ProblemIn addition to masquerading the header sender address, you have been asked to create a configuration that masquerades the envelope sender address used by the SMTP protocol. SolutionAdd the masquerade_envelope feature, the MASQUERADE_AS macro, and the EXPOSED_USER macro to the sendmail configuration file. Here are examples: dnl Masquerade the From address as wrotethebook.com MASQUERADE_AS(`wrotethebook.com') dnl Users whose mail is not masqueraded EXPOSED_USER(root) dnl Masquerade the envelope address as wrotethebook.com FEATURE(`masquerade_envelope') Build and install the new configuration, and then restart sendmail. Recipe 1.8 provides an example. DiscussionBy default, the MASQUERADE_AS macro replaces the hostname in the From : message header with the masquerade value. The From : header address is referred to as the header sender address . From the point of view of the SMTP protocol, the message headers are just part of the message ”the data sent after the SMTP DATA command. The addresses exchanged by the SMTP protocol before the SMTP DATA command are called the envelope addresses , and the address of the source of the mail is called the envelope sender address . The envelope sender address appears in the SMTP protocol exchange as the value in the SMTP MAIL From : command. By default, the MASQUERADE_AS macro does not masquerade the hostname in the envelope sender address. A test of the basic masquerade configuration shows this: # sendmail -bt -Crecipe4.2.cf ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter <ruleset> <address> > /tryflags HS > /try esmtp clark@horseshoe.wrotethebook.com Trying header sender address clark@horseshoe.wrotethebook.com for mailer esmtp canonify input: clark @ horseshoe . wrotethebook . com Canonify2 input: clark < @ horseshoe . wrotethebook . com > Canonify2 returns: clark < @ horseshoe . wrotethebook . com . > canonify returns: clark < @ horseshoe . wrotethebook . com . > 1 input: clark < @ horseshoe . wrotethebook . com . > 1 returns: clark < @ horseshoe . wrotethebook . com . > HdrFromSMTP input: clark < @ horseshoe . wrotethebook . com . > PseudoToReal input: clark < @ horseshoe . wrotethebook . com . > PseudoToReal returns: clark < @ horseshoe . wrotethebook . com . > MasqSMTP input: clark < @ horseshoe . wrotethebook . com . > MasqSMTP returns: clark < @ horseshoe . wrotethebook . com . > MasqHdr input: clark < @ horseshoe . wrotethebook . com . > MasqHdr returns: clark < @ wrotethebook . com . > HdrFromSMTP returns: clark < @ wrotethebook . com . > final input: clark < @ wrotethebook . com . > final returns: clark @ wrotethebook . com Rcode = 0, addr = clark@wrotethebook.com > /tryflags ES > /try esmtp clark@horseshoe.wrotethebook.com Trying envelope sender address clark@horseshoe.wrotethebook.com for mailer esmtp canonify input: clark @ horseshoe . wrotethebook . com Canonify2 input: clark < @ horseshoe . wrotethebook . com > Canonify2 returns: clark < @ horseshoe . wrotethebook . com . > canonify returns: clark < @ horseshoe . wrotethebook . com . > 1 input: clark < @ horseshoe . wrotethebook . com . > 1 returns: clark < @ horseshoe . wrotethebook . com . > EnvFromSMTP input: clark < @ horseshoe . wrotethebook . com . > PseudoToReal input: clark < @ horseshoe . wrotethebook . com . > PseudoToReal returns: clark < @ horseshoe . wrotethebook . com . > MasqSMTP input: clark < @ horseshoe . wrotethebook . com . > MasqSMTP returns: clark < @ horseshoe . wrotethebook . com . > MasqEnv input: clark < @ horseshoe . wrotethebook . com . > MasqEnv returns: clark < @ horseshoe . wrotethebook . com . > EnvFromSMTP returns: clark < @ horseshoe . wrotethebook . com . > final input: clark < @ horseshoe . wrotethebook . com . > final returns: clark @ horseshoe . wrotethebook . com Rcode = 0, addr = clark@horseshoe.wrotethebook.com > /quit The first /tryflags command configures sendmail to test header sender ( HS ) address processing. The first /try command processes clark@horseshoe.wrotethebook.com as the header sender address for the esmtp mailer. The result shows that the address is masqueraded as clark@wrotethebook.com . The second /tryflags command configures the system for envelope sender ( ES ) address processing. This time, the address is not masqueraded. This is the basic masquerade configuration; it masquerades header addresses but not envelope addresses. The masquerade_envelope feature changes this, as the following test of this recipe's configuration shows: # sendmail -bt ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter <ruleset> <address> > /tryflags ES > /try esmtp clark@horseshoe.wrotethebook.com Trying envelope sender address clark@horseshoe.wrotethebook.com for mailer esmtp canonify input: clark @ horseshoe . wrotethebook . com Canonify2 input: clark < @ horseshoe . wrotethebook . com > Canonify2 returns: clark < @ horseshoe . wrotethebook . com . > canonify returns: clark < @ horseshoe . wrotethebook . com . > 1 input: clark < @ horseshoe . wrotethebook . com . > 1 returns: clark < @ horseshoe . wrotethebook . com . > EnvFromSMTP input: clark < @ horseshoe . wrotethebook . com . > PseudoToReal input: clark < @ horseshoe . wrotethebook . com . > PseudoToReal returns: clark < @ horseshoe . wrotethebook . com . > MasqSMTP input: clark < @ horseshoe . wrotethebook . com . > MasqSMTP returns: clark < @ horseshoe . wrotethebook . com . > MasqEnv input: clark < @ horseshoe . wrotethebook . com . > MasqHdr input: clark < @ horseshoe . wrotethebook . com . > MasqHdr returns: clark < @ wrotethebook . com . > MasqEnv returns: clark < @ wrotethebook . com . > EnvFromSMTP returns: clark < @ wrotethebook . com . > final input: clark < @ wrotethebook . com . > final returns: clark @ wrotethebook . com Rcode = 0, addr = clark@wrotethebook.com > /quit This test replicates the second part of the earlier test. With the basic masquerade configuration, the envelope sender address was not masqueraded ”now it is. Users and user mail tools deal with header sender addresses. A reply in a user mail tool will reply to an address found in a message header. Masquerading header sender addresses ensures that remote users receive the correct address for replying to local users. In this way, masquerading benefits users. Users, however, do not usually deal with envelope addresses. Masquerading envelope addresses simplifies machine interactions, and there are several good reasons to do this:
For these and other reasons, many sites that use masquerading apply it to both the header and the envelope addresses. See AlsoRecipe 4.2 provides supporting information for this configuration. Chapter 3 covers configuring a mail relay and discusses the use of the envelope address in relaying. The sendmail book covers the MASQUERADE_AS macro in 4.4.2, the EXPOSED_USER macro in 4.4.1, and the masquerade_envelope feature in 4.8.26. The "Address Masquerading" section of Linux Sendmail Administration , by Craig Hunt (Sybex), is a tutorial on masquerading. The cf/README file covers masquerading in the section Masquerading and Relaying . |