phpList/Sendmail/Linux: X-Authentication-Warning

As a follow-up to my post on getting rid of the X-Authentication-Warning error when using phpList on FreeBSD, here’s how to do the same in Linux.

Open up /etc/mail/trusted-users in your favorite editor, and add both the user that your Apache is running under, as well as any usernames which are processing phpList queues and bounces via crontab. For example, your trusted-users file should look like this:
httpd
yourusername

Save & Exit. Restart sendmail with the following command:
/etc/init.d/sendmail restart
Now when you send mail with phpList, the headers won’t contain X-Authentication-Warnings.

One security drawback that you should be aware of: Any user on your system can now use PHP to send email with “forged” headers. You basically just gave everyone on your system “Trusted User” status to Sendmail, so be sure that you trust your users before actually doing this!

See how to do this on FreeBSD

phplist/Sendmail/FreeBSD: X-Authentication-Warning

If you enable the $message_envelope variable in the config.php file of phplist for processing bounces, sendmail will probably complain with the following header in your email:
X-Authentication-Warning: your.domain.com: httpd set sender to account@domain.com using -f
This is because only “trusted users” are allowed to change the message envelope. By default, sendmail only considers root, daemon, and uucp as trusted users, so if you try changing the message envelope as the user Apache is running under (in my case httpd) sendmail will attach that nasty warning header to all your outgoing mails. Spam blockers don’t like this!

There are a couple of ways to fix this:

  1. Add httpd (or whatever user Apache is running under) to the daemon group:
    pw groupmod daemon -M httpd
  2. Add httpd (or whatever user Apache is running under) to Sendmail’s trusted-users file. Open up /etc/mail/your.domain.com.submit.mc in vi and insert the following line:
    FEATURE(`use_ct_file') dnl # Trusted users
    Save & Exit.
    Now you must create the trusted-users file in /etc/mail:
    touch /etc/mail/trusted-users
    Open /etc/mail/trusted-users with vi and on one line simply add the name of the user under which Apache is running:
    httpd
    Save & Exit. Run the following commands in /etc/mail to commit the changes to Sendmail and restart the server:
    make install
    make restart

That’s it, you should be good to go. Mail sent via PHP/Apache will no longer contain the X-Authentication-Warning header.

Note that there is a downside to this. Any user on your system can now use PHP to send email with “forged” headers. You basically just gave everyone on your system “Trusted User” status to Sendmail, so be sure that you trust your users before actually doing this!

UPDATE: How to do the same in Linux