[ Docs |
Tools | Advisories
| Full-Disclosure ]
When using masquerading with Sendmail, there exist a number of 'exposed users'. By default, 'root' is included in this list. For instance, if all mail from foo.com was masqueraded as bar.com, root@foo.com would not be masqueraded by default.
This short article explains how to remove this restriction.
Having built a sendmail.cf using the normal m4 technique, we can see that the file contains the entry:
C{E}root
In other words, by default, 'root' is added to class 'E' - the list of exposed users. Using the m4 command
EXPOSED_USER(<username>)
we are able to add to this list as we see fit. However, removing this list completely requires a different technique.
Most sendmail.mc files contain the statement
DOMAIN(generic)
and it is this entry that is the key. Examining the generic.m4 file in the Sendmail cf/domain directory shows the following information:
VERSIONID(`$Id: generic.m4,v 8.15 1999/04/04 00:51:09 ca Exp $') define(`confFORWARD_PATH', `$z/.forward.$w+$h:$z/.forward+$h:$z/.forward.$w:$z/.forward')dnl define(`confMAX_HEADERS_LENGTH', `32768')dnl FEATURE(`redirect')dnl FEATURE(`use_cw_file')dnl EXPOSED_USER(`root')
This clearly indicates the cause of our 'root' entry in the final .cf.
In the cf/domain directory, copy generic.m4 to
another file such as mydomain.m4.
Edit this copy to remove the EXPOSED_USER() entry.
In your sendmail.mc file, change the
DOMAIN(generic)
line to mention your new domain definition:
DOMAIN(mydomain)
Then simply rebuild your sendmail.cf in the usual manner.
Examination of the newly-generated .cf shows no C{E} entry.
Utilising the Sendmail domain definition files, we can override the default behaviour and remove 'root' from the list of exposed users.
John Cartwright <johnc@grok.org.uk>