I am having a problem getting fetchmail to properly set the euid when
forwarding mail to an MDA. My application is to use fetchmail running as a
daemon as root to fetch mail from a variety of POP3 mailboxes for multiple
users and deliver the mail via maildrop on behalf of each user into their
local maildirs.
I am using fetchmail 6.2.3 compiled under gentoo.
According to the fetchmain man page, for forwarding directly to an MDA, "If
fetchmail is runnign as root, it sets its userid to that of the target user
while delivering mail through an MDA."
I am not seeing this behavoir at all.
I have written a dummy "mda" which just reads from stdin and writes to a log
file to see what fetchmail forwards; this has allowed me to verify that the
email messages themselves are being correctly output. However, I also have
the program log the uid, gid, euid, and egid under which it is running, and
all remain root. I have been running getchmail from the command line, rather
than as a daemon, to test this, using the command "fetchmail -v -v
-f ./.fetchmailrc" - so maybe it makes a difference if in daemon mode?
The contents of .fetchmailrc for this test is:
poll mail.lippman.org protocol pop3 user "test(_at_)lippman(_dot_)org" pass
"test-account-password" is "nl" here smtpname "nl(_at_)lippman(_dot_)org" mda
"/home/nl/testmda/maildroptester"
I expected the "is "nl" here" syntax to cause fetchmail to set the euid for
the mda to nl, but that isn't happening.
I've tried the following:
1) using ltrace to follow the library calls that fetchmail is making, and
strace to follow system calls, which confirms that the call to seteuid before
running the mda is calling seteuid with the root uid, not nl's uid.
2) I've run fetchmail logged in as myself (nl) and the su to root, during
which fetchmail retrieves the USER environment variable as "nl", but still
knows it is root while running.
3) logging in as root and running fetchmail, so the value of USER is root, to
ensure fetchmail knows it is runnign as root.
4) I've looked through the source code, and I cannot find anywhere where the
value of the is "username" here construct is used to set the uid to which
fetchmail will change when executing the mda. THe source is a bit confusing,
however.
I would have expected the parser (rcfile_y.y) to have set the uid field of a
query structure to the uid of the value of the is "user" here field if
specified, but I cannot see where that is done. I am not very expect in the
syntax used for this parser however.
Has anyone tested/gotten this feature to work? Can anyone verify that this is
or is not a bug in the parsing routines or elsewhere?
Thanks.
nl