Hi.
I've replaced Debian's Exim package with sendmail -- I missed DSN, and
Exim doesn't support it.
The package is configured wonderfully -- it automagically generates
site certificates, enables TLS, and the like. However, I've had some
trouble getting sendmail to recognize me as a "trusted user" that I
didn't have with my last distro (Red Hat). I solved the problem -- but
I think the current configuration has a bug -- or at least, a "gotcha"
that should be noted in the documentation.
[Note: if this is the wrong mailing list for sendmail questions,
please let me know; I'll post elsewhere.]
Sendmail slaps an X-Authentication-Warning header on any message sent
with the -f (change from address) option that doesn't originate from a
"Trusted" user. Cranking sendmail up to the highest debug level
(sendmail -d1-98.99) indicates what happens:
redefine(addr_type as <null>)
define(f as jbarilla@princeton.edu)
STAB: jbarilla 1 (hfunc=1685) not found <== I'm not legit.
sm_gethostbyname(washer.barillari.org, 2)... washer.barillari.org
alias: localhost
addr: IPv6:7f00:1:88a6:3240::
STAB: X-Authentication-Warning 12 (hfunc=277) type 12 val 0 40 0 0 <==Slap!
define(s as <null>)
The following stanza in sendmail.cf, I gathered from on-the-web
documentation, was responsible for designating the legitimate parties.
# this is equivalent to setting class "t"
Ft/etc/mail/trusted-users %[^\#]
Troot
Tdaemon
Tuucp
If I invoke sendmail with -f while su'd to the the uucp user, the STAB
procedure finds uucp (I assume STAB stands for symbol table):
redefine(addr_type as <null>)
define(f as jbarilla@princeton.edu)
STAB: uucp 1 (hfunc=730) type 1 val 0 0 0 100000 <== But uucp is.
define(s as <null>)
The bizarre part is that when I commented out out the "Tuucp" line in
sendmail.cf and restart sendmail, the system _still_ recognized uucp
as a valid user:
redefine(addr_type as <null>)
define(f as jbarilla@princeton.edu)
STAB: uucp 1 (hfunc=730) type 1 val 0 0 0 100000 <==Even if sendmail.cf
define(s as <null>)a doesn't say so.
sendto: jbarilla
ctladdr=[NULL]
I grepped the /etc/mail directory for the line "Tuucp", and found it
was _also_ in submit.cf. Curiously, the "Ft/etc/mail/trusted-users
%[^\#]" line in submit.cf was commented out. I checked submit.mc, and
discovered that the "FEATURE(`use_ct_file')dnl" line, which activates
the trusted-users file in sendmail.cf, was absent, so I added it and
rebuilt everything with sendmailconf.
After that, Sendmail recognized me, stopped adding the
X-Authentication-Warning header, and everything was peachy.
My question is: why isn't the trusted-users file option active in
submit.mc by default? Should I report this as a bug?
Thanks,
--JoeAttachment:
pgpAhoUMbBppJ.pgp
Description: PGP signature