Re: local user FQDN or domain rewrite on outgoing mail

googlee07@xxxxxxxxx writes:

http://www.sendmail.org/m4/whoami.html
*OR*http://www.sendmail.org/m4/masquerading.html

thanks..

when it does the rewrite.. that's fine for outbound mail (envelople
FROM:).. but will it also rewrite RCPT:?

I ask because, without any masquerading turned on.. when ever i send
to root (without @domain) on the local box, and then have root alias
forwarded to an external accout, i always see 3 Received lines rather
than 2. It's puzzling me?

=======================================

RECEIVED: from host.domain.com ([2xx.9x.2xx.1xx]) by net.isp.com
(8.14.0/8.14.0) with ESMTP id lBBB37iO033395 (version=TLSv1/SSLv3
cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <me@xxxxxxx>;

RECEIVED: from host.domain.com (localhost.localdomain [127.0.0.1]) by
host.domain.com (8.13.8/8.13.8) with ESMTP id lBBB22o8012482 for
<root@xxxxxxxxxxxxxxx>

RECEIVED: (from root@localhost) by host.domain.com (8.13.8/8.13.8/
Submit) id lBBB22u2012249; Tue, 11 Dec 2007 04:02:02 -0700

=======================================

Why does sendmail submit twice??

1, First it gets root@localhost by the local FQDN.
2. Then it's as if it resubmits to ITSELF (FQDN) to send to root@FQDN.
3. Then it forwards to the external isp account.

Why does it do that step 2? can't it just send to the remote account
from step 1? or maybe a better way of asking the question is what is
the purpose of step 2? It looks a rewrite and a resubmit occurs there
- wondering why and what sendmail config parms are responsible for
that?

Historically sendmail had been installed as "set root id program".
Since sendmail-8.12 it is not to avoid to too likely security risks.

To preserve "traditional functionality" requiring root privileges
locally submitted messages are passed by "set *group* id" sendmail to
"main sendmail daemon" listening at 127.0.0.1:25 running with root
privileges. It explains the down most Received: header.

URL(s):
http://www.sendmail.org/security/secure-install.php

--
[pl>en: Andrew] Andrzej Adam Filip : anfi@xxxxxxxxxxxx : anfi@xxxxxxxx
Open-Sendmail: http://open-sendmail.sourceforge.net/
.

Relevant Pages

  • Re: sendmail problem
    ... You've failed to include relevant info from that bounce. ... required for sender address) ... (expanded from: root) ... while handing the message to the sendmail MTA daemon. ...
    (comp.mail.sendmail)
  • Re: sendmail trouble
    ... > I'm unsure why sendmail runs as root if exim/postfix don't. ... think Postfix is definitely a better MTA than Sendmail. ... While the m4 macros cover most common things they don't cover every ...
    (Debian-User)
  • Re: sendmail aliases
    ... I have set up aliases for sendmail: ... But it seems no to deliver any mail to "root". ... with FreeBSD 4.11, ...
    (comp.unix.bsd.freebsd.misc)
  • Re: Sendmail Masqurading and root mails
    ... But if I log in as root via the console then it does not alter the messages. ... By default sendmail does not MASQUERADE root. ... These are usernames for which masquerading shouldn't take place. ... At the risk of suggesting something that you probably know you should do in the long run, but would take a lot of tedious work to set up, you should probably move away from having your private network be .lan. ...
    (freebsd-questions)
  • RE: Need to change the source address in sendmail
    ... > abc.com is the source domain that I want to be. ... As a reference from the sendmail README.... ... Root is an example. ... See the section of the postfix main.cf titled "ADDRESS REWRITING". ...
    (RedHat)
Loading