In the previous example, we saw that when fred received a response from his request to join a mailing list, the mail came from a specific mail server. With site hiding or masquerading, we can change the SMTP envelope to look like the email came from a generic mail server, such as maabof.com . In this way, we are hiding the name of the actual mail server. Let's look at how we set up site hiding : root@hpeos003[mail] vi sendmail.cf ... # Masquerade as (DM): # # # # If you wish to have mail appear to be from some host or location # # other than the local host, set macro M to the name you wish to # # masquerade as. This is also known as site hiding and was set using # # the DY macro in previous releases of hp-ux. This might be used to # # make mail appear as from a site rather than an individual host or # # from a central mail hub. Note, however, that just making mail # # appear to be from a different location does not mean that the # # recipient will be able to reply to the email. If you use this # # feature you will also need to be sure that you can reply to the # # email. # ... # who I masquerade as (null for no masquerading) (see also $=M) DMmaabof.com ... ################################################################### ### Ruleset 94 -- convert envelope names to masqueraded form ### ################################################################### S94 R$+ $@ $>93 R$* < @ *LOCAL* > $* $: < @ $j . > root@hpeos003[mail] Older versions (8.9.1) of sendmail have the Ruleset 94 defined similar to the above. If you have a newer version of sendmail , e.g., version 8.11, which supports IPv6 IP addresses, Ruleset 94 is enabled by default: ################################################################### ### Ruleset 94 -- convert envelope names to masqueraded form ### ################################################################### SMasqEnv=94 R$+ $@ $>MasqHdr You'll want to ensure that the two lines in the Ruleset 94 section are uncommented. This all looks relatively simple; however, masquerading is only for emails leaving this system. We want all users on the Internet to send emails to joinlist@maabof.com. This will require an update to the DNS database files. On my parent master server, I will need an entry that references the maabof.com domain name and the associated MX record, which points to our mail server. On our parent name server in Chapter 17: Domain Name System (DNS), I set up a special file (called spcl.maabof ) that will be included whenever we rebuild the DNS files using the hosts_to_named command: root@hpeos004[dns] cat spcl.maabof hq.maabof.com. IN NS hpeos001.hq.maabof.com. hq.maabof.com. IN NS hpeos003.hq.maabof.com. maabof.com. IN MX 10 hpeos003.hq.maabof.com . hpeos001.hq.maabof.com. IN A 192.168.0.67 hpeos003.hq.maabof.com. IN A 192.168.0.35 root@hpeos004[dns] As you can see, I have an MX record referencing my mail server and a glue (the Address) record referencing the IP address of that mail server. I can rebuild my DNS records to include this new definition. (I won't show you the output to hosts_to_named because you can see that in Chapter 17: Domain Name System (DNS).) I can now perform a DNS query on the MX record for the maabof.com domain: root@hpeos004[dns] nslookup Default Name Server: hpeos004.maabof.com Address: 192.168.0.35 > set type=mx > maabof.com Name Server: hpeos004.maabof.com Address: 192.168.0.35 Trying DNS maabof.com preference = 10, mail exchanger = hpeos003.hq.maabof.com maabof.com nameserver = hpeos002.maabof.com maabof.com nameserver = hpeos004.maabof.com hpeos002.maabof.com internet address = 192.168.0.34 hpeos002.maabof.com hpeos002.maabof.com hpeos002.maabof.com IPv6 address = fe80::a00:9ff:fec2:69c6 hpeos002.maabof.com IPv6 address = fec0:0:0:2::3 hpeos004.maabof.com internet address = 192.168.0.66 hpeos004.maabof.com internet address = 192.168.0.35 hpeos004.maabof.com hpeos004.maabof.com hpeos004.maabof.com hpeos004.maabof.com hpeos004.maabof.com IPv6 address = fe80::230:6eff:fe5c:4f4f hpeos004.maabof.com IPv6 address = fe80::a00:9ff:febb:bbbb hpeos004.maabof.com IPv6 address = fec0:0:0:1::2 hpeos004.maabof.com IPv6 address = fec0:0:0:2::2 > exit root@hpeos004[dns] Assuming that DNS is working to resolve the name of our mail server, we should be in good shape to allow users to send email to joinlist@maabof.com root@hpeos004[] mailx -s "football updates" joinlist@maabof.com can have the latest score reports EOT root@hpeos004[] That should now be processed by node hpeos003 , and we should get a response back: root@hpeos004[] mailx mailx Revision: 1.179.214.2 Date: 98/12/01 01:29:55 Type ? for help. "/var/mail/root": 1 message 1 unread >U 1 daemon@maabof.com Thu Oct 23 15:58 21/810 Re: football updates ? Here we can see in the From field that it did in fact come from maabof.com. If we were to look at the actual SMTP header, we would discover the actual mail server it originated from, but most commercial email software only shows you the content (most users aren't really that bothered anyway). Here's the header and content from the mailx program: ? 1 Message 1: From daemon@maabof.com Thu Oct 23 15:58:17 BST 2003 Received: from hpeos003.hq.maabof.com (hpeos003.hq.maabof.com [192.168.0.65]) by hpeos004.maabof.com (8.9.3/8.9.3) with ESMTP id PAA02202 for <root@hpeos004.maabof.com>; Thu, 23 Oct 2003 15:58:17 +0100 (BST) From: daemon@maabof.com Received: (from daemon@localhost) by hpeos003.hq.maabof.com (8.11.1 (Revision 1.5) /8.9.3) id h9NEwG804446 for root@hpeos004.maabof.com; Thu, 23 Oct 2003 15:58:16 +0100 (BST) Date: Thu, 23 Oct 2003 15:58:16 +0100 (BST) Message-Id: <200310231458.h9NEwG804446@hpeos003.hq.maabof.com> To: root@hpeos004.maabof.com Subject: Re: football updates Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Status: RO Thank you root, You have been added you to the "football updates" mailing list." ? d ? q root@hpeos004[] So far, we have seen how we can centralize all inbound mail onto a central mail server that has a masqueraded name the same as our domain name. Finally, we look at a simple mechanism of locating all user mailboxes on that central server and allowing users to access them without having to run a sendmail daemon on their own machines. |