ProblemBy default, masquerading only affects sender addresses. In addition to masquerading sender addresses, you have been asked to configure sendmail to masquerade recipient addresses when those addresses include masqueraded hostnames. SolutionAdd the MASQUERADE_AS and EXPOSED_USER macros and the allmasquerade feature to the sendmail configuration. Here is an example of the lines that could be added: dnl Masquerade as wrotethebook.com MASQUERADE_AS(`wrotethebook.com') dnl Users whose mail is not masqueraded EXPOSED_USER(root) dnl Masquerade recipient and sender addresses FEATURE(`allmasquerade') Build and install the new sendmail.cf file, and restart sendmail as described in Recipe 1.8. DiscussionUsing the basic masquerading configuration from Recipe 4.2, the header recipient address is not rewritten, as this test shows: # sendmail -bt -Crecipe4.2.cf ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter <ruleset> <address> > /tryflags HR > /try esmtp david@chef Trying header recipient address david@chef for mailer esmtp canonify input: david @ chef Canonify2 input: david < @ chef > Canonify2 returns: david < @ chef . wrotethebook . com . > canonify returns: david < @ chef . wrotethebook . com . > 2 input: david < @ chef . wrotethebook . com . > 2 returns: david < @ chef . wrotethebook . com . > EnvToSMTP input: david < @ chef . wrotethebook . com . > PseudoToReal input: david < @ chef . wrotethebook . com . > PseudoToReal returns: david < @ chef . wrotethebook . com . > MasqSMTP input: david < @ chef . wrotethebook . com . > MasqSMTP returns: david < @ chef . wrotethebook . com . > EnvToSMTP returns: david < @ chef . wrotethebook . com . > final input: david < @ chef . wrotethebook . com . > final returns: david @ chef . wrotethebook . com Rcode = 0, addr = david@chef.wrotethebook.com > /quit The /tryflags command requests a test of the header recipient ( HR ) address processing. The /try command tells sendmail to process the address david@chef as a header recipient address for the esmtp mailer. The hostname chef is converted by DNS to the canonical name chef.wrotethebook.com . The hostname, however, is not masqueraded. A configuration that contains the allmasquerade feature, in addition to the MASQUERADE_AS macro, rewrites recipient addresses for the emstp mailer, as this test shows: # sendmail -bt ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter <ruleset> <address> > /tryflags HR > /try esmtp david@chef Trying header recipient address david@chef for mailer esmtp canonify input: david @ chef Canonify2 input: david < @ chef > Canonify2 returns: david < @ chef . wrotethebook . com . > canonify returns: david < @ chef . wrotethebook . com . > 2 input: david < @ chef . wrotethebook . com . > 2 returns: david < @ chef . wrotethebook . com . > HdrFromSMTP input: david < @ chef . wrotethebook . com . > PseudoToReal input: david < @ chef . wrotethebook . com . > PseudoToReal returns: david < @ chef . wrotethebook . com . > MasqSMTP input: david < @ chef . wrotethebook . com . > MasqSMTP returns: david < @ chef . wrotethebook . com . > MasqHdr input: david < @ chef . wrotethebook . com . > MasqHdr returns: david < @ wrotethebook . com . > HdrFromSMTP returns: david < @ wrotethebook . com . > final input: david < @ wrotethebook . com . > final returns: david @ wrotethebook . com Rcode = 0, addr = david@wrotethebook.com > /quit When the allmasquerade feature is used, masqueraded hostnames are hidden when they appear in the list of recipients. The advantage of this is that it provides a consistent view of the masqueraded addresses. A remote user might notice that people inside the wrotethebook.com domain send mail to the david account using the address david@chef.wrotethebook.com . That remote user might then try to do the same. If the organization really wants to encourage people to use the address david@wrotethebook.com to reach the david account, masquerading recipient addresses helps to do this by showing users only the preferred address. See AlsoRecipe 4.1 to Recipe 4.11 cover other masquerading features. The sendmail book covers MASQUERADE_AS in 4.4.2 and EXPOSED_USER in 4.4.1. |