The Exim FAQ

Contents   Previous   Next

16. MODIFYING MESSAGE BODIES

Q1601:  How can I add a disclaimer or an advertisement to a message?

A1601:  There are a number of technical and potential legal problems that arise in connection with message modification. Some of them are listed below. Some comment on the legal position of email disclaimers in English law can be found at http://www.weblaw.co.uk/artemail.htm.

See also http://www.goldmark.org/jeff/stupid-disclaimers/. There is some discussion about the problems of actually adding disclaimers in http://www.goldmark.org/jeff/stupid-disclaimers/apply.html.

In many cases, email disclaimers will make your company look ridiculous, at the very least. At worst, they may interfere with the normal processing of mail.

If, despite these considerations, you still want to modify messages, you can do so using Exim, but not directly in Exim itself. It is not the job of an MTA to modify messages, something that requires understanding of their content and format.

Exim provides a hook called a “transport filter” that lets you pass any outgoing message through a program or script of your choice. It is the job of this script to make any changes to the message that you require. By this means, you have full control over what changes are made, and Exim does not need to know anything about message bodies. However, using a transport filter requires additional resources, and may slow down mail delivery.

You can use Exim's routers to arrange for those messages that you want to modify to be delivered via a transport filter. For example, suppose you want to do this for messages from addresses in your domain that are being delivered to a remote host. First you need to set up a special smtp transport that uses a filter, like this:

   remote_smtp_filter:
     driver = smtp
     transport_filter = /your/filter/command

Then you need to modify the dnslookup router to use this transport when the conditions are right:

   dnslookup:
     driver = dnslookup
     domains = ! +local_domains
     transport = ${if eq {$sender_address_domain}{your.domain}\
                  {remote_smtp_filter}{remote_smtp}}
     ignore_target_hosts = 127.0.0.0/8
     no_more

This is the standard dnslookup router, but with a modified setting of the transport option. When the sender address is in your domain, it routes to the special transport instead of the standard one.

The entire message is passed to your filter command on its standard input. It must write the modified version to the standard output, taking care not to break the RFC 2822 syntax. The command is run as the Exim user.

There are a number of potential problems in doing this kind of modification in an MTA. Many people believe that to attempt is it wrong, because:

1. It breaks digital signatures, which are becoming legally binding in some countries. It may well also break encryption.

2. It is likely to break MIME encoding, that is, it is likely to wreck attachments, unless great care is taken. And what about the case of a message containing only binary MIME parts?

3. It is illegal under German and Dutch law to change the body of a mail message in transit. It might potentially be illegal in the UK under European law. This consideration applies to ISPs and other “common carriers”. It would presumably not apply in a corporate environment where modification was done only to messages originating from the employees, before they left the company's network. It might also not apply if the senders have explicitly given their consent (e.g. agreed to have advertisements added to their incoming mail).

4. Since the delivered message body was produced by the MTA (not the originator, because it was modified), the MTA operator could potentially be sued for any content. This again applies to `common carrier' MTAs. It's interesting that adding a disclaimer of liability could be making you liable for the message, but this case seems more likely to involve adding advertisements than disclaimers. After all, no postal service in the world opens all the mail it carries to add disclaimers.

5. Some mail clients (old versions of MS outlook) crash if the message body of an incoming MIME message has been tampered with.

There are also potential problems that could arise if a scheme to add disclaimers goes wrong for some messages:

1. False negatives: `Ah, this guy usually says he does not represent their views, but in this message he doesn't have the disclaimer'.

2. False positives: `This official announcement does not represent our views, oh no'.

An alternative approach to the disclaimer problem would be to insist that all relevant messages have the disclaimer appended by the MUA. The MTA should refuse to accept any that do not. Again, however, the MTA must understand the format of messages in order to do this. Simply checking for appropriate wording at the end of the body is not good enough. It would probably be necessary to run a Perl script from within an Exim system filter, or write a local_scan() function in order to adopt this approach.

Finally, it's a trivial matter to add customized headers of the sort:

   X-Disclaimer:  This is a standard disclaimer that says that the views
   X-Disclaimer:  contained within this message are somebody else's.

which is a much easier alternative to modifying message bodies.

Q1602:  How can I remove attachments from messages?

A1602:  The answer to this is essentially the same as for Q1601.



Contents   Previous   Next