How to implement signature (using alertMIME) and signing

Mark Martinec Mark.Martinec+amavis at
Tue Dec 20 19:59:29 CET 2011

Pandu Poluan,

> > Disclaimers and DKIM signing can be done in amavisd-new, and much
> > easier than implementing them separately.  Doing them in amavisd-new
> > eliminates the question of "order", since it's handled correctly for
> > you.
> Honestly, that's news to me; I've been reading up on amavisd-new for the
> past two weeks and can't recall ever seeing that amavis can append
> disclaimers. Care to point to some howto's?
> Anyways, thank you very much for the pointers. Much appreciated!

amavisd-new-2.5.0 release notes:

- added interface code to invoke Anomy Sanitizer or the 'altermime' program
  allows defanging or adding disclaimers by external utilities on a
  per-recipient basis;

  Provided interface code to allow mangling/defanging/sanitation
  to be performed by an external utility, either by directly calling
  a Perl module Anomy Sanitizer (within the same process, avoiding
  startup cost), or by invoking a program 'altermime' (or by internal
  defanging code as before).

  Mail body defanging is only allowed for local recipients (those matching
  @local_domains_maps), i.e. for inbound and internal-to-internal mail.

  If there is more than one mangling code option available, the result
  of a %defang_maps_by_ccat can choose between them by returning one of
  the following strings, the selection can depend on mail content type
  and on by-recipient lookups if needed:
    'anomy'     chooses Anomy Sanitizer (if $enable_anomy_sanitizer is true);
    'altermime' chooses a program whose path is $altermime (if found);
    'attach'    chooses the traditional amavisd-new defanging method
                which pushes an original mail message to an attachment;
    'null'      for testing purposes - doesn't modify mail body, but
                pretends it does (in logging and mail header);
    other non-empty and non-zero value automatically choose one
                of the above options depending on what is available;
                at least the 'attach' is always available;
    an empty, zero or undef value disables mail body modifications;

  Controls: $enable_anomy_sanitizer, @anomy_sanitizer_args,
  and: $altermime, @altermime_args_defang;

  Typical use:

  # with altermime:
  $altermime = '/usr/local/bin/altermime';
  @altermime_args_defang = qw(--verbose --removeall);

  # with Anomy Sanitizer:
  $enable_anomy_sanitizer = 1;
  @anomy_sanitizer_args = qw( /usr/local/etc/sanitizer.cfg );

  $defang_spam = 1;  # old style, applies the first available mangler
                     # to all spam-loving local recipients

  # unnecessarily complicated example of selective choices:
  $defang_maps_by_ccat{+CC_BANNED} = [
    'altermime',  # use altermime for everybody (a 'constant' lookup table)
  $defang_maps_by_ccat{+CC_SPAM} = [
    { # a per-recipient hash lookup table
      'user at'    => 1,  # old style, auto-selects a mangler
      'user-a at'  => 'anomy',
      'user-m at'  => 'altermime',
      'user-t at'  => 'attach',
      ''        => 0,  # no mangling
    $defang_spam,  # fallback to old style setting if no match above

- a special case of mangling is adding a disclaimer, by invoking an external
  program 'altermime' (if available and enabled). This differs from mangling
  inbound mail in two details:
  * uses a separately configurable list of arguments to altermime:
    @altermime_args_disclaimer; and
  * it applies only to mail submitted from internal networks or roaming users
    (as recognized through a policy bank which sets: allow_disclaimers => 1),
    and where any of the following addresses matches local domains:
    author (2822.From) or sender (2822.Sender) or return path (2821.mail_from);

  Typically the $allow_disclaimers should be set by a policy bank which
  also sets the $originating flag.

  In addition to strings that may be returned by %defang_maps_by_ccat
  as described above, there are two more, only taken into account
  when $allow_disclaimers is true:
    'disclaimer' invokes $altermime program for outgoing mail with
                 arguments as given in @altermime_args_disclaimer;
    'nulldisclaimer' for testing purposes - doesn't modify mail body,
                 but pretends it does (in logging and mail header);

  Typical use:

    $altermime = '/usr/local/bin/altermime';
    @altermime_args_disclaimer =
      qw(--verbose --disclaimer=/etc/altermime-disclaimer.txt);
    $defang_maps_by_ccat{+CC_CATCHALL} = [ 'disclaimer' ];
    @mynetworks = qw( ... );
    $policy_bank{'MYNETS'} = {  # mail originating from our networks
      originating => 1,
      allow_disclaimers => 1,

  For the moment there is one limitation: there can only be one mangler
  in effect at a time, it is not currently possible to both defang and to
  append a disclaimer on the same message: for internal-to-internal mail
  inserting a disclaimer takes precedence.

  To make it possible to provide different disclaimer texts when hosting
  multiple domains, there is an experimental additional configuration
  variable available: the @disclaimer_options_bysender_maps.
  It is a list of lookup tables, looked up by a sender address.
  The sender address is chosen from the following list, first match wins:
    * 'Sender:' header field,  if its domain matches @local_domains_maps;
    * 'From:' header field,    if its domain matches @local_domains_maps;
    * envelope sender address, if its domain matches @local_domains_maps;
  We already know that at least one of the above will match, otherwise
  adding disclaimers would be skipped at an earlier stage. The result of
  lookups should be one simple string, which replaces a string '_OPTION_'
  anywhere in @altermime_args_disclaimer elements.

  Typical use:

    @altermime_args_disclaimer = qw(--disclaimer=/etc/_OPTION_.txt);

    @disclaimer_options_bysender_maps = (
     { '' => 'altermime-disclaimer-host1',
       'boss at'  => 'altermime-disclaimer-boss',
       ''      => 'altermime-disclaimer-net',
        '.'                => 'altermime-disclaimer-default' },

  It is currently not possible to disable adding disclaimers through
  @disclaimer_options_bysender_maps results. This needs to be improved.
  The exact interpretation of the @disclaimer_options_bysender_maps lookup
  result may change in the future (which is why I call it 'experimental').

  Note that disclaimers are pretty much useless legally.
  If you can help it at all, please avoid the pollution. See:

amavisd-new-2.7.0 release notes :

- added LDAP attribute amavisDisclaimerOptions, along with its corresponding
  SQL field 'disclaimer_options'. It finds its way to the list of lookup
  tables @disclaimer_options_bysender_maps, so the replacement of the
  _OPTIONS_ placeholder in @altermime_args_disclaimer could be made dynamic;


More information about the amavis-users mailing list