Previous Section Next Section

MatchGECOS

Match recipient in GECOS field V8.1 and later

The GECOS field is the portion of a passwd(5) file line that contains a user's full name. Typical passwd file lines are illustrated here with the GECOS field of each highlighted in bold type:

george:Vnn9x34sEVbCN:101:29:George Washington:/usr/george:/bin/csh
bcx:/a88.97eGSx1l:102:5:Bill Xavier,,,:/usr/bcx:/bin/csh
tim:Fss9UdQl55cde:103:45:& Plenty (Jr):/usr/tim:/bin/csh

When sendmail attempts to deliver through a delivery agent that has the F=w flag set (F=w) it looks up the recipient's name in the passwd file so that it can locate the user's home directory. That lookup tries to match the login name, the leftmost field in the passwd file. If that lookup fails, and sendmail has been compiled with MATCHGECOS defined (MATCHGECOS) and this MatchGECOS option is true, sendmail also tries to match the recipient name to the GECOS field.

First, sendmail converts any underscore characters in the address into spaces and, if the BlankSub option is set (BlankSub), any characters that match that space substitution character into spaces. This makes the recipient name look like a normal full name.

Second, sendmail normalizes each GECOS entry by throwing away everything following and including the first comma, semicolon, and percent characters. It also converts the & to the login name wherever one is found.

After each GECOS name is normalized, it's compared in a case-insensitive manner to the recipient. If they match, the passwd entry for that user is used.

This feature allows users to receive mail addressed to their full name as given in the GECOS field of the passwd file. The usual form is to replace spaces in the full name with dots or underscores, so email addresses could be:

George_Washington
Bill.Xavier
"Tim_Plenty_(Jr)"

Full names in gecos fields that contain characters with special meaning to sendmail, such as the last one in the previous example, must be quoted when used as addresses.

You should not enable this option if your site lets users edit their own GECOS fields with the chfn(1) program. For one thing, they change their name in a way that can cause mail to start failing. Worse, they can change their name to match another user's and begin to capture that other user's mail. Even if the GECOS field is secure, you should avoid this option if your passwd file is large. The sendmail program performs a sequential read of the passwd file, which could be very slow.

The forms of the MatchGECOS option are as follows:

O MatchGECOS=bool             configuration file (V8.7 and later) 
-OMatchGECOS=bool             command line (V8.7 and later) 
define(`confMATCH_GECOS',bool)    mc configuration (V8.7 and later) 
OGbool                        configuration file (deprecated) 
-oGbool                       command line (deprecated) 

If you are running DEC OSF/1 V3.2 or earlier, you will need to compile sendmail with the DEC_OSF_BROKEN_GETPWENT compile-time macro defined (see ...IS_BROKEN).

The MatchGECOS option is not safe. If it is specified from the command line, it can cause sendmail to give up any special privileges.

    Previous Section Next Section