A trusted user is one who has three privileges that most users don't have:
When mail is delivered via a program of the user's choosing (such as procmail (1)), most users need to have a valid shell in the password file. Without a valid shell, such program delivery is prohibited. Invalid shells often exist for pseudo-users such as news and for all users on restricted servers. A trusted user is exempted from this test.
The
-f
switch causes
sendmail
to take its idea of the sender from the command line rather than from the envelope or header. Because the
-f
command line switch can be used to forge mail,
sendmail
always inserts a warning into the message header. A trusted user is one who is exempted from having such warnings included.
X-Authentication-Warning: here.us.edu: badperson set sender to bogusname using -f
In one of its myriad roles,
sendmail
can speak SMTP to another program on the same machine. That other program merely has to execute
sendmail
with a
-bs
command-line switch and talk on its standard output.
The
mh
(1) program is one such program that can do this. If
sendmail
is run in this way and if the sender's address doesn't match the executing user's address, then a forged message may be in the works. When
sendmail
detects such a possible forgery, it inserts a warning into the message header:
X-Authentication-Warning: here.us.edu: badperson owned process doing -bs
A trusted user is one who is exempted from having such warnings included.
Trusted users are declared in the configuration file in two ways:
Tuser1 user2 ....
Ctuser1 user2 ....
The first line is the old form of declaration, and the second is the new form (beginning with V8.7
sendmail
) form. The two are equivalent, but the second is recommended. In the latter form, names of users are added to the class
t
.
Trusted users are declared in the client.cf file like this:
Ct root daemon
We list root because some root-run programs need to send mail under the identity of other users. We list daemon for the same reasons and because most long-running background processes are owned by the user daemon . If your local machine is set up to receive UUCP mail, you need to add uucp to this list.
Once you add trusted users to the client.cf file, you are almost ready to use that file as the official configuration file.