3

Is there a way to make all system users be 'trusted' by sendmail without having to manually add all the usernames to /etc/mail/trusted-users?

Or even better, can I instead of defining 'trusted users', define a 'trusted group' and then add users to this group?

A bit of background:

We host websites for several small businesses on a single CentOS server. Sometimes these sites need to send mail to the business owners. We use a third party SMTP service for delivering these emails. Without any configuration, the envelope 'from' address is something like this:

websitename@servername.domainname.com

We don't have mailboxes setup for all these addresses. I want to rewrite them to

servername@domainname.com

Which is a real mailbox that I have set up and will monitor for bounces etc.

The sites all send mail through PHP, so I have added the following to my php.ini file: mail.force_extra_parameters = -f servername@domainname.com

This means the envelope address is rewritten the way I want, but the emails all get sent out with authentication warnings in the headers, because the users aren't in sendmails 'trusted users' list. I don't want to have to maintain the list manually. I just want all users to be 'trusted' by default.

Many thanks if you can help me with this.

Daniel Howard
  • 275
  • 3
    If you run PHP as the regular Apache module, only the apache/httpd user needs to be in the /etc/mail/trusted-users file. – HBruijn Sep 22 '14 at 11:46
  • 1
    Thanks, but I'm using mpm-itk to make the php run as the script owner instead of running as apache. So each site sends mails using a different user. – Daniel Howard Sep 22 '14 at 13:02

2 Answers2

3

No X-Authentication-Warning: for all locally submitted messages

You may turn off appending X-Authentication-Warning: header by remowing authwarnings from PrivacyOptions in /etc/mail/submit.cf. [submit.cf, NOT sendmail.cf]

In submit.mc add the following line after FEATURE(msp,...) and compile new submit.cf:

define(`confPRIVACY_FLAGS', `noexpn,novrfy,noverb,needmailhelo,needvrfyhelo,nobodyreturn,,noetrn,restrictqrun')

The above line repeats confPRIVACY_FLAGS settings from FEATURE(msp) with authwarnings removed from expanded substiture of goaway.

AnFi
  • 6,278
  • 1
  • 15
  • 27
1

In you case "each site sends mails using a different (system) user" unlike in most common configurations.

You may use FEATURE(generictable) and FEATURE(masquerade_envelope) to rewrite specific sender addresses using one to one mapping.

AnFi
  • 6,278
  • 1
  • 15
  • 27
  • But then you still need to maintain the list of users. So this does not really solve the problem. Perhaps the answer is just that you can't make all users trusted, or define a trusted group. Sendmail is frustrating. – Daniel Howard Sep 24 '14 at 13:25