Re: Sendmail and masquerading
On Fri, Apr 23, 2004 at 09:43:22AM +0200, Harald Schmalzbauer wrote: I have another question(s) please: How can I have sendmail using a specified EHLO domain.tld instead of the machines name (changing the machines name is not a solution for me) Use: define(`confDOMAIN_NAME', `domain.tld')dnl in your `hostname`.mc file. And a last question: What do I have to use for sendmail when I want to do masquerading on a MTA which has a smart host defined? If I use the same two lines like on my local machine (which works) nothing happens on the MTA. No mail gets masqueraded. It's basically the same basic setup as for your local machine. You might find adding the following useful: FEATURE(limited_masquerade)dnl Applies masquerading only to those machines listed as MASQUERADE_DOMAIN below. The default is to do that plus all of the names listed in 'local-host-names'. FEATURE(masquerade_entire_domain)dnl Applies masquerading to all of the hosts under 'domain.tld' (from the MASQUERADE_DOMAIN setting below). MASQUERADE_AS(`domain.tld')dnl MASQUERADE_DOMAIN(`domain.tld')dnl See /usr/share/sendmail/cf/README for more details on these and other settings. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Sendmail and masquerading
Hi all, I have to _believe_ there's something strange going on with sendmail in the base system. I try to convince it to masquerade my righthandside. Therefore I added the following to bsdharry.zenk.de.mc: MASQUERADE_AS(`zenk.de') local-host-names reads: bsdharry.zenk.de host reads: 150.20.100.18 bsdharry bsdharry.zenk.de But sendmail still communicates with Mail from: @bsdharry.zenk.de Then I made sure that sendmail.cf reads: DMzenk.de I also added C{M}bsdharry.zenk.de Nothing helps! I also read the post about the not working alias and I wonder if there's something wrong with recent sendmail versions in the base system (I'm using -current as from 16th of April). Any help appreciated, -Harry -- Please never add my reply address to CC nor to the recipient list! If you make answers to all please remove my address! I'll complain if I see my reply address on any mailinglist pgp0.pgp Description: signature
Re: Sendmail and masquerading
On Wednesday 21 April 2004 09:47 am, Harald Schmalzbauer wrote: Hi all, I have to _believe_ there's something strange going on with sendmail in the base system. I try to convince it to masquerade my righthandside. Therefore I added the following to bsdharry.zenk.de.mc: MASQUERADE_AS(`zenk.de') local-host-names reads: bsdharry.zenk.de host reads: 150.20.100.18 bsdharry bsdharry.zenk.de But sendmail still communicates with Mail from: @bsdharry.zenk.de Then I made sure that sendmail.cf reads: DMzenk.de I also added C{M}bsdharry.zenk.de Nothing helps! I also read the post about the not working alias and I wonder if there's something wrong with recent sendmail versions in the base system (I'm using -current as from 16th of April). I normally need to put in a few more line for mine to work: MASQUERADE_AS(mydomain.com) FEATURE(allmasquerade) FEATURE(masquerade_envelope) If you don't already have the bat book I'd suggest picking it up from your local bookstore. -- Anish Mistry pgp0.pgp Description: signature
Re: Sendmail and masquerading
On Wed, Apr 21, 2004 at 03:47:48PM +0200, Harald Schmalzbauer wrote: Hi all, I have to _believe_ there's something strange going on with sendmail in the base system. I try to convince it to masquerade my righthandside. Therefore I added the following to bsdharry.zenk.de.mc: MASQUERADE_AS(`zenk.de') local-host-names reads: bsdharry.zenk.de host reads: 150.20.100.18 bsdharry bsdharry.zenk.de But sendmail still communicates with Mail from: @bsdharry.zenk.de Yup. That's the envelope sender address, as used in the SMTP dialog. That doesn't get masqueraded by default -- but you should see that the From: line within the message is masqueraded. Use: FEATURE(masquerade_envelope)dnl to make sendmail rewrite the envelope sender address as well. You might also want to use: FEATURE(allmasquerade)dnl which applies masquerading to *recipient* addresses. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
RE: Sendmail and masquerading
I found that it is not necessary to try to config sendmail's config files to do what you want. Just change or add hostname=zenk.de to rc.conf Sendmail uses that as his internal domain name for all emails. You said this --- Please never add my reply address to CC nor to the recipient list! If you make answers to all please remove my address! I'll complain if I see my reply address on any mailinglist Be so informed, that by posting to this questions list your email address is in the public domain and is spread through many sites on the internet. You can complain all you want, but by posting you have by default given your consent and there is nothing you can do about it, except not post here again. You should learn the rules of how this list works before posting. It's your mistake. Manny of the regulars who reply consider the email address they use here as an 'throw away' that they change when they start getting junk email to it. You should learn to set up 'Judas goat' email address just for this purpose. Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Harald Schmalzbauer Sent: Wednesday, April 21, 2004 9:48 AM To: [EMAIL PROTECTED] Subject: Sendmail and masquerading Hi all, I have to _believe_ there's something strange going on with sendmail in the base system. I try to convince it to masquerade my righthandside. Therefore I added the following to bsdharry.zenk.de.mc: MASQUERADE_AS(`zenk.de') local-host-names reads: bsdharry.zenk.de host reads: 150.20.100.18 bsdharry bsdharry.zenk.de But sendmail still communicates with Mail from: @bsdharry.zenk.de Then I made sure that sendmail.cf reads: DMzenk.de I also added C{M}bsdharry.zenk.de Nothing helps! I also read the post about the not working alias and I wonder if there's something wrong with recent sendmail versions in the base system (I'm using -current as from 16th of April). Any help appreciated, -Harry -- Please never add my reply address to CC nor to the recipient list! If you make answers to all please remove my address! I'll complain if I see my reply address on any mailinglist ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sendmail and masquerading
On Wed, Apr 21, 2004 at 04:51:18PM +0200, Harald Schmalzbauer wrote: Am Mittwoch, 21. April 2004 16:26 schrieb Matthew Seaman: On Wed, Apr 21, 2004 at 03:47:48PM +0200, Harald Schmalzbauer wrote: But sendmail still communicates with Mail from: @bsdharry.zenk.de Yup. That's the envelope sender address, as used in the SMTP dialog. Oh, that's the envelope?!? Errr... you see the sequence: MAIL From: [EMAIL PROTECTED] as part of the SMTP dialog. Eg: % mail -v -s test [EMAIL PROTECTED] E_O_M ? test message ? E_O_M [EMAIL PROTECTED] Connecting to [ipv6:::1] via relay... 220 smtp.infracaninophile.co.uk ESMTP Sendmail 8.12.11/8.12.11; Wed, 21 Apr 2004 16:09:53 +0100 (BST) EHLO happy-idiot-talk.infracaninophile.co.uk 250-smtp.infracaninophile.co.uk Hello localhost [IPv6:::1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN 250-STARTTLS 250-DELIVERBY 250 HELP STARTTLS 220 2.0.0 Ready to start TLS EHLO happy-idiot-talk.infracaninophile.co.uk 250-smtp.infracaninophile.co.uk Hello localhost [IPv6:::1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN 250-DELIVERBY 250 HELP MAIL From:[EMAIL PROTECTED] SIZE=64 [EMAIL PROTECTED] ^ here 250 2.1.0 [EMAIL PROTECTED]... Sender ok RCPT To:[EMAIL PROTECTED] DATA 250 2.1.5 [EMAIL PROTECTED]... Recipient ok 354 Enter mail, end with . on a line by itself . 250 2.0.0 i3LF9rks013491 Message accepted for delivery [EMAIL PROTECTED] Sent (i3LF9rks013491 Message accepted for delivery) Closing connection to [ipv6:::1] QUIT 221 2.0.0 smtp.infracaninophile.co.uk closing connection That's what I thought you were referring to. The addresses used in the 'MAIL From:' and 'RCPT To:' lines above are respectively the envelope sender or recipient addresses. They don't necessarily have to have anything to do with what is contained in the From: and To: or Cc: header lines within the body of the message -- for instance this message could be Bcc:'d to you, or you could be using a .forward file to send it on to a different server. Most mail software will generate messages where there is some relation though. Also note -- don't be confused by the example I've shown: even though it says the message is from '[EMAIL PROTECTED]' in the RCPT To: line, that's actually generated automatically by the mail(1) command in order to feed the message into sendmail(8) -- all of the masquerading and other address rewriting stuff happens at a later stage. Most mail clients let you specify what your From: address should be. But I don't want to masq the data From, just the MAIL from: (the header, not the body) Any hints? But that doesn't make any sense... the envelope from is only used transiently when the message is transferred from machine to machine. It doesn't appear in any on-line archives or the like, and so cannot be discovered by spammers, unless you happen to send e-mail directly to one of their systems. Generally the reason for masquerading the envelope sender address is to avoid giving away information about your internal hostnames. And while I'm talking to our sendmail guru: How can I prevent my real address to be listed on mail archives? The [EMAIL PROTECTED] will be blocked, which is the one people will see on http-archives in the From field. My reply address is where mail geos to if somebody like you is answering but unfortunately it's now in the To field, so it's again listen on http-archives. In a few days my newly configured reply address ([EMAIL PROTECTED]) will be spamed, I bet any amount. And people don't read my signature like I now know :( You don't. If you don't want e-mail (of any sort -- including spam) sent to your e-mail address, then don't use it on a public mailing list, or allow it to be put on a website anywhere. There's two strategies you can adopt: i) Use a 'throw-away' address on all mailing list messages, usenet posts of the like. Keep that address as your current address for a short time then replace it with a new one. Understand that you will get spam to the old addresses for evermore, and that your throw-away address will probably get harvested within a day or so, although spam levels shouldn't get unbearable for a while. ii) Use a permanent e-mail address, but spend a gread deal of time and effort setting up the best spam filters and other defences like SPF, greylisting, challenge-response whitelisting etc. Understand that even so, you're still going to see the odd spam now and again and you do run the risk of rejecting some non-spam messages by mistake. As for the
Re: Sendmail and masquerading
* JJB [EMAIL PROTECTED] [2004-04-21 08:23]: I found that it is not necessary to try to config sendmail's config files to do what you want. Just change or add hostname=zenk.de to rc.conf Sendmail uses that as his internal domain name for all emails. You said this --- Please never add my reply address to CC nor to the recipient list! If you make answers to all please remove my address! I'll complain if I see my reply address on any mailinglist Be so informed, that by posting to this questions list your email address is in the public domain and is spread through many sites on the internet. You can complain all you want, but by posting you have by default given your consent and there is nothing you can do about it, except not post here again. You should learn the rules of how this list works before posting. It's your mistake. Manny of the regulars who reply consider the email address they use here as an 'throw away' that they change when they start getting junk email to it. You should learn to set up 'Judas goat' email address just for this purpose. Or better yet, take Matthew's advice and learn how to protect your email addresses. Procmail and SpamAssassin are both great tools for spam filtering. -- Joshua Is there no place for the man with 105 IQ?! --Homer Simpson ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]