Unified dynamic corporate signature with Postfix + alterMIME + addAttachFilter + Active Directory or MySQL logo


    In almost any company, management requires compliance with one format or another of business correspondence, where the mail signature has a special role. It often happens that company management obliges everyone to put a unified corporate signature, but in practice most employees ignore this obligation for various reasons, or the signature structure differs from the corporate one (in font, color, text template).

    Of course, almost all the work to complete this task rests with the system administrator. It’s good when a couple of dozen employees work in the company and adding a corporate signature once will not be difficult. But what to do when your company employs more than 50 people who can use different email clients and who periodically need to replace software?

    It turns out that in the long run, to fulfill this requirement is practically impossible. As a result, management has to kick its subordinates from time to time, which can cause anger towards the offending employee, as well as the entire IT department. In the best case, someone will receive a comment; in the worst, they will lose the bonus.

    In this article I will tell you how you can implement the task, what difficulties you will encounter, and how to overcome these difficulties.

    The task and problems of its implementation

    As a rule, management requires that a corporate signature with the company logo be present in every letter to all employees. Agreeing such a signature is quite simple, but realizing the task is very difficult on the side of the mail server.

    Perhaps many of you have already tried to cope with this task, using the alterMIME + addAttachFilter bundle , but abandoned this venture for many reasons. As a rule, whatever you do, the structure of letters or signatures becomes unreadable, especially with active correspondence, and also if someone uses Microsoft Outlook . Well, let's look at all these problems ...

    Implementation of the task

    First, you need a fully configured Postfix mail server with configured Active Directory or MySQL authentication . In my case, the following software was used:
    • Debian 7.x
    • Postfix 2.x
    • alterMIME 0.3.10
    • addAttachFilter
    • Active Directory

    alterMIME - a program that changes MIME
    addAttachFilter - a script that adds a logo

    You can install alterMIME for Debian like this:
    • apt-get install altermime

    Or download and install it from the official website: www.pldaniels.com/altermime

    Also install addAttachFilter from the official website: addattachfilter.sourceforge.net

    First, configure alterMIME and addAttachFilter strictly according to the instructions from these sites:

    These articles are in English, but they are intuitive. If you did everything correctly according to these instructions, then the first reaction will be a smile from ear to ear with the cry of Yahooo when sending a test letter. That's just you will not be happy for long. From this moment, the setup is just beginning ...

    "Underwater rocks"

    I think that many of you yourself reached this point, but that was all and ended, after which you had to roll back the settings.

    The first pitfall I had to deal with was the lack of the ability to add the logo as base64 inside the IMG SRC HTML tag . The problem is that most email clients, including Outlook , do not recognize this tag with the base64 image format . Also, you cannot use external links to the picture, since in all mail clients configured by default, such a logo will be blocked. Therefore, the problem we solve using perl script addAttachFilter.

    The second pitfall . This is not a regular insertion of a signature in letters. The fact is that when a letter is formed, the “ From: ” field can be with a simple value for the mailing address, that is, it is formed as From: ivan.ivanov@your.domain , although for many this line will look like From: “Ivan Ivanov ».

    To solve this problem, replace the line in the disclaimer script :
    • from_address = `grep -m 1“ From: ”in. $$ | cut -d "<" -f 2 | cut -d ">" -f 1`

    This line:
    • from_address = `grep -m 1“ From: ”in. $$ | cut -d "<" -f 2 | cut -d ">" -f 1 | sed 's / ^ From: // g``

    The third pitfall . If you do everything exactly according to the 2 previous instructions, then during correspondence you can see many oddities. All these “oddities” will be visible both when displaying text and when displaying signatures in different email clients, including Outlook . It makes no sense to list them; you yourself will see everything. The fact is that with this configuration, your mail server will always insert a logo in every letter, even sent by another server to any employee in your company. Therefore, you need to modify the disclaimer script .

    Delete the line:
    • cat | /var/spool/filter/addAttachFilter.pl> in. $$ || {echo Cannot save mail to file; exit $ EX_TEMPFAIL; }

    Add a line instead of it:
    • cat> in. $$ || {echo Cannot save mail to file; exit $ EX_TEMPFAIL; }

    With this action, you return the disclaimer script settings to their initial settings.

    After that, replace the line:
    • trap "rm -f in. $$" 0 1 2 3 15

    By line:
    • trap "rm -f in. $$; rm -f pic. $$ »0 1 2 3 15

    And after the line:
    • if [`grep -wi ^ $ {from_address} $ $ {DISCLAIMER_ADDRESSES}`]; then

    Add 2 lines:
    • cat in. $$ | $ INSPECT_DIR / addAttachFilter.pl> pic. $$ || {echo Cannot save mail to file; exit $ EX_TEMPFAIL; }
    • cat pic. $$> in. $$ || {echo Cannot save mail to file; exit $ EX_TEMPFAIL; }

    This is necessary so that the logo is added only to those letters that your employees send, and not all in a row.

    The fourth pitfall is the Outlook email client . If it is used in your company, then depending on its settings, the mail client can add advanced data to the letter. This data goes in the attached winmail.dat file . When you add this file, many clients do not display a corporate signature. To avoid this, you need to add one key DisableTNEF = 1 (DWORD) to the registry . I strongly recommend adding this value on all computers where any version of Microsoft Outlook is installed. You can read more about the problem and ways to resolve it here www.slipstick.com/problems/outlook-is-sending-winmail-dat-attachments

    The fifth pitfall (cosmetic). The essence of this problem is that the corporate signature will always be added from below and it cannot be added after your answer. Since this letter is generated on the server, and the server simply does not know where to put the signature, unlike any email client, when you format the message yourself. This can create a problem with long conversations. The solution is quite simple - create a minimal text signature, for example:

    • __
    • Best regards
    • Ivan Ivanov

    Thus, during long correspondence, you will always have two signatures inserted, corporate and minimal (to separate the answers).

    " Dynamic " pitfall. Let's look at the last pitfall associated with dynamically compiling a list of employees. As you already noticed, the signature is added only to those employees who are registered in the disclaimer_addresses file . It’s easy to guess that you need to regularly monitor this file if you edit it manually. Well, if a couple of dozen employees work in your company ... In order to solve this problem, put in cronscript that will form this list. I think that the execution of this script 1-2 times a day will solve the problem with the list. Example script:

    • / usr / bin / ldapsearch -D USER@YOUR.DOMAIN -w PASSWORD -LLL -h -p 3268 -S mail -N -b dc = YOUR, dc = DOMAIN "(mail = * @ *)" mail | grep "mail:" | cut -d "" -f 2> / etc / postfix / disclaimer_addresses

    where is the IP of your controller domain.

    You will also need the ldap-utils package to execute this command.

    Dynamic signature

    Now we have come to the final stage. Here we look at how you can change the signature dynamically. In my case, I have to change the Name , Surname and Phone number of the employee. This can be done using data that is used in Active Directory or MySQL . To do this, you will need the ldapsearch utility again . The essence of using this utility is to read the displayName field and the telephoneNumber field . Then you need to form a variable with these values ​​and substitute it in the signature. Example script how to get displayName :

    • DisplayName = `ldapsearch -D USER@YOUR.DOMAIN -w PASSWORD -LLL -h -p 3268 -N -b dc = YOUR, dc = DOMAIN" (mail = * $ from_address *) "displayName`

    where the variable $ from_address is already in the disclaimer script

    I won’t give the full text of my disclaimer script , which forms a dynamic signature. Since it mainly consists of preparing HTML “headers”. In general, the dynamic generation of a signature is reduced to compiling a header and data obtained from Active Directory or MySQL .


    At the moment, adding a unified dynamic corporate signature works fine. Tested with various email clients, including different versions of Outlook . I do not exclude that there may still be any problems with this implementation. If there are any, then please unsubscribe in the comments, and about your way to solve them.

    Also popular now: