[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

sendmail: Why does submit.mc lack FEATURE(`use_ct_file')dnl?


I've replaced Debian's Exim package with sendmail -- I missed DSN, and
Exim doesn't support it.

The package is configured wonderfully -- it automagically generates
site certificates, enables TLS, and the like. However, I've had some
trouble getting sendmail to recognize me as a "trusted user" that I
didn't have with my last distro (Red Hat). I solved the problem -- but
I think the current configuration has a bug -- or at least, a "gotcha"
that should be noted in the documentation.

[Note: if this is the wrong mailing list for sendmail questions,
please let me know; I'll post elsewhere.]

Sendmail slaps an X-Authentication-Warning header on any message sent
with the -f (change from address) option that doesn't originate from a
"Trusted" user. Cranking sendmail up to the highest debug level
(sendmail -d1-98.99) indicates what happens:

redefine(addr_type as <null>)
define(f as jbarilla@princeton.edu)
STAB: jbarilla 1 (hfunc=1685) not found  <== I'm not legit.
sm_gethostbyname(washer.barillari.org, 2)... washer.barillari.org
        alias: localhost
        addr: IPv6:7f00:1:88a6:3240::
STAB: X-Authentication-Warning 12 (hfunc=277) type 12 val 0 40 0 0 <==Slap!
define(s as <null>)

The following stanza in sendmail.cf, I gathered from on-the-web
documentation, was responsible for designating the legitimate parties.

# this is equivalent to setting class "t"
Ft/etc/mail/trusted-users %[^\#]

If I invoke sendmail with -f while su'd to the the uucp user, the STAB
procedure finds uucp (I assume STAB stands for symbol table):

redefine(addr_type as <null>)
define(f as jbarilla@princeton.edu)
STAB: uucp 1 (hfunc=730) type 1 val 0 0 0 100000  <== But uucp is.
define(s as <null>)

The bizarre part is that when I commented out out the "Tuucp" line in
sendmail.cf and restart sendmail, the system _still_ recognized uucp
as a valid user:

redefine(addr_type as <null>)
define(f as jbarilla@princeton.edu)
STAB: uucp 1 (hfunc=730) type 1 val 0 0 0 100000 <==Even if sendmail.cf 
define(s as <null>)a                                doesn't say so.
sendto: jbarilla

I grepped the /etc/mail directory for the line "Tuucp", and found it
was _also_ in submit.cf. Curiously, the "Ft/etc/mail/trusted-users
%[^\#]" line in submit.cf was commented out. I checked submit.mc, and
discovered that the "FEATURE(`use_ct_file')dnl" line, which activates
the trusted-users file in sendmail.cf, was absent, so I added it and
rebuilt everything with sendmailconf.

After that, Sendmail recognized me, stopped adding the
X-Authentication-Warning header, and everything was peachy.

My question is: why isn't the trusted-users file option active in
submit.mc by default? Should I report this as a bug?



Attachment: pgp017sV7Pgpb.pgp
Description: PGP signature

Reply to: