Hi. I've replaced Debian's Exim package with sendmail -- I missed DSN, and Exim doesn't support it. The package is configured wonderfully -- it automagically generates site certificates, enables TLS, and the like. However, I've had some trouble getting sendmail to recognize me as a "trusted user" that I didn't have with my last distro (Red Hat). I solved the problem -- but I think the current configuration has a bug -- or at least, a "gotcha" that should be noted in the documentation. [Note: if this is the wrong mailing list for sendmail questions, please let me know; I'll post elsewhere.] Sendmail slaps an X-Authentication-Warning header on any message sent with the -f (change from address) option that doesn't originate from a "Trusted" user. Cranking sendmail up to the highest debug level (sendmail -d1-98.99) indicates what happens: redefine(addr_type as <null>) define(f as jbarilla@princeton.edu) STAB: jbarilla 1 (hfunc=1685) not found <== I'm not legit. sm_gethostbyname(washer.barillari.org, 2)... washer.barillari.org alias: localhost addr: IPv6:7f00:1:88a6:3240:: STAB: X-Authentication-Warning 12 (hfunc=277) type 12 val 0 40 0 0 <==Slap! define(s as <null>) The following stanza in sendmail.cf, I gathered from on-the-web documentation, was responsible for designating the legitimate parties. # this is equivalent to setting class "t" Ft/etc/mail/trusted-users %[^\#] Troot Tdaemon Tuucp If I invoke sendmail with -f while su'd to the the uucp user, the STAB procedure finds uucp (I assume STAB stands for symbol table): redefine(addr_type as <null>) define(f as jbarilla@princeton.edu) STAB: uucp 1 (hfunc=730) type 1 val 0 0 0 100000 <== But uucp is. define(s as <null>) The bizarre part is that when I commented out out the "Tuucp" line in sendmail.cf and restart sendmail, the system _still_ recognized uucp as a valid user: redefine(addr_type as <null>) define(f as jbarilla@princeton.edu) STAB: uucp 1 (hfunc=730) type 1 val 0 0 0 100000 <==Even if sendmail.cf define(s as <null>)a doesn't say so. sendto: jbarilla ctladdr=[NULL] I grepped the /etc/mail directory for the line "Tuucp", and found it was _also_ in submit.cf. Curiously, the "Ft/etc/mail/trusted-users %[^\#]" line in submit.cf was commented out. I checked submit.mc, and discovered that the "FEATURE(`use_ct_file')dnl" line, which activates the trusted-users file in sendmail.cf, was absent, so I added it and rebuilt everything with sendmailconf. After that, Sendmail recognized me, stopped adding the X-Authentication-Warning header, and everything was peachy. My question is: why isn't the trusted-users file option active in submit.mc by default? Should I report this as a bug? Thanks, --Joe
Attachment:
pgpAhoUMbBppJ.pgp
Description: PGP signature