From owner-freebsd-questions@FreeBSD.ORG Mon Aug 3 04:34:29 2009 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A9753106566B for ; Mon, 3 Aug 2009 04:34:29 +0000 (UTC) (envelope-from jeffrey@goldmark.org) Received: from out1.smtp.messagingengine.com (out1.smtp.messagingengine.com [66.111.4.25]) by mx1.freebsd.org (Postfix) with ESMTP id 800E88FC0A for ; Mon, 3 Aug 2009 04:34:29 +0000 (UTC) (envelope-from jeffrey@goldmark.org) Received: from compute2.internal (compute2.internal [10.202.2.42]) by out1.messagingengine.com (Postfix) with ESMTP id 30CD33BB6E3; Mon, 3 Aug 2009 00:16:04 -0400 (EDT) Received: from heartbeat1.messagingengine.com ([10.202.2.160]) by compute2.internal (MEProxy); Mon, 03 Aug 2009 00:16:04 -0400 X-Sasl-enc: twr7zIFiWwqnymvkhHR3gCdIq3sQE2ms50xqqRZgMXpY 1249272947 Received: from hagrid.ewd.goldmark.org (n114.ewd.goldmark.org [72.64.118.114]) by mail.messagingengine.com (Postfix) with ESMTPSA id 4DDC9D450; Mon, 3 Aug 2009 00:15:47 -0400 (EDT) Message-Id: <30347677-7D24-44D1-9D47-1A48D4CD1154@goldmark.org> From: Jeffrey Goldberg To: fbsd@dannysplace.net In-Reply-To: <4A763BDD.2010308@dannysplace.net> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v935.3) Date: Sun, 2 Aug 2009 23:16:01 -0500 References: <4A763BDD.2010308@dannysplace.net> X-Mailer: Apple Mail (2.935.3) Cc: questions@freebsd.org Subject: Re: Sendmail Masqurading and root mails X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Aug 2009 04:34:29 -0000 On Aug 2, 2009, at 8:22 PM, Danny Carroll wrote: > I've added the following to the default sendmail mc file: > > MASQUERADE_AS(`mypublicdomain.com')dnl > FEATURE(masquerade_envelope)dnl > MASQUERADE_DOMAIN(beasie.lan)dnl > > Recompiled the cf files and restarted sendmail. > > Here is the kicker. If I log in as a normal user it masquerades just > fine. > > If I simply "su -" to root, the masquerading works fine and the > mail is > sent as the original logged in user. > > But if I log in as root via the console then it does not alter the > messages. By default sendmail does not MASQUERADE root (figuring that you get root mail from several of your machines and want to see which machine it is from). In the old days there was a feature "NO_MASQUERADE_ROOT", but looking through cf/README I see that that is one of the many things that have changed since I last seriously worked with sendmail. Now sendmail has a class of "exposed" users. These are usernames for which masquerading shouldn't take place. By default, root is in there. There is an .mc file directive EXPOSED(`username') which, according to the documentation, adds usernames to the list that shouldn't be masqueraded. Unfortunately, I don't see a mechanism for removing members from the E (Exposed) class. You could try EXPOSED() or EXPOSED(`') to see if either will remove things in the E class. The offending line in the generated .cf file is C{E}root if you still end up with that, then root will not get masqueraded. So if the above doesn't work, there probably is a clean way of clearing a class from the .mc file, but I don't know what it is. Hopefully others will be able to answer. In the worst case, you could manually edit the generated .cf file, to remove the C{E}root line, but that is not really a road I would recommend going down. At the risk of suggesting something that you probably know you should do in the long run, but would take a lot of tedious work to set up, you should probably move away from having your private network be .lan. Instead use .private.mypublicdomain.com and set up a local (on your private network) nameserver for that private subdomain. Sorry I couldn't be of more help. Cheers, -j -- Jeffrey Goldberg http://www.goldmark.org/jeff/