Setup email disclaimer with altermime and amavisd-new

Get the altermime program from official site at http://pldaniels.com/altermime/ or a copy here: altermime-0.3.10.tar.gz.

Build and install:

cd /src-dir
make
make install

The the binary will be placed in /usr/local/bin.

Two format of the disclaimer should be prepared, one text and one html.

Sample text version /etc/mail/disclaimer.txt:

disclaimer.txt

--------------------------------------------------------------------------
This message and any attachment are confidential and may be privileged or
otherwise protected from disclosure. If you are not the intended recipient,
please telephone or email the sender and delete this message and any
attachment from your system. If you are not the intended recipient you must
not copy this message or attachment or disclose the contents to any other
person.

Sample html version /etc/mail/disclaimer.html:

disclaimer.html

<BR CLEAR="ALL">
<HR width="100%" />
<P style="font-family: sans-serif; font-style: normal; font-size: 11pt; color: gray;">

This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient, please telephone or email the sender and delete this message and any attachment from your system. If you are not the intended recipient you must not copy this message or attachment or disclose the contents to any other person.

</P>

Add these to amavisd.conf:

# enable altermine to insert disclaimers for outgoing email
$altermime = '/usr/local/bin/altermime';
@altermime_args_disclaimer = qw( --verbose
                                 --disclaimer=/etc/mail/disclaimer.txt
                                 --disclaimer-html=/etc/mail/disclaimer.html );
$defang_maps_by_ccat{+CC_CATCHALL} = [ 'disclaimer' ];

And this to the MYNETS policy back and all originating policy banks:

allow_disclaimers => 1,

Sample:

$policy_bank{'MYNETS'} = {  # mail originating from @mynetworks
  terminate_dsn_on_notify_success => 0,
  bypass_spam_checks_maps   => [1],  # or: don't spam-check internal mail
  bypass_banned_checks_maps => [1],  # don't banned-check internal mail
  originating => 1,  # is true in MYNETS by default, but let's make it explicit
  allow_disclaimers => 1,

};

From the Release notes of amavisd-new:

...

- a special case of mangling is adding a disclaimer, by invoking an external
  program 'altermime' (if available and enabled). This differs from mangling
  inbound mail in two details:
  * uses a separately configurable list of arguments to altermime:
    @altermime_args_disclaimer; and
  * it applies only to mail submitted from internal networks or roaming users
    (as recognized through a policy bank which sets: allow_disclaimers => 1),
    and where any of the following addresses matches local domains:
    author (2822.From) or sender (2822.Sender) or return path (2821.mail_from);

  Typically the $allow_disclaimers should be set by a policy bank which
  also sets the $originating flag.

  In addition to strings that may be returned by %defang_maps_by_ccat
  as described above, there are two more, only taken into account
  when $allow_disclaimers is true:
    'disclaimer' invokes $altermime program for outgoing mail with
                 arguments as given in @altermime_args_disclaimer;
    'nulldisclaimer' for testing purposes - doesn't modify mail body,
                 but pretends it does (in logging and mail header);

  Typical use:

    $altermime = '/usr/local/bin/altermime';
    @altermime_args_disclaimer =
      qw(--verbose --disclaimer=/etc/altermime-disclaimer.txt);
    $defang_maps_by_ccat{+CC_CATCHALL} = [ 'disclaimer' ];
    @mynetworks = qw( ... );
    $policy_bank{'MYNETS'} = {  # mail originating from our networks
      originating => 1,
      allow_disclaimers => 1,
    }

  For the moment there is one limitation: there can only be one mangler
  in effect at a time, it is not currently possible to both defang and to
  append a disclaimer on the same message: for internal-to-internal mail
  inserting a disclaimer takes precedence.

  To make it possible to provide different disclaimer texts when hosting
  multiple domains, there is an experimental additional configuration
  variable available: the @disclaimer_options_bysender_maps.
  It is a list of lookup tables, looked up by a sender address.
  The sender address is chosen from the following list, first match wins:
    * 'Sender:' header field,  if its domain matches @local_domains_maps;
    * 'From:' header field,    if its domain matches @local_domains_maps;
    * envelope sender address, if its domain matches @local_domains_maps;
  We already know that at least one of the above will match, otherwise
  adding disclaimers would be skipped at an earlier stage. The result of
  lookups should be one simple string, which replaces a string '_OPTION_'
  anywhere in @altermime_args_disclaimer elements.

  Typical use:

    @altermime_args_disclaimer = qw(--disclaimer=/etc/_OPTION_.txt);

    @disclaimer_options_bysender_maps = (
     { 'host1.example.com' => 'altermime-disclaimer-host1',
       'boss@example.net'  => 'altermime-disclaimer-boss',
       '.example.net'      => 'altermime-disclaimer-net',
        '.'                => 'altermime-disclaimer-default' },
    );

  It is currently not possible to disable adding disclaimers through
  @disclaimer_options_bysender_maps results. This needs to be improved.
  The exact interpretation of the @disclaimer_options_bysender_maps lookup
  result may change in the future (which is why I call it 'experimental').

...