Sendmail :: X-Authentication-Warning: user set sender to email using -f

Solving the X-Authentication-Warning header in the emails you send requires quite a few steps.

An example of a typical warning:

X-Authentication-Warning: hostname: www-data set sender to info@example.com using -f

The -f flag in sendmail is used to set the envelope sender address. 

Usually the -f flag is passed in PHP's mail() function as an additional parameter argument. 

It comes in handy to set a valid bounce email address to catch undelivered mail. 

Even the PHP manual states that only the trusted users in the system (listed in /etc/mail/trusted-users) can set the -f flag. 

Each line in the file contains the trusted user name.

Trouble is, that's not enough

.

To tell sendmail to actually include the trusted-users file, you need to modify submit.mc, located in /etc/mail/submit.mc. Just add these two lines at the end of the file:

define(`_USE_CT_FILE_',`1')dnl

define(`confCT_FILE',`/etc/mail/trusted-users')dnl

The last thing you need to do is rebuild the sendmail configuration files by executing the command sendmailconfig as root and restart sendmail.

Read more about SPF records and DKIM, to increase the chances of mail being delivered and not getting flagged as spam.

Related articles:
http://dev.kafol.net/2009/09/php-mail-sender-domain-must-exist.html
http://dev.kafol.net/2009/09/php-mail-sender-domain-must-exist_17.html