HPE Community
Operating System - HP-UX
1752650 Members
5598 Online
108788 Solutions
New Discussion юеВ

Re: sendmail 8.13 masquerade nightmare

 
Carl Houseman
Super Advisor

тАО03-06-2008 09:24 AM

тАО03-06-2008 09:24 AM

sendmail 8.13 masquerade nightmare

I posted a couple days ago about problems confguring sendmail. Under sendmail 8.9 one change to the sendmail.cf file and the masquerade job was done. .mc files are supposed to make things better, right? Wrong. Here's the problem.

This machine is hpux.domain.com. The outside world knows nothing of hpux.domain.com and that's the way we want it. So sender addresses on mail to external addressses must masquerade as "domain.com". Recipient addresses should be untouched. For that, I added this to sendmail.mc:

MASQUERADE_AS(`domain.com')dnl
MASQUERADE_DOMAIN(`hpux.domain.com')dnl
FEATURE(`masquerade_envelope')dnl

Result: Mail to an alias that translates to an external address gets the correct sender domain. Mail sent directly to an external address does NOT have the correct sender domain.

So I added those same three lines to to submit.mc. Result:

Mail sent directly to an external address has the correct sender domain. Aliases and local delivery is broken - all mail to simple addresses attempts to deliver to "address@domain.com".

I tried this:

FEATURE(`local_no_masquerade')dnl

in both sendmail.mc and submit.mc, but it didn't help. It's as if the `allmasquerade' feature was turned on - but it's not. And there's no directive to turn it off that I can add to submit.mc.

My hope was to make changes only to the .mc files. If I have to go tweak the resulting .cf file, then I might as well not bother with .mc at all and go attack the learning curve for changing .cf files.

I'm reading the .mc documentation at sendmail.org but so far haven't found the magic bullet for this. Anyone?
0 Kudos
Reply
6 REPLIES 6
VK2COT
Honored Contributor

тАО03-06-2008 02:30 PM

тАО03-06-2008 02:30 PM

Re: sendmail 8.13 masquerade nightmare

Hello,

a) There are no details on HP-UX version and
exact Sendmail version you run.

You said Sendmail 8.13, but that release
has number of subversions and patches.

Masquerading is actually easy in normal
circumstances.

Be aware of the following bug report for
Sendmail 8.13.3 on HP-UX:

Identifier: QXCR1000556385
Legacy ID: JAGaf83753
Component Version: B.11.1 and B.11.23
Title: Sendmail 8.13.3 masquerade does not work

Maybe you are hit by the same issue.

How old is your version of sendmail?

b) Run these couple of tests:

# sendmail -bt -d0.13
# sendmail -bt
> /tryflags HS
> /try esmtp localuser@hpux.domain.com

For "tryflags", you can use the following tests:

HS (header sender address)
ES (envelope sender address)
HR (header recipient address)
ER (envelope recipient address)

c) It might be helpful to add the line in
.mc:

FEATURE(masquerade_entire_domain)dnl

I also prefer to use:

MASQUERADE_DOMAIN_FILE(`/etc/mail/masquerade-domains.txt`)dnl

instead of MASQUERADE_DOMAIN...

I am not at my workplace today so I cannot
log into any HP-UX server to give you
simpler method of editing the sendmail.cf
directly. I often do that as well (I do not
worry about .mc files for simple config
changes)...

Cheers,

VK2COT
VK2COT - Dusan Baljevic
0 Kudos
Reply
Carl Houseman
Super Advisor

тАО03-06-2008 02:58 PM

тАО03-06-2008 02:58 PM

Re: sendmail 8.13 masquerade nightmare

I'm using 8.13.3 as provided by HP for HP-UX 11.11. Google's got nothing on the JAGaf83753 bug you site. Do you have a URL for that?
0 Kudos
Reply
VK2COT
Honored Contributor

тАО03-06-2008 04:53 PM

тАО03-06-2008 04:53 PM

Re: sendmail 8.13 masquerade nightmare

Hello,

Unless you work at HP, you will not find it
on Google.

Google is not a "know-it-all" place.

In fact, for security and privacy reasons
I do not allow Google or any other major
Web site to put cookies on my computer so
I use these sites in very limited fashion.

I suggest you contact HP representatives
through your maintenance contract, or
apply the latest patches, or even
install an open-source Sendmail 8.14.2.

Cheers,

VK2COT
VK2COT - Dusan Baljevic
0 Kudos
Reply
Carl Houseman
Super Advisor

тАО03-06-2008 06:36 PM

тАО03-06-2008 06:36 PM

Re: sendmail 8.13 masquerade nightmare

Google is a lot better at searching these forums than the forum search engine. No, Google doesn't know everyting, but when someone posts about a thing without any details about how to find the thing, I presume it must be easy to find with a search engine. So I do my due diligence by searching, as anyone should, before asking for more help.

As for your paranoia over cookies, enjoy it if it makes you happy.

Meanwhile I went searching in the patch database after uploading my inventory, and despite the fact that I have Sendmail 8.13.3 installed, it recommended a patch for 8.9.3. I don't plan on seeing what that does for my problem.

This whole exercise of updating Sendmail is taking far more time than justified. I'm looking for a specific fix, patch, or change to .mc or .cf file that will solve the problem I've outlined. If a newer version of sendmail is a *known* fix, then I need a .depot for HP-UX 11.11 - I don't have time to figure out anything less. If there isn't an easy fix I'm probably going to forget the whole thing and go back to 8.9.3.
0 Kudos
Reply
Sam McKnight
Frequent Advisor

тАО03-11-2008 04:19 AM

тАО03-11-2008 04:19 AM

Re: sendmail 8.13 masquerade nightmare

On hpux 11.11, I run sendmail version 8.13.3 - Revision 2.004 - WTEC JAGag15759 9/28/2006 which is very close to the latest version. Also, I generate the sendmail configuration file using m4 and localsm.mc. Masquerading is taken care of with the following four lines in the mc file:

define(`_MASQUERADE_ENVELOPE_')dnl
define(`MASQUERADE_NAME')dnl
MASQUERADE_AS(`____.com')dnl
FEATURE(`allmasquerade')dnl Masquerade recipient and sender addresses
~
I have found no problem with the results.

0 Kudos
Reply
Carl Houseman
Super Advisor

тАО03-11-2008 06:45 AM

тАО03-11-2008 06:45 AM

Re: sendmail 8.13 masquerade nightmare

OK, this sounds promising, except that I have no "localsm.mc" in /usr/newconfig/etc/mail/cf/cf. Are you building sendmail.cf or submit.cf with that file?

On the assumption that you were talking about building submit.cf with it, I added the commands you mention to my submit.mc and the results were the same as before.

My sendmail version identifies itself as "Sendmail @(#)Sendmail version 8.13.3 - Revision 2.005 - 12 January 2007/8.13.3". I would guess that is newer than "WTEC JAGag15759 9/28/2006".

Here's my sendmail.mc:

divert(0)dnl
VERSIONID(`$Id: generic-hpux10.mc,v 8.13 2001/05/29 17:29:52 ca Exp $')
OSTYPE(hpux11)dnl
DOMAIN(generic)dnl
define(`_X400_UUCP_')dnl
define(`_MASQUERADE_ENVELOPE_')dnl
define(`MASQUERADE_NAME')dnl
define(`confTRY_NULL_MX_LIST',`T')dnl
define(`LUSER_RELAY',`name_of_luser_relay')dnl
define(`DATABASE_MAP_TYPE',`dbm')dnl
define(`_CLASS_U_')dnl
define(`SMART_HOST',`otherhost.domain.com')dnl
TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5')dnl
MASQUERADE_AS(`domain.com')dnl
MASQUERADE_DOMAIN(`hpux.domain.com')dnl
FEATURE(`masquerade_envelope')dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(openmail)dnl
MAILER(uucp)dnl

And here's submit.mc:
(I tried it with and without 'allmasquerade', no difference)

divert(0)dnl
VERSIONID(`$Id: submit.mc,v 8.13 2003/09/10 22:12:48 ca Exp $')
define(`_MASQUERADE_ENVELOPE_')dnl
define(`MASQUERADE_NAME')dnl
define(`confCF_VERSION', `Submit')dnl
define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining
define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet
define(`confTIME_ZONE', `USE_TZ')dnl
define(`confDONT_INIT_GROUPS', `True')dnl
define(`SMART_HOST',`otherhost.domain.com')dnl
MASQUERADE_AS(`domain.com')dnl
dnl
dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:::1]
FEATURE(`msp', `[127.0.0.1]')dnl
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.