Valid XHTML 1.0 Strict
Valid CSS!

[ Docs | Tools | Advisories | Full-Disclosure ]


When using masquerading with Sendmail, there exist a number of 'exposed users'. By default, 'root' is included in this list. For instance, if all mail from was masqueraded as, would not be masqueraded by default.

This short article explains how to remove this restriction.

Default Behaviour

Having built a using the normal m4 technique, we can see that the file contains the entry:


In other words, by default, 'root' is added to class 'E' - the list of exposed users. Using the m4 command


we are able to add to this list as we see fit. However, removing this list completely requires a different technique.

Domain Definitions

Most files contain the statement


and it is this entry that is the key. Examining the generic.m4 file in the Sendmail cf/domain directory shows the following information:

VERSIONID(`$Id: generic.m4,v 8.15 1999/04/04 00:51:09 ca Exp $')
define(`confFORWARD_PATH', `$z/.forward.$w+$h:$z/.forward+$h:$z/.forward.$w:$z/.forward')dnl
define(`confMAX_HEADERS_LENGTH', `32768')dnl

This clearly indicates the cause of our 'root' entry in the final .cf.


In the cf/domain directory, copy generic.m4 to another file such as mydomain.m4.
Edit this copy to remove the EXPOSED_USER() entry.
In your file, change the


line to mention your new domain definition:


Then simply rebuild your in the usual manner.

Examination of the newly-generated .cf shows no C{E} entry.


Utilising the Sendmail domain definition files, we can override the default behaviour and remove 'root' from the list of exposed users.

John Cartwright <>