Sendmail masquerading configuration

Ruben de Groot mail25 at bzerk.org
Tue Feb 8 04:43:01 PST 2005 

On Tue, Feb 08, 2005 at 03:05:21AM -0800, Ted Mittelstaedt typed:
> 
> 
> > -----Original Message-----
> > From: Ruben de Groot [mailto:mail25 at bzerk.org]
> > Sent: Monday, February 07, 2005 6:55 AM
> > To: Ted Mittelstaedt
> > Cc: Ian Moore; freebsd-questions at freebsd.org
> > Subject: Re: Sendmail masquerading configuration
> > 
> > 
> > On Sun, Feb 06, 2005 at 02:28:17AM -0800, Ted Mittelstaedt typed:
> > > 
> > > 
> > > > -----Original Message-----
> > > > From: owner-freebsd-questions at freebsd.org
> > > > [mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Ian Moore
> > > > Sent: Sunday, February 06, 2005 2:07 AM
> > > > To: freebsd-questions at freebsd.org
> > > > Subject: Sendmail masquerading configuration
> > > > 
> > > > 
> > > > Hi,
> > > > I'm hoping someone can help me with this.
> > > > 
> > > > I want to make sendmail (on a 5.3-Release server) leave the 
> > > > host name out of 
> > > > the sender address when sending mail from that machine.
> > > > I.E. mail from root currently has a sender address of 
> > > > root at myhost.foo.bar, I 
> > > > want it to be root at foo.bar instead.
> > > > 
> > > 
> > > Not possible, I think, as I recall masquerading only works on 
> > > users not in the T macro. (ie: Trusted Users)  root is
> > > most definitely in this macro.
> > 
> > Actually, I believe it's the EXPOSED_USERS macro, and it can be
> > adjusted; e.g. in sendmail.cf:
> > 
> > C{E}root
> > 
> > just remove the root user from this line. In conjunction with a 
> > MASQUERADE_AS macro, this will allow root to send email coming from
> > your domain without your hostname.
> 
> If you do this then lots of messages generated by the system will
> suddenly start generating (at best):
> 
> X-Authentication-Warning: myhost.foo.bar: root set sender to 
> someuser using -f

Sorry, but this simply isn't true. I have just tested this. Warnings
like this might get generated when you remove root from the
TRUSTED_USERS macro; *NOT* when you remove it from EXPOSED_USERS.

> It also makes it harder to troubleshoot when someone external to
> your system is sending bogus junk to you.

I agree. As I said in the part of my message you snipped: 

"BTW, I agree that masquerading is NOT the proper way to do these things."

> And while it's not applicable now, with older versions of sendmail
> this would definitely break all your scripts that used e-mail.
> 
> Use of the -f flag is what he needs to do.

Fine. But the OP's problem concerned mail send by cron. How would you 
instruct cron to use the -f flag? (There's a MAILTO environment
variable in cron, but no MAILFROM)

Ruben

More information about the freebsd-questions mailing list