Recipe 4.8 Masquerading All Hosts in a Domain

Previous page
Table of content
Next page

Recipe 4.8 Masquerading All Hosts in a Domain

Problem

You want to masquerade every host within a domain without defining every individual hostname in class $=M or class $=w .

Solution

Create a sendmail configuration containing the MASQUERADE_AS and the EXPOSED_USER macros. Add the MASQUERADE_DOMAIN macro to define the domain to which the masqueraded hosts belong. Also add the masquerade_entire_domain feature to ensure that every host in the domain is masqueraded. Here is an example of these commands: 

 dnl Masquerade the From address as wrotethebook.com MASQUERADE_AS(`wrotethebook.com') dnl Users whose mail is not masqueraded EXPOSED_USER(root) dnl Store the domain name that will be masqueraded in class $=M MASQUERADE_DOMAIN(`wrotethebook.com') dnl Masquerade every host in the domain FEATURE(`masquerade_entire_domain')

Build the new sendmail.cf file, install it, and restart sendmail. Recipe 1.8 provides an example of these steps.

Discussion

By default, every hostname listed in class $=w and class $=M is masqueraded when the MASQUERADE_AS macro is included in the configuration. This works perfectly on most systems because the system is only masquerading mail that originates on that system, and every valid hostname for the local host is defined in class $=w . Therefore, the system will masquerade all mail that is sent with one of its valid hostnames.

Mail exchangers, hubs, and relays are more complicated because they may handle mail for a variety of hosts. It is very common for a mail exchanger to handle mail for every host within a domain and to wish to masquerade mail from every host in that domain. Simply adding the domain name to class $=w or class $=M is not enough because the domain name is interpreted as a hostname, as this test shows: 

 #  sendmail -bt -Crecipe4.6.cf  ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter <ruleset> <address> >  $=m  wrotethebook.com horseshoe.wrotethebook.com >  /tryflags HS  >  /try esmtp michael@crab.wrotethebook.com  Trying header sender address michael@crab.wrotethebook.com for mailer esmtp canonify           input: michael @ crab . wrotethebook . com Canonify2          input: michael < @ crab . wrotethebook . com > Canonify2        returns: michael < @ crab . wrotethebook . com . > canonify         returns: michael < @ crab . wrotethebook . com . > 1                  input: michael < @ crab . wrotethebook . com . > 1                returns: michael < @ crab . wrotethebook . com . > HdrFromSMTP        input: michael < @ crab . wrotethebook . com . > PseudoToReal       input: michael < @ crab . wrotethebook . com . > PseudoToReal     returns: michael < @ crab . wrotethebook . com . > MasqSMTP           input: michael < @ crab . wrotethebook . com . > MasqSMTP         returns: michael < @ crab . wrotethebook . com . > MasqHdr            input: michael < @ crab . wrotethebook . com . > MasqHdr          returns: michael < @ crab . wrotethebook . com . > HdrFromSMTP      returns: michael < @ crab . wrotethebook . com . > final              input: michael < @ crab . wrotethebook . com . > final            returns: michael @ crab . wrotethebook . com Rcode = 0, addr = michael@crab.wrotethebook.com >  /quit

The test above shows that class $=M contains the value wrotethebook.com . However, mail from crab , which is a host in the wrotethebook.com domain, is not masqueraded because the values in $=M are viewed as hostnames, and only exact matches are masqueraded.

Adding the masquerade_entire_domain feature to the configuration changes this behavior. With this feature added, values in class $=w are still interpreted as hostnames, but values in class $=M are interpreted as domain names , and every host in a domain listed in class $=M is masqueraded. The masquerade_entire_domain feature is always associated with either a MASQUERADE_DOMAIN macro or a MASQUERADE_DOMAIN_FILE macro, both of which load values into class $=M , because the masquerade_entire_domain feature only affects values in class $=M . Testing the configuration created by this recipe shows the impact of this feature: 

 #  sendmail -bt  ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter <ruleset> <address> >  $=M  wrotethebook.com >  /tryflags HS  >  /try esmtp michael@crab.wrotethebook.com  Trying header sender address michael@crab.wrotethebook.com for mailer esmtp canonify           input: michael @ crab . wrotethebook . com Canonify2          input: michael < @ crab . wrotethebook . com > Canonify2        returns: michael < @ crab . wrotethebook . com . > canonify         returns: michael < @ crab . wrotethebook . com . > 1                  input: michael < @ crab . wrotethebook . com . > 1                returns: michael < @ crab . wrotethebook . com . > HdrFromSMTP        input: michael < @ crab . wrotethebook . com . > PseudoToReal       input: michael < @ crab . wrotethebook . com . > PseudoToReal     returns: michael < @ crab . wrotethebook . com . > MasqSMTP           input: michael < @ crab . wrotethebook . com . > MasqSMTP         returns: michael < @ crab . wrotethebook . com . > MasqHdr            input: michael < @ crab . wrotethebook . com . > MasqHdr          returns: michael < @ wrotethebook . com . > HdrFromSMTP      returns: michael < @ wrotethebook . com . > final              input: michael < @ wrotethebook . com . > final            returns: michael @ wrotethebook . com Rcode = 0, addr = michael@wrotethebook.com  >  /quit

The $=M command shows the value stored in class $=M by the MASQUERADE_DOMAIN macro. In this case we have only one value to store in class $=M , and we do not anticipate changing it, so MASQUERADE_DOMAIN works well. If you have several values, you may want to use MASQUERADE_DOMAIN_FILE , which is used in Recipe Recipe 4.6. In this test, crab.wrotethebook.com is masqueraded because it is a host in a domain listed in class $=M ”the impact of the masquerade_entire_domain feature. This feature does not impact values in class $=w . Those values are still interpreted as hosts and are still masqueraded. If you want to limit masquerading to just the domains defined in class $=M , add the limited_masquerade feature to the configuration, as described in Recipe 4.7.

See Also

Recipe 4.4 and Recipe 4.7 cover similar configurations that should be evaluated before implementing this recipe. The sendmail book covers the masquerade_entire_domain feature in 4.8.25, MASQUERADE_AS in 4.4.2, EXPOSED_USER in 4.4.1, MASQUERADE_DOMAIN in 4.4.3, and MASQUERADE_DOMAIN_FILE in 4.4.4. The "Address Masquerading" section of Linux Sendmail Administration , by Craig Hunt (Sybex), is a tutorial on masquerading. The cf/README file covers masquerading in the section Masquerading and Relaying .


Previous page
Table of content
Next page
Sendmail Cookbook
sendmail Cookbook
ISBN: 0596004710
EAN: 2147483647
Year: 2005
Pages: 178
Authors: Craig Hunt
BUY ON AMAZON
Cisco IP Communications Express: CallManager Express with Cisco Unity Express
FileMaker Pro 8: The Missing Manual
Network Security Architectures
InDesign Type: Professional Typography with Adobe InDesign CS2
Junos Cookbook (Cookbooks (OReilly))
User Interfaces in C#: Windows Forms and Custom Controls
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy