Zimbra SkillZ: Add an External Email Warning in Zimbra

Hello Zimbra Customers, Partners & Friends,

In today’s blog, I’ll show you how to add an external email warning message in Zimbra when receiving an email from an external domain. This is done using a Sieve filter, and it can be enabled per account, COS, domain and server.

First, create /tmp/myfilters

  su - zimbra
  nano /tmp/myfilters

With the following contents:

require ["fileinto", "reject", "tag", "flag", "editheader", "variables"];

# add an external domain header to all email not coming from our own domains
if allof(
  not address :domain :is ["from"] ["example.com"],
  not header :contains "Subject" ["[External Email]"]
)
{
  addheader "X-External-Domain" "This Message originated outside of mind.";
  # Match the entire subject ...
  if header :matches "Subject" "*" {
     # ... to get it in a match group that can then be stored in a variable:
     set "subject" "${1}";
  }

  # We can't "replace" a header, but we can delete (all instances of) it and
  # re-add (a single instance of) it:
  deleteheader "Subject";
  # Append/prepend as you see fit
  addheader :last "Subject" "[External Email] ${subject}";
  # Note that the header is added ":last" (so it won't appear before possible
  # "Received" headers).

}

Replace example.com with your Zimbra domain name. You can also add additional trusted domains where you don’t want the external email warning to be displayed using:

not address :domain :is ["from"] ["example.com","supermodel.com","gamer.tech"],

Enable it on a test account using

 zmprov mc default zimbraSieveEditHeaderEnabled TRUE
cat /tmp/myfilters |xargs -0 zmprov ma test@example.com zimbraAdminSieveScriptBefore

Here are some example screenshots when receiving email from outside/external domains:

Email with validated DKIM and [External Email] added to the subject

Also works with Gmail

Also works in languages with a different alphabet

How to deal with user defined forwarded email

A user can configure Zimbra to forward their email to another user. To
be able to make a Sieve filter rule that can tell the difference between
a user-configured forwarded email and a mail sent manually by the user
you can enable the X-Authenticated-User header:

sudo su zimbra
zmprov mcf zimbraSmtpSendAddAuthenticatedUser TRUE
zmprov mcf zimbraMtaSmtpdSaslAuthenticatedHeader yes
zmcontrol restart

Going forward, manually sent email from the user will have the
X-Authenticated-User header, and forwarded email will NOT have the
header. You can write a Sieve filter for the existence of a header as
follows:

if allof(
  address :is :domain ["from", "sender"] ["example.com","supermodel.com","gamer.tech"],
  not exists ["X-Authenticated-User"]
)
{
  # do something here
  stop;
}

Gotchas

  1. Modifying the message like this will break DKIM. Users can re-validate DKIM manually after it was verified and the subject was changed, but not many people do this.
  2. This is not a protection against spoofing. You have to reject email with a FROM domain that comes from untrusted locations, but that should’ve been done anyway.
  3. In a multi-tenant environment, it would be best to configure this on the domain. Even if domains are on the same environment, they may be external to one another.

 

Stay safe,
Your Zimbra Team

, , , ,

9 Responses to Zimbra SkillZ: Add an External Email Warning in Zimbra

  1. Murat Apak November 3, 2021 at 1:09 PM #

    Hello Barry, i have a some question. I add this script a user incoming mail added to subject External tag everytinh is fine, but i reply mail and again write a answer this time mail added second External Tag, do yu have a solution this issue

    • Barry de Graaff November 8, 2021 at 10:47 AM #

      Thanks, I have added a check to the Sieve script so that it will not put duplicates of the external email warning!

  2. Murat Apak November 9, 2021 at 10:04 PM #

    Thank you for quick reply. Last question, i need a add few domain how should I use it?

    • Barry de Graaff November 10, 2021 at 6:48 AM #


      not address :domain :is ["from"] ["example.com","supermodel.com","gamer.tech"],

  3. Murat Apak November 10, 2021 at 4:17 PM #

    Thank you Barry.

  4. Naisiew Yeak December 26, 2021 at 7:37 PM #

    The External should be added if the mail is inbound, from the Internet. Is it possible to look for Received line or X-Originating-IP to determine this?

    • Barry de Graaff March 9, 2022 at 10:21 AM #

      Here is the code for getting X-Originating-IP in Sieve
      if header :is "X-Originating-IP" "put-an-ip-here" {
      #do something here
      stop;
      }

  5. Will May 12, 2022 at 11:57 AM #

    Barry, Thank you for this blog information! It is very useful! Can you tell me if it is possible to apply the AdminSieveScripts to user-specified forwarding address accounts or any forwarded accounts in Zimbra?

    • Barry de Graaff May 13, 2022 at 7:25 AM #

      Hello Will,

      Not directly, but you could consider enabling the X-Authenticated-User header, via: 


      sudo su zimbra -
      zmprov mcf zimbraSmtpSendAddAuthenticatedUser TRUE"
      zmprov mcf zimbraMtaSmtpdSaslAuthenticatedHeader yes
      zmcontrol restart

      Then when the user is sending an email the X-Authenticated-User header is added to all outgoing email. However… for forwarded email the header will not be set. That way you should be able to tell the difference between a manually sent email and a forwarded one.

Leave a Reply

Copyright © 2022 Zimbra, Inc. All rights reserved.

All information contained in this blog is intended for informational purposes only. Synacor, Inc. is not responsible or liable in any manner for the use or misuse of any technical content provided herein. No specific or implied warranty is provided in association with the information or application of the information provided herein, including, but not limited to, use, misuse or distribution of such information by any user. The user assumes any and all risk pertaining to the use or distribution in any form of any subject matter contained in this blog.

Legal Information | Privacy Policy | Do Not Sell My Personal Information | CCPA Disclosures