169 lines
6.6 KiB
HTML
169 lines
6.6 KiB
HTML
<!--startcut ======================================================= -->
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
|
|
<html>
|
|
<head>
|
|
<TITLE>The Answer Guy 28: 'sendmail' Masquerading: What and Why</TITLE>
|
|
</head>
|
|
|
|
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#A000A0"
|
|
ALINK="#FF0000">
|
|
<!--endcut ========================================================= -->
|
|
<H4>"Linux Gazette...<I>making Linux just a little more fun!</I>"
|
|
</H4>
|
|
<P> <hr> <P>
|
|
|
|
<!-- =============================================================== -->
|
|
<H1 align="center"><A NAME="answer">
|
|
<img src="../gx/dennis/qbubble.gif" alt="" border="0" align="middle">
|
|
<a href="./lg_answer28.html">The Answer Guy</a>
|
|
<img src="../gx/dennis/bbubble.gif" alt="" border="0" align="middle">
|
|
</A></H1> <BR>
|
|
<H4 align="center">By James T. Dennis,
|
|
<a href="mailto:linux-questions-only@ssc.com">linux-questions-only@ssc.com</a><BR>
|
|
Starshine Technical Services,
|
|
<A HREF="http://www.starshine.org/">http://www.starshine.org/</A> </H4>
|
|
<p><hr><p>
|
|
<H3><img src="../gx/dennis/qbub.gif" alt="(?)" width="50" height="28"
|
|
align="left" border="0">'<tt>sendmail</tt>' Masquerading:
|
|
What and Why</H3>
|
|
|
|
<p><strong>From Stephen Oberther on Tue, 07 Apr 1998 </strong></p>
|
|
|
|
<P><strong>First of all let me say that I love the magazine and your
|
|
column. This problem has been bothering me for quite
|
|
some time now and I can't seem to figure out how to
|
|
remedy it. I have a dial-up internet account but use my
|
|
local sendmail for email distribution.
|
|
|
|
<br><br>
|
|
My question is this: Is there a way to have my actual
|
|
email address stampled onto my email so that the
|
|
recipient can just reply to the email normally and have
|
|
the reply go to my account with my ISP? Currently, with
|
|
the exception of this message if netscape works properly,
|
|
the from field is posted with my username and my local
|
|
machine name, as it should be. Is this possible at all
|
|
or is it just a lost cause?</strong></p>
|
|
|
|
<blockquote><img src="../gx/dennis/bbub.gif" width="50" height="28" alt="(!)"
|
|
align="left" border="0">Yes,
|
|
there is a way to have your system "masquerade" as
|
|
some other system or domain. In fact this is what most
|
|
organizations do.
|
|
|
|
<br><br>
|
|
Note: this '<tt>sendmail</tt>' masquerading feature should
|
|
<em>not</em> be
|
|
confused with "IP Masquerading" (which is a form of
|
|
TCP/IP network address translation -- or NAT). In the
|
|
contest of mail the term refers purely to how the headers
|
|
of each piece of mail are constructed. (IP masquerading is
|
|
at the transport layer of the OSI reference model while
|
|
'<tt>sendmail</tt>' masquerading is at the applications layer).
|
|
|
|
<br><br>
|
|
Now the fact that you mention Netscape (presumably NS
|
|
Navigator or Communicator) raises a different issue.
|
|
Some MUA's --- particularly those that have been ported
|
|
from or significantly influenced by non-Unix code ---
|
|
will bypass the normal conventions for mail handling under
|
|
Unix and deliver their own mail directly to the apparent
|
|
recipient (by doing the appropriate DNS query for MX
|
|
records and engaging in a direct TCP dialog with that
|
|
host's SMTP port. In many cases you can configure these
|
|
to relay mail through some other system --- such as
|
|
'localhost' which will allow your '<tt>sendmail</tt>' (or qmail,
|
|
or vmail, or other local MTA (mail transport agent) to
|
|
apply your local policies (like header rewrites) to the
|
|
mail).
|
|
|
|
<br><br>
|
|
Host "hiding" via '<tt>sendmail</tt>' masquerading is such a local
|
|
policy. Assuming you're using '<tt>sendmail</tt>' you can enable
|
|
it with the following lines to your '<tt>mc</tt>' (Macro Config)
|
|
file:
|
|
|
|
<blockquote><code>
|
|
FEATURE(always_add_domain)dnl<br>
|
|
FEATURE(allmasquerade)dnl<br>
|
|
FEATURE(always_add_domain)dnl<br>
|
|
FEATURE(masquerade_envelope)dnl<br>
|
|
MASQUERADE_AS($YOURHOST)dnl
|
|
|
|
</code></blockquote>
|
|
Naturally you probably need other lines in there
|
|
and you need to run this through the M4 macro preprocessor
|
|
to generate your <tt>/etc/sendmail.cf</tt> file. (I do not
|
|
recommend hand hacking the cf files as this is
|
|
more error prone and harder to document and review later).
|
|
|
|
<br><br>
|
|
You might not need all of these features --- but I use them.
|
|
|
|
<br><br>
|
|
Note: this doesn't "hide" your internal host names and/or
|
|
IP address in the "<tt>Received:</tt>" headers --- which is an FAQ
|
|
in security (via obscurity) features. I merely affects the
|
|
<tt>Reply-Path:</tt> and <tt>From:</tt> addresses.
|
|
|
|
<br><br>
|
|
The part about "masquerade_envelope" is one I've added
|
|
more recently. It prevents some potentially alarming headers
|
|
from appearing in my mail when a recieving or relaying mailhost's
|
|
sendmail (or other MTA) can't do a proper "double reverse"
|
|
lookup of my address. (Yes, my DNS and reverse DNS are out
|
|
of sync --- and no, I haven't fought it out with my ISP
|
|
nor have I assumed control of my own DNS. Let's not
|
|
talk about the footwear on the cobbler's kids!).
|
|
</blockquote>
|
|
|
|
|
|
<P><strong><img src="../gx/dennis/qbub.gif" width="50" height="28" alt="(?)"
|
|
align="left" border="0">Oh
|
|
and just in case the from address is wrong on this email it should be ...
|
|
|
|
<br><br>
|
|
Thanks in advance, Stephen Oberther </strong></p>
|
|
|
|
|
|
<blockquote><img src="../gx/dennis/bbub.gif" width="50" height="28" alt="(!)"
|
|
align="left" border="0">The
|
|
first test I would make in your situation is to
|
|
pass a message straight to sendmail with a command like:
|
|
|
|
<blockquote><code>
|
|
/usr/lib/sendmail -t -v -oe < $TESTMAIL
|
|
</code></blockquote>
|
|
|
|
... where $TESTMAIL is the name of a file that has a
|
|
reasonably formatted piece of mail (at least a <tt>To:</tt> and
|
|
a <tt>Subject:</tt> line for a header, a blank line and a few
|
|
lines of text for the body).
|
|
|
|
<br><br>
|
|
point the <tt>To:</tt> line at one of your other accounts to
|
|
a friend or through some autoresponder (pick one that
|
|
doesn't remove the headers). Then you can see
|
|
what sort of rewriting is occuring. It may be that
|
|
you system's MTA is already properly configured and
|
|
you can focus on the MUA (mail user agent).
|
|
</blockquote>
|
|
<!--================================================================-->
|
|
<P> <hr> <P>
|
|
<H5 align="center"><a href="http://www.linuxgazette.com/copying.html"
|
|
>Copyright ©</a> 1998, James T. Dennis <BR>
|
|
Published in <I>Linux Gazette</I> Issue 28 May 1998</H5>
|
|
<P> <hr> <P>
|
|
<!--================================================================-->
|
|
<A HREF="./index.html"><IMG SRC="../gx/indexnew.gif"
|
|
ALT="[ Table Of Contents ]"></A>
|
|
<A HREF="../index.html"><IMG SRC="../gx/homenew.gif"
|
|
ALT="[ Front Page ]"></A>
|
|
<A HREF="./lg_answer28.html"><IMG SRC="../gx/dennis/answernew.gif"
|
|
ALT="[ Answer Guy Index ]"></A>
|
|
<!--startcut ======================================================= -->
|
|
</body>
|
|
</html>
|
|
<!--endcut ========================================================= -->
|
|
|