Pine's X-Authentication-Warning

by Walt Stoneburner

You may have noticed that some users when sending mail with pine have the following tag appear in their email header:

X-Authentication-Warning: username owned process doing -bs

If you're dealing with anti-spam countermeasures, this warning message may set off a false positive. If your a system administrator, you want to know what's causing the message and how to stop it.

In sendmail the -bs option means to use the SMTP protocol to send the message. Any user using raw SMTP can forge the From: header in an email. This is sendmail letting the recipient know something is up.

So, we have to ask ourself, why would a non-malicious user using a standard email package, like pine, have need to alter the From: header. And more importantly, why does this happen for some users and not for others?

The answer is within pine's .pinerc file which holds it's configuration:

    # Sets domain part of From: and local addresses in outgoing mail.

Usually the user is simply trying to strip off the hostname from the domain. That way if your mail server changes, or the client machine the user is using changes, recipients won't be storing a fully qualified host name in their address book.

    Imagine you've had correspondance with a user at [email protected] and the machine name changes, so that now you'd have to write at [email protected] instead. By placing as your user-domain=, people can write to [email protected] and always get through. So the act isn't malicious afterall, the poor guy just wants to get his mail despite infrastructure changes.

The problem is, if user-domain has any value set, any value at all, then pine invokes sendmail with the -bs option, and sendmail issues the "X-Authentication-Warning: ... owned process doing -bs" warning.

Fixing the Problem
The first step is to have the user remove any value after user-domain in .pinerc. This is most easily done by:

  • Get into pine
  • Go into the Setup menu
  • Select Config
  • Scroll down to the user-domain entry
  • And Delete the entry so it has no value
  • Exit the config

At this point the system is going to rely on sendmail's defaults, so pine has no need to use SMTP and invoke sendmail with the -bs option.

The next step is making sure that your system is doing the correct behavior of masquerading it's fully qualified host name with the domain name.

As root, locate the file, it may be under /etc/mail and locate the DM entry. You may have to uncomment it.

    # who I masquerade as (null for no masquerading) (see also $=M)

If you are using m4 to generate from a file, to do domain masquerading, make sure you have these directives in the .mc file:


Remember, once you've change sendmail's configuration, you'll have to bounce the process.

See our other article for more information about compiling and configuring sendmail.

SlingCode Search Results About     Articles     Links     Search Tips