Ordinarily, addresses can be masqueraded if they are unqualified (lack a domain part) or if they match any hostname in $=w ($=w) or in the special class defined by the MASQUERADE_DOMAIN mc macro (Section 4.4.3). Masquerading replaces the hostname part of an address with the fully qualified hostname defined by MASQUERADE_AS.

Some sites handle mail for multiple domains. For these sites it is important to recognize all incoming mail as local via $=w. On the other hand, only a subset of the hosts in $=w should be masqueraded. Consider, for example, the host our.domain that receives mail for the domains his.domain and her.domain:

Cw our.domain his.domain her.domain

In this scenario we want all but her.domain to be masqueraded as our.domain. The way to create such exceptions is with the limited_masquerade feature.

The limited_masquerade feature causes masquerading to be based only on the special class defined by the MASQUERADE_DOMAIN mc macro (Section 4.4.3), and not $=w. You use limited_masquerade like this:

MASQUERADE_AS(`our.domain')
FEATURE(`limited_masquerade')
LOCAL_DOMAIN(`our.domain his.domain her.domain')
MASQUERADE_DOMAIN(`our.domain his.domain')

Here, MASQUERADE_AS is declared first to define how masqueraded domains should be rewritten. Then, the limited_masquerade feature is declared. The LOCAL_DOMAIN ($=w) declares all three domains to be recognized as local (that is, it adds them to the class $=w). Finally, MASQUERADE_DOMAIN (Section 4.4.3) adds only the hosts that you wish masqueraded to the special class. Specifically, the special class omits the her.domain.

The limited_masquerade feature causes sendmail to masquerade the hosts in the special class defined by the MASQUERADE_DOMAIN mc macro, without the normal masquerading of the hosts in $=w too. Note that MASQUERADE_DOMAIN is also used to list the domains for the masquerade_entire_domain feature.