Valid XHTML 1.0 Strict
Valid CSS!

[ Docs | Tools | Advisories | Full-Disclosure ]

Introduction

When using masquerading with Sendmail, there exist a number of 'exposed users'. By default, 'root' is included in this list. For instance, if all mail from foo.com was masqueraded as bar.com, root@foo.com would not be masqueraded by default.

This short article explains how to remove this restriction.

Default Behaviour

Having built a sendmail.cf using the normal m4 technique, we can see that the file contains the entry:

C{E}root

In other words, by default, 'root' is added to class 'E' - the list of exposed users. Using the m4 command

EXPOSED_USER(<username>)

we are able to add to this list as we see fit. However, removing this list completely requires a different technique.

Domain Definitions

Most sendmail.mc files contain the statement

DOMAIN(generic)

and it is this entry that is the key. Examining the generic.m4 file in the Sendmail cf/domain directory shows the following information:

VERSIONID(`$Id: generic.m4,v 8.15 1999/04/04 00:51:09 ca Exp $')
define(`confFORWARD_PATH', `$z/.forward.$w+$h:$z/.forward+$h:$z/.forward.$w:$z/.forward')dnl
define(`confMAX_HEADERS_LENGTH', `32768')dnl
FEATURE(`redirect')dnl
FEATURE(`use_cw_file')dnl
EXPOSED_USER(`root')

This clearly indicates the cause of our 'root' entry in the final .cf.

Resolution

In the cf/domain directory, copy generic.m4 to another file such as mydomain.m4.
Edit this copy to remove the EXPOSED_USER() entry.
In your sendmail.mc file, change the

DOMAIN(generic)

line to mention your new domain definition:

DOMAIN(mydomain)

Then simply rebuild your sendmail.cf in the usual manner.

Examination of the newly-generated .cf shows no C{E} entry.

Conclusion

Utilising the Sendmail domain definition files, we can override the default behaviour and remove 'root' from the list of exposed users.

John Cartwright <johnc@grok.org.uk>