Some mail systems support sub-addressing (i.e. user+ignoredstring@example.com), but Exchange is not one of them. Even if/when it gets supported, it’s really easy to figure out the real e-mail address in that sub-address. Instead, we use sendmail’s virtusertable to map entire subdomains (i.e. @lisa.example.com) over to our primary e-mail addresses. If an address becomes compromised, we can blacklist the particular something@subdomain.rushworth.us address in the access table).
Virtual Domain Aliases
These aliases allow changes to be made to intended recipient addresses. There are two files required for an address to be aliased. An entry for “VIRTUSER_DOMAIN_FILE” will exist in the sendmail.mc specifying the file listing the domains to be included for aliasing. For us, this is /etc/mail/virtuser-domains. This is a text file containing the name of each domain to be virtualized for aliasing, one domain per line. Please note, the domains included herein need only be the recipient domains, not the domains to which aliases are mapped. E.G. our virtuser-domains file contains just:
example.com
And yet we can alias test.addy@example.com to someotheraddy@example.net … it is only the source address that needs to be defined in virtuser-domains.
Aliases for the virtual domains are contained in /etc/mail/virtusertable. The left-hand entry is the recipient address and the right-hand entry is what that recipient will be translated to. Left-hand entries can be an email address (testaddy@example.com) or a domain (@lisa.example.com)
Right-hand entries can be an alternate address. If the address should remain the same, an exclamation point can be used:
myfakeaddress@example.com external.email@example.net myaddress@example.com !
The right-hand entry can also be an action, like error which will return an error code
compromised.address@lisa.example.com error:nouser User unknown
To commit changes to the virtusertable:
makemap hash /etc/mail/virtusertable.db < /etc/mail/virtusertable
Testing Virtual Aliases:
You can test the results of the virtual address space aliasing using sendmail –bt. From within the new prompt (a greater than sign on a blank line) type3,0 followed by the address you would like to test. E.G.:
[uid@NEOHTWNLX821 ~]# sendmail -bt ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter <ruleset> <address> > 3,0 llanders@example.com canonify input: llanders @ example . com Canonify2 input: llanders < @ example . com > Canonify2 returns: llanders < @ example . com . > canonify returns: llanders < @ example . com . > parse input: llanders < @ example . com . > Parse0 input: llanders < @ example . com . > Parse0 returns: llanders < @ example . com . > ParseLocal input: llanders < @ example . com . > ParseLocal returns: llanders < @ example . com . > Parse1 input: llanders < @ example . com . > Recurse input: llanders @ example . net canonify input: llanders @ example . net Canonify2 input: llanders < @ example . net > Canonify2 returns: llanders < @ example . net . > canonify returns: llanders < @ example . net . > parse input: llanders < @ example . net . > Parse0 input: llanders < @ example . net . > Parse0 returns: llanders < @ example . net . > ParseLocal input: llanders < @ example . net . > ParseLocal returns: llanders < @ example . net . > Parse1 input: llanders < @ example . net . > Mailertable input: < example . net > llanders < @ example . net . > Mailertable input: example . < com > llanders < @ example . net . > Mailertable returns: llanders < @ example . net . > Mailertable returns: llanders < @ example . net . > MailerToTriple input: < > llanders < @ example . net . > MailerToTriple returns: llanders < @ example . net . > Parse1 returns: $# esmtp $@ example . net . $: llanders < @ example . net . > parse returns: $# esmtp $@ example . net . $: llanders < @ example . net . > Recurse returns: $# esmtp $@ example . net . $: llanders < @ example . net . > Parse1 returns: $# esmtp $@ example . net . $: llanders < @ example . net . > parse returns: $# esmtp $@ example . net . $: llanders < @ example . net . >
Use ctrl-d to exit the test.
FYI, for future readers of this post: As of May 2022, Microsoft has implemented sub-addressing using a plus sign (same as Google and many other email services). See the following:
https://learn.microsoft.com/en-us/exchange/recipients-in-exchange-online/plus-addressing-in-exchange-online
Thanks, for the tutorial. Can you add an example of dealing with wild-card subdomains? What do I need to add to my sendmail.mc in order for foo@ANYTHING.example.com to be handled as foo@example.com?
That’s an interesting use case. I’ve not seen wildcard MX’s remapped with virtuser — it’s generally done with a raw rewrite rule like:
# This rule maps wildcard subdomain for *.example.com to example.comLOCAL_NET_CONFIG
R $+ < @ $+ .example.com. > $* $: $1 < @ example.com > $3 dnl
Although this remaps all of ANYTHING.example.com to example.com and not just foo@ANYTHING.example.com.
Thanks for the response, Lisa. Unfortunately, that suggestion does not work for me — see the linked question on ServerFault.
Yes, I tried exactly that — found the same “recipe” on ServerFault. But it didn’t work — see my own question linked to above…