sendmail seems to be ignoring /etc/mail/trusted_users
I am getting Authentication-Warnings from sendmail that look like this: Authentication-Warning: avalon.paulsen.org: wwwrun set sender to robert@paulsenonline.net using -f (A little background -- the email is being sent by the "mail" command in a PHP script. It needs to set the sender's address based on the user who logged into the web page and initiated the sending of the mail. This is why it is wwwrun who is seting the sender.) I thought /etc/mail/trusted_users was supposed to let me specify that it was OK for "wwwrun" to do this, but it isn't working. Perhaps I don't have the syntax right. All I did was put one line in trusted_users: wwwrun But, I still get the Authentication-Warnings. I don't think this was happening before I upgraded 7.3 to 8.0 so perhaps I lost some other configuration setting somewhere. Any advice? I do know how to turn off Authentication-Warnings completely in sendmail.cf, but I don't want to do that. -- Robert C. Paulsen, Jr. robert@paulsenonline.net
On Wed, 08 May 2002, Robert Paulsen wrote:
I thought /etc/mail/trusted_users was supposed to let me specify that it was OK for "wwwrun" to do this, but it isn't working. Perhaps I don't have the syntax right. All I did was put one line in trusted_users:
wwwrun
But, I still get the Authentication-Warnings.
HI, I did exactly the same (I means the trusted user information not the phpscript) and it worked fine for me ... did you run SuSEconfig afterwards? Oliver -- ... don't touch the bang-bang fruit ...
I have *hacked* a fix to the problem described in the note included below. It turns out that SuSEconfig generates *two* sendmail.cf files. Actually one is named submit.cf. These are them: /etc/mail/submit.cf /etc/sendmail.cf Only the *second* one lists wwwrun as a trusted user. Here is the relevant section of /etc/sendmail.cf: ##################### # Trusted users # ##################### # this is equivalent to setting class "t" #Ft-o /etc/mail/trusted-users %[^\#] Troot Tdaemon Tuucp Tmdom wwwrun root uucp daemon mail The file /etc/mail/submit.cf does not contain the last line above. If I copy that line into /etc/mail/submit.cf, I no longer get the Authentication-Warnings. I still don't know why it makes no difference what I put into /etc/mail/trusted-users. And, of course, when I do this SuSEconfig now complains that I have modified the file. On Wed, May 08, 2002 at 08:52:06PM -0500, Robert Paulsen wrote:
I am getting Authentication-Warnings from sendmail that look like this:
Authentication-Warning: avalon.paulsen.org: wwwrun set sender to robert@paulsenonline.net using -f
(A little background -- the email is being sent by the "mail" command in a PHP script. It needs to set the sender's address based on the user who logged into the web page and initiated the sending of the mail. This is why it is wwwrun who is seting the sender.)
I thought /etc/mail/trusted_users was supposed to let me specify that it was OK for "wwwrun" to do this, but it isn't working. Perhaps I don't have the syntax right. All I did was put one line in trusted_users:
wwwrun
But, I still get the Authentication-Warnings.
I don't think this was happening before I upgraded 7.3 to 8.0 so perhaps I lost some other configuration setting somewhere.
Any advice?
I do know how to turn off Authentication-Warnings completely in sendmail.cf, but I don't want to do that.
-- Robert C. Paulsen, Jr. robert@paulsenonline.net
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com
-- Robert C. Paulsen, Jr. robert@paulsenonline.net
On Thu, 09 May 2002, Robert Paulsen wrote:
I have *hacked* a fix to the problem described in the note included below. It turns out that SuSEconfig generates *two* sendmail.cf files. Actually one is named submit.cf. These are them:
/etc/mail/submit.cf /etc/sendmail.cf
O.K the same on my system
Only the *second* one lists wwwrun as a trusted user. Here is the relevant section of /etc/sendmail.cf:
##################### # Trusted users # #####################
# this is equivalent to setting class "t" #Ft-o /etc/mail/trusted-users %[^\#] Troot Tdaemon Tuucp Tmdom wwwrun root uucp daemon mail
The file /etc/mail/submit.cf does not contain the last line above. If I copy that line into /etc/mail/submit.cf, I no longer get the Authentication-Warnings.
For my understanding it is working the other way around ... all the files in /etc/mail are changed then you run SuSEconfig and information will be trynsported to the sendmail.cf file
I still don't know why it makes no difference what I put into /etc/mail/trusted-users. And, of course, when I do this SuSEconfig now complains that I have modified the file.
I tested some things by myself and here is what I found: On my sendmail configuration it does not matter what you write in the trusted user file because everyone is allowed to use the -f option ... I think this is a bug ... I created a new user without inserting his name in the trusted user file and he was able to use the -f option ... I think this is not o.k. Oliver
On Thu, May 09, 2002 at 08:37:28PM +0200, Oliver Fuchs wrote:
On Thu, 09 May 2002, Robert Paulsen wrote:
The file /etc/mail/submit.cf does not contain the last line above. If I copy that line into /etc/mail/submit.cf, I no longer get the Authentication-Warnings.
For my understanding it is working the other way around ... all the files in /etc/mail are changed then you run SuSEconfig and information will be trynsported to the sendmail.cf file
Yes, that's the way it works. What I am saying is that I needed to intervene in the normal process here and modify /etc/mail/submit.cf after it was created by SuSEconfig in order to avoid the warning messages.
I still don't know why it makes no difference what I put into /etc/mail/trusted-users. And, of course, when I do this SuSEconfig now complains that I have modified the file.
I tested some things by myself and here is what I found: On my sendmail configuration it does not matter what you write in the trusted user file because everyone is allowed to use the -f option ... I
Well, everyone on my system is allowed to use the -f option too. It's just that a warning message gets logged in /var/log/mail and the outgoing email also includes the warning. It is the warning I am tryoig to avoid. -- Robert C. Paulsen, Jr. robert@paulsenonline.net
On Thu, 09 May 2002, Robert Paulsen wrote:
Well, everyone on my system is allowed to use the -f option too. It's just that a warning message gets logged in /var/log/mail and the outgoing email also includes the warning. It is the warning I am tryoig to avoid.
Yes that is true ... but only for trusted user the warning message should not been written ... this works for root but not for so called trusted-users ... the -f command line switch can be used to forge mail ... sendmail always inserts a warning into the message header ... a trusted user is one who is exempted from having such warnings included ... and from this pint of view the SuSEconfig-file trusted-user is not working ... under pre-V8 sendmail trusted users were those who are allowed to use the -fcommand line switch ... you are right that changed now is everyone allowed to use it. Oliver -- ... don't touch the bang-bang fruit ...
Hi, I do not know if you solved the problem in the meantime or if it is still actuall ... but to avoid X_Authority warnings you have to add FEATURE(`use_ct_file') to linux.mc and submit.mc (I copied it from /usr/share/sendmail/cf to /etc/mail) ... then I ran m4 to get valid .cf files. Oliver -- ... don't touch the bang-bang fruit
participants (2)
-
Oliver Fuchs -
Robert Paulsen