Unified dynamic corporate signature with Postfix + alterMIME + addAttachFilter + Active Directory or MySQL logo

Introduction

Practically in any company, management requires to observe one or another format of business correspondence, where a special role is assigned to the postal signature. It often happens that the management of the company obliges everyone to put a unified corporate signature, but in practice most employees ignore this obligation for various reasons, or the signature structure is different from the corporate one (in font, color, text pattern).

Of course, almost all the work to accomplish this task falls on the shoulders of the system administrator. This is good, when a couple dozen employees work in the company and adding a corporate signature once will not be difficult. But what to do when your company employs more than 50 people who can use different email clients and who periodically need software replacement?

It turns out that in the long term, to fulfill this requirement is almost impossible. As a result, management has to kick their employees from time to time, which can cause anger towards the offending employee, as well as the entire IT department. At best, someone will get a comment, at worst - lose the prize.
')
In this article I will tell you how you can accomplish the task, what difficulties you will have to face, and how to overcome these difficulties.

The task and problems of its implementation

As a rule, management requires that a corporate signature with a company logo is present in every letter of all employees. Agree on such a signature is quite simple, but to implement the task is very difficult on the side of the mail server.

Perhaps many of you have already tried to cope with this task, using a bunch of alterMIME + addAttachFilter , but abandoned this venture for many reasons. As a rule, whatever you do, the structure of letters or signatures becomes unreadable, especially when there is active correspondence, and also if someone is using Microsoft Outlook . Well, let's look at all these problems ...

The implementation of the task

First you need a fully configured Postfix mail server with configured Active Directory or MySQL authorization. In my case, the following software was used:

• Debian 7.x
• Postfix 2.x
• alterMIME 0.3.10
• addAttachFilter
• Active Directory

alterMIME is a program that changes MIME
addAttachFilter - a script that adds a logo

You can install alterMIME for Debian like this:

• apt-get install altermime

Or download and install it from the official website: www.pldaniels.com/altermime

Also install addAttachFilter from the official site: addattachfilter.sourceforge.net

To begin, set up alterMIME and addAttachFilter strictly according to the instructions from these sites:

• alterMIME
• addAttachFilter

These articles are in English, but they are intuitive. If you did everything correctly with these instructions, then the first reaction will be a smile from ear to ear with a shout from Yahooo when sending a test letter. That's just you will not be happy for a long time. From this point on, the setup is just beginning ...

"Underwater rocks"

I think that many of you reached this point on your own, but that was all, and then you had to roll back the settings.

The first pitfall I had to deal with was the inability to add a logo like base64 inside the IMG SRC HTML tag. The problem is that most email clients, including Outlook , do not recognize this tag with the base64 picture format. Also, you cannot use external links to the image, since all e-mail clients that are configured by default will block such a logo. Therefore, we will solve this problem using the addAttachFilter perl script.

The second pitfall . This is not the regular insertion of signatures in letters. The fact is that when a letter is formed, the " From: " field can be with the simple meaning of the mailing address, that is, it is formed as From: ivan.ivanov@your.domain , although for many this line will look like From: "Ivan Ivanov ”<ivan.ivanov@your.domain> .

To solve this problem, replace the line in the disclaimer script:

• from_address = `grep -m 1" From: "in. $$ | cut -d "<" -f 2 | cut -d ">" -f 1`

This line:

• from_address = `grep -m 1" From: "in. $$ | cut -d "<" -f 2 | cut -d ">" -f 1 | sed 's / ^ From: // g'`

The third underwater stone . If you do everything exactly according to the previous instructions, then during the correspondence you can see a lot of oddities. All these "oddities" will be visible both when displaying text and when displaying a signature in various email clients, including Outlook . It makes no sense to list them, you will see for yourself. The fact is that with this configuration, your mail server will always insert a logo in every letter, even if it was sent by another server to an employee in your company. So you need to change the disclaimer script.

Delete the line:

• cat | /var/spool/filter/addAttachFilter.pl> in. $$ || {echo Cannot save mail to file; exit $ EX_TEMPFAIL; }

Add a line instead:

• cat> in. $$ || {echo Cannot save mail to file; exit $ EX_TEMPFAIL; }

With this action you return the settings of the disclaimer script to the primary setting.

After this, replace the line:

• trap "rm -f in. $$" 0 1 2 3 15

By line:

• trap "rm -f in. $$; rm -f pic. $$ »0 1 2 3 15

And after the line:

• if [`grep -wi ^ $ {from_address} $ $ {DISCLAIMER_ADDRESSES}`]; then

Add 2 lines:

• cat in. $$ | $ INSPECT_DIR / addAttachFilter.pl> pic. $$ || {echo Cannot save mail to file; exit $ EX_TEMPFAIL; }
• cat pic. $$> in. $$ || {echo Cannot save mail to file; exit $ EX_TEMPFAIL; }

This is necessary so that the logo is added only to those letters that are sent by your employees, and not to everything.

The fourth pitfall is in the Outlook email client. If it is used in your company, then depending on its settings, the mail client can add extended data to the letter. This data is in the attached file winmail.dat . When you add this file, many clients do not display a corporate signature. To avoid this, you need to add one key DisableTNEF = 1 (DWORD) to the registry. I strongly recommend adding this value on all computers where any version of Microsoft Outlook is installed. You can read more about the problem and how to solve it here www.slipstick.com/problems/outlook-is-sending-winmail-dat-attachments

The fifth underwater stone (cosmetic). The essence of this problem lies in the fact that the corporate signature will always be added to the bottom and it can not be added after your answer. Since this letter is formed on the server, and the server simply does not know where to put the signature, unlike any email client, when you format the letter yourself. This can create a problem with long correspondence. The solution is quite simple - create a minimal text signature, for example:

• __
• Best Regards,
• Ivan Ivanov

Thus, during a long correspondence, you will always have two signatures inserted, corporate and minimum (to separate the answers).

" Dynamic " underwater stone. Let's analyze the last pitfall associated with the dynamic listing of employees. As you have already noticed, the signature is added only for those employees who are registered in the disclaimer_addresses file. It is easy to guess that you will need to regularly monitor this file if you edit it manually. Well, if a couple of dozen employees work in your company ... In order to solve this problem, put a script in cron that will form this list. I think that the execution of this script 1-2 times a day will solve the problem with the list. Sample script:

• / usr / bin / ldapsearch -D USER@YOUR.DOMAIN -w PASSWORD -LLL -h 192.168.1.100 -p 3268 -S mail -N -b dc = YOUR, dc = DOMAIN "(mail = * @ *)" mail | grep "mail:" | cut -d "" -f 2> / etc / postfix / disclaimer_addresses

where 192.168.1.100 , the IP of your domain controller

You will also need the ldap-utils package to run this command.

Dynamic signature

Now we come to the final stage. Here we look at how you can change the signature dynamically. In my case, I have to change the name , surname and telephone number of the employee. This can be done using data that is used in Active Directory or MySQL . To do this, you will need the ldapsearch utility again. The essence of using this utility is to read the displayName field and the telephoneNumber field. Then you need to create a variable with these values ​​and substitute it in the signature. Sample script, how to get displayName :

• DisplayName = `ldapsearch -D USER@YOUR.DOMAIN -w PASSWORD -LLL -h 192.168.1.100 -p 3268 -N -b dc = YOUR, dc = DOMAIN" (mail = * $ from_address *) "displayName`

where the variable $ from_address is already in the disclaimer script

I will not give the full text of my disclaimer script, which forms a dynamic signature. Since it mainly consists of preparing HTML "caps". In general, dynamic signature generation is reduced to the compilation of a “header” and data obtained from Active Directory or MySQL .

Conclusion

At the moment, adding a unified dynamic corporate signature works fine. Tested with various email clients, including different versions of Outlook . I do not exclude that there may still be any problems with this implementation. If there are any, then please unsubscribe in the comments, and about your method of solving them.