0

I am trying to solve an email domain co-existence problem with Exchange online. Basically i need it so when a message is sent to one tenant (domain.com) and forwarded to another tenant (newdomain.com) - that the To and/or CC headers are replaced with the endpoint (newdomain.com) email addresses before they are delivered to the final destination.

For Example:

1) Gmail (or any) user sends and email to sally.sue@domain.com, MX is looked up for that domain, it is delivered to the Office 365 Tenant for domain.com

2) That same office 365 tenant, is set to forward emails to sally.sue@newdomain.com (different tenant)

3) When the message arrives to sally sue at newdomain.com and she hits "Reply All" the original sender AND her (sally.sue@domain.com) are added to the To: line in the email.

The way to fix that is to use Header Replacement with Proofpoint, which as mentioned below works on a single users basis. The entire question below is me trying to get it to work using RegEx (As thats the only solution) for a large number of users.

I need to convert the following users email address:

username@domain.com to username@newdomain.com

This has to be done using ProofPoint which is a cloud hosted MTA. They have been able to provide some sort of an answer but its not working.

Proofpoint support has suggested using this: 

Header Name : To
Find Value  : domain\.com$
Replace     : newdomain\.com$ or just newdomain.com

Neither of the above work. In both cases the values are just completely ignored.

This seems to find the values:

Header Name : To
Find Value  : \b[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}\b
Replace     : $1@fake.com

But the above simply and only replaces the To: line (in the email) with the literal string: $1@fake.com

I would also need to be able to find lowercase and numbers in email addresses as well. i believe the above example only finds caps.

I need it do the following: 

Header Name : To
Find Value  : \b[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}\b (find users email address, domain) 
Replace     : user.name@newdomain.com

This is for a large number of users so there is no way to manually update or create separate rules for each user.

If i do create a individual rule, then it works as expected but as stated that requires manually typing out each user To: address And their new desired To: address.

This solution here almost worked: Regex to replace email address domains?

landru27
  • 1,654
  • 12
  • 20
Robert B
  • 1
  • 1

1 Answers1

0

I have a couple of observations from general experience, although I have not worked with Office365 specifically.

First, a regex used for replacement usually needs to have a "capture group". This is often expressed with parentheses, as in:

match       : \b([A-Z0-9._%-]+)@domain.com$
replacement : $1@newdomain.com

The idea is that the $1 in the replacement pattern is replaced with whatever was found within the () in the matching pattern.

Note that some regex engines use a different symbol for the replacement, so it might be \1@newdomain.com or some such. Note also that some regex engines need the parentheses escaped, so the matching pattern might be something like \b\([A-Z0-9._%-]+\)@domain.com$

Second, if you want to include - inside a "character class" set (that is, inside square brackets []), then the - should be first; otherwise it's ambiguous because - is also used for a range of characters. The regex engine in question might not care, but I suggest writing your matching pattern as:

\b([-A-Z0-9._%]+)@domain.com$

This way, the first - is unambiguously itself, because there is nothing before it to indicate the start of a range.

Third, for lowercase letters, it's easiest to just expand your character class set to include them, like so:

[-A-Za-z0-9._%]
landru27
  • 1,654
  • 12
  • 20
  • Thanks for the response. I have just tried your suggestions, however no change. If I leave this as is: Header Name : To Find Value : \b[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}\b Replace : $1@fake.com Then it will replace as you can see above with \b@fake.com - literal replacement. It seems that any other capture variable does not work, and all that occurs is the email is ignored. Would there be any type of documentation I could request from the Vendor? This is all based on send mail. Thanks, Robert – Robert B Jul 08 '19 at 16:44
  • @RobertB : since you are asking about Exchange and Office365, then yes, I assume that Microsoft has documentation, as well as a variety of other technical support options; I don't deal with Microsoft as a vendor at all myself, but I'm sure they can help – landru27 Jul 08 '19 at 17:08
  • landru. In this case Exchange/Office365 do not apply here as I am trying to get ProofPoint to implement regex. In our case it goes like this: EMail Sent to Domain >> MX (delivers to) ProofPoint >> (PP implements regex) >> then office 365. I would have the same request, even if ProofPoint was delivering to say gmail.com (g-suite). – Robert B Jul 08 '19 at 17:37
  • @RobertB : I apologize; I misunderstood; my experience with ProofPoint itself is even less than with Microsoft; but I googled "proofpoint using regular expression to alter recipient email address" and the 2nd hit is for the Proofpoint Essentials Administrator Guide; that sounds like it might help, and on page 5 of that document is mention of both a KnowledgeBase and a tech support line; one of those should be able to answer your question – landru27 Jul 08 '19 at 18:31
  • Ok thanks. I will check there. I scanned through the Manual before but just didn't get anywhere in terms of a solution. – Robert B Jul 08 '19 at 19:12
  • From ProofPoint Support: We are unable to change the envelope recipient within the email firewall rules. This is something that can only be done on a per domain basis within the mailer tables. The email firewall rules are only able to change the header to and from values. Since the tenant is unable to accept messages for those addresses that are being redirected, we will not be able to perform the redirect within Proofpoint in this way. – Robert B Jul 08 '19 at 19:19
  • The sad part is, I have the first part of it working, the last part is however where I am stuck. I am able to get it to change any email address, yet what it replaces it with is just the literal value of: $1\domain.com. damn. – Robert B Jul 08 '19 at 19:22