Re: Sendmail and masquerading

[Matthew Seaman]

On Fri, Apr 23, 2004 at 09:43:22AM +0200, Harald Schmalzbauer wrote:

 I have another question(s) please:
 How can I have sendmail using a specified EHLO domain.tld instead of the 
 machines name (changing the machines name is not a solution for me)

Use:

   define(`confDOMAIN_NAME', `domain.tld')dnl

in your `hostname`.mc file.

 And a last question: What do I have to use for sendmail when I want to do 
 masquerading on a MTA which has a smart host defined? If I use the same two 
 lines like on my local machine (which works) nothing happens on the MTA. No 
 mail gets masqueraded.

It's basically the same basic setup as for your local machine.  You
might find adding the following useful:

FEATURE(limited_masquerade)dnl

Applies masquerading only to those machines listed as
MASQUERADE_DOMAIN below.  The default is to do that plus all of the
names listed in 'local-host-names'.

FEATURE(masquerade_entire_domain)dnl

Applies masquerading to all of the hosts under 'domain.tld' (from the
MASQUERADE_DOMAIN setting below).

MASQUERADE_AS(`domain.tld')dnl
MASQUERADE_DOMAIN(`domain.tld')dnl

See /usr/share/sendmail/cf/README for more details on these and other
settings.

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.   26 The Paddocks
  Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614  Bucks., SL7 1TH UK


pgp0.pgp
Description: PGP signature

Sendmail and masquerading

[Harald Schmalzbauer]

Hi all,

I have to _believe_ there's something strange going on with sendmail in the 
base system.
I try to convince it to masquerade my righthandside. Therefore I added the 
following to bsdharry.zenk.de.mc:
MASQUERADE_AS(`zenk.de')

local-host-names reads:
bsdharry.zenk.de

host reads:
150.20.100.18   bsdharry bsdharry.zenk.de

But sendmail still communicates with Mail from: @bsdharry.zenk.de

Then I made sure that sendmail.cf reads:
DMzenk.de

I also added C{M}bsdharry.zenk.de

Nothing helps!
I also read the post about the not working alias and I wonder if there's 
something wrong with recent sendmail versions in the base system (I'm using 
-current as from 16th of April).

Any help appreciated,

-Harry
-- 
Please never add my reply address to CC nor to the recipient list!
If you make answers to all please remove my address!
I'll complain if I see my reply address on any mailinglist


pgp0.pgp
Description: signature

Re: Sendmail and masquerading

[Anish Mistry]

On Wednesday 21 April 2004 09:47 am, Harald Schmalzbauer wrote:
 Hi all,

 I have to _believe_ there's something strange going on with sendmail in the
 base system.
 I try to convince it to masquerade my righthandside. Therefore I added the
 following to bsdharry.zenk.de.mc:
 MASQUERADE_AS(`zenk.de')

 local-host-names reads:
 bsdharry.zenk.de

 host reads:
 150.20.100.18 bsdharry bsdharry.zenk.de

 But sendmail still communicates with Mail from: @bsdharry.zenk.de

 Then I made sure that sendmail.cf reads:
 DMzenk.de

 I also added C{M}bsdharry.zenk.de

 Nothing helps!
 I also read the post about the not working alias and I wonder if there's
 something wrong with recent sendmail versions in the base system (I'm using
 -current as from 16th of April).

I normally need to put in a few more line for mine to work:
MASQUERADE_AS(mydomain.com)
FEATURE(allmasquerade)
FEATURE(masquerade_envelope)

If you don't already have the bat book I'd suggest picking it up from your 
local bookstore.

-- 
Anish Mistry


pgp0.pgp
Description: signature

Re: Sendmail and masquerading

[Matthew Seaman]

On Wed, Apr 21, 2004 at 03:47:48PM +0200, Harald Schmalzbauer wrote:
 Hi all,
 
 I have to _believe_ there's something strange going on with sendmail in the 
 base system.
 I try to convince it to masquerade my righthandside. Therefore I added the 
 following to bsdharry.zenk.de.mc:
 MASQUERADE_AS(`zenk.de')
 
 local-host-names reads:
 bsdharry.zenk.de
 
 host reads:
 150.20.100.18 bsdharry bsdharry.zenk.de
 
 But sendmail still communicates with Mail from: @bsdharry.zenk.de

Yup.  That's the envelope sender address, as used in the SMTP dialog.
That doesn't get masqueraded by default -- but you should see that the
From: line within the message is masqueraded.

Use:

FEATURE(masquerade_envelope)dnl

to make sendmail rewrite the envelope sender address as well.  You
might also want to use:

FEATURE(allmasquerade)dnl

which applies masquerading to *recipient* addresses.

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.   26 The Paddocks
  Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614  Bucks., SL7 1TH UK


pgp0.pgp
Description: PGP signature

RE: Sendmail and masquerading

[JJB]

I found that it is not necessary to try to config sendmail's config
files to do what you want.
Just change or add hostname=zenk.de to rc.conf
Sendmail uses that as his internal domain name for all emails.

You said this
--- Please never add my reply address to CC nor to the recipient
list!
If you make answers to all please remove my address!
I'll complain if I see my reply address on any mailinglist

Be so informed, that by posting to this questions list your email
address is in the public domain and is spread through many sites on
the internet. You can complain all you want, but by posting you have
by default given your consent and there is nothing you can do about
it, except not post here again. You should learn the rules of how
this list works before posting. It's your mistake. Manny of the
regulars who reply consider the email address they use here as an
'throw away' that they change when they start getting junk email to
it.   You should learn to set up 'Judas goat' email address just for
this purpose.


Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Harald
Schmalzbauer
Sent: Wednesday, April 21, 2004 9:48 AM
To: [EMAIL PROTECTED]
Subject: Sendmail and masquerading

Hi all,

I have to _believe_ there's something strange going on with sendmail
in the
base system.
I try to convince it to masquerade my righthandside. Therefore I
added the
following to bsdharry.zenk.de.mc:
MASQUERADE_AS(`zenk.de')

local-host-names reads:
bsdharry.zenk.de

host reads:
150.20.100.18   bsdharry bsdharry.zenk.de

But sendmail still communicates with Mail from: @bsdharry.zenk.de

Then I made sure that sendmail.cf reads:
DMzenk.de

I also added C{M}bsdharry.zenk.de

Nothing helps!
I also read the post about the not working alias and I wonder if
there's
something wrong with recent sendmail versions in the base system
(I'm using
-current as from 16th of April).

Any help appreciated,

-Harry
--
Please never add my reply address to CC nor to the recipient list!
If you make answers to all please remove my address!
I'll complain if I see my reply address on any mailinglist

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Sendmail and masquerading

[Matthew Seaman]

On Wed, Apr 21, 2004 at 04:51:18PM +0200, Harald Schmalzbauer wrote:
 Am Mittwoch, 21. April 2004 16:26 schrieb Matthew Seaman:
  On Wed, Apr 21, 2004 at 03:47:48PM +0200, Harald Schmalzbauer wrote:

   But sendmail still communicates with Mail from: @bsdharry.zenk.de
 
  Yup.  That's the envelope sender address, as used in the SMTP dialog.
 
 Oh, that's the envelope?!?

Errr... you see the sequence:

MAIL From: [EMAIL PROTECTED]

as part of the SMTP dialog.  Eg:

% mail -v -s test [EMAIL PROTECTED] E_O_M
? test message
? E_O_M
[EMAIL PROTECTED] Connecting to [ipv6:::1] via relay...
220 smtp.infracaninophile.co.uk ESMTP Sendmail 8.12.11/8.12.11; Wed, 21 Apr 2004 
16:09:53 +0100 (BST)
 EHLO happy-idiot-talk.infracaninophile.co.uk
250-smtp.infracaninophile.co.uk Hello localhost [IPv6:::1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN
250-STARTTLS
250-DELIVERBY
250 HELP
 STARTTLS
220 2.0.0 Ready to start TLS
 EHLO happy-idiot-talk.infracaninophile.co.uk
250-smtp.infracaninophile.co.uk Hello localhost [IPv6:::1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN
250-DELIVERBY
250 HELP
 MAIL From:[EMAIL PROTECTED] SIZE=64 [EMAIL PROTECTED]

^ here

250 2.1.0 [EMAIL PROTECTED]... Sender ok
 RCPT To:[EMAIL PROTECTED]
 DATA
250 2.1.5 [EMAIL PROTECTED]... Recipient ok
354 Enter mail, end with . on a line by itself
 .
250 2.0.0 i3LF9rks013491 Message accepted for delivery
[EMAIL PROTECTED] Sent (i3LF9rks013491 Message accepted for delivery)
Closing connection to [ipv6:::1]
 QUIT
221 2.0.0 smtp.infracaninophile.co.uk closing connection

That's what I thought you were referring to.  The addresses used in
the 'MAIL From:' and 'RCPT To:' lines above are respectively the
envelope sender or recipient addresses.  They don't necessarily have
to have anything to do with what is contained in the From: and To: or
Cc: header lines within the body of the message -- for instance this
message could be Bcc:'d to you, or you could be using a .forward file
to send it on to a different server.  Most mail software will generate
messages where there is some relation though.

Also note -- don't be confused by the example I've shown: even though
it says the message is from
'[EMAIL PROTECTED]' in the RCPT To:
line, that's actually generated automatically by the mail(1) command
in order to feed the message into sendmail(8) -- all of the
masquerading and other address rewriting stuff happens at a later
stage.  Most mail clients let you specify what your From: address
should be.
 
 But I don't want to masq the data From, just the MAIL from: (the header, not 
 the body)
 Any hints?

But that doesn't make any sense... the envelope from is only used
transiently when the message is transferred from machine to machine.
It doesn't appear in any on-line archives or the like, and so cannot
be discovered by spammers, unless you happen to send e-mail directly
to one of their systems.  Generally the reason for masquerading the
envelope sender address is to avoid giving away information about your
internal hostnames.
 
 And while I'm talking to our sendmail guru: How can I prevent my real address 
 to be listed on mail archives? The [EMAIL PROTECTED] will be blocked, which 
 is the one people will see on http-archives in the From field. My reply 
 address is where mail geos to if somebody like you is answering but 
 unfortunately it's now in the To field, so it's again listen on 
 http-archives.
 In a few days my newly configured reply address ([EMAIL PROTECTED]) will 
 be spamed, I bet any amount. And people don't read my signature like I now 
 know :(

You don't.  If you don't want e-mail (of any sort -- including spam)
sent to your e-mail address, then don't use it on a public mailing
list, or allow it to be put on a website anywhere.

There's two strategies you can adopt:

i) Use a 'throw-away' address on all mailing list messages, usenet
   posts of the like.  Keep that address as your current address
   for a short time then replace it with a new one.  Understand
   that you will get spam to the old addresses for evermore, and
   that your throw-away address will probably get harvested within
   a day or so, although spam levels shouldn't get unbearable for
   a while.

   ii) Use a permanent e-mail address, but spend a gread deal of time
   and effort setting up the best spam filters and other defences
   like SPF, greylisting, challenge-response whitelisting etc.
   Understand that even so, you're still going to see the odd spam
   now and again and you do run the risk of rejecting some
   non-spam messages by mistake.

As for the 

Re: Sendmail and masquerading

[Joshua Lokken]

* JJB [EMAIL PROTECTED] [2004-04-21 08:23]:
 I found that it is not necessary to try to config sendmail's config
 files to do what you want.
 Just change or add hostname=zenk.de to rc.conf
 Sendmail uses that as his internal domain name for all emails.
 
 You said this
 --- Please never add my reply address to CC nor to the recipient
 list!
 If you make answers to all please remove my address!
 I'll complain if I see my reply address on any mailinglist
 
 Be so informed, that by posting to this questions list your email
 address is in the public domain and is spread through many sites on
 the internet. You can complain all you want, but by posting you have
 by default given your consent and there is nothing you can do about
 it, except not post here again. You should learn the rules of how
 this list works before posting. It's your mistake. Manny of the
 regulars who reply consider the email address they use here as an
 'throw away' that they change when they start getting junk email to
 it.   You should learn to set up 'Judas goat' email address just for
 this purpose.

Or better yet, take Matthew's advice and learn how to protect your email
addresses.  Procmail and SpamAssassin are both great tools for spam
filtering. 

-- 
Joshua

Is there no place for the man with 105 IQ?!
   --Homer Simpson

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]