4.4 Masquerading

Masquerading is the process of transforming the local hostname in addresses into that of another domain. This results in the mail message appearing to come from that other domain rather than from the local host. Masquerading is most often used in domains where email is addressed to the domain rather than to individual hosts inside the domain.

Masquerading usually rewrites header-sender addresses. Some mc features allow you also to rewrite envelope addresses and recipient headers. The complete list of all definitions and features that affect masquerading is shown in Table 4-3.

Table 4-3. Definitions and features affecting masquerading
What	§	Version	Masquerade
EXPOSED_USER	Section 4.4.1	V8.6 and up	All but these hosts
EXPOSED_USER_FILE	Section 4.4.1.1	V8.12 and up	All but these
FEATURE(allmasquerade)	FEATURE(allmasquerade)	V8.2 and up	The recipient too
FEATURE(domaintable)	FEATURE(domaintable)	V8.2 and up	Rewrite old domain as equivalent to new domain
FEATURE(generics_entire_domain)	FEATURE(generics_entire_domain)	V8.10 and up	Transform sender addresses
FEATURE(genericstable)	FEATURE(genericstable)	V8.8 and up	Transform sender addresses
FEATURE(limited_masquerade)	FEATURE(limited_masquerade)	V8.8 and up	Only MASQUERADE_DOMAIN hosts
FEATURE(local_no_masquerade)	FEATURE(local_no_masquerade)	V8.12 and up	Don't masquerade local mail
FEATURE(masquerade_entire_domain)	FEATURE(masquerade_entire_domain)	V8.8 and up	All of a domain
FEATURE(masquerade_envelope)	FEATURE(masquerade_envelope)	V8.7 and up	The envelope too
GENERICS_DOMAIN	Section 4.8.1	V8.8 and up	List domains for genericstable
GENERICS_DOMAIN_FILE	Section 4.8.1.1	V8.8 and up	List domains for genericstable
MASQUERADE_AS	Section 4.4.2	V8.6 and up	As another host
MASQUERADE_DOMAIN	Section 4.4.3	V8.6 and up	Other domains
MASQUERADE_DOMAIN_FILE	Section 4.4.4	V8.6 and up	Other domains
MASQUERADE_EXCEPTION	Section 4.4.5	V8.10 and up	But not these domains
MASQUERADE_EXCEPTION_FILE	Section 4.4.6	V8.12 and up	But not these domains

4.4.1 EXPOSED_USER mc Macro

An internal sendmail class is used by the V8 configuration file to hold a list of usernames that should never be masqueraded (even if masquerade is enabled with the MASQUERADE_AS mc macro). Prior to V8.10 sendmail, the user root was always in that class. With V8.10 and above, that class is now always empty unless you add user names into it.

You can add users individually with the EXPOSED_USER mc macro like this:

EXPOSED_USER(`user')

Here, user is either one user or a list of users separated by spaces.

4.4.1.1 EXPOSED_USER_FILE mc macro

The EXPOSED_USER_FILE macro, like the EXPOSED_USER macro, allows you to list names that should never be masqueraded (even if masquerade is enabled with the MASQUERADE_AS mc macro). It lists usernames in an external file, one name per line, and is declared like this:

EXPOSED_USER_FILE(`/etc/mail/exposedusers')

This declaration causes a list of users to be read from the file /etc/mail/exposedusers. Because EXPOSED_USER_FILE is implemented with an F configuration command (Section 22.1.2), you can add whatever F command arguments you desire. For example:

EXPOSED_USER_FILE(`-o /etc/mail/exposedusers')

Here the -o switch makes the presence of the /etc/mail/exposedusers file optional.

If you are currently reading exposed users from a file declared with the F configuration command, you are encouraged to convert to this new macro. Use of it will insulate you from change in the future if a different class name is ever used.

4.4.2 MASQUERADE_AS mc Macro

At sites with one central mail server (see MAIL_HUB, Section 4.5.7) it can be advantageous for mail to appear as if it is from the hub. This simplifies mail administration in that all users have the same machine address no matter which workstations they use. You can cause a workstation to masquerade as the server (or as another host) by using the MASQUERADE_AS mc macro:

MASQUERADE_AS(`server')

This causes outgoing mail to be labeled as coming from the server (rather than from the value in $j, $j). The new address appears in the sender headers (such as From:), but specifically does not appear in the Received: (Received:) and Message-ID: (Message-ID:) headers.

Some users (such as root) should never be masqueraded because one always needs to know their machine of origin. Such users are declared by using the EXPOSED_USER mc macro. Note that prior to V8.10 sendmail, root was always exposed.

If you wish to have recipient addresses also masqueraded, cautiously use the allmasquerade feature (FEATURE(allmasquerade)).

4.4.3 MASQUERADE_DOMAIN mc Macro

Ordinarily, MASQUERADE_AS enables hosts in the local domains (as defined in the $=w class, $=w) to be transformed into the masquerading host. It also masquerades a list of additional hosts, but that list is normally empty.

If you wish to masquerade a domain other than your local one, you can use the MASQUERADE_DOMAIN mc macro:

MASQUERADE_DOMAIN(`other.domain')

Essentially, all that MASQUERADE_DOMAIN does is assign its argument to an internal sendmail class, so you can list multiple domains in a single MASQUERADE_DOMAIN statement:

MASQUERADE_DOMAIN(`domain1 domain2 domain3')

Note that MASQUERADE_DOMAIN masquerades only the domain and not any hosts under that domain. If you wish to masquerade all hosts under a domain (including the domain itself), see the masquerade_entire_domain feature (FEATURE(masquerade_entire_domain)).

Also note that MASQUERADE_DOMAIN has special meaning for the limited_masquerade feature (FEATURE(limited_masquerade)). When that feature is declared, only the domains listed under MASQUERADE_DOMAIN will be masqueraded.

4.4.4 MASQUERADE_DOMAIN_FILE mc Macro

In masquerading other domains, as with MASQUERADE_DOMAIN, it can prove advantageous to store the list of masqueraded domains in an external file. The MASQUERADE_DOMAIN_FILE mc macro allows you to do just that:

MASQUERADE_DOMAIN_FILE(`/etc/mail/domains')

Essentially, all that MASQUERADE_DOMAIN_FILE does is read the external file using the F configuration command. As a consequence, you can add an F-style argument to its declaration:

MASQUERADE_DOMAIN_FILE(`-o /etc/mail/domains')

Here, we added a -o to make the existence of the file optional.

Note that the file specified with MASQUERADE_DOMAIN_FILE is read only once, when sendmail first starts.

4.4.5 MASQUERADE_EXCEPTION mc Macro

Normally, when you masquerade a site, you masquerade all the machines at that site. But, in some instances that might not be desirable. Beginning with V8.10 sendmail, it is now possible to omit selected hosts from masquerading.

Consider, for example, a university that hosts a few subdomains within it. If bigcampus.edu provided mail services for cs.bigcampus.edu, it might set up its main mail server's mc file like this:

MASQUERADE_AS('bigcampus.edu')
FEATURE(`masquerade_entire_domain')
MASQUERADE_EXCEPTION(`cs.bigcampus.edu')

The argument to MASQUERADE_EXCEPTION can be one or more hosts, separated from each other by spaces. Each excepted host is assigned to an internal sendmail class.

Note that you cannot exempt all hosts in a domain with this MASQUERADE_EXCEPTION mc macro. You must specify each host individually.

4.4.6 MASQUERADE_EXCEPTION_FILE mc Macro

If you have many exceptions defined with the MASQUERADE_EXCEPTION mc configuration macro, you can store them in a single file�say, donotmasq�and read that file using the MASQUERADE_EXCEPTION_FILE mc macro:

MASQUERADE_EXCEPTION_FILE(`/etc/mail/donotmasq') V8.12 and above

Essentially, all that MASQUERADE_EXCEPTION_FILE does is read the external file using the F configuration command. As a consequence, you can add an F-style argument to its declaration:

MASQUERADE_EXCEPTION_FILE(`-o /etc/mail/donotmasq') V8.12 and above