Haraka custom plugin: parsing the body and headers, then add warning lines

[prd0000]

I am trying to write a custom plugin, to insert some warning to the receiver if the mail body contains malicious data.

Recently, we have some malicious phishing email that contains a questionable link, or an email that disguises as local email, even though the sender was from outside mail server, not local one. Or an email that seems to come from administrator noting that an email has been held, or something.

The problem is, the software can't know for sure, whether it is the real error or malicious, or it is a real link from the user's activity outside the mail server. Such as gmail sending a error to my mail server to my user. Therefore I can't reject the mail outright.

So, to know whether the mail malicious or not, I need to parse the header, read the forwarding data, from, to and subject header, and also parse the email. Then if the code has determined that the mail is potentially malicious, it would write a list of warning signs at the first line of body, telling the receiver regarding what could go wrong.

Now, my problem is, that I have to use hook_data to insert into the body, and I need to use hook_data_post to retrieve the full mail body and headers. And if I read the documentation correctly, adding mail body at hook_data_post is already too late, and I have to write the body at hook_data stage, but the headers comes at hook_data_post. It's kinda like I need the chicken to get the egg, but the egg hasn't hatched yet.

Is there any way or trick to perform what I need to do?

Thank you

[celesteking]

See how set_banner is implemented. core/Transaction might be helpful. Modifying body will break DKIM. You could set a header instead and then deliver to "suspicious" folder by means of your MDA.