I would like to rewrite the subject line of all emails that contain a Reply-To: line with an email address in a different domain than the From: line. The reason for this is that I frequently get fraud emails that look like this:
From: My Name <my.name@mycompany.com>
To: billing@mycompany.com
Reply-To: thief@gmail.com
Subject: Please urgently pay attached invoice
...
Outlook displays the "From: " information, which can easily be forged, but does not display the Reply-To: line per default. So the email does not look suspicious. If one replies the email is sent to thief@gmail.com, and the thief will of course make sure that the From: My Name header is again showed in the response. Some of these emails are so cleverly designed that people fall for it.
To prevent this, I would like to rewrite the Subject line to something like "[Potential fraud] Please urgently pay this invoice" if there is a Reply-To recipient which is in a different domain than the From sender.
How do I configure Exim to do this? Please advise.
Best Answer
This configuration prepends "[Potential fraud]" to
subject
ifreply-to
andFrom
domains differexim.conf:
system_filter.conf:
I use a regex to extract the reply-to domain (if present) including the "@". The matching text needs to be in the
from
header to avoid the warning.Note: The $1 regex backreference remains available for the subject rewrite