# Sendmail Masquerading and root mails



## MrFollies (Aug 3, 2009)

I have a situation that I've come accross from time to time that I have never found a good fix for.

Sometimes I'll install a freebsd box at a site with private  addresses (RFC 1918).  Most of the time these sites also have local DNS setups.

I'll take my home network as an example.  My FreeBSD box (7.2) does:
 - File serving
 - PPP/Routing/NATd for the local network
 - WWW
 - Local DNS

Nothing special.
The network is a 192.168 network and the local domain is .lan

The problem is when I try to forward periodic output to my real email address.  My email box see's the EHLO from beastie.lan and rejects the message based on the fact that root@beastie.lan is an unroutable address.

There are a few solutions I've used in the past.
 - Replace sendmail with exim and configure the SMTP domain.
 - Put beastie.lan in my email servers hosts file.

Neither of these are what I am looking for.  I'd like to make sendmail re-write all outgoing emails (envelope as well as message) as *@some.real.domain instead of *@beastie.lan.

I have a simple sendmail submit setup.  (sendmail=no in rc.conf)

I've added the following to the default sendmail mc file:


```
MASQUERADE_AS(`mypublicdomain.com')dnl
FEATURE(masquerade_envelope)dnl
MASQUERADE_DOMAIN(beasie.lan)dnl
```

Recompiled the cf files and restarted sendmail.

Here is the kicker.  If I log in as a normal user it masquerades just fine.   

If I simply "su -"  to root, the masquerading works fine and the mail is sent as the original logged in user.

But if I log in as root via the console then it does not alter the messages.

Apart from ditching sendmail for another MTA, does anyone know how I might coerce sendmail into rewriting root's messages as well?


----------



## aragon (Aug 3, 2009)

You might like mail/ssmtp.  It is a very small, simple MTA that would replace sendmail, but it's simplicity means it's trivial to setup.  All it does is allow a unix system to funnel local mail to an SMTP relay that you configure, and it supports domain rewriting.


----------



## MrFollies (Aug 3, 2009)

aragon said:
			
		

> You might like mail/ssmtp.  It is a very small, simple MTA that would replace sendmail, but it's simplicity means it's trivial to setup.  All it does is allow a unix system to funnel local mail to an SMTP relay that you configure, and it supports domain rewriting.



Thanks for the tip.  I think I could probably configure sendmail to do this via it's smart host feature.  I could also fix it, by using exim or postfix.  But that's kinda not the point.  I'd really like to know what I need to to to make this work with the standard sendmail setup so I can just add it to my standard install procedure.  Plus I'd learn something about sendmail.


----------



## DutchDaemon (Aug 3, 2009)

Not sure that what you want can be done:



> There are always users that need to be "exposed" -- that is, their
> internal site name should be displayed instead of the masquerade name.
> Root is an example (which has been "exposed" by default prior to 8.10).



Note that this concerns 'true root' (which you get from a straight console login, and which the local root user has when handling system/cron mail), not 'acquired root' (su or su -, which retains your 'original login identity' in the background).


----------

