Masquerading
Masquerading is the process of transforming the local hostname in addresses into that of another domain. This results in the mail message appearing to come from that other domain rather than from the local host. Masquerading is most often used in domains where email is addressed to the domain rather than to individual hosts inside the domain.
Masquerading usually rewrites header-sender addresses. Some mc features allow you also to rewrite envelope addresses and recipient headers. The complete list of all definitions and features that affect masquerading is shown in Table 4-3.
|
What |
§ |
Version |
Masquerade |
|
EXPOSED_USER |
V8.6 and up |
All but these hosts | |
|
EXPOSED_USER_FILE |
V8.12 and up |
All but these | |
|
FEATURE(allmasquerade) |
V8.2 and up |
The recipient too | |
|
FEATURE(domaintable) |
V8.2 and up |
Rewrite old domain as equivalent to new domain | |
|
FEATURE(generics_entire_domain) |
V8.10 and up |
Transform sender addresses | |
|
FEATURE(genericstable) |
V8.8 and up |
Transform sender addresses | |
|
FEATURE(limited_masquerade) |
V8.8 and up |
Only MASQUERADE_DOMAIN hosts | |
|
FEATURE(local_no_masquerade) |
V8.12 and up |
Don’t masquerade local mail | |
|
FEATURE(masquerade_entire_domain) |
V8.8 and up |
All of a domain | |
|
FEATURE(masquerade_envelope) |
V8.7 and up |
The envelope too | |
|
GENERICS_DOMAIN |
V8.8 and up |
List domains for genericstable | |
|
GENERICS_DOMAIN_FILE |
V8.8 and up |
List domains for genericstable | |
|
MASQUERADE_AS |
V8.6 and up |
As another host | |
|
MASQUERADE_DOMAIN |
V8.6 and up |
Other domains | |
|
MASQUERADE_DOMAIN_FILE |
V8.6 and up |
Other domains | |
|
MASQUERADE_EXCEPTION |
V8.10 and up |
But not these domains | |
|
MASQUERADE_EXCEPTION_FILE |
V8.12 and up |
But not these domains |
EXPOSED_USER mc Macro
An internal sendmail class is used by the V8 configuration file to hold a list of usernames that should never be masqueraded (even if masquerade is enabled with the MASQUERADE_AS mc macro). Prior to V8.10 sendmail, the user root was always in that class. With V8.10 and above, that class is now always empty unless you add user names into it.
You can add users individually with the EXPOSED_USER mc macro like this:
EXPOSED_USER(`user')Here, user is either one user or a list of
users separated by spaces.
EXPOSED_USER_FILE mc macro
The EXPOSED_USER_FILE macro, like the EXPOSED_USER macro, allows you to list names that should never be masqueraded (even if masquerade is enabled with the MASQUERADE_AS mc macro). It lists usernames in an external file, one name per line, and is declared like this:
EXPOSED_USER_FILE(`/etc/mail/exposedusers')
This declaration causes a list of users to be read from the file
/etc/mail/exposedusers. Because
EXPOSED_USER_FILE is implemented with an F
configuration command (Section 22.1.2), you can add
whatever F command arguments you desire. For
example:
EXPOSED_USER_FILE(`-o /etc/mail/exposedusers')
Here the -o switch makes the presence of the
/etc/mail/exposedusers file optional.
If you are currently reading exposed users from a file declared with
the F configuration command, you are encouraged to
convert to this new macro. Use of it will insulate you from change in
the future if a different class name is ever used.
MASQUERADE_AS mc Macro
At sites with one central mail server (see MAIL_HUB, Section 4.5.7) it can be advantageous for mail to appear as if it is from the hub. This simplifies mail administration in that all users have the same machine address no matter which workstations they use. You can cause a workstation to masquerade as the server (or as another host) by using the MASQUERADE_AS mc macro:
MASQUERADE_AS(`server')This causes outgoing mail to be labeled as coming from the server
(rather than from the value in $j, $j). The new address appears in the sender
headers (such as From:), but specifically does not
appear in the Received: (Received:) and Message-ID: (Message-ID:) headers.
Some users (such as root) should never be masqueraded because one always needs to know their machine of origin. Such users are declared by using the EXPOSED_USER mc macro. Note that prior to V8.10 sendmail, root was always exposed.
If you wish to have recipient addresses also masqueraded, cautiously use the allmasquerade feature (FEATURE(allmasquerade)).
MASQUERADE_DOMAIN mc Macro
Ordinarily,
MASQUERADE_AS enables hosts in the local domains (as defined in the
$=w class, $=w) to be
transformed into the masquerading host. It also masquerades a list of
additional hosts, but that list is normally empty.
If you wish to masquerade a domain other than your local one, you can use the MASQUERADE_DOMAIN mc macro:
MASQUERADE_DOMAIN(`other.domain')Essentially, all that MASQUERADE_DOMAIN does is assign its argument to an internal sendmail class, so you can list multiple domains in a single MASQUERADE_DOMAIN statement:
MASQUERADE_DOMAIN(`domain1 domain2 domain3')Note that MASQUERADE_DOMAIN masquerades only the domain and
not any hosts under that domain. If you wish to
masquerade all hosts under a domain (including the domain itself),
see the masquerade_entire_domain feature (FEATURE(masquerade_entire_domain)).
Also note that MASQUERADE_DOMAIN has special meaning for the
limited_masquerade feature (FEATURE(limited_masquerade)). When that feature is declared, only the
domains listed under MASQUERADE_DOMAIN will be masqueraded.
MASQUERADE_DOMAIN_FILE mc Macro
In masquerading other domains, as with MASQUERADE_DOMAIN, it can prove advantageous to store the list of masqueraded domains in an external file. The MASQUERADE_DOMAIN_FILE mc macro allows you to do just that:
MASQUERADE_DOMAIN_FILE(`/etc/mail/domains')
Essentially, all that MASQUERADE_DOMAIN_FILE does is read the
external file using the F configuration command.
As a consequence, you can add an F-style argument
to its declaration:
MASQUERADE_DOMAIN_FILE(`-o /etc/mail/domains')
Here, we added a -o to make the existence of the
file optional.
Note that the file specified with MASQUERADE_DOMAIN_FILE is read only once, when sendmail first starts.
MASQUERADE_EXCEPTION mc Macro
Normally, when you masquerade a site, you masquerade all the machines at that site. But, in some instances that might not be desirable. Beginning with V8.10 sendmail, it is now possible to omit selected hosts from masquerading.
Consider, for example, a university that hosts a few subdomains within it. If bigcampus.edu provided mail services for cs.bigcampus.edu, it might set up its main mail server’s mc file like this:
MASQUERADE_AS('bigcampus.edu')
FEATURE(`masquerade_entire_domain')
MASQUERADE_EXCEPTION(`cs.bigcampus.edu')The argument to MASQUERADE_EXCEPTION can be one or more hosts, separated from each other by spaces. Each excepted host is assigned to an internal sendmail class.
Note that you cannot exempt all hosts in a domain with this MASQUERADE_EXCEPTION mc macro. You must specify each host individually.
MASQUERADE_EXCEPTION_FILE mc Macro
If you have many exceptions defined with the MASQUERADE_EXCEPTION mc configuration macro, you can store them in a single file—say, donotmasq—and read that file using the MASQUERADE_EXCEPTION_FILE mc macro:
MASQUERADE_EXCEPTION_FILE(`/etc/mail/donotmasq')← V8.12 and above
Essentially, all that MASQUERADE_EXCEPTION_FILE does is read the
external file using the F configuration command.
As a consequence, you can add an F-style argument
to its declaration:
MASQUERADE_EXCEPTION_FILE(`-o /etc/mail/donotmasq')← V8.12 and above
Here, we added a -o to make the existence of the
file optional.
Note that the file specified with MASQUERADE_EXCEPTION_FILE is read only once, when sendmail first starts.
Get Sendmail, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
