Sendmail and masquerading

Matthew Seaman m.seaman at
Wed Apr 21 08:40:54 PDT 2004

On Wed, Apr 21, 2004 at 04:51:18PM +0200, Harald Schmalzbauer wrote:
> Am Mittwoch, 21. April 2004 16:26 schrieb Matthew Seaman:
> > On Wed, Apr 21, 2004 at 03:47:48PM +0200, Harald Schmalzbauer wrote:

> > > But sendmail still communicates with "Mail from:"
> >
> > Yup.  That's the envelope sender address, as used in the SMTP dialog.
> Oh, that's the envelope?!?

Errr... you see the sequence:

    MAIL From: somebody at

as part of the SMTP dialog.  Eg:

    % mail -v -s test m.seaman at <<E_O_M
    ? test message
    ? E_O_M
    m.seaman at Connecting to [ipv6:::1] via relay...
    220 ESMTP Sendmail 8.12.11/8.12.11; Wed, 21 Apr 2004 16:09:53 +0100 (BST)
    >>> EHLO Hello localhost [IPv6:::1], pleased to meet you
    250 HELP
    >>> STARTTLS
    220 2.0.0 Ready to start TLS
    >>> EHLO Hello localhost [IPv6:::1], pleased to meet you
    250 HELP
    >>> MAIL From:<matthew at> SIZE=64 AUTH=matthew at

    ^^^^^^^^^^^^^^^^^^^^^ here

    250 2.1.0 <matthew at>... Sender ok
    >>> RCPT To:<m.seaman at>
    >>> DATA
    250 2.1.5 <m.seaman at>... Recipient ok
    354 Enter mail, end with "." on a line by itself
    >>> .
    250 2.0.0 i3LF9rks013491 Message accepted for delivery
    m.seaman at Sent (i3LF9rks013491 Message accepted for delivery)
    Closing connection to [ipv6:::1]
    >>> QUIT
    221 2.0.0 closing connection

That's what I thought you were referring to.  The addresses used in
the 'MAIL From:' and 'RCPT To:' lines above are respectively the
envelope sender or recipient addresses.  They don't necessarily have
to have anything to do with what is contained in the From: and To: or
Cc: header lines within the body of the message -- for instance this
message could be Bcc:'d to you, or you could be using a .forward file
to send it on to a different server.  Most mail software will generate
messages where there is some relation though.

Also note -- don't be confused by the example I've shown: even though
it says the message is from
'matthew at' in the RCPT To:
line, that's actually generated automatically by the mail(1) command
in order to feed the message into sendmail(8) -- all of the
masquerading and other address rewriting stuff happens at a later
stage.  Most mail clients let you specify what your From: address
should be.
> But I don't want to masq the data From, just the MAIL from: (the header, not 
> the body)
> Any hints?

But that doesn't make any sense... the envelope from is only used
transiently when the message is transferred from machine to machine.
It doesn't appear in any on-line archives or the like, and so cannot
be discovered by spammers, unless you happen to send e-mail directly
to one of their systems.  Generally the reason for masquerading the
envelope sender address is to avoid giving away information about your
internal hostnames.
> And while I'm talking to our sendmail guru: How can I prevent my real address 
> to be listed on mail archives? The h at will be blocked, which 
> is the one people will see on http-archives in the From field. My reply 
> address is where mail geos to if somebody like you is answering but 
> unfortunately it's now in the To field, so it's again listen on 
> http-archives.
> In a few days my newly configured reply address (antwort at will 
> be spamed, I bet any amount. And people don't read my signature like I now 
> know :(

You don't.  If you don't want e-mail (of any sort -- including spam)
sent to your e-mail address, then don't use it on a public mailing
list, or allow it to be put on a website anywhere.

There's two strategies you can adopt:

    i) Use a 'throw-away' address on all mailing list messages, usenet
       posts of the like.  Keep that address as your current address
       for a short time then replace it with a new one.  Understand
       that you will get spam to the old addresses for evermore, and
       that your throw-away address will probably get harvested within
       a day or so, although spam levels shouldn't get unbearable for
       a while.

   ii) Use a permanent e-mail address, but spend a gread deal of time
       and effort setting up the best spam filters and other defences
       like SPF, greylisting, challenge-response whitelisting etc.
       Understand that even so, you're still going to see the odd spam
       now and again and you do run the risk of rejecting some
       non-spam messages by mistake.

As for the instructions in your .sig: I'm sorry -- chances are hardly
anyone will ever read and take action on them.  It's just too
ingrained hitting the 'Reply' or 'Reply All' key.  Not only that, but
the instructions in your .sig are futile anyhow: you've included your
address in the text of a message.  Just because it's on a 'Reply-To:'
line doesn't hide it from the harvesters.  I fully expect to get a
load of spamming attempts to the
'matthew at' address I quoted
above, because of this very message.



Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP:         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :

More information about the freebsd-questions mailing list