Recipe 4.3 Eliminating Masquerading for the Local Mailer

Previous page
Table of content
Next page

Problem

You have been asked to configure sendmail to masquerade the header sender address on all mail sent to external hosts , without adding the masquerade hostname to mail delivered by the local mailer.

Solution

Add the local_no_masquerade feature, the MASQUERADE_AS macro, and the EXPOSED_USER macro to the sendmail configuration. Here are examples of these configuration commands: 

 dnl Masquerade the From address as wrotethebook.com MASQUERADE_AS(`wrotethebook.com') dnl Users whose mail is not masqueraded EXPOSED_USER(root) dnl Don't masquerade addresses for the local mailer FEATURE(`local_no_masquerade')

Build and install the new sendmail.cf file, and then restart sendmail. These steps are shown in Recipe 1.8.

Discussion

The hostname defined on the MASQUERADE_AS command line is stored in the sendmail.cf $M macro. sendmail rewrites the hostname in the From : address to the value found in the $M macro if the original hostname is listed in class $=w or class $=M . By default, class $=w contains all of the names and addresses of the local host. Thus, mail sent from the local host is masqueraded using the value from $M . This is exactly what you want when mail is sent to an external host, but it might not be exactly what you want when the local mailer delivers the mail locally. Some tests show how local mail is handled by the MASQUERADE_AS macro.

First, we run two tests using the configuration defined in Recipe Recipe 4.2 (i.e., masquerading without the l ocal_no_masquerade feature): 

 #  sendmail -bt -Crecipe4.2.cf  ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter <ruleset> <address> >  /tryflags HS  >  /try local alana  Trying header sender address alana for mailer local canonify           input: alana Canonify2          input: alana Canonify2        returns: alana canonify         returns: alana 1                  input: alana 1                returns: alana HdrFromL           input: alana MasqHdr            input: alana MasqHdr          returns: alana HdrFromL         returns: alana final              input: alana final            returns: alana Rcode = 0, addr = alana  >  /try local alana@chef.wrotethebook.com  Trying header sender address alana@chef.wrotethebook.com for mailer local canonify           input: alana @ chef . wrotethebook . com Canonify2          input: alana < @ chef . wrotethebook . com > Canonify2        returns: alana < @ chef . wrotethebook . com . > canonify         returns: alana < @ chef . wrotethebook . com . > 1                  input: alana < @ chef . wrotethebook . com . > 1                returns: alana < @ chef . wrotethebook . com . > HdrFromL           input: alana < @ chef . wrotethebook . com . > MasqHdr            input: alana < @ chef . wrotethebook . com . > MasqHdr          returns: alana < @ wrotethebook . com . > HdrFromL         returns: alana < @ wrotethebook . com . > final              input: alana < @ wrotethebook . com . > final            returns: alana @ wrotethebook . com Rcode = 0, addr = alana@wrotethebook.com >  /quit

Two valid local addresses are processed as header sender addresses for the local mailer. The first address is the local address for the username alana without any host part. In this case, the address goes in as alana, is processed, and comes out as alana . This is fine. Local addresses do not need a hostname part for delivery. Any local user receiving mail from alana can reply to that address and the mail will be successfully delivered by the local mailer. The second address, alana@chef.wrotethebook.com , is also a valid local address for alana because chef.wrotethebook.com is the name of the local host. This time, however, the address is changed to alana@wrotethebook.com by the header sender process. If a local user replies to alana@wrotethebook.com , the local mailer does not deliver the mail locally; instead, it is sent to the mail exchanger for wrotethebook.com by the esmtp mailer. Final delivery becomes the responsibility of the mail exchanger.

After adding the configuration lines shown in the Solution section, and building and installing the sendmail.cf file, the test results are different: 

 #  sendmail -bt  ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter <ruleset> <address> >  =SHdrFromL  R< @ >          MAILER-DAEMON R@ < @ $* >             MAILER-DAEMON R$+             $: $> AddDomain  >  /tryflags HS  >  /try local alana  Trying header sender address alana for mailer local canonify           input: alana Canonify2          input: alana Canonify2        returns: alana canonify         returns: alana 1                  input: alana 1                returns: alana HdrFromL           input: alana HdrFromL         returns: alana final              input: alana final            returns: alana Rcode = 0, addr = alana >  /try local alana@chef.wrotethebook.com  Trying header sender address alana@chef.wrotethebook.com for mailer local canonify           input: alana @ chef . wrotethebook . com Canonify2          input: alana < @ chef . wrotethebook . com > Canonify2        returns: alana < @ chef . wrotethebook . com . > canonify         returns: alana < @ chef . wrotethebook . com . > 1                  input: alana < @ chef . wrotethebook . com . > 1                returns: alana < @ chef . wrotethebook . com . > HdrFromL           input: alana < @ chef . wrotethebook . com . > HdrFromL         returns: alana < @ chef . wrotethebook . com . > final              input: alana < @ chef . wrotethebook . com . > final            returns: alana @ chef . wrotethebook . com Rcode = 0, addr = alana@chef.wrotethebook.com >  /quit

Processing alana as a header sender address yields the same result as before. The address goes in as alana and comes out as alana . However, this time the process is different ”the MasqHdr ruleset is not called by the HdrFromL ruleset. The difference is more clearly seen in the processing of the alana@chef.wrotethebook.com address, which also goes through the process unchanged. A reply to the header sender address for either alana or alana@chef.wrotethebook.com is handled as local mail and delivered by the local mailer.

Using local_no_masquerade reduces overhead by keeping local mail local, but the impact of having some local mail go through an external host is probably not too large. The local_no_masquerade feature also ensures that all mail from local users addressed to local users is handled in the same way. Consistency is an advantage of this feature. Recipe 4.4 shows the opposite approach to obtaining consistency, which is to force masquerading of all sender addresses.

See Also

Recipe 4.2 and Recipe 4.4 describe similar recipes. The sendmail book covers MASQUERADE_AS in 4.4.2, EXPOSED_USER in 4.4.1, and local_no_masquerade in 4.8.20. The "Address Masquerading" section of Linux Sendmail Administration , by Craig Hunt (Sybex), is a tutorial on masquerading. The cf/README file covers masquerading in the section Masquerading and Relaying .


Previous page
Table of content
Next page
Sendmail Cookbook
sendmail Cookbook
ISBN: 0596004710
EAN: 2147483647
Year: 2005
Pages: 178
Authors: Craig Hunt
BUY ON AMAZON
The CISSP and CAP Prep Guide: Platinum Edition
Cisco IP Communications Express: CallManager Express with Cisco Unity Express
Systematic Software Testing (Artech House Computer Library)
Excel Scientific and Engineering Cookbook (Cookbooks (OReilly))
Java Concurrency in Practice
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy