Adding a warning to emails from outside domains?

[dancinginair]

Hey all, there appear to be a few people asking about this over the past few years. This is something we NEED to implement on our hardware ASAP and I suspect we are going to get pulled into a full revamp for exchange if we dont get it sorted shortly.

Our business (not web hosting) runs our email off a dedicated AWS cpanel VM.

It seems like there may be some "deep in the weeds" ways of doing this now, but did Cpanel ever implement this is a click on/off feature?

Essentially if any email comes in from outside our domain we need to be able to have some sort of flag added to (at minimum) the subjet line ***Warning External***. Potentially also including text injected into the body such as
***Attention*** This email originated from outside of Company_Name.

The amount of targeted & well crafted social attackers we've seen lately has gone through the roof. Talking to some of the folks in our companies specific industry it sounds like everyone is being hit by state sponsored attacks which TBH is both a massive piss-off and a major PITA as we are not some 300 person company with an army of sys-admins, and I'm just doing this off the side of my desk.

I have budget authority to pull in a contractor if thats what it needs, or as I mentioned we could end up just revamping our entire network (that is not a job I'm really in the mood to oversea however.Any insght would be greatly appreciated.

thanks.

 

[cPRex]

Hey there! I can confirm there isn't a cPanel setting that would handle this. Could you submit a feature request using the link in my signature and then I can bring it up with the team during the next features meeting?

There are likely ways to do this by manually modifying Exim filters and configuration files, but that is outside the scope of cPanel support so I wouldn't be able to guide you through that process.

 

[ITHKBO]

We use mailscanner to handle these kind of alerts on our cPanel, CentOS, Almalinux servers

Home - MailScanner

Millions of Downloads Powerful Open Source Engine Totally Free Version 5.4.5-3 Download MailScanner is a highly respected open source email security system design for Linux-based email gateways. It is used at over 40,000 sites around the world, protecting top government departments...

www.mailscanner.info

Of course I do not know if you either have mailscanner or can implement it but here is the rule set location after installation of mailscanner
/usr/mailscanner/etc/rules/external.message.rules

It should give a standard message addition Warning: This message originated from outside the organization.
Make sure to add the local domains as no and the default as yes
Example:

From: yourlocaldomain.com no
FromOrTo:default yes


If you need something more advanced than MIMEDefang might be the best option

MIMEDefang

MIMEDefang - documentation

mimedefang.org

Both are however not fire and forget software and installation, configuration takes time. Expect a abundance of false positives if you use it for regular scanning purpose to as it can take quiet sometime and effort to train unless you have training data already available.

We use the paid addon Configserver Mailscanner Front End for rule management ourselves to save a lot of hassle in the day to day operations.
The supplier of the paid addon also has installation services which i am sure you can ask for them to setup the exact rule you need.
I do not have experience with there installation service myself as I rather configure it all in company but I do know there support itself is very reliable albeit it can take some time for ticket responses.