Masquerading is the process of transforming your domain name into another domain name. Then the message will appear to be coming from some other domain. There are legitimate reasons for wanting to do this. One example could be two companies that are in the process of merging. Recently an Unsolicited Commercial E-mailer was sent to prison for among other things using other domain names instead of his own. He was jailed for identity theft. Be careful how and why you do this.


In some situations sendmail may append the hostname to the e-mail message. For example let's say your company is called Good Company. Your registered domain name is goodcompany.com. You have a couple of machines that receive inbound e-mail. You have a couple of machines that every internal mail server sends their e-mails to and then those machines send the mail onto the Internet. During the sending process sendmail changes user@goodcompany.com to user@some_host_machine.goodcompany.com.


You can have sendmail revert the email address back to user@goodcompany.com by using a process known as hostname hiding.


The configuration file changes needed to implement hostname hiding are:


MASQUERADE_AS(`domainname.only')
MASQUERADE_DOMAIN(`machine_name.domain_name.tld')
FEATURE(`masquerade_entire_domain')
FEATURE(`masquerade_envelope')


Since some_host_machine resides behind a corporate firewall no one from the Internet is able to connect to it to deliver the mail. So you use masquerading to change user@some_host_machine.goodcompany.com to simply user@goodcompany.com. Then when someone replies to your e-mail message their smtp server grabs goodcompany.com's mx records and sends the mail to the inbound servers who could relay relay it back to some_machine_name.goodcompany.com inside the firewall if that is the final disposition of that e-mail message. You could also configure your e-mail client's "Reply-to" option instead of doing this if you need to.


Masquerading is generally used to rewrite the sender's address. Some features let you rewrite envelope addresses and recipient headers.


Domain Table


The purpose of creating a domain table file is to help ease the transition from one domain name to another domain name. To utilize this FEATURE the first thing you need to do is to create an ascii text file with the format of: 


old.domain        new.domain


In this file, the left hand side has either a fully qualified host name or a domain name and the right hand side has the new name. This file is then fed to makemap which turns it into a database. In order for Sendmail to use the new domain table you will need to add the following to your .mc file:


FEATURE(`domaintable')


or


FEATURE(`domaintable',`dbm /etc/mail/domaintable')


You can have your host masquerade as another by using:


MASQUERADE_AS(`host.domain')


This causes mail being sent to be labeled as coming from the indicated host.domain, rather than $j. This behaviour is modified by a plethora of FEATUREs; in particular, see masquerade_envelope, allmasquerade, limited_masquerade, and masquerade_entire_domain.


The masquerade name is not normally canonified, so it is important that it be your One True Name, that is, fully qualified and not a CNAME. However, if you use a CNAME, the receiving side may canonify it for you, so don't think you can cheat CNAME mapping this way.


Normally the only addresses that are masqueraded are those that come from this host (that is, are either unqualified or in class {w}, the list of local domain names). You can augment this list, which is realized by class {M} using


MASQUERADE_DOMAIN(`otherhost.domain')


The effect of this is that although mail to user@otherhost.domain will not be delivered locally, any mail including any user@otherhost.domain will, when relayed, be rewritten to have the MASQUERADE_AS address. This can be a space-separated list of names.


If these names are in a file, you can use


MASQUERADE_DOMAIN_FILE(`filename')


to read the list of names from the indicated file (i.e., to add elements to class {M}).


To exempt hosts or subdomains from being masqueraded, you can use


MASQUERADE_EXCEPTION(`host.domain')


This can come handy if you want to masquerade a whole domain except for one (or a few) host(s). If these names are in a file, you can use


MASQUERADE_EXCEPTION_FILE(`filename')


Normally only header addresses are masqueraded. If you want to masquerade the envelope as well, use


FEATURE(`masquerade_envelope')


FEATURE(`always_add_domain')


Include the local host domain even on locally delivered mail. Normally it is not added on unqualified names. However, if you use a shared message store but do not use the same user name space everywhere, you may need the host name on local names. An optional argument specifies another domain to be added than the local.


FEATURE(`allmasquerade')


If masquerading is enabled (using MASQUERADE_AS), this FEATURE will cause recipient addresses to also masquerade as being from the masquerade host. Normally they get the local hostname. Although this may be right for ordinary users, it can break local aliases. For example, if you send to "localalias", the originating sendmail will find that alias and send to all members, but send the message with "To: localalias@masqueradehost". Since that alias likely does not exist, replies will fail. Use this FEATURE ONLY if you can guarantee that the ENTIRE namespace on your masquerade host supersets all the local entries.


FEATURE(`limited_masquerade')


Normally, any hosts listed in class {w} are masqueraded. If this FEATURE is given, only the hosts listed in class {M} are masqueraded. This is useful if you have several domains with disjoint namespaces hosted on the same machine.


FEATURE(`masquerade_entire_domain')


If masquerading is enabled (using MASQUERADE_AS) and MASQUERADE_DOMAIN is set, this FEATURE will cause addresses to be rewritten such that the masquerading domains are actually entire domains to be hidden. All hosts within the masquerading domains will be rewritten to the masquerade name (used in MASQUERADE_AS). For example, if you have:


MASQUERADE_AS(`masq.com')
MASQUERADE_DOMAIN(`foo.org')
MASQUERADE_DOMAIN(`bar.com')


then *foo.org and *bar.com are converted to masq.com. Without this FEATURE, only foo.org and bar.com are masqueraded.


NOTE: only domains within your jurisdiction and current hierarchy should be masqueraded using this.


FEATURE(`local_no_masquerade')


This FEATURE prevents the local mailer from masquerading even if MASQUERADE_AS is used. MASQUERADE_AS will only have effect on addresses of mail going outside the local domain.


There are always users that need to be "exposed" -- that is, their internal site name should be displayed instead of the masquerade name. Root is an example (which has been "exposed" by default prior to 8.10). You can add users to this list by using


EXPOSED_USER(`usernames')


This adds users to class {E}; you could also use


EXPOSED_USER_FILE(`filename')


Next Section: Options - 11 of 32

This Web Site Copyright © 1997 - 2008
by Alan Pae - All Rights Reserved