The Answer Guy
The Answer Guy
'sendmail' Masquerading:
What and WhyFrom Stephen Oberther on Tue, 07 Apr 1998
First of all let me say that I love the magazine and your
column. This problem has been bothering me for quite
some time now and I can't seem to figure out how to
remedy it. I have a dial-up internet account but use my
local sendmail for email distribution.
My question is this: Is there a way to have my actual
email address stampled onto my email so that the
recipient can just reply to the email normally and have
the reply go to my account with my ISP? Currently, with
the exception of this message if netscape works properly,
the from field is posted with my username and my local
machine name, as it should be. Is this possible at all
or is it just a lost cause?
Yes, there is a way to have your system "masquerade" as some other system or domain. In fact this is what most organizations do.
Note: this 'sendmail' masquerading feature should not be confused with "IP Masquerading" (which is a form of TCP/IP network address translation -- or NAT). In the contest of mail the term refers purely to how the headers of each piece of mail are constructed. (IP masquerading is at the transport layer of the OSI reference model while 'sendmail' masquerading is at the applications layer).
Now the fact that you mention Netscape (presumably NS Navigator or Communicator) raises a different issue. Some MUA's --- particularly those that have been ported from or significantly influenced by non-Unix code --- will bypass the normal conventions for mail handling under Unix and deliver their own mail directly to the apparent recipient (by doing the appropriate DNS query for MX records and engaging in a direct TCP dialog with that host's SMTP port. In many cases you can configure these to relay mail through some other system --- such as 'localhost' which will allow your 'sendmail' (or qmail, or vmail, or other local MTA (mail transport agent) to apply your local policies (like header rewrites) to the mail).
Host "hiding" via 'sendmail' masquerading is such a local policy. Assuming you're using 'sendmail' you can enable it with the following lines to your 'mc' (Macro Config) file:Naturally you probably need other lines in there and you need to run this through the M4 macro preprocessor to generate your /etc/sendmail.cf file. (I do not recommend hand hacking the cf files as this is more error prone and harder to document and review later).FEATURE(always_add_domain)dnl
FEATURE(allmasquerade)dnl
FEATURE(always_add_domain)dnl
FEATURE(masquerade_envelope)dnl
MASQUERADE_AS($YOURHOST)dnl
You might not need all of these features --- but I use them.
Note: this doesn't "hide" your internal host names and/or IP address in the "Received:" headers --- which is an FAQ in security (via obscurity) features. I merely affects the Reply-Path: and From: addresses.
The part about "masquerade_envelope" is one I've added more recently. It prevents some potentially alarming headers from appearing in my mail when a recieving or relaying mailhost's sendmail (or other MTA) can't do a proper "double reverse" lookup of my address. (Yes, my DNS and reverse DNS are out of sync --- and no, I haven't fought it out with my ISP nor have I assumed control of my own DNS. Let's not talk about the footwear on the cobbler's kids!).
Oh
and just in case the from address is wrong on this email it should be ...
Thanks in advance, Stephen Oberther
... where $TESTMAIL is the name of a file that has a reasonably formatted piece of mail (at least a To: and a Subject: line for a header, a blank line and a few lines of text for the body)./usr/lib/sendmail -t -v -oe < $TESTMAIL
point the To: line at one of your other accounts to a friend or through some autoresponder (pick one that doesn't remove the headers). Then you can see what sort of rewriting is occuring. It may be that you system's MTA is already properly configured and you can focus on the MUA (mail user agent).
![[ Table Of Contents ]](../gx/indexnew.gif)
![[ Front Page ]](../gx/homenew.gif)
![[ Answer Guy Index ]](../gx/dennis/answernew.gif)