Solved After many Sendmail settings, I still can't remove X-Authentication-Warning

[Rob215x]

Hi, I'm hoping to learn what I'm doing wrong here. I have a web server with a few sites that send outgoing messages from PHP (shopping cart receipts, contact forms, etc)

I'm running FreeBSD 13.2-RELEASE-p11 GENERIC

I've been using the default Sendmail configuration that comes with FreeBSD. Recently I discovered many messages weren't being delivered. Apparently this is because sendmail reports all messages as coming from www@myserver.mydomain.com instead of forms@mydomain.com.

So, in my php.ini, I have
php_value mail.force_extra_parameters "-fforms@mydomain.com"


This lets allows most messages to be delivered to gmail and others.

BUT, in the PHP documentation it says:

The user that the webserver runs as should be added as a trusted user to the sendmail configuration to prevent a 'X-Warning' header from being added to the message when the envelope sender (-f) is set using this method. For sendmail users, this file is /etc/mail/trusted-users.

And, I am seeing the X-Authentication-Warning header in all of the messages I send to my Gmail.

I looked at the Sendmail README from /usr/share/sendmail/cf/README and I also Googled and I found several people solving this issue, including this old post from 2013: https://forums.freebsd.org/threads/sendmail-and-mailing.36853/

I tried the following:
# cd /etc/mail
# ee trusted-users

then I added a single line with www and saved the file

# ee freebsd.submit.mc

added the line:
FEATURE(`use_ct_file')dnl

saved the file, then:
# m4 /etc/mail/freebsd.submit.mc > /etc/mail/freebsd.submit.cf

# ls -l
total 356
-rw-r--r-- 1 root wheel 6770 Apr 18 21:37 Makefile
-rw-r--r-- 1 root wheel 2834 Apr 18 21:37 README
-rw-r--r-- 1 root wheel 558 Apr 18 21:37 access.sample
-rw-r--r-- 1 root wheel 1624 Apr 18 21:37 aliases
-rw-r----- 1 root wheel 131072 May 18 02:16 aliases.db
drwxr-xr-x 2 root wheel 512 Jul 10 2021 certs
-rw-r--r-- 1 root wheel 60111 Apr 18 21:37 freebsd.cf
-rw-r--r-- 1 root wheel 4440 Apr 18 21:37 freebsd.mc
-r--r--r-- 1 root wheel 46 May 18 16:06 freebsd.submit.cf
-r--r--r-- 1 root wheel 946 May 18 16:06 freebsd.submit.mc
-r--r--r-- 1 root wheel 6016 Apr 18 21:37 helpfile
-rw-r--r-- 1 root wheel 416 Apr 18 21:37 mailer.conf
-rw-r--r-- 1 root wheel 171 Apr 18 21:37 mailertable.sample
-rw-r--r-- 1 root wheel 60111 Apr 18 21:37 sendmail.cf
-r--r--r-- 1 root wheel 41698 Apr 18 21:37 submit.cf
-rw-r--r-- 1 root wheel 5 May 18 15:43 trusted-users
-rw-r--r-- 1 root wheel 498 Apr 18 21:37 virtusertable.sample

# make restart
Restarting: sendmail sendmail-clientmqueue.


But this did not get rid of the X-Authentication-Warning header: (I've changed my domain name for privacy)
X-Authentication-Warning: myserver.mydomain.com: www set sender to forms@mydomain.com using -f

I've tried the following and nothing gets rid of that header:
- in freebsd.submit.mc I tried adding define(`confTRUSTED_USERS', `www')dnl
- in freebsd.mc I tried adding FEATURE(use_ct_file)
- in freebsd.mc I tried adding define(`confTRUSTED_USERS', `www')
- in freebsd.mc I tried changing define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy') to define(`confPRIVACY_FLAGS', `noexpn,novrfy')


I'm stuck now and I don't know what to try next. I'm happy to do any tests or provide any output. Thanks!

 

[Rob215x]

Sometimes I overlook the obvious...

If you open /etc/mail/Makefile in a text editor, there are actually instructions in the comments at the beginning of the file!!

So, for anyone else trying to figure this out in the future, here's what I did to make it work...

First, I restored the backup copies I made of freebsd.submit.cf and freebsd.submit.mc. I'm not sure if I needed to do that but I wanted to put everything back to the way it was before I started messing with it.

1. I had no "myhostname" files so I created them with:
# cd /etc/mail
# make all


This should create 4 new files, myhostname.cf, myhostname.mc, myhostname.submit.cf, myhostname.submit.mc

2. I edited myhostname.submit.mc, added this line, and saved the file:
define(`confTRUSTED_USERS', `www')dnl

3. I installed my changes and restarted sendmail:
# make install restart

4. I checked to see if www had been added to Trusted Users with:
# cat submit.cf | grep -A 5 trusted
#Ft/etc/mail/trusted-users
Troot
Tdaemon
Tuucp
Twww


5. I sent a test email from a form on my website, to my Gmail address.
It went right to my INBOX and no longer has the dreaded "X-Authentication-Warning" header!!