info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
How can we insert "Sender:" header to force "on behalf of" ??
31 views
Skip to first unread message
lukn...@comcast.net
Jun 8, 2016, 11:21:09 PM6/8/16
to
We have several COTS applications that all reside on the same servers and send their outbound email via sendmail on localhost. All email is sent strictly to local users that are on Exchange/Outlook (sigh). Since the packages are COTS and cannot be moified, our team has been asked to change the sendmail configuration such that it adds the same "Sender:" header to all outgoing emails. The "Sender:" header will contain a value that all recipients will recognize. Thus, when our internal recipients receive the email they will all appear to be sent from same sender, but "on behalf of" the address in the body "From:" address. When we create a message manually via telnet to port 25 adding the "Sender:" header it works as expected. Example from manually sending message the pertinent headers
From: appli...@example.com
Sender: recogni...@example.com
will appear as expected to Outlook user as:
From: recogni...@example.com of behalf of appli...@example.com
We updated the sendmail.mc file to add the following and "Sender:" DOES get added. Unfortunately, the address in the LOCAL_CONFIG entry is always replaced with the address from the "From:" field.
LOCAL_CONFIG
H?Sender:?Sender: <recogni...@example.com>
Obviously I am missing something. Any guidance or suggestions?
From: appli...@example.com
Sender: recogni...@example.com
will appear as expected to Outlook user as:
From: recogni...@example.com of behalf of appli...@example.com
We updated the sendmail.mc file to add the following and "Sender:" DOES get added. Unfortunately, the address in the LOCAL_CONFIG entry is always replaced with the address from the "From:" field.
LOCAL_CONFIG
H?Sender:?Sender: <recogni...@example.com>
Obviously I am missing something. Any guidance or suggestions?
Andrzej Adam Filip
Jun 9, 2016, 12:45:27 AM6/9/16
to
lines below:
LOCAL_CONFIG
HSender: <recogni...@example.com>
* Could you tell how COTS application pass messages to sendmail?
(execution of sendmail binary as user X, connections to 127.0.0.1:25
from user X, SMTP AUTH from fixed IP address).
* Could you name your OS/distribution
(it may indicate additional tools available e.g. linux firewall)
It may help to avoid making sendmail add the header to EVERY email.
--
[Andrew] Andrzej A. Filip - https://www.linkedin.com/in/andfil
lukn...@comcast.net
Jun 9, 2016, 1:01:35 AM6/9/16
to
>* Could you tell how COTS application pass messages to sendmail?
> (execution of sendmail binary as user X, connections to 127.0.0.1:25
> from user X, SMTP AUTH from fixed IP address).
Since they are COTS, for most we do not have access to the underlying code. I am assuming that most are "brain dead" implementations where the code simply connects to an IP (in our case 127.0.0.1) on port 25. There is no authentication required, but the servers are configured to only accept email from same system (localhost).
> (execution of sendmail binary as user X, connections to 127.0.0.1:25
> from user X, SMTP AUTH from fixed IP address).
>* Could you name your OS/distribution
Andrzej Adam Filip
Jun 9, 2016, 1:18:09 AM6/9/16
to
lukn...@comcast.net wrote:
>>* Could you tell how COTS application pass messages to sendmail?
>> (execution of sendmail binary as user X, connections to 127.0.0.1:25
>> from user X, SMTP AUTH from fixed IP address).
>
> Since they are COTS, for most we do not have access to the underlying
> code. I am assuming that most are "brain dead" implementations where
> the code simply connects to an IP (in our case 127.0.0.1) on port 25.
> There is no authentication required, but the servers are configured to
> only accept email from same system (localhost).
Do not assume. Check (e.g. in sendmail log files).
>>* Could you tell how COTS application pass messages to sendmail?
>> (execution of sendmail binary as user X, connections to 127.0.0.1:25
>> from user X, SMTP AUTH from fixed IP address).
>
> Since they are COTS, for most we do not have access to the underlying
> code. I am assuming that most are "brain dead" implementations where
> the code simply connects to an IP (in our case 127.0.0.1) on port 25.
> There is no authentication required, but the servers are configured to
> only accept email from same system (localhost).
Sendmail World is full of "special cases" and MANY ways to do things right.
>>* Could you name your OS/distribution
>
> Server is running sendmail 8.14.x
E.g. linux firewall (iptables) may redirect connections to 127.0.0.1:25 from
specific OS account to another TCP port (to sendmail using custom configuration).
lukn...@comcast.net
Jun 9, 2016, 1:30:30 AM6/9/16
to
On Wednesday, June 8, 2016 at 10:45:27 PM UTC-6, Andrzej Adam Filip wrote:
>
> You may add Sender: header to EVERY email sendmail gets using the
> lines below:
>
> LOCAL_CONFIG
> HSender: <recogni...@example.com>
>
> * Could you tell how COTS application pass messages to sendmail?
> (execution of sendmail binary as user X, connections to 127.0.0.1:25
> from user X, SMTP AUTH from fixed IP address).
> * Could you name your OS/distribution
> (it may indicate additional tools available e.g. linux firewall)
>
> It may help to avoid making sendmail add the header to EVERY email.
>
> --
> [Andrew] Andrzej A. Filip - https://www.linkedin.com/in/andfil
Tried your suggestion since it may be ok to use same address for all emails from this server (will have to check with management tomorrow), BUT I still get the same result; i.e. the value (email address) in "Sender:" header is replaced with the original "From:" address. (note:the envelope sender and body header "From" address are the same).
>
> You may add Sender: header to EVERY email sendmail gets using the
> lines below:
>
> LOCAL_CONFIG
> HSender: <recogni...@example.com>
>
> * Could you tell how COTS application pass messages to sendmail?
> (execution of sendmail binary as user X, connections to 127.0.0.1:25
> from user X, SMTP AUTH from fixed IP address).
> * Could you name your OS/distribution
> (it may indicate additional tools available e.g. linux firewall)
>
> It may help to avoid making sendmail add the header to EVERY email.
>
> --
> [Andrew] Andrzej A. Filip - https://www.linkedin.com/in/andfil
Corrections from previous reply...
We are running sendmail 8.15.0.59
OS = Centos based distribution
uname -r
2.6.32-431.29.2.el6.P1.x86_64
Andrzej Adam Filip
Jun 9, 2016, 1:41:28 AM6/9/16
to
lukn...@comcast.net wrote:
> On Wednesday, June 8, 2016 at 10:45:27 PM UTC-6, Andrzej Adam Filip wrote:
>>
>> You may add Sender: header to EVERY email sendmail gets using the
>> lines below:
>>
>> LOCAL_CONFIG
>> HSender: <recogni...@example.com>
>>
>> * Could you tell how COTS application pass messages to sendmail?
>> (execution of sendmail binary as user X, connections to 127.0.0.1:25
>> from user X, SMTP AUTH from fixed IP address).
>> * Could you name your OS/distribution
>> (it may indicate additional tools available e.g. linux firewall)
>>
>> It may help to avoid making sendmail add the header to EVERY email.
>
> On Wednesday, June 8, 2016 at 10:45:27 PM UTC-6, Andrzej Adam Filip wrote:
>>
>> You may add Sender: header to EVERY email sendmail gets using the
>> lines below:
>>
>> LOCAL_CONFIG
>> HSender: <recogni...@example.com>
>>
>> * Could you tell how COTS application pass messages to sendmail?
>> (execution of sendmail binary as user X, connections to 127.0.0.1:25
>> from user X, SMTP AUTH from fixed IP address).
>> * Could you name your OS/distribution
>> (it may indicate additional tools available e.g. linux firewall)
>>
>> It may help to avoid making sendmail add the header to EVERY email.
>
> Tried your suggestion since it may be ok to use same address for all
> emails from this server (will have to check with management tomorrow),
> BUT I still get the same result; i.e. the value (email address) in
> "Sender:" header is replaced with the original "From:" address.
> (note:the envelope sender and body header "From" address are the
> same).
Could you use packet analyzer to check Sender: header in messages leaving sendmail?
> emails from this server (will have to check with management tomorrow),
> BUT I still get the same result; i.e. the value (email address) in
> "Sender:" header is replaced with the original "From:" address.
> (note:the envelope sender and body header "From" address are the
> same).
[ Are you sure the header is not rewritten "after sendmail"? ]
> Corrections from previous reply...
>
> We are running sendmail 8.15.0.59
>
> OS = Centos based distribution
> uname -r
> 2.6.32-431.29.2.el6.P1.x86_64
lukn...@comcast.net
Jun 10, 2016, 1:48:17 PM6/10/16
to
On Wednesday, June 8, 2016 at 11:41:28 PM UTC-6, Andrzej Adam Filip wrote:
> lukn...@comcast.net wrote:
>
> Could you use packet analyzer to check Sender: header in messages leaving sendmail?
> [ Are you sure the header is not rewritten "after sendmail"? ]
>
Packet analysis using Wireshark indicates the messages are leaving the system system using the email address of the actual sender, not the desired one we trying to insert into the header rule. From various testing, including just inserting a blank "Sender:" header, it appears somewhere during processing sendmail recognizes a "Sender:" header and will always replace it with the actual sender. Can anyone think of a way to work around this so we get the desired results? Do we simply have the rule in the wrong place?
>
> Could you use packet analyzer to check Sender: header in messages leaving sendmail?
> [ Are you sure the header is not rewritten "after sendmail"? ]
>
Andrzej Adam Filip
Jun 10, 2016, 2:45:01 PM6/10/16
to
other "header sender" headers (From:, ...). [see sendmail/sendmail.c ]
Try the following script to test header rewrites of address you use in
Sender: header.
#!/bin/sh
# test rewrites by submit.cf
/usr/sbin/sendmail -Ac -bt <<END
/tryflags hs
/try relay recogni...@example.com
END
# test rewrites by sendmail.cf (may require root privileges)
/usr/sbin/sendmail -Am -bt <<END
/tryflags hs
/try relay recogni...@example.com
END
0 new messages