O'Reilly logo

Sendmail, 3rd Edition by Bryan Costales

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Masquerading

Masquerading is the process of transforming the local hostname in addresses into that of another domain. This results in the mail message appearing to come from that other domain rather than from the local host. Masquerading is most often used in domains where email is addressed to the domain rather than to individual hosts inside the domain.

Masquerading usually rewrites header-sender addresses. Some mc features allow you also to rewrite envelope addresses and recipient headers. The complete list of all definitions and features that affect masquerading is shown in Table 4-3.

Table 4-3. Definitions and features affecting masquerading

What

§

Version

Masquerade

EXPOSED_USER

Section 4.4.1

V8.6 and up

All but these hosts

EXPOSED_USER_FILE

Section 4.4.1.1

V8.12 and up

All but these

FEATURE(allmasquerade)

FEATURE(allmasquerade)

V8.2 and up

The recipient too

FEATURE(domaintable)

FEATURE(domaintable)

V8.2 and up

Rewrite old domain as equivalent to new domain

FEATURE(generics_entire_domain)

FEATURE(generics_entire_domain)

V8.10 and up

Transform sender addresses

FEATURE(genericstable)

FEATURE(genericstable)

V8.8 and up

Transform sender addresses

FEATURE(limited_masquerade)

FEATURE(limited_masquerade)

V8.8 and up

Only MASQUERADE_DOMAIN hosts

FEATURE(local_no_masquerade)

FEATURE(local_no_masquerade)

V8.12 and up

Don’t masquerade local mail

FEATURE(masquerade_entire_domain)

FEATURE(masquerade_entire_domain)

V8.8 and up

All of a domain

FEATURE(masquerade_envelope)

FEATURE(masquerade_envelope)

V8.7 and up

The envelope too

GENERICS_DOMAIN

Section 4.8.1

V8.8 and up

List domains for genericstable

GENERICS_DOMAIN_FILE

Section 4.8.1.1

V8.8 and up

List domains for genericstable

MASQUERADE_AS

Section 4.4.2

V8.6 and up

As another host

MASQUERADE_DOMAIN

Section 4.4.3

V8.6 and up

Other domains

MASQUERADE_DOMAIN_FILE

Section 4.4.4

V8.6 and up

Other domains

MASQUERADE_EXCEPTION

Section 4.4.5

V8.10 and up

But not these domains

MASQUERADE_EXCEPTION_FILE

Section 4.4.6

V8.12 and up

But not these domains

EXPOSED_USER mc Macro

An internal sendmail class is used by the V8 configuration file to hold a list of usernames that should never be masqueraded (even if masquerade is enabled with the MASQUERADE_AS mc macro). Prior to V8.10 sendmail, the user root was always in that class. With V8.10 and above, that class is now always empty unless you add user names into it.

You can add users individually with the EXPOSED_USER mc macro like this:

EXPOSED_USER(`user')

Here, user is either one user or a list of users separated by spaces.

EXPOSED_USER_FILE mc macro

The EXPOSED_USER_FILE macro, like the EXPOSED_USER macro, allows you to list names that should never be masqueraded (even if masquerade is enabled with the MASQUERADE_AS mc macro). It lists usernames in an external file, one name per line, and is declared like this:

EXPOSED_USER_FILE(`/etc/mail/exposedusers')

This declaration causes a list of users to be read from the file /etc/mail/exposedusers. Because EXPOSED_USER_FILE is implemented with an F configuration command (Section 22.1.2), you can add whatever F command arguments you desire. For example:

EXPOSED_USER_FILE(`-o /etc/mail/exposedusers')

Here the -o switch makes the presence of the /etc/mail/exposedusers file optional.

If you are currently reading exposed users from a file declared with the F configuration command, you are encouraged to convert to this new macro. Use of it will insulate you from change in the future if a different class name is ever used.

MASQUERADE_AS mc Macro

At sites with one central mail server (see MAIL_HUB, Section 4.5.7) it can be advantageous for mail to appear as if it is from the hub. This simplifies mail administration in that all users have the same machine address no matter which workstations they use. You can cause a workstation to masquerade as the server (or as another host) by using the MASQUERADE_AS mc macro:

MASQUERADE_AS(`server')

This causes outgoing mail to be labeled as coming from the server (rather than from the value in $j, $j). The new address appears in the sender headers (such as From:), but specifically does not appear in the Received: (Received:) and Message-ID: (Message-ID:) headers.

Some users (such as root) should never be masqueraded because one always needs to know their machine of origin. Such users are declared by using the EXPOSED_USER mc macro. Note that prior to V8.10 sendmail, root was always exposed.

If you wish to have recipient addresses also masqueraded, cautiously use the allmasquerade feature (FEATURE(allmasquerade)).

MASQUERADE_DOMAIN mc Macro

Ordinarily, MASQUERADE_AS enables hosts in the local domains (as defined in the $=w class, $=w) to be transformed into the masquerading host. It also masquerades a list of additional hosts, but that list is normally empty.

If you wish to masquerade a domain other than your local one, you can use the MASQUERADE_DOMAIN mc macro:

MASQUERADE_DOMAIN(`other.domain')

Essentially, all that MASQUERADE_DOMAIN does is assign its argument to an internal sendmail class, so you can list multiple domains in a single MASQUERADE_DOMAIN statement:

MASQUERADE_DOMAIN(`domain1 domain2 domain3')

Note that MASQUERADE_DOMAIN masquerades only the domain and not any hosts under that domain. If you wish to masquerade all hosts under a domain (including the domain itself), see the masquerade_entire_domain feature (FEATURE(masquerade_entire_domain)).

Also note that MASQUERADE_DOMAIN has special meaning for the limited_masquerade feature (FEATURE(limited_masquerade)). When that feature is declared, only the domains listed under MASQUERADE_DOMAIN will be masqueraded.

MASQUERADE_DOMAIN_FILE mc Macro

In masquerading other domains, as with MASQUERADE_DOMAIN, it can prove advantageous to store the list of masqueraded domains in an external file. The MASQUERADE_DOMAIN_FILE mc macro allows you to do just that:

MASQUERADE_DOMAIN_FILE(`/etc/mail/domains')

Essentially, all that MASQUERADE_DOMAIN_FILE does is read the external file using the F configuration command. As a consequence, you can add an F-style argument to its declaration:

MASQUERADE_DOMAIN_FILE(`-o /etc/mail/domains')

Here, we added a -o to make the existence of the file optional.

Note that the file specified with MASQUERADE_DOMAIN_FILE is read only once, when sendmail first starts.

MASQUERADE_EXCEPTION mc Macro

Normally, when you masquerade a site, you masquerade all the machines at that site. But, in some instances that might not be desirable. Beginning with V8.10 sendmail, it is now possible to omit selected hosts from masquerading.

Consider, for example, a university that hosts a few subdomains within it. If bigcampus.edu provided mail services for cs.bigcampus.edu, it might set up its main mail server’s mc file like this:

MASQUERADE_AS('bigcampus.edu')
FEATURE(`masquerade_entire_domain')
MASQUERADE_EXCEPTION(`cs.bigcampus.edu')

The argument to MASQUERADE_EXCEPTION can be one or more hosts, separated from each other by spaces. Each excepted host is assigned to an internal sendmail class.

Note that you cannot exempt all hosts in a domain with this MASQUERADE_EXCEPTION mc macro. You must specify each host individually.

MASQUERADE_EXCEPTION_FILE mc Macro

If you have many exceptions defined with the MASQUERADE_EXCEPTION mc configuration macro, you can store them in a single file—say, donotmasq—and read that file using the MASQUERADE_EXCEPTION_FILE mc macro:

MASQUERADE_EXCEPTION_FILE(`/etc/mail/donotmasq') V8.12 and above

Essentially, all that MASQUERADE_EXCEPTION_FILE does is read the external file using the F configuration command. As a consequence, you can add an F-style argument to its declaration:

MASQUERADE_EXCEPTION_FILE(`-o /etc/mail/donotmasq') V8.12 and above

Here, we added a -o to make the existence of the file optional.

Note that the file specified with MASQUERADE_EXCEPTION_FILE is read only once, when sendmail first starts.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required