ProblemBy default, every hostname that is accepted for local delivery (i.e., every hostname that is accepted as an alias for the local host) is masqueraded when masquerading is enabled. You have been asked to create a sendmail configuration that does not masquerade every local hostname alias. Instead you are to masquerade only those hostnames that are specifically identified for masquerading. SolutionBuild a file that contains the names of just those hosts that you wish to masquerade. In this example, we name the file /etc/mail/masquerade-domains . Create a sendmail configuration containing the MASQUERADE_AS , EXPOSED_USER , and MASQUERADE_DOMAIN_FILE macros and the limited_masquerade feature. Here are sample commands: dnl Masquerade the From address as wrotethebook.com MASQUERADE_AS(`wrotethebook.com') dnl Users whose mail is not masqueraded EXPOSED_USER(root) dnl Load the list of hostnames that will be masqueraded MASQUERADE_DOMAIN_FILE(`/etc/mail/masquerade-domains') dnl Only masquerade names listed in class $=M FEATURE(`limited_masquerade') Rebuild and reinstall the sendmail.cf file, and then restart sendmail, as described in Recipe 1.8. DiscussionBy default, every host listed in class $=w is allowed to relay, and mail addressed to any host in class $=w is accepted for local delivery. In addition, when the MASQUERADE_AS macro is used, mail from any host listed in class $=w is masqueraded. This is usually just what you want. An exception, however, occurs when class $=w defines a larger set of hosts for relaying or local delivery than the set that should be masqueraded. For example, assume that you have a mail exchanger that handles mail for a few domains, and that your local-host-names file contains the following entries: horseshoe.wrotethebook.com wrotethebook.com ora.com example.com stateu.edu Two of these entries ( horseshoe.wrotethebook.com and wrotethebook.com ) are in the local domain. The others are not. Normally, both the hostnames in class $=w and those in class $=M are masqueraded. While this system is the mail exchanger for ora.com , example.com, and stateu.edu , it should not masquerade those domains as wrotethebook.com . The limited_masquerade feature limits masquerading to just those hosts listed in class $=M . Relaying and local delivery continue to be influenced by class $=w , but class $=w is ignored for masquerading when the limited_masquerade feature is used. A few tests illustrate this. The first test is a sendmail -bt test using the local-host-names file just shown and a masquerading configuration that does not use the limited_masquerade feature. # sendmail -bt -Crecipe4.2.cf ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter <ruleset> <address> > $=w example.com chef ora.com localhost.localdomain localhost [192.168.0.8] [localhost.localdomain] stateu.edu [127.0.0.1] horseshoe.wrotethebook.com wrotethebook.com chef.wrotethebook.com > /tryflags HS > /try esmtp amanda@stateu.edu Trying header sender address amanda@stateu.edu for mailer esmtp canonify input: amanda @ stateu . edu Canonify2 input: amanda < @ stateu . edu > Canonify2 returns: amanda < @ stateu . edu . > canonify returns: amanda < @ stateu . edu . > 1 input: amanda < @ stateu . edu . > 1 returns: amanda < @ stateu . edu . > HdrFromSMTP input: amanda < @ stateu . edu . > PseudoToReal input: amanda < @ stateu . edu . > PseudoToReal returns: amanda < @ stateu . edu . > MasqSMTP input: amanda < @ stateu . edu . > MasqSMTP returns: amanda < @ stateu . edu . > MasqHdr input: amanda < @ stateu . edu . > MasqHdr returns: amanda < @ wrotethebook . com . > HdrFromSMTP returns: amanda < @ wrotethebook . com . > final input: amanda < @ wrotethebook . com . > final returns: amanda @ wrotethebook . com Rcode = 0, addr = amanda@wrotethebook.com > /quit In this case, the header sender address amanda@stateu.edu is rewritten to amanda@wrotethebook.com . The people at stateu.edu do not want their addresses rewritten in this manner, even though they use the services of the mail exchanger. To fix this, add a MASQUERADE_DOMAIN_FILE macro to the configuration and create a masquerade-domains file containing the names of the hosts that should be masqueraded. The file might, for example, contain the following: rodent.wrotethebook.com crab.wrotethebook.com jamis.wrotethebook.com giant.wrotethebook.com horseshoe.wrotethebook.com The MASQUERADE_DOMAIN_FILE macro loads the file into class $=M . Adding the limited_masquerade feature to the configuration causes sendmail to ignore class $=w and use $=M for masquerading, as the following test shows: # sendmail -bt ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter <ruleset> <address> > $=w example.com chef ora.com localhost.localdomain localhost [192.168.0.8] [localhost.localdomain] stateu.edu [127.0.0.1] horseshoe.wrotethebook.com wrotethebook.com chef.wrotethebook.com > $=M rodent.wrotethebook.com crab.wrotethebook.com jamis.wrotethebook.com giant.wrotethebook.com horseshoe.wrotethebook.com > /tryflags HS > /try esmtp amanda@stateu.edu Trying header sender address amanda@stateu.edu for mailer esmtp canonify input: amanda @ stateu . edu Canonify2 input: amanda < @ stateu . edu > Canonify2 returns: amanda < @ stateu . edu . > canonify returns: amanda < @ stateu . edu . > 1 input: amanda < @ stateu . edu . > 1 returns: amanda < @ stateu . edu . > HdrFromSMTP input: amanda < @ stateu . edu . > PseudoToReal input: amanda < @ stateu . edu . > PseudoToReal returns: amanda < @ stateu . edu . > MasqSMTP input: amanda < @ stateu . edu . > MasqSMTP returns: amanda < @ stateu . edu . > MasqHdr input: amanda < @ stateu . edu . > MasqHdr returns: amanda < @ stateu . edu . > HdrFromSMTP returns: amanda < @ stateu . edu . > final input: amanda < @ stateu . edu . > final returns: amanda @ stateu . edu Rcode = 0, addr = amanda@stateu.edu > /quit Now, mail from amanda@stateu.edu goes out with her full stateu.edu address despite the fact that stateu.edu still appears in class $=w . Only the hostnames in class $=M will be masqueraded. The example used for these tests shows a single mail exchanger hosting multiple mail domains. This can also be done using virtual mail domains, which are covered in Chapter 5. See AlsoRecipe 2.1, Recipe 4.2, Recipe 4.4, and Recipe 4.6 provide supporting information for this recipe. Recipe 4.4 and Recipe 4.6 cover similar configurations that should be evaluated before implementing this recipe. The sendmail book covers MASQUERADE_AS in 4.4.2, EXPOSED_USER in 4.4.1, MASQUERADE_DOMAIN in 4.4.3, MASQUERADE_DOMAIN_FILE in 4.4.4, and the limited_masquerade feature in 4.8.18. The "Address Masquerading" section of Linux Sendmail Administration , by Craig Hunt (Sybex), is a tutorial on masquerading. The cf/README file covers masquerading in the section Masquerading and Relaying . |