X-Authenication-Warning being set in spite of being a trusted user
am 25.10.2007 11:23:48 von torchboxI want to be able to send mail from within php code on an apache web
server that is set up with sendmail. I also need php to be able to set
the from address on the envelope.
When php sets the from address, a warning header is added to the
email:
-------------------------------------
X-Authentication-Warning: ship.theoarc.org.uk: www-data set sender to
owen@theoarc.org.uk using -f
-------------------------------------
To get rid of this I add www-data (the user that apache runs as, I
believe) to the list of trusted users in sendmail. This appears to
work:
-------------------------------------
ship:/# sendmail -bt
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter
> $=t
daemon
owen
www-data
root
uucp
-------------------------------------
...yet when I try sending out emails again they STILL have the bloody X-
Authentication-Warning, which means that they are rejected as spam by
some email servers.
authwarnings is currently being included in PrivacyOptions. I'm
severely tempted to turn it off altogether but it seems silly to have
to do that.
Is there a setting somewhere that is telling sendmail 'put the X-
Authentication-Warning on even if the user is trusted'??
My sendmail.mc is as follows:
-------------------------------------
define(`_USE_ETC_MAIL_')dnl
include(`/usr/share/sendmail/cf/m4/cf.m4')dnl
VERSIONID(`$Id: sendmail.mc, v 8.13.4-1 2005-03-28 03:33:42 cowboy Exp
$')
OSTYPE(`debian')dnl
DOMAIN(`debian-mta')dnl
dnl # Items controlled by /etc/mail/sendmail.conf - DO NOT TOUCH HERE
undefine(`confHOST_STATUS_DIRECTORY')dnl #DAEMON_HOSTSTATS=
dnl # Items controlled by /etc/mail/sendmail.conf - DO NOT TOUCH HERE
dnl #
dnl # General defines
dnl #
dnl # SAFE_FILE_ENV: [undefined] If set, sendmail will do a chroot()
dnl # into this directory before writing files.
dnl # If *all* your user accounts are under /home then use that
dnl # instead - it will prevent any writes outside of /home !
dnl # define(`confSAFE_FILE_ENV', `')dnl
dnl #
dnl # Daemon options - restrict to servicing LOCALHOST ONLY !!!
dnl # Remove `, Addr=' clauses to receive from any interface
dnl # If you want to support IPv6, switch the commented/uncommentd
lines
FEATURE(`no_default_msa')dnl
DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp')dnl
DAEMON_OPTIONS(`Family=inet, Name=MSP-v4, Port=submission, M=E')dnl
dnl #
dnl # Be somewhat anal in what we allow
define(`confPRIVACY_FLAGS',dnl
`needmailhelo,needexpnhelo,needvrfyhelo,restrictqrun,restric texpand,nobodyreturn
,authwarnings')dnl
dnl #
dnl # Define connection throttling and window length
define(`confCONNECTION_RATE_THROTTLE', `15')dnl
define(`confCONNECTION_RATE_WINDOW_SIZE',`10m')dnl
dnl #
dnl # Features
dnl #
dnl # The access db is the basis for most of sendmail's checking
FEATURE(`access_db', , `skip')dnl
dnl #
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
dnl # Owen added this 18 Oct 07
dnl # (attempting to get trusted users working)
define(`_USE_CT_FILE_',`1')dnl
define(`confCT_FILE',`/etc/mail/trusted-users')dnl
FEATURE(`dnsbl', `sbl-xbl.spamhaus.org', `Mail from "$&{client_addr}"
listed on
the SBL http://www.spamhaus.org/.')dnl
FEATURE(`dnsbl', `taiwan.blackholes.us', `Mail not accepted from
Taiwan.')dnl
FEATURE(`dnsbl', `malaysia.blackholes.us', `Mail not accepted from
Malaysia.')dn
l
FEATURE(`dnsbl', `thailand.blackholes.us', `Mail not accepted from
Thailand.')dn
l
FEATURE(`dnsbl', `china.blackholes.us', `Mail not accepted from
China.')dnl
FEATURE(`dnsbl', `korea.blackholes.us', `Mail not accepted from
Korea.')dnl
FEATURE(`dnsbl', `Brazil.blackholes.us', `Mail not accepted from
Brazil.')dnl
FEATURE(`dnsbl', `wanadoo-fr.blackholes.us', `Mail not accepted from
Wanadoo.')dnl
FEATURE(`dnsbl', `relays.ordb.org', `Email rejected due to sending
server miscon
figuration - see http://www.ordb.org/faq/\#why_rejected')dnl
FEATURE(`dnsbl', `dynablock.njabl.org', `This domain does not accept
mail from d
ynamic blocks. Rejected using dynablock.njabl.org.')dnl
FEATURE(`dnsbl', `vote.drbl.jackpot.uk.net', `Sending server rejected
using priv
ate list. See http://www.jackpot.uk.net/drbl/drbl.html')dnl
dnl # The greet_pause feature stops some automail bots - but check the
dnl # provided access db for details on excluding localhosts...
FEATURE(`greet_pause', `1000')dnl 1 seconds
dnl #
dnl # Delay_checks allows sender<->recipient checking
dnl # FEATURE(`delay_checks', `friend', `n')dnl
dnl #
dnl # If we get too many bad recipients, slow things down...
define(`confBAD_RCPT_THROTTLE',`3')dnl
dnl #
dnl # Stop connections that overflow our concurrent and time
connection rates
dnl # FEATURE(`conncontrol', `nodelay', `terminate')dnl
dnl # FEATURE(`ratecontrol', `nodelay', `terminate')dnl
dnl #
dnl # If you're on a dialup link, you should enable this - so sendmail
dnl # will not bring up the link (it will queue mail for later)
dnl define(`confCON_EXPENSIVE',`True')dnl
dnl #
dnl # Default Mailer setup
MAILER_DEFINITIONS
MAILER(`local')dnl
MAILER(`smtp')dnl
# Owen added this 18 Oct 07
LOCAL_CONFIG
Dj$m dnl
# end of sendmail.mc file
-------------------------------------
Thanks for any help you can offer!
Owen