If you're using --mda parameter this is the documented behaviour of fetchmail: (from man page)
If fetchmail is running as root, it sets its user id while
delivering mail through an MDA as follows: First, the FETCH-
MAILUSER, LOGNAME, and USER environment variables are checked in
this order. The value of the first variable from his list that
is defined (even if it is empty!) is looked up in the system
user database. If none of the variables is defined, fetchmail
will use the real user id it was started with. If one of the
variables was defined, but the user stated there isn't found,
fetchmail continues running as root, without checking remaining
variables on the list. Practically, this means that if you run
fetchmail as root (not recommended), it is most useful to define
the FETCHMAILUSER environment variable to set the user that the
MDA should run as. Some MDAs (such as maildrop) are designed to
be setuid root and setuid to the recipient's user id, so you
don't lose functionality this way even when running fetchmail as
unprivileged user. Check the MDA's manual for details.
So if you login by ssh, become root, and start the fetchmail with a global config that needs an MDA, it will try to use the MDA of your LOGNAME or USER and will give an error:
Oct 27 19:15:38 oro fetchmail: Cannot switch effective user id to 1001: Operation not permitted
define in the shell script FETCHMAILUSER as = $fetchmail_user (by default, fetchmail) before starting fetchmail in daemon mode.
How-To-Repeat: 1) create a standard configuration that use other program as MDA and make sure that MDA program doesn't have setuid or setgid perms.
2) login as your current user
3) do su to become root
4) start the fetchmail daemon /usr/local/etc/rc.d/fetchmail start
5) look at the logs, you'll see it's unable to deliver anything.
Maintainer of mail/fetchmail,
Please note that PR ports/151783 has just been submitted.
If it contains a patch for an upgrade, an enhancement or a bug fix
you agree on, reply to this email stating that you approve the patch
and a committer will take care of it.
The full text of the PR can be found at:
Edwin Groothuis via the GNATS Auto Assign Tool
Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
pointed maintainer to this PR again
mandree 2011-08-15 20:13:22 UTC
FreeBSD ports repository
Assorted minor fixes and touch-ups:
- Fix: rcfile: export FETCHMAILUSER=$fetchmail_user 
- Fix: when installing from source, make /var/run/fetchmail directory
so that a global fetchmail installation won't break after port
- Change: compile GSSAPI support by default (it's in base)
- Cleanup: rcfile: drop support for fetchmail.sh script name
- Cleanup: rcfile: don't mix backtick with apostrophe in comments, they don't
Reported by: thierry, Victor Balada Diaz <firstname.lastname@example.org> 
Suggested by: Victor Balada Diaz <email@example.com> 
Approved by: maintainer timeout 
Revision Changes Path
1.217 +8 -3 ports/mail/fetchmail/Makefile
1.10 +17 -20 ports/mail/fetchmail/files/fetchmail.in
firstname.lastname@example.org mailing list
To unsubscribe, send any mail to "email@example.com"
Maintainer replied being unable to respond before Aug 25.
Commit over his head with assorted other fixes found during testing.