Sendmail: Removing Root as an Exposed User
How to remove root from Sendmail’s list of exposed users so it is correctly masqueraded like any other local account.
Introduction
When using masquerading with Sendmail, there exists a list of so-called exposed users. By default, root is included in this list. For example, if all mail from foo.com is masqueraded as bar.com, mail sent as root@foo.com would not normally be rewritten.
This short article explains how to remove this restriction.
Default Behaviour
After building a sendmail.cf using the standard m4 process, the following entry can be found:
C{E}root
This indicates that root has been added to class E, the list of exposed users. Additional entries can be added using the m4 macro:
EXPOSED_USER(<username>)
While this allows new exposed users to be added, removing the list entirely requires a different approach.
Domain Definitions
Most sendmail.mc files contain the directive:
DOMAIN(generic)
This is the key to the behaviour. Examining the generic.m4 file in Sendmail’s cf/domain directory reveals:
VERSIONID(`$Id: generic.m4,v 8.15 1999/04/04 00:51:09 ca Exp $') define(`confFORWARD_PATH', `$z/.forward.$w+$h:$z/.forward+$h:$z/.forward.$w:$z/.forward')dnl define(`confMAX_HEADERS_LENGTH', `32768')dnl FEATURE(`redirect')dnl FEATURE(`use_cw_file')dnl EXPOSED_USER(`root')
This clearly explains why root appears in the generated configuration.
Resolution
In the cf/domain directory, copy generic.m4 to a new file, such as mydomain.m4, and edit it to remove the EXPOSED_USER() line.
In your sendmail.mc file, change:
DOMAIN(generic)
to reference your new domain definition:
DOMAIN(mydomain)
Rebuild sendmail.cf in the usual manner. Inspection of the newly generated file will show that the C{E} entry is no longer present.
Conclusion
By customising Sendmail’s domain definition files, the default behaviour can be overridden, allowing root to be removed from the list of exposed users.
John Cartwright <johnc@grok.org.uk>