Sendmail masquerading configuration

Ted Mittelstaedt tedm at toybox.placo.com
Thu Feb 10 03:44:33 PST 2005 

Ian Moore wrote:
> On Wed, 9 Feb 2005 17:21, Ted Mittelstaedt wrote:
>>> -----Original Message-----
>>> From: owner-freebsd-questions at freebsd.org
>>> [mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Ruben de
>>> Groot Sent: Tuesday, February 08, 2005 4:47 AM
>>> To: Ted Mittelstaedt
>>> Cc: Ian Moore; freebsd-questions at freebsd.org
>>> Subject: Re: Sendmail masquerading configuration
>>> 
>>>> X-Authentication-Warning: myhost.foo.bar: root set sender to
>>>> someuser using -f
>>> 
>>> Sorry, but this simply isn't true. I have just tested this. Warnings
>>> like this might get generated when you remove root from the
>>> TRUSTED_USERS macro; *NOT* when you remove it from EXPOSED_USERS.
>> 
>> Your right, me bad!
>> 
>>>> It also makes it harder to troubleshoot when someone external to
>>>> your system is sending bogus junk to you.
>>> 
>>> I agree. As I said in the part of my message you snipped:
>>> 
>>> "BTW, I agree that masquerading is NOT the proper way to do these
>>> things." 
>>> 
>>>> And while it's not applicable now, with older versions of sendmail
>>>> this would definitely break all your scripts that used e-mail.
>>>> 
>>>> Use of the -f flag is what he needs to do.
>>> 
>>> Fine. But the OP's problem concerned mail send by cron. How would
>>> you instruct cron to use the -f flag? (There's a MAILTO environment
>>> variable in cron, but no MAILFROM)
>> 
>> I would probably install src/usr.sbin/ and recompile cron to use
>> the -f flag.  The flags are settible in cron/config.h in the source,
>> FreeBSD uses 
>> 
>> #define MAILARGS "%s -FCronDaemon -odi -oem -oi -t"             /*-*/
>> 
>> just change this to
>> 
>> #define MAILARGS "%s -FCronDaemon -froot at verizon.net -odi -oem -oi
>> -t" /*-*/ 
>> 
>> Ted
>> 
> Thanks, I'll give that a go.
> BTW, using C{E} instead if C{E}root plus the MASQUERADE_AS
> macro doesn't seem
> to work.  I didn't try the MASQUERADE_ENVELOPE macro with it though.
> Actually, even sending mail as my own local user on the system
> ends up with
> the hostname added in. Perhaps I'm doing something wrong.
> Anyway, from what you've both said, rebuilding cron sounds
> like a better
> solution. Once I've modified the source, do I just do a make install
> from the /usr/src/usr.sbin/cron directory?
> 

It would be better to mv the existing cron binary to cron.backup, then
copy the cron binary from the build directory.  No point in changing
anything else, the binary is the only thing that changes.

Ted

More information about the freebsd-questions mailing list