Description of problem: Users sending email via Squirrelmail trigger complaints that sendmail is sending with -f, without a user being listed in /etc/mail/trusted-users. Example from sendmail's logging output (with identifying info altered): Jul 30 14:16:16 hostname sendmail[31415]: xxxxxxxxxxx: Authentication-Warning: XXXXX.example.com: apache set sender to user using -f Version-Release number of selected component (if applicable): How reproducible: 100% Steps to Reproduce: 1. 2. 3. Actual results: Expected results: adding apache into trusted-users removes the issue. Would recommend this approach, but it should be documented as there could be implications if there are virtual hosting setups on the same server. Additional info:
This is something that individual mail admins should address because, as you say, SquirrelMail might not be the only program on the server that is sending mail.