Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
Loading...
Loading...

HOWTO: How do I send notifications to a message sender that the recipient's e-mail address has changed?

Expand / Collapse


This article applies to:

  • Trustwave MailMarshal (SEG)

Question:

  • How do I send notifications to a message sender that the recipient's e-mail address has changed?
  • How do I set up automatic notifications of a domain name change?

Procedure:

Many companies are forced to change their email address structure at some point in their lifetime. Whether it’s changing their company’s name or merging with a different company, a few rules in MailMarshal SMTP can help to move to the new format without much of the pain that comes with a transition.

Using header rewrite rules, MailMarshal can automatically transform an email sent to an old address to the new address format, and notify the sender that they should send mail to the new address in the future.

The rules described in this procedure both transform the recipient email address, and send a notification back to the original sender notifying them of the change. In each of the three scenarios, three rules are required. However, the rules are identical for all of the scenarios, except for the 'Rewrite Recipient to New Address' header rewrite action.

The base rules are described first. The header rewrite portion is described below each of the scenarios.

Rules:

Content Analysis Rule: Write Old Address to External File
When a message arrives
Where message is incoming

Where addressed to 'Old Email Addresses'
Run the external command 'Echo Old Address to Threadno File'
   And rewrite message headers using 'Add X-AddressChange Field'
And pass message to the next rule for processing.

'Old Email Addresses'
List of email addresses to be changed.
Can include wildcards for entire domain changes. (e.g., *@acme.com)

'Echo Old Address to Threadno File'
External command. Calls the Windows echo command to write the old address to a text file for later reference.
Name: 'Echo Old Address to Threadno File'
Command Line: cmd
Parameters: /C echo {Recipient}>"{Install}\Address{Threadno}.txt"
Timeout: 60
Timeout per MB: 10
Single thread: ENABLED
Only execute once for each message: ENABLED
Command is triggered if return code is: 0
Command is not triggered if return code is: >0
'Add X-AddressChange Field'
Header rewrite action. Adds a 'X-AddressChange' field to the email header. Later rules check for the existence of this field.
Name: Add X-AddressChange Field
Add custom field: X-AddressChange:
Field parsing method: Entire line
Match case: DISABLED
Insert if missing: Address Change

Content Analysis Rule: Change Old E-Mail Address to New E-Mail Address
When a message arrives
Where message is incoming

Where message contains one or more headers 'X-AddressChange Exists'
Rewrite message headers using 'Rewrite Recipient to New Domain'
And pass message to the next rule for processing.

'X-AddressChange Exists'
Header match condition. Checks for the existence of an 'X-AddressChange' field.
Name: X-AddressChange Exists
Select the fields to match against: X-AddressChange:
Field parsing method: Entire Line
Match case: DISABLED
Field search expression: .+
'Rewrite Recipient to New Address'
Header rewrite action. Varies with scenario. See below.

Content Analysis Rule: Send External Notification of Domain Change
When a message arrives
Where message is incoming

Where message contains one or more headers 'X-AddressChange Exists'
Send a 'Change of Address Responder' notification message
And pass message to the next rule for processing.

'X-AddressChange Exists'
Header match condition. Checks for the existence of an 'X-AddressChange' field.
Name: X-AddressChange Exists
Select the fields to match against: X-AddressChange:
Field parsing method: Entire Line
Match case: DISABLED
Field search expression: .+
'Change of Address Responder'
Mail template action. Sends a message back to the sender advising them to change their records.

Name: Change of Address Responder
From: {LocalRecipient}
To: {ReturnPath}
Example Subject: Change of Address Notification
Example Body:

Subject: {Subject}
Note: The e-mail address that you sent this message to has changed.
Old Address: {File={Install}\Address{Threadno}.txt}
New Address: {Recipient}.

Please make this change in your records.
-Administrator

Scenarios:

1. Domain Change

Acme Corporation is purchased by Whizbang Limited. Acme’s old domain, acme.com, is changed to whizbang.com. This is a straightforward process, involving an easy switch of the domain part.

Old Address: john.smith@acme.com
New Address: john.smith@whizbang.com

'Rewrite Recipient to New Address'
Header rewrite action. A simple domain switch.
Name: Rewrite Recipient to New Address
Select the fields to match against: Envelope Recipient and To:
Field parsing method: Domain
Match case: DISABLED
Field search expression: acme.com
Substitute into field using expression: whizbang.com

2. Simple User-Part Format Change

Acme Corporation migrates from using their legacy sendmail MTA to Active Directory and Exchange 2007. It is decided that their previous email address format will not be retained, and their users’ email addresses will be their Active Directory logins.

Old Address: john.smith@acme.com
New Address: jsmith@acme.com

This scenario is only a little more complicated than a domain change. The new email address structure contains information that the old address already has. A simple regular expression substitution can take the first letter of the email address and append all the letters after the period.

'Rewrite Recipient to New Address'
Header rewrite action. A slightly more complicated email restructuring.
Name: Rewrite Recipient to New Address
Select the fields to match against: Envelope Recipient and To:
Field parsing method: Email Addresses
Match case: DISABLED
Field search expression: (.).*\.(.+)@(.+)
Substitute into field using expression: $1$2@$3

3. Complex User-Part Format Change

Acme Corporation migrates from using their legacy sendmail MTA to Active Directory and Exchange 2007. It is decided that their previous email address format will not be retained, and their users’ email addresses will be their Active Directory logins.

Old Address: jsmith@acme.com
New Address: john.smith@acme.com

This scenario is more complicated, because information is added to the email address in the new standard. You cannot use a substitution regular expression  in this case. However, MailMarshal SMTP can use a map file to make the change. A map file is a text file containing two comma-separated values per line.

In this scenario, the contents of the map file would look like the following:

jsmith@acme.com,john.smith@acme.com
jdoe@acme.com,jane.doe@acme.com

 

'Rewrite Recipient to New Address'
Header rewrite action. An even more complicated email restructuring.
Name: Rewrite Recipient to New Address
Select the fields to match against: Envelope Recipient and To:
Field parsing method: Email Addresses
Match case: DISABLED
Field search expression: (.+)
Map using file: SELECTED
File name: C:\Program Files\Trustwave\Secure Email Gateway\NodeConfig\OldtoNew.txt
Lookup key: $1

 

NOTE: The map file to edit is on the Array Manager in C:\Program Files\Trustwave\Secure Email Gateway\Config and will be copied to all nodes when configuration is committed. If you make any modifications to the file OldtoNew.txt, you MUST commit the configuration changes in the configurator for these changes to take effect.

Notes:

  • Content Analysis rules are known as Standard rules in earlier versions.

  • You can use similar rules for other purposes related to address change.

  • If the changed original messages could pass through MailMarshal again (for instance if the messages are re-distributed by mailing list management software), you should add an action to the third rule to delete the X-AddressChange header field.

This article was previously published as:

NETIQKB50460


To contact Trustwave about this article or to request support:


Rate this Article:
     
Tags:

Add Your Comments


Comment submission is disabled for anonymous users.
Please send feedback to Trustwave Technical Support or the Webmaster
.