Recipe 4.5 Masquerading Recipient Addresses

Problem

By default, masquerading only affects sender addresses. In addition to masquerading sender addresses, you have been asked to configure sendmail to masquerade recipient addresses when those addresses include masqueraded hostnames.

Solution

Add the MASQUERADE_AS and EXPOSED_USER macros and the allmasquerade feature to the sendmail configuration. Here is an example of the lines that could be added:

 dnl Masquerade as wrotethebook.com MASQUERADE_AS(`wrotethebook.com') dnl Users whose mail is not masqueraded EXPOSED_USER(root) dnl Masquerade recipient and sender addresses FEATURE(`allmasquerade') 

Build and install the new sendmail.cf file, and restart sendmail as described in Recipe 1.8.

Discussion

Using the basic masquerading configuration from Recipe 4.2, the header recipient address is not rewritten, as this test shows:

 #  sendmail -bt -Crecipe4.2.cf  ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter <ruleset> <address> >  /tryflags HR  >  /try esmtp david@chef  Trying header recipient address david@chef for mailer esmtp canonify           input: david @ chef Canonify2          input: david < @ chef > Canonify2        returns: david < @ chef . wrotethebook . com . > canonify         returns: david < @ chef . wrotethebook . com . > 2                  input: david < @ chef . wrotethebook . com . > 2                returns: david < @ chef . wrotethebook . com . > EnvToSMTP          input: david < @ chef . wrotethebook . com . > PseudoToReal       input: david < @ chef . wrotethebook . com . > PseudoToReal     returns: david < @ chef . wrotethebook . com . > MasqSMTP           input: david < @ chef . wrotethebook . com . > MasqSMTP         returns: david < @ chef . wrotethebook . com . > EnvToSMTP        returns: david < @ chef . wrotethebook . com . > final              input: david < @ chef . wrotethebook . com . > final            returns: david @ chef . wrotethebook . com Rcode = 0, addr = david@chef.wrotethebook.com >  /quit  

The /tryflags command requests a test of the header recipient ( HR ) address processing. The /try command tells sendmail to process the address david@chef as a header recipient address for the esmtp mailer. The hostname chef is converted by DNS to the canonical name chef.wrotethebook.com . The hostname, however, is not masqueraded.

A configuration that contains the allmasquerade feature, in addition to the MASQUERADE_AS macro, rewrites recipient addresses for the emstp mailer, as this test shows:

 #  sendmail -bt  ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter <ruleset> <address> >  /tryflags HR  >  /try esmtp david@chef  Trying header recipient address david@chef for mailer esmtp canonify           input: david @ chef Canonify2          input: david < @ chef > Canonify2        returns: david < @ chef . wrotethebook . com . > canonify         returns: david < @ chef . wrotethebook . com . > 2                  input: david < @ chef . wrotethebook . com . > 2                returns: david < @ chef . wrotethebook . com . > HdrFromSMTP        input: david < @ chef . wrotethebook . com . > PseudoToReal       input: david < @ chef . wrotethebook . com . > PseudoToReal     returns: david < @ chef . wrotethebook . com . > MasqSMTP           input: david < @ chef . wrotethebook . com . > MasqSMTP         returns: david < @ chef . wrotethebook . com . > MasqHdr            input: david < @ chef . wrotethebook . com . > MasqHdr          returns: david < @ wrotethebook . com . > HdrFromSMTP      returns: david < @ wrotethebook . com . > final              input: david < @ wrotethebook . com . > final            returns: david @ wrotethebook . com Rcode = 0, addr = david@wrotethebook.com  > /quit  

When the allmasquerade feature is used, masqueraded hostnames are hidden when they appear in the list of recipients. The advantage of this is that it provides a consistent view of the masqueraded addresses. A remote user might notice that people inside the wrotethebook.com domain send mail to the david account using the address david@chef.wrotethebook.com . That remote user might then try to do the same. If the organization really wants to encourage people to use the address david@wrotethebook.com to reach the david account, masquerading recipient addresses helps to do this by showing users only the preferred address.

See Also

Recipe 4.1 to Recipe 4.11 cover other masquerading features. The sendmail book covers MASQUERADE_AS in 4.4.2 and EXPOSED_USER in 4.4.1.



Sendmail Cookbook
sendmail Cookbook
ISBN: 0596004710
EAN: 2147483647
Year: 2005
Pages: 178
Authors: Craig Hunt

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net