SUMMARY: Authentication Warning

From: lvhardie@pcs.cnu.edu
Date: Mon Aug 09 1999 - 08:23:16 CDT


I received several explanations. The warning has to do with mail
forgery. Our system has Pine setup to specify the FROM address and
sendmail doesn't like that. If we send email from emacs there are no
warnings. Several said that the message can be ignored.

        Thank you all very much!
        Linda

Here are the replies I received:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From: hoffman@cs.pitt.edu

This is a standard condition when using Pine and one of the newer Sendmails.
The -bs switch is used by Pine to make Sendmail interact with it using SMTP
on stdin and stdout. By specifying a bogus mail header, it is possible to
create a mail forgery. Recent versions of Sendmail have added that warning
to make it easier for administrators to track forgeries.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From: Bill Hebert <bhebert@nuc.berkeley.edu>

This is just a warning that someone is specifying the 'FROM' addresse for
some outgoing mail instead of allowing sendmail to compose it. Generally
someone using Netscape's Email. It is possible to also have it specify a
'From' address that is different in order to masquerade the sender as
someone else. So you have a user lvhardie with a From address specified in
her settings file.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From: "Reichert, Alan" <aareichert@tasc.com>

It's been a while, but it looks like sendmail is picking up that you
are running sendmail -bs as your self, but you are not a trusted
user. Have a look at the sendmail.cf file, see if you are in the
trusted users section.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From: Nickolai Zeldovich <kolya@zepa.net>

user lvbardie is setting his from: field to something else using sendmail
-bs (see manpage). you can most likely ignore it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From: John P. Dodge <john.p.dodge@boeing.com>

This is a daemon warning message and seems to indicate that the user named
lvhardie in executing "/usr/lib/sendmail -bs", perhaps in a script or web
form etc.....

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From: Dan Brown <brown@obscure.org>

Its one of your user's mail programs or scripts or some such invoking
sendmail with the -bs option.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From: Wai dat Chan <waidat@flirble.org>

Sendmail requires an authorized list of usernames before it will allow a user
to send mail masquerading as someone else I believe. Root is there by default,
I haven't used sendmail for a while, but look in sendmail.cf for a list.

Alternatively, sendmail.org will probably have the info you're looking for.

Hope that helps.

Wd.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From: Anand Buddhdev <arb@africaonline.co.ke>

Nothing to worry about. sendmail -bs invokes the SMTP server part of
sendmail, so that a program like pine can send mail via SMTP. The log
entry is there so that you can see who invoked that particular SMTP
instance.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ORIGINAL POST:
> Hi,
>
> I was wondering if anyone could shed some light on the following message:
>
>
> sendmail[6481]: JAA06481: Authentication-Warning: prodigal.PCS.CNU.EDU:
> lvhardie owned process doing -bs
>
>
>
> That keeps appearing in my log files and I'm cursious if something is
> wrong with my sendmail or some other part of my system.
>
>
> Thanks,
> Linda



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:13:24 CDT