Sendmail Masqurading and root mails
Jeffrey Goldberg
jeffrey at goldmark.org
Mon Aug 3 04:34:29 UTC 2009
On Aug 2, 2009, at 8:22 PM, Danny Carroll wrote:
> I've added the following to the default sendmail mc file:
>
> MASQUERADE_AS(`mypublicdomain.com')dnl
> FEATURE(masquerade_envelope)dnl
> MASQUERADE_DOMAIN(beasie.lan)dnl
>
> Recompiled the cf files and restarted sendmail.
>
> Here is the kicker. If I log in as a normal user it masquerades just
> fine.
>
> If I simply "su -" to root, the masquerading works fine and the
> mail is
> sent as the original logged in user.
>
> But if I log in as root via the console then it does not alter the
> messages.
By default sendmail does not MASQUERADE root (figuring that you get
root mail from several of your machines and want to see which machine
it is from). In the old days there was a feature
"NO_MASQUERADE_ROOT", but looking through cf/README I see that that is
one of the many things that have changed since I last seriously worked
with sendmail.
Now sendmail has a class of "exposed" users. These are usernames for
which masquerading shouldn't take place. By default, root is in there.
There is an .mc file directive
EXPOSED(`username')
which, according to the documentation, adds usernames to the list that
shouldn't be masqueraded. Unfortunately, I don't see a mechanism for
removing members from the E (Exposed) class.
You could try
EXPOSED()
or
EXPOSED(`')
to see if either will remove things in the E class.
The offending line in the generated .cf file is
C{E}root
if you still end up with that, then root will not get masqueraded.
So if the above doesn't work, there probably is a clean way of
clearing a class from the .mc file, but I don't know what it is.
Hopefully others will be able to answer.
In the worst case, you could manually edit the generated .cf file, to
remove the
C{E}root
line, but that is not really a road I would recommend going down.
At the risk of suggesting something that you probably know you should
do in the long run, but would take a lot of tedious work to set up,
you should probably move away from having your private network be .lan.
Instead use .private.mypublicdomain.com and set up a local (on your
private network) nameserver for that private subdomain.
Sorry I couldn't be of more help.
Cheers,
-j
--
Jeffrey Goldberg http://www.goldmark.org/jeff/
More information about the freebsd-questions
mailing list