>Not sure whether this helps, but then, maybe it will push a real guru into
>giving us a definitive answer. :)
>
>> >> this is what you get if you *telnet* to the smtp port.  you can also
>> >> run sendmail in the same mode (eg, smtp) from the command line.
>
>I did a little testing running mail (/usr/bin/Mail) to see what would show up
>in my headers. The 'user@localhost' appears to always reflect whom is running
>the mail program. That would point (as suggested) to cron or someone running
>as root.

sure...getuid() -> getpwuid() -> the user.  easy.  however, Mail will
always send something.  it doesn't invoke sendmail until it's finished
with collection.

>On a related topic, I always get the 'root@sending.host' entered by the next
>machine, regardless of the account of origin. (If I turn off identd, then I
>get 'sending.host', but don't have the 'root@' part.)

yes, because most people have their sendmails configured with
"DeliveryMode=background" (i have "DeliveryMode=bounceeverything" but
that's only because i'm a smartass) which means that the collecting
sendmail will for and deliver it from the background.  since it makes
the connection to the receiving smtp as root, ident will report the
connection as being owned by root.

>Received: from zipporah.wheaton.edu (root@zipporah.wheaton.edu [192.138.89.2])
>        by wheaton.wheaton.edu (8.8.8/8.8.8) with ESMTP id IAA18481
>        for <stefan.brandle@wheaton.edu>; Tue, 16 Dec 1997 08:39:12 -0600 (CST)
>Received: (from stefan@localhost)
>        by zipporah.wheaton.edu (8.8.8/8.8.8) id IAA25560
>        for stefan.brandle@wheaton.edu; Tue, 16 Dec 1997 08:33:40 -0600 (CST)

the difference here...the first one was sent via smtp and the
recipient's envelope address has been "canonified", where as the
second one has be collected from stdin and the address has not been
canonified...

>You're not running pine setuid, are you?

gak!  i hate to think...

-- 
|-----< "CODE WARRIOR" >-----|
andrew@echonyc.com (TheMan)        * "ah!  i see you have the internet
codewarrior@daemon.org                               that goes *ping*!"
warfare@graffiti.com      * "information is power -- share the wealth."