Recipe 4.9 Masquerading Most of the Hosts in a Domain

Previous page
Table of content
Next page

Recipe 4.9 Masquerading Most of the Hosts in a Domain

Problem

You have been asked to create a sendmail configuration that masquerades all of the hosts in a domain, with the exception of a few special purpose hosts that should be exposed to the outside world.

Solution

Create a file listing all of the hosts in the domain that should be exempted from masquerading. The name of the file is arbitrary. This recipe uses the name /etc/mail/masquerade-exceptions .

Add the masquerade_entire_domain feature and the MASQUERADE_AS , EXPOSED_USER , MASQUERADE_DOMAIN , and MASQUERADE_EXCEPTION_FILE macros to the sendmail configuration. Examples of the relevant commands are shown below: 

 dnl Masquerade the From address as wrotethebook.com MASQUERADE_AS(`wrotethebook.com') dnl Users whose mail is not masqueraded EXPOSED_USER(root) dnl Store the domain name that will be masqueraded in class $=M MASQUERADE_DOMAIN(`wrotethebook.com') dnl Masquerade all hosts in the domain FEATURE(`masquerade_entire_domain') dnl Load the list of hosts that should not be masqueraded MASQUERADE_EXCEPTION_FILE(`/etc/mail/masquerade-exceptions')

Using Recipe 1.8 as a guide, rebuild and reinstall sendmail.cf , and then restart sendmail.

Discussion

The masquerade_entire_domain feature causes sendmail to treat every name in class $=M as a domain, and, when combined with the MASQUERADE_AS macro, to masquerade every host within those domains. Recipe 4.8 shows the effect of the masquerade_entire_domain feature. If you want to masquerade most of the hosts in a domain, it is often easier to masquerade the entire domain and then make exceptions than it is to list all of the individual hosts that you want to masquerade. The file identified by the MASQUERADE_EXCEPTION_FILE macro is loaded into sendmail.cf class $=N . Class $=N contains a lists of hosts that should not be masqueraded even if they belong to a domain that is being masqueraded. For example, assume the /etc/mail/masquerade-exceptions file created for this recipe contains the following entries: 

 #  cat > /etc/mail/masquerade-exceptions   www.wrotethebook.com   info.wrotethebook.com   sales.wrotethebook.com   Ctrl-D

This recipe masquerades all hosts in wrotethebook.com except for these three hosts, as this test shows: 

 #  sendmail -bt  ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter <ruleset> <address> >  $=M  wrotethebook.com >  /tryflags HS  >  /try esmtp peyton@crab.wrotethebook.com  Trying header sender address peyton@crab.wrotethebook.com for mailer esmtp canonify           input: peyton @ crab . wrotethebook . com Canonify2          input: peyton < @ crab . wrotethebook . com > Canonify2        returns: peyton < @ crab . wrotethebook . com . > canonify         returns: peyton < @ crab . wrotethebook . com . > 1                  input: peyton < @ crab . wrotethebook . com . > 1                returns: peyton < @ crab . wrotethebook . com . > HdrFromSMTP        input: peyton < @ crab . wrotethebook . com . > PseudoToReal       input: peyton < @ crab . wrotethebook . com . > PseudoToReal     returns: peyton < @ crab . wrotethebook . com . > MasqSMTP           input: peyton < @ crab . wrotethebook . com . > MasqSMTP         returns: peyton < @ crab . wrotethebook . com . > MasqHdr            input: peyton < @ crab . wrotethebook . com . > MasqHdr          returns: peyton < @ wrotethebook . com . > HdrFromSMTP      returns: peyton < @ wrotethebook . com . > final              input: peyton < @ wrotethebook . com . > final            returns: peyton @ wrotethebook . com Rcode = 0, addr = peyton@wrotethebook.com >  $=N  info.wrotethebook.com www.wrotethebook.com sales.wrotethebook.com >  /try esmtp jill@sales.wrotethebook.com  Trying header sender address jill@sales.wrotethebook.com for mailer esmtp canonify           input: jill @ sales . wrotethebook . com Canonify2          input: jill < @ sales . wrotethebook . com > Canonify2        returns: jill < @ sales . wrotethebook . com . > canonify         returns: jill < @ sales . wrotethebook . com . > 1                  input: jill < @ sales . wrotethebook . com . > 1                returns: jill < @ sales . wrotethebook . com . > HdrFromSMTP        input: jill < @ sales . wrotethebook . com . > PseudoToReal       input: jill < @ sales . wrotethebook . com . > PseudoToReal     returns: jill < @ sales . wrotethebook . com . > MasqSMTP           input: jill < @ sales . wrotethebook . com . > MasqSMTP         returns: jill < @ sales . wrotethebook . com . > MasqHdr            input: jill < @ sales . wrotethebook . com . > MasqHdr          returns: jill < @ sales . wrotethebook . com . > HdrFromSMTP      returns: jill < @ sales . wrotethebook . com . > final              input: jill < @ sales . wrotethebook . com . > final            returns: jill @ sales . wrotethebook . com Rcode = 0, addr = jill@sales.wrotethebook.com >  /quit

The $=M command shows that class $=M contains the domain name wrotethebook.com . In this configuration, the masquerade_entire_domain feature is used, so processing peyton@crab.wrotethebook.com as a header sender address for the esmtp mailer yields the address peyton@wrotethebook.com because crab is a host in the wrotethebook.com domain. However, processing the address jill@sales.wrotethebook.com as a header sender address for the esmtp mailer returns the original address with no masquerading, even though sales.wrotethebook.com is a host in the wrotethebook.com domain. The reason that sales.wrotethebook.com is not masqueraded is because it is listed in class $=N as the $=N command shows.

Alternatives

Given the small number of hostnames in the masquerade-exceptions file, using the MASQUERADE_EXCEPTION macro would be a viable alternative to creating a file for the MASQUERADE_EXCEPTION_FILE macro. This recipe could be rewritten by replacing the MASQUERADE_EXCEPTION macro with the following lines: 

 dnl Define hosts that should not be masqueraded MASQUERADE_EXCEPTION(`www.wrotethebook.com') MASQUERADE_EXCEPTION(`info.wrotethebook.com') MASQUERADE_EXCEPTION(`sales.wrotethebook.com')

The systems that are listed as exceptions to masquerading are generally special purpose systems. There are usually only a limited number of these systems, and there are few changes to this set of systems. For these reasons, the MASQUERADE_EXCEPTION macro is a viable alternative to creating a file to hold this list of hostnames. When you have a large number of hosts that should be excepted from masquerading, or the list of exempted hosts changes frequently, the MASQUERADE_EXCEPTION_FILE is the best choice. Use the macro that you prefer ”they both work well.

See Also

Recipe 4.7 and Recipe 4.8 cover similar configurations that should be evaluated before implementing this recipe. The sendmail book covers the masquerade_entire_domain feature in 4.8.25, MASQUERADE_AS in 4.4.2, EXPOSED_USER in 4.4.1, MASQUERADE_DOMAIN in 4.4.3, MASQUERADE_DOMAIN_FILE in 4.4.4, and MASQUERADE_EXCEPTION and MASQUERADE_EXCEPTION_FILE in 4.4.5. The "Address Masquerading" section of Linux Sendmail Administration , by Craig Hunt (Sybex), is a tutorial on masquerading. The cf/README file covers masquerading in the section Masquerading and Relaying .


Previous page
Table of content
Next page
Sendmail Cookbook
sendmail Cookbook
ISBN: 0596004710
EAN: 2147483647
Year: 2005
Pages: 178
Authors: Craig Hunt
BUY ON AMAZON
Agile Project Management: Creating Innovative Products (2nd Edition)
VBScript Programmers Reference
Image Processing with LabVIEW and IMAQ Vision
Oracle Developer Forms Techniques
Lean Six Sigma for Service : How to Use Lean Speed and Six Sigma Quality to Improve Services and Transactions
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy