d:trusted_domains}}{match{$sender_address_domain}{\\.$item\$}}{yes}{${if
forany{${listnamed_d:trusted_domains}}{eq{$sender_address_domain}{$item}}{yes}{no}}}}
set acl_m3 = =E2=9C=94=EF=B8=8F Betrodd dom=C3=A4n
set acl_m4 = dnswl_whitelisted
set acl_m5 = pass
set acl_m6 = 1
warn
condition = ${if
forany{${listnamed_d:trusted_domains}}{match{$sender_address_domain}{\\.$item\$}}{no}{${if
forany{${listnamed_d:trusted_domains}}{eq{$sender_address_domain}{$item}}{no}{yes}}}}
set acl_m3 = =E2=9E=96 Ok=C3=A4nd dom=C3=A4n
set acl_m5 = fail
warn
condition = ${if
forany{${listnamed_d:suspicious_domains}}{match{$sender_address_domain}{\\.$item\$}}{yes}{${if
forany{${listnamed_d:suspicious_domains}}{eq{$sender_address_domain}{$item}}{yes}{no}}}}
condition = ${if eq{$acl_m5}{fail}{yes}{no}}
set acl_m3 = =E2=9D=8C Misst=C3=A4nkt skadlig dom=C3=A4n
set acl_m5 = suspicious

deny
message = 5.7.23 SPF fail (phishing) -
(${sg{${sg{$spf_smtp_comment}{http\:\/\/www\.open-spf\.org\/Why}{https:\/\/www.sebbe.eu\/spf.cgi}}}
{&receiver=sebbe\.eu}{}})
log_message = SPF check failed: ($spf_header_comment)
spf = fail : softfail
warn
set acl_m1 = 4
warn
spf = pass
add_header = X-SPF-Signature: $spf_result ($spf_header_comment)
set acl_m1 = 3
set acl_m2 = =E2=9C=94=EF=B8=8F SPF-signaturen =C3=A4r giltig
warn
spf = none : neutral
add_header = X-SPF-Signature: $spf_result ($spf_header_comment)
set acl_m1 = 2
set acl_m2 = =E2=9E=96 SPF-signatur saknas
warn
spf = permerror : temperror
log_message = SPF failure: $spf_header_comment
add_header = X-SPF-Signature: $spf_result ($spf_header_comment)
set acl_m1 = 1
set acl_m2 = =E2=9A=A0=EF=B8=8F Trasig SPF-signatur
warn
condition = ${if eq{$acl_m1}{4}{yes}{no}}
add_header = X-SPF-Signature: permerror (No SPF lookup was made due to technical error)
set acl_m1 = 1
set acl_m2 = =E2=9A=A0=EF=B8=8F Trasig SPF-signatur
accept


acl_check_dkim:
accept
dkim_status = fail
add_header = X-DKIM-Signature: fail (address=$sender_address domain=$dkim_cur_signer -
signature is bad)
add_header = Keywords: =?UTF-8?Q?$acl_m2,=E2=9D=8C F=C3=B6rfalskad
DKIM-signatur,$acl_m3?=
add_header = X-Priority: ${if eq {$acl_m1}{3}{3}{1}}
add_header = X-Status: ${if eq {$acl_m6}{1}{${if eq {$acl_m1}{3}{F}{}}}{}}
accept
dkim_status = invalid
add_header = X-DKIM-Signature: invalid ($dkim_verify_status - $dkim_verify_reason)
add_header = Keywords: =?UTF-8?Q?$acl_m2,=E2=9A=A0=EF=B8=8F Trasig
DKIM-signatur,$acl_m3?=
add_header = X-Priority: ${if eq {$acl_m1}{3}{3}{5}}
add_header = X-Status: ${if eq {$acl_m6}{1}{${if eq {$acl_m1}{3}{F}{}}}{}}
accept
dkim_status = pass
add_header = X-DKIM-Signature: pass (address=$sender_address domain=$dkim_cur_signer -
signature is good)
add_header = Keywords: =?UTF-8?Q?$acl_m2,=E2=9C=94=EF=B8=8F DKIM-signaturen =C3=A4r
giltig,$acl_m3?=
add_header = X-Priority: 3
add_header = X-Status: ${if eq {$acl_m6}{1}{F}{}}
accept
dkim_status = none
add_header = X-DKIM-Signature: none (address=$sender_address domain=$dkim_cur_signer -
no signature found)
add_header = Keywords: =?UTF-8?Q?$acl_m2,=E2=9E=96 DKIM-signatur saknas,$acl_m3?=
add_header = X-Priority: ${if eq {$acl_m1}{3}{3}{${if eq {$acl_m1}{2}{1}{5}}}}
add_header = X-Status: ${if eq {$acl_m6}{1}{${if eq {$acl_m1}{3}{F}{}}}{}}

Gives a nice status indicator in Microsoft Outlook (you have to assign the colors manually, tough),
while the X-Priority header will add a (!) for fraudulent email, and a (DOWNARROW) for when there
is some technical problem, for email clients not supporting the Keywords: header.

And also automatically star's the email with a star when all validations succeed, for the same
reason - email clients with no support for Keywords: header.

-----Ursprungligt meddelande-----
Fr?n: Jasen Betts via Exim-users <exim-users@exim.org>
Skickat: den 1 september 2021 04:09
Till: exim-users@exim.org
?mne: Re: [exim] Subject rewriting

On 2021-08-26, nb via Exim-users <exim-users@exim.org> wrote:
> Hi,
>
> I need to change the subject when the message is considered as spam,
> *and* when there is an SPF problem.
>
> I use the following method:
>
> 1 - for SPF:
> # remove old subject
> remove_header=Subject
> # create a new subject
> add_header = Subject: *** SPF Error *** $rh_Subject:
>
> 2 - for SPAM:
> # remove old subject
> remove_header=Subject
> # create a new subject
> add_header = Subject: ***SPAM (score: $spam_score)*** $rh_Subject:
>
> It works fine when either of these two cases occur.
> But when both occur at the same time, I don't get the expected result.
> In this case, I get two "Subject" headers.

One way would be to build up the prefix in an ACL variable.

# 1 - for SPF:
# add this to subject
set acl_m_subj_prefix = $acl_m_subj_prefix *** SPF Error ***

# 2 - for SPAM:
# add this to subject
set acl_m_subj_prefix = $acl_m_subj_prefix ***SPAM (score: $spam_score)***


warn
condition = ${if!eq{}{$acl_m_subj_prefix}}
logwrite = subject rewritten
# remove old subject
remove_header=Subject
# create a new subject
add_header = Subject: $acl_m_subj_prefix $h_Subject:
# discard the variable
set acl_m_subj_prefix =

> Furthermore, would it be better to use $h_header?

If your exim configuration supports UTF-8, then yes.
(headers_charset setting in main configurarion)

--
Jasen.

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Subject rewriting [ In reply to ]
Le 2021-09-01 01:54, Jasen Betts via Exim-users a ?crit :
> On 2021-08-26, nb via Exim-users <exim-users@exim.org> wrote:
> > Hi,
> >
> > I need to change the subject when the message is considered as spam,
> > *and* when there is an SPF problem.
> >
> > I use the following method:
> >
> > 1 - for SPF:
> > # remove old subject
> > remove_header=Subject
> > # create a new subject
> > add_header = Subject: *** SPF Error *** $rh_Subject:
> >
> > 2 - for SPAM:
> > # remove old subject
> > remove_header=Subject
> > # create a new subject
> > add_header = Subject: ***SPAM (score: $spam_score)*** $rh_Subject:
> >
> > It works fine when either of these two cases occur.
> > But when both occur at the same time, I don't get the expected result.
> > In this case, I get two "Subject" headers.
>
> One way would be to build up the prefix in an ACL variable.
>
> # 1 - for SPF:
> # add this to subject
> set acl_m_subj_prefix = $acl_m_subj_prefix *** SPF Error ***
>
> # 2 - for SPAM:
> # add this to subject
> set acl_m_subj_prefix = $acl_m_subj_prefix ***SPAM (score: $spam_score)***
>
>
> warn
> condition = ${if!eq{}{$acl_m_subj_prefix}}
> logwrite = subject rewritten
> # remove old subject
> remove_header=Subject
> # create a new subject
> add_header = Subject: $acl_m_subj_prefix $h_Subject:
> # discard the variable
> set acl_m_subj_prefix =
>
> > Furthermore, would it be better to use $h_header?
>
> If your exim configuration supports UTF-8, then yes.
> (headers_charset setting in main configurarion)
>
> --
> Jasen.

Thanks Jasen.
Nice solution.
I had found one using a local variable, but this one is cleaner and
better. I'll use it.

Noury

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Subject rewriting [ In reply to ]
Le 2021-09-01 04:42, Sebastian via Exim-users a ?crit :
> I would personally use the "Keywords:" header instead:
>
> warn
> condition = ${if
> forany{${listnamed_d:trusted_domains}}{match{$sender_address_domain}{\\.$item\$}}{yes}{${if
> forany{${listnamed_d:trusted_domains}}{eq{$sender_address_domain}{$item}}{yes}{no}}}}
> set acl_m3 = =E2=9C=94=EF=B8=8F Betrodd dom=C3=A4n
> set acl_m4 = dnswl_whitelisted
> set acl_m5 = pass
> set acl_m6 = 1
> warn
> condition = ${if
> forany{${listnamed_d:trusted_domains}}{match{$sender_address_domain}{\\.$item\$}}{no}{${if
> forany{${listnamed_d:trusted_domains}}{eq{$sender_address_domain}{$item}}{no}{yes}}}}
> set acl_m3 = =E2=9E=96 Ok=C3=A4nd dom=C3=A4n
> set acl_m5 = fail
> warn
> condition = ${if
> forany{${listnamed_d:suspicious_domains}}{match{$sender_address_domain}{\\.$item\$}}{yes}{${if
> forany{${listnamed_d:suspicious_domains}}{eq{$sender_address_domain}{$item}}{yes}{no}}}}
> condition = ${if eq{$acl_m5}{fail}{yes}{no}}
> set acl_m3 = =E2=9D=8C Misst=C3=A4nkt skadlig dom=C3=A4n
> set acl_m5 = suspicious
>
> deny
> message = 5.7.23 SPF fail (phishing) -
> (${sg{${sg{$spf_smtp_comment}{http\:\/\/www\.open-spf\.org\/Why}{https:\/\/www.sebbe.eu\/spf.cgi}}}
> {&receiver=sebbe\.eu}{}})
> log_message = SPF check failed: ($spf_header_comment)
> spf = fail : softfail
> warn
> set acl_m1 = 4
> warn
> spf = pass
> add_header = X-SPF-Signature: $spf_result ($spf_header_comment)
> set acl_m1 = 3
> set acl_m2 = =E2=9C=94=EF=B8=8F SPF-signaturen =C3=A4r giltig
> warn
> spf = none : neutral
> add_header = X-SPF-Signature: $spf_result ($spf_header_comment)
> set acl_m1 = 2
> set acl_m2 = =E2=9E=96 SPF-signatur saknas
> warn
> spf = permerror : temperror
> log_message = SPF failure: $spf_header_comment
> add_header = X-SPF-Signature: $spf_result ($spf_header_comment)
> set acl_m1 = 1
> set acl_m2 = =E2=9A=A0=EF=B8=8F Trasig SPF-signatur
> warn
> condition = ${if eq{$acl_m1}{4}{yes}{no}}
> add_header = X-SPF-Signature: permerror (No SPF lookup was made due to technical error)
> set acl_m1 = 1
> set acl_m2 = =E2=9A=A0=EF=B8=8F Trasig SPF-signatur
> accept
>
>
> acl_check_dkim:
> accept
> dkim_status = fail
> add_header = X-DKIM-Signature: fail (address=$sender_address domain=$dkim_cur_signer -
> signature is bad)
> add_header = Keywords: =?UTF-8?Q?$acl_m2,=E2=9D=8C F=C3=B6rfalskad
> DKIM-signatur,$acl_m3?=
> add_header = X-Priority: ${if eq {$acl_m1}{3}{3}{1}}
> add_header = X-Status: ${if eq {$acl_m6}{1}{${if eq {$acl_m1}{3}{F}{}}}{}}
> accept
> dkim_status = invalid
> add_header = X-DKIM-Signature: invalid ($dkim_verify_status - $dkim_verify_reason)
> add_header = Keywords: =?UTF-8?Q?$acl_m2,=E2=9A=A0=EF=B8=8F Trasig
> DKIM-signatur,$acl_m3?=
> add_header = X-Priority: ${if eq {$acl_m1}{3}{3}{5}}
> add_header = X-Status: ${if eq {$acl_m6}{1}{${if eq {$acl_m1}{3}{F}{}}}{}}
> accept
> dkim_status = pass
> add_header = X-DKIM-Signature: pass (address=$sender_address domain=$dkim_cur_signer -
> signature is good)
> add_header = Keywords: =?UTF-8?Q?$acl_m2,=E2=9C=94=EF=B8=8F DKIM-signaturen =C3=A4r
> giltig,$acl_m3?=
> add_header = X-Priority: 3
> add_header = X-Status: ${if eq {$acl_m6}{1}{F}{}}
> accept
> dkim_status = none
> add_header = X-DKIM-Signature: none (address=$sender_address domain=$dkim_cur_signer -
> no signature found)
> add_header = Keywords: =?UTF-8?Q?$acl_m2,=E2=9E=96 DKIM-signatur saknas,$acl_m3?=
> add_header = X-Priority: ${if eq {$acl_m1}{3}{3}{${if eq {$acl_m1}{2}{1}{5}}}}
> add_header = X-Status: ${if eq {$acl_m6}{1}{${if eq {$acl_m1}{3}{F}{}}}{}}
>
> Gives a nice status indicator in Microsoft Outlook (you have to assign the colors manually, tough),
> while the X-Priority header will add a (!) for fraudulent email, and a (DOWNARROW) for when there
> is some technical problem, for email clients not supporting the Keywords: header.
>
> And also automatically star's the email with a star when all validations succeed, for the same
> reason - email clients with no support for Keywords: header.
>
> -----Ursprungligt meddelande-----
> Fr?n: Jasen Betts via Exim-users <exim-users@exim.org>
> Skickat: den 1 september 2021 04:09
> Till: exim-users@exim.org
> ?mne: Re: [exim] Subject rewriting
>
> On 2021-08-26, nb via Exim-users <exim-users@exim.org> wrote:
> > Hi,
> >
> > I need to change the subject when the message is considered as spam,
> > *and* when there is an SPF problem.
> >
> > I use the following method:
> >
> > 1 - for SPF:
> > # remove old subject
> > remove_header=Subject
> > # create a new subject
> > add_header = Subject: *** SPF Error *** $rh_Subject:
> >
> > 2 - for SPAM:
> > # remove old subject
> > remove_header=Subject
> > # create a new subject
> > add_header = Subject: ***SPAM (score: $spam_score)*** $rh_Subject:
> >
> > It works fine when either of these two cases occur.
> > But when both occur at the same time, I don't get the expected result.
> > In this case, I get two "Subject" headers.
>
> One way would be to build up the prefix in an ACL variable.
>
> # 1 - for SPF:
> # add this to subject
> set acl_m_subj_prefix = $acl_m_subj_prefix *** SPF Error ***
>
> # 2 - for SPAM:
> # add this to subject
> set acl_m_subj_prefix = $acl_m_subj_prefix ***SPAM (score: $spam_score)***
>
>
> warn
> condition = ${if!eq{}{$acl_m_subj_prefix}}
> logwrite = subject rewritten
> # remove old subject
> remove_header=Subject
> # create a new subject
> add_header = Subject: $acl_m_subj_prefix $h_Subject:
> # discard the variable
> set acl_m_subj_prefix =
>
> > Furthermore, would it be better to use $h_header?
>
> If your exim configuration supports UTF-8, then yes.
> (headers_charset setting in main configurarion)
>
> --
> Jasen.
>

Thanks Sebastian.
Unfortunately I don't have access to the email clients, or even the
webmail.
I'll use Jasen solution, but I retain this one for other purpose, or
personnal use.

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/