19.4 Masquerading or Site Hiding and Possible DNS Implications

     

In the previous example, we saw that when fred received a response from his request to join a mailing list, the mail came from a specific mail server. With site hiding or masquerading, we can change the SMTP envelope to look like the email came from a generic mail server, such as maabof.com . In this way, we are hiding the name of the actual mail server. Let's look at how we set up site hiding :

 

 root@hpeos003[mail]  vi sendmail.cf  ... #  Masquerade as (DM):                                                         # #                                                                              # #      If you wish to have mail appear to be from some host or location        # #      other than the local host, set macro M to the name you wish to          # #      masquerade as. This is also known as site hiding and was set using      # #      the DY macro in previous releases of hp-ux. This might be used to      # #      make mail appear as from a site rather than an individual host or       # #      from a central mail hub. Note, however, that just making mail           # #      appear to be from a different location does not mean that the           # #      recipient will be able to reply to the email. If you use this # #          feature you will also need to be sure that you can reply to the # #          email. # ... # who I masquerade as (null for no masquerading) (see also $=M)  DMmaabof.com  ... ################################################################### ###  Ruleset 94 -- convert envelope names to masqueraded form   ### ################################################################### S94  R$+                     $@ $>93   R$* < @ *LOCAL* > $*    $:  < @ $j . >  root@hpeos003[mail] 

Older versions (8.9.1) of sendmail have the Ruleset 94 defined similar to the above. If you have a newer version of sendmail , e.g., version 8.11, which supports IPv6 IP addresses, Ruleset 94 is enabled by default:

 

 ################################################################### ###  Ruleset 94 -- convert envelope names to masqueraded form   ### ################################################################### SMasqEnv=94 R$+                     $@ $>MasqHdr 

You'll want to ensure that the two lines in the Ruleset 94 section are uncommented.

This all looks relatively simple; however, masquerading is only for emails leaving this system. We want all users on the Internet to send emails to joinlist@maabof.com. This will require an update to the DNS database files. On my parent master server, I will need an entry that references the maabof.com domain name and the associated MX record, which points to our mail server. On our parent name server in Chapter 17: Domain Name System (DNS), I set up a special file (called spcl.maabof ) that will be included whenever we rebuild the DNS files using the hosts_to_named command:

 

 root@hpeos004[dns]  cat spcl.maabof  hq.maabof.com.      IN      NS      hpeos001.hq.maabof.com. hq.maabof.com.      IN      NS      hpeos003.hq.maabof.com.   maabof.com.     IN      MX      10      hpeos003.hq.maabof.com   . hpeos001.hq.maabof.com. IN      A       192.168.0.67   hpeos003.hq.maabof.com. IN      A       192.168.0.35   root@hpeos004[dns] 

As you can see, I have an MX record referencing my mail server and a glue (the Address) record referencing the IP address of that mail server. I can rebuild my DNS records to include this new definition. (I won't show you the output to hosts_to_named because you can see that in Chapter 17: Domain Name System (DNS).) I can now perform a DNS query on the MX record for the maabof.com domain:

 

 root@hpeos004[dns]  nslookup  Default Name Server:  hpeos004.maabof.com Address:  192.168.0.35 >  set type=mx  >  maabof.com  Name Server:  hpeos004.maabof.com Address:  192.168.0.35 Trying DNS   maabof.com      preference = 10, mail exchanger = hpeos003.hq.maabof.com   maabof.com      nameserver = hpeos002.maabof.com maabof.com      nameserver = hpeos004.maabof.com hpeos002.maabof.com     internet address = 192.168.0.34 hpeos002.maabof.com hpeos002.maabof.com hpeos002.maabof.com     IPv6 address = fe80::a00:9ff:fec2:69c6 hpeos002.maabof.com     IPv6 address = fec0:0:0:2::3 hpeos004.maabof.com     internet address = 192.168.0.66 hpeos004.maabof.com     internet address = 192.168.0.35 hpeos004.maabof.com hpeos004.maabof.com hpeos004.maabof.com hpeos004.maabof.com hpeos004.maabof.com     IPv6 address = fe80::230:6eff:fe5c:4f4f hpeos004.maabof.com     IPv6 address = fe80::a00:9ff:febb:bbbb hpeos004.maabof.com     IPv6 address = fec0:0:0:1::2 hpeos004.maabof.com     IPv6 address = fec0:0:0:2::2 > exit root@hpeos004[dns] 

Assuming that DNS is working to resolve the name of our mail server, we should be in good shape to allow users to send email to joinlist@maabof.com

 

 root@hpeos004[]  mailx -s "football updates" joinlist@maabof.com   can have the latest score reports  EOT root@hpeos004[] 

That should now be processed by node hpeos003 , and we should get a response back:

 

 root@hpeos004[]  mailx  mailx Revision: 1.179.214.2    Date: 98/12/01 01:29:55    Type ? for help. "/var/mail/root": 1 message 1 unread >U   1   daemon@maabof.com   Thu Oct 23 15:58   21/810   Re: football updates ? 

Here we can see in the From field that it did in fact come from maabof.com. If we were to look at the actual SMTP header, we would discover the actual mail server it originated from, but most commercial email software only shows you the content (most users aren't really that bothered anyway). Here's the header and content from the mailx program:

 

 ?  1  Message  1:   From daemon@maabof.com Thu Oct 23 15:58:17 BST 2003   Received:   from hpeos003.hq.maabof.com   (hpeos003.hq.maabof.com [192.168.0.65])         by hpeos004.maabof.com (8.9.3/8.9.3) with ESMTP id PAA02202         for <root@hpeos004.maabof.com>; Thu, 23 Oct 2003 15:58:17 +0100 (BST) From:   daemon@maabof.com   Received: (from daemon@localhost)         by hpeos003.hq.maabof.com (8.11.1 (Revision 1.5) /8.9.3) id h9NEwG804446         for root@hpeos004.maabof.com; Thu, 23 Oct 2003 15:58:16 +0100 (BST) Date: Thu, 23 Oct 2003 15:58:16 +0100 (BST) Message-Id: <200310231458.h9NEwG804446@hpeos003.hq.maabof.com> To: root@hpeos004.maabof.com   Subject: Re: football updates   Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Status: RO Thank you root, You have been added you to the "football updates" mailing list." ?  d  ?  q  root@hpeos004[] 

So far, we have seen how we can centralize all inbound mail onto a central mail server that has a masqueraded name the same as our domain name. Finally, we look at a simple mechanism of locating all user mailboxes on that central server and allowing users to access them without having to run a sendmail daemon on their own machines.



HP-UX CSE(c) Official Study Guide and Desk Reference
HP-UX CSE(c) Official Study Guide and Desk Reference
ISBN: N/A
EAN: N/A
Year: 2006
Pages: 434

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net