[rescue] Sendmail.cf - stripping X-headers
rescue at sunhelp.org
rescue at sunhelp.org
Fri Feb 15 09:17:38 CST 2002
Sheldon--
> I'd like to strip the X-blah headers out of mail leaving a
> machine on my internal network. The mail comes into the box
> by SMTP (sendmail) and goes out the same way. I don't care
> whether it strips the X-blah headers off incoming mail or not.
Do you really want to strip *all* the headers, or only
particular ones, or what are you *really* trying to accomplish
(some of those X-blah headers could actually be useful). You
*might* just want to use the MASQUERADE features as discussed at
http://www.sendmail.org/m4/masquerading.html
See below for more on header munging.
> Does anyone know off the top of their heads what magic I can
> insert into sendmail.cf to do this? I'm using the sendmail
> that came with Solaris 7, with a largely default configuration;
> what changes I've made I made directly to sendmail.cf.
WHOOP WHOOP--Security Alert!
First, I would strongly recommend from a security standpoint
that you transition either to "real" sendmail or to an implementation
written with security in mind such as qmail or postfix. I
recommend the latter as it's easier (IME) to drop it in in
place of an existing sendmail installation with minimal
re-learning.
Why get rid of the Sun sendmail? Because you almost certainly
don't need the proprietary differences, and you *do* need to be
able to upgrade quickly the next time sendmail has a catastrophic
bug. Even *Sun* has been telling people for a while that if
they care about security (and don't care about the old Sun-specific
differences) they should use "real" sendmail. In Solaris 9, they've
done it themselves. See
http://www.sendmail.org/vendor/sun/solaris9.html
which discusses the transition and has links to a page that discusses
the differences. If you are going to stick with Sendmail (either
the Sun version or the "real" vendor version) then there are some
good links currently on the Sendmail.net main page about first steps
in securing sendmail.
Now, on/back to what you really wanted. Someone here borrowed "my"
copy of the bat book (Sendmail 2nd ed.) and I never asked for it
back, since I'm barely using Sendmail at all anymore. You need to
play around with the portions of sendmail.cf that munge headers--
there's an example of how to *add* headers (for anti-spam) at
http://sendmail.net/810usingantispam.shtml#four
and some additional info on rulesets that read and act on headers at
http://www.sendmail.org/m4/anti-spam.html
but overall I agree with Paul Sladen--poop stuff out to procmail,
let it munge the headers, and re-insert it into the queue.
Or, of course, you could ask how to do a specific change and I
could dust off those grey cells and give you a specific ruleset/macro
for a .cf file. Could you be a little more vague...er...specific?
--Rip
More information about the rescue
mailing list