Messaging
cancel
Showing results for 
Search instead for 
Did you mean: 

configure masquerading on hpux 11.11 sendmail

SOLVED
Go to solution
itai weisman
Super Advisor

configure masquerading on hpux 11.11 sendmail

hello everyone,
I'm trying to configure masquerading on one of my hpux servers (to hide server name from origin fields on messages)
when I mails from this hpux server, the 'from' field appears correctly, without server name ,
but, if I check the internet header, I see that next to the ' return path' field, the original host name does appears.
I'm running sendmail 8.9.3.1 PHNE_29774 on HPUX 11.11 machine (PA Risc)
attached sendmail.cf from the server, and, the mail internet header:
Microsoft Mail Internet Headers Version 2.0
Received: from blackhawk4.pelephone.co.il ([10.57.9.97]) by blackhawk2.pelephone.co.il with Microsoft SMTPSVC(6.0.3790.211);
Sun, 2 Jul 2006 15:10:06 +0200
Received: from STARGATE.pelephone.co.il ([10.57.9.70]) by blackhawk4.pelephone.co.il with Microsoft SMTPSVC(6.0.3790.211);
Sun, 2 Jul 2006 15:10:06 +0200
Received: from cust1.pelephone.co.il (unverified) by STARGATE.pelephone.co.il
(Content Technologies SMTPRS 4.2.10) with ESMTP id for ;
Sun, 2 Jul 2006 15:09:50 +0200
Received: (from root@localhost) by cust1.pelephone.co.il (8.9.3 (PHNE_29774)/8.7.3) id PAA01833 for itaiwe; Sun, 2 Jul 2006 15:10:33 +0300 (IDT)
Date: Sun, 2 Jul 2006 15:10:33 +0300 (IDT)
From: root@pelephone.co.il
Message-Id: <200607021210.PAA01833@cust1.pelephone.co.il>
To: itaiwe@pelephone.co.il
Subject: tesst
Mime-Version: 1.0
Content-Type: text/plain; charset=X-roman8
Content-Transfer-Encoding: 7bit
Return-Path: root@cust1.pelephone.co.il
X-OriginalArrivalTime: 02 Jul 2006 13:10:06.0170 (UTC) FILETIME=[D65F3BA0:01C69DD8]
19 REPLIES
Steven E. Protter
Exalted Contributor

Re: configure masquerading on hpux 11.11 sendmail

Shalom,

Couple quickies might work:

Dj directive in sendmail.cf

/sbin/init.d/sendmail stop
/sbin/init.d/sendmail start

If that does not work and you truly want to use the sendmail.mc file (its name is different in HP-UX) then see the masquerade instructions at http://www.sendmail.org

and

look at my handy anti spam script that generates and creates mail configurations in HP-UX.

http://www.hpux.ws/buildmail.hpux.text

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
itai weisman
Super Advisor

Re: configure masquerading on hpux 11.11 sendmail

how do I make this change?
now Dj entry looks like that:
Dj$w.pelephone.co.il
Fred Martin_1
Valued Contributor

Re: configure masquerading on hpux 11.11 sendmail

I think you need to implement userdb...

(sendmail.cf file)
O UserDatabaseSpec=/etc/mail/userdb.db

(userdb file)
aen:mailname enorton@applicat.com
enorton:maildrop aen

When user 'aen' sends out an email, the 'from' address becomes 'enorton@applicat.com' even though the domain might be something other than applicat.com, for example he might really be:

aen@internaldomain.com

You would need to add applicat.com to sendmail.cw as well.
fmartin@applicatorssales.com
Fred Martin_1
Valued Contributor

Re: configure masquerading on hpux 11.11 sendmail

Do a search in the forums on:

userdb sendmail

You'll find lots of good information.

fmartin@applicatorssales.com
Kasper Haitsma
Trusted Contributor
Solution

Re: configure masquerading on hpux 11.11 sendmail

Hello,

If you mean the "Receicved:...." lines that show the route of the message, it is per design and confirm the RFC, to show the route a message has taken. The originating host is also embeded in the Message-id.
When these header lines are tampered with, a receiving host could consider your message as SPAM, since you want to disguise your identity (Spammers tend to like to hide their identity). I am not suggesting you are a spammer, do not get me wrong here, merely that you are attempting to mimic one. Masquerading (also known as site hiding) is a mechanism, that allows replies/non-deliveries to be returned to a central mailserver (i.e. pelephone.il) instead of to every system that is capable of sending, so you do not have to logon to every system, to check for email. That is the function of Masquerading, not to hide the identity of the sending host.

Hope This Helps

regards,
Kasper Haitsma
It depends
Fred Martin_1
Valued Contributor

Re: configure masquerading on hpux 11.11 sendmail

Fair enough. We use site hiding because our company has two divisions known under other names. So three publicly known domains, each have their own web site.

But - one mail server. When someone from one of the divisions sends out an email, we want the email to appear to come from one of the divisions, not the parent company.

So, site hiding has value.

We set up the public DNS records so that MX records for any of the three domains, go to the public IP address of the parent domain.

Then, sendmail.cw allows sendmail to accept mail for any of the three.

The userdb has two functions:

On outgoing mail it masks the name of the parent company domain, for the other two divisions.

It allows us to have a 'pretty name' for a user for email (fmartin is my 'pretty' email name, my login and sendmail inbox is actually something else).
fmartin@applicatorssales.com
Fred Martin_1
Valued Contributor

Re: configure masquerading on hpux 11.11 sendmail

Actually, in reading Itai's orginal request, it does not appear that what I'm suggesting will help.

Our setup does hide host and domain names on the main header.

But you're correct, anyone caring to look at the header -detail- can still find hostnames etc.
fmartin@applicatorssales.com
Kasper Haitsma
Trusted Contributor

Re: configure masquerading on hpux 11.11 sendmail

I overlooked
"Return-Path: root@cust1.pelephone.co.il"
in my 1st response.

root is a special user, which by default is not masqueraded (check the CE parameter in sendmail.cf)
if DMpelephone.co.il
where should root@pelephone.co.il be delivered, if you have more then one unix system?

one can use the userdb, to change the sending root@cust1.pelephone.co.il into root.cust1@pelephone.co.il, so on return/answer, the alias can be converted back to root@cust1.pelephone.co.il but that is advanced masquerading, and not part of the original question

HTH

Kasper
It depends
itai weisman
Super Advisor

Re: configure masquerading on hpux 11.11 sendmail

Hello Everyone and thanks for your help,
1. I'm not a spammer, I work for a company called pelephone. our domain is known in the world as 'pelephone.co.il' , but when I send mails from our Unix enviorment, in the return path field it appears as 'user@hostname.pelephone.co.il' - which is a non existing domain, therfore most of the mails that received from our unix enviorment are reconginzed as spam and being filtered. I want to prevent that from happening.
2.I do not have a dns server in our enviorment (we use NIS) I cannot create one, Is it mandatory to have one in order to solve this issue?
3. I didn't understand why should I have a userdb.... actually the best solution for me would be if all mails from our unix enviorment will be received from one user (like post@pelephone.co.il) since these mail are autogenerated reports, no reply is requierd (and the users that creating these reports have no mailboxs)
thanks
itai weisman
Super Advisor

Re: configure masquerading on hpux 11.11 sendmail

Kasper - CE is not enabled....
itai weisman
Super Advisor

Re: configure masquerading on hpux 11.11 sendmail

after configuring userdb - things became worse - mail won't be sent out of our unix enviorment -
got stucked in the mail queue -
itaiwe1@ovosrv (root): mailq
Mail Queue (1 request)
--Q-ID-- --Size-- -----Q-Time----- ------------Sender/Recipient------------
WAA28586 1 Mon Jul 3 22:27 itaiwe1
(Deferred: user database error)
itaiwe
itaiwe1@ovosrv (root):
itai weisman
Super Advisor

Re: configure masquerading on hpux 11.11 sendmail

another thing - since there is sendmail.mc file on HPUX - I can't find any document related to userdb that does not use sendmail.mc....
Kasper Haitsma
Trusted Contributor

Re: configure masquerading on hpux 11.11 sendmail

Hello Itai,

I know you are not a spammer, I did not want to imply you were, and I know that in Israel companies and agencies are protective of their identity, for obvious reasons.
What I want to make you aware of, is that receiving servers will most likely identify your email as spam, when the headers are modified, to hide the various servers that have handled the email message.

HTH

Kasper
It depends
itai weisman
Super Advisor

Re: configure masquerading on hpux 11.11 sendmail

it's ok Kasper :)
Fred Martin_1
Valued Contributor

Re: configure masquerading on hpux 11.11 sendmail

DNS is not required, I mentioned because we needed it, so that all three of our domain names resolve to the one address for the mail server.

Regarding userdb, the format for each user in the /etc/mail/userdb file is:

acl:mailnameclibby@applicat.com
clibby:maildropacl

In the example above, the unix login is acl. When acl sends an email, the from address becaomes clibby@applicat.com, due to the first line. The second line tells sendmail to deliver any mail for clibby, to the inbox for acl.

After you build that file, you need to run this command:

makemap btree /etc/mail/userdb.db < /etc/mail/userdb

In sendmail.cf you need this line:

O UserDatabaseSpec=/etc/mail/userdb.db

Make sure you start/stop sendmail each time you modify the userdb file.

fmartin@applicatorssales.com
itai weisman
Super Advisor

Re: configure masquerading on hpux 11.11 sendmail

well,
after making these changes, the 'from' field on the mail message appears as defined in userdb file,
but
when I look at the internet header -
Return-Path: root@ovosrv.pelephone.co.il
instead of:
root@pelephone.co.il...
(ovosrv is the origin host name, pelephone.co.il is the domain)
Fred Martin_1
Valued Contributor

Re: configure masquerading on hpux 11.11 sendmail

Yes, I mentioned in my 4th post above, I was afraid that would be the case.

I found something that might work, in this PDF file on the web:

http://media.wiley.com/product_data/excerpt/71/07821273/0782127371.pdf

Chapter 9 deals with m4 changes that might work. At the top of page 251 there is an example that appears to do what you want.

I didn't look into it too deeply though.
fmartin@applicatorssales.com
Kasper Haitsma
Trusted Contributor

Re: configure masquerading on hpux 11.11 sendmail

Itai,

do a:

grep ^CE /etc/mail/sendmail.cf

(the ^ means start of the line)
are you sure there is no line:

CEroot

in my sendmail.cf, in the preceeding section, it reads:

# class E: names that should be exposed as from this host, even if we masquerade

if you do not have the "CEroot" line, enter a line with just CE, so an empty class E, if you do have it, remove root.

HTH

Kasper
It depends
itai weisman
Super Advisor

Re: configure masquerading on hpux 11.11 sendmail

Hi Kasper,
I had no CE lines, I added an empty CE line
but it didn't help...
from internet header -
Return-Path: root@ovosrv.pelephone.co.il