A trusted user is one who has three privileges that most users don't have:
When mail is delivered via a program of the user's choosing (such as procmail(1)), most users need to have a valid shell in the password file. Without a valid shell, such program delivery is prohibited. Invalid shells often exist for pseudo-users such as news and for all users on restricted servers. A trusted user is exempted from this test.
The -f
switch causes sendmail to take its idea
of the sender from the command line rather than from the
envelope or header. Because the -f
command line switch
can be used to forge mail, sendmail always inserts
a warning into the message header. A trusted user is one who is exempted from having such warnings included.
X-Authentication-Warning: here.us.edu: badperson set sender to bogusname using -f
In one of its myriad roles, sendmail can speak SMTP to
another program on the same machine. That other program merely has
to execute sendmail with a -bs
command-line switch and
talk on its standard output.
The mh(1) program is one such program that can do this.
If sendmail is run in this way and if the sender's address
doesn't match the executing user's address, then a forged message
may be in the works. When sendmail detects such a possible
forgery, it inserts a warning into the message header:
X-Authentication-Warning: here.us.edu: badperson owned process doing -bs
A trusted user is one who is exempted from having such warnings included.
Trusted users are declared in the configuration file in two ways:
Tuser1 user2 ....
Ctuser1 user2 ....
The first line is the old form of declaration, and the second
is the new form (beginning with V8.7 sendmail)
form. The two are equivalent, but the second is recommended.
In the latter form, names of users are added to the class t
.
Trusted users are declared in the client.cf file like this:
Ct root daemon
We list root because some root-run programs need to send mail under the identity of other users. We list daemon for the same reasons and because most long-running background processes are owned by the user daemon. If your local machine is set up to receive UUCP mail, you need to add uucp to this list.
Once you add trusted users to the client.cf file, you are almost ready to use that file as the official configuration file.