Recipe 4.2 Masquerading the Sender Hostname

Problem

You have been asked to configure sendmail to replace the local hostname in the header sender address with a different hostname.

Solution

Add the MASQUERADE_AS macro to the sendmail configuration to rewrite the hostname in the From : address to the hostname specified by the MASQUERADE_AS macro. Add the EXPOSED_USER macro to the sendmail configuration to exclude non-unique user names from the address rewrite. Here are examples of these two macros:

 dnl Masquerade the From address as wrotethebook.com MASQUERADE_AS(`wrotethebook.com') dnl Users whose mail is not masqueraded EXPOSED_USER(root) 

Build the new sendmail.cf file, copy it to /etc/mail, and restart sendmail as described in Recipe 1.8.

Discussion

Use the MASQUERADE_AS macro to configure sendmail to rewrite the host portion of the sender address on outbound mail. The value provided on the MASQUERADE_AS command line is stored in the sendmail.cf $M macro. sendmail uses the value from the $M macro to rewrite the hostname portion of the header sender address when the hostname matches any value found in sendmail.cf class $=w or class $= M . sendmail also uses the value from $M (instead of the value from the sendmail.cf $j macro) as the hostname portion of the header sender address, when the address lacks a hostname part. $j holds the fully qualified name of the local host. Normally, $j is added to the username to create a full email address. A test using the generic Linux configuration, which does not contain the MASQUERADE_AS macro, shows this:

 #  sendmail -bt -Cgeneric-linux.cf  ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter <ruleset> <address> >  $M  Undefined >  $j  chef.wrotethebook.com >  /tryflags HS  >  /try esmtp alana  Trying header sender address alana for mailer esmtp canonify           input: alana Canonify2          input: alana Canonify2        returns: alana canonify         returns: alana 1                  input: alana 1                returns: alana HdrFromSMTP        input: alana PseudoToReal       input: alana PseudoToReal     returns: alana MasqSMTP           input: alana MasqSMTP         returns: alana < @ *LOCAL* > MasqHdr            input: alana < @ *LOCAL* > MasqHdr          returns: alana < @ chef . wrotethebook . com . > HdrFromSMTP      returns: alana < @ chef . wrotethebook . com . > final              input: alana < @ chef . wrotethebook . com . > final            returns: alana @ chef . wrotethebook . com Rcode = 0, addr = alana@chef.wrotethebook.com >  /quit  

The -C option on the sendmail command line loads the generic-linux.cf configuration, which does not contain the MASQUERADE_AS macro. The $M command shows that the $M macro is not defined. The $j command shows the fully qualified name of this host. In the example, the name is chef.wrotethebook.com . The /tryflags command tells sendmail to process the header sender (HS) address. The /try command tells sendmail to process alana as the header sender address for the esmtp mailer. Notice that alana is an email address that does not contain a host part. sendmail adds a hostname to the unqualified username, and, by default, it adds the hostname found in $j . The value returned by the MasqHdr ruleset shows this.

A second test, this time using the generic configuration with the addition of the sample lines shown in the Solution section, yields a different result. This time, a value is returned by the $M command, in addition to the value returned for $j . When alana is processed as the header sender address for the esmtp mailer, the MasqHdr ruleset rewrites the address using the value from $M instead of the value from $j :

 #  sendmail -bt  ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter <ruleset> <address> >  $M  wrotethebook.com >  $j  chef.wrotethebook.com >  /tryflags HS  >  /try esmtp alana  Trying header sender address alana for mailer esmtp canonify           input: alana Canonify2          input: alana Canonify2        returns: alana canonify         returns: alana 1                  input: alana 1                returns: alana HdrFromSMTP        input: alana PseudoToReal       input: alana PseudoToReal     returns: alana MasqSMTP           input: alana MasqSMTP         returns: alana < @ *LOCAL* > MasqHdr            input: alana < @ *LOCAL* > MasqHdr          returns: alana < @ wrotethebook . com . > HdrFromSMTP      returns: alana < @ wrotethebook . com . > final              input: alana < @ wrotethebook . com . > final            returns: alana @ wrotethebook . com Rcode = 0, addr = alana@wrotethebook.com >  /quit  

The nullclient configuration covered in Recipe 3.1 also masquerades mail so that it appears to come from the mail hub instead of the local host. This configuration, however, differs substantially from the nullclient configuration. The nullclient did not deliver its own mail. All of its mail was relayed through the hub. In that sense, the nullclient 's mail really did originate from the mail hub. This recipe creates a configuration that delivers its own mail and changes the hostname in the header sender address even though the mail originates from the local host.

In this example, the host masquerades using the domain name. Because all hosts in this sample domain masquerade using the same value, the possibility exists for conflicts caused by non-unique usernames. The classic example of a non-unique username is root ” every Unix system has a root account. If mail from root@crab.wrotethebook.com and mail from root@jamis.wrotethebook.com was sent out as mail from root@wrotethebook.com , it would be difficult to sort out where the mail really came from and who should receive replies to the mail. For that reason, the EXPOSED_USER macro is used to ensure that mail from the root user is not masqueraded. A test shows this:

 #  sendmail -bt  ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter <ruleset> <address> >  /tryflags HS  >  /try esmtp root  Trying header sender address root for mailer esmtp canonify           input: root Canonify2          input: root Canonify2        returns: root canonify         returns: root 1                  input: root 1                returns: root HdrFromSMTP        input: root PseudoToReal       input: root PseudoToReal     returns: root MasqSMTP           input: root MasqSMTP         returns: root < @ *LOCAL* > MasqHdr            input: root < @ *LOCAL* > MasqHdr          returns: root < @ chef . wrotethebook . com . > HdrFromSMTP      returns: root < @ chef . wrotethebook . com . > final              input: root < @ chef . wrotethebook . com . > final            returns: root @ chef . wrotethebook . com Rcode = 0, addr = root@chef.wrotethebook.com >  /quit  

The example in this recipe has only one username specified in an EXPOSED_USER macro. To specify multiple usernames, add additional EXPOSED_USER macros ”one for each username. For more than a few usernames, use the EXPOSED_USER_FILE macro as in this example:

 EXPOSED_USER_FILE(`/etc/mail/exposed.users') 

The file, /etc/mail/exposed.users in our example, contains a list of usernames, with one username on each line. The sample file might look something like the following:

 $  cat /etc/mail/exposed.users  root postmaster bin daemon adm mail news operator smmsp nobody 

This is just an example. Only non-unique usernames from which mail is actually sent would be placed in this file.

See Also

The nullclient configuration in Recipe 2.1 is a related configuration. Recipe 4.3 to Recipe 4.11 show masquerading with added features. The sendmail book covers MASQUERADE_AS in 4.4.2, and EXPOSED_USER and EXPOSED_USER_FILE are explained in 4.4.1. The "Address Masquerading" section of Linux Sendmail Administration , by Craig Hunt (Sybex), is a tutorial on masquerading. The cf/README file covers masquerading in the section Masquerading and Relaying .