I have an installation of qmail. The fake sendmail binary is working great. The problem is that any user can sendmail -f, which is a problem because I don't want every user on my machine being able to fake a "from" feild. With sendmail, there's a trusted users list... is there anyway I can stop qmail from allowing the sendmail -f?

You could write a wrapper for the sendmail replacement. Below is an example of a wrapper that I use. I have changed it to meet your criteria.

#!/usr/bin/perl -w
use strict;

my $sendmail = "/foo/bar/sendmail";
my $dontwant = "-f";

my $grepcnt = grep(/^$dontwant$/, @ARGV);

die "\nUse of invalid switch \"$dontwant\"\n\n" if $grepcnt > 0;

if ( $grepcnt == 0 ){
my $cmd = "$sendmail @ARGV";
my $outpt = `$cmd`;
print "$outpt\n";
}
exit;


This will exit and print an error if the -f switch is used.

Good Luck