What exactly do you mean by the $USER in 'echo test | mail -s test $USER'? Do you mean the actual environment variable, i.e. you're trying to send mail to yourself? Or are you sending mail to some other user? Sending mail to yourself should work, and does work for me.

However sending mail to other users does not work, and causes the 'procmail: Insufficient privileges' error message and probably also the error report regarding rkhunter.

The thing is that to enable sending mail to other users would require making either esmtp or procmail set-uid root. The set-uid bit was already removed for procmail due to a bug report [1], so there's little chance for it to return.

Regarding esmtp, I'm very reluctant to enable the set-uid bit there. Upstream of esmtp even expects that the MDA (procmail) will have the set-uid bit, not esmtp. ("To deliver to other users beside yourself, the MDA must be installed with setuid flag" [2]). I will discuss this point with my colleague.

If you want a properly working MTA, please use something sane, such as Postfix.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=23257
[2] http://esmtp.sourceforge.net/manual.html

(In reply to Ondřej Lysoněk from comment #1)
> What exactly do you mean by the $USER in 'echo test | mail -s test $USER'?
> Do you mean the actual environment variable, i.e. you're trying to send mail
> to yourself? Or are you sending mail to some other user? Sending mail to
> yourself should work, and does work for me.

I mean literally the environment variable, that's the exact command I ran. But it doesn't matter if I replace $USER with my username, or with "root", I get the same result.

Sending mail to myself does not work.

On a different F24 system I get a different error:

tmp$ echo test | mail -s test $USER
tmp$ Failed to parse headers

This time there isn't even anything in ~/.esmtp_queue


> However sending mail to other users does not work, and causes the 'procmail:
> Insufficient privileges' error message and probably also the error report
> regarding rkhunter.

I get it even for my own user.

And if I run "echo test | mail -s test root" as root I get:

[root@wraith ~]# echo test | mail -s test root
[root@wraith ~]# SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused
SMTP server problem Connection refused

This is what happens for the daily cronjob.

> The thing is that to enable sending mail to other users would require making
> either esmtp or procmail set-uid root. The set-uid bit was already removed
> for procmail due to a bug report [1], so there's little chance for it to
> return.
> 
> Regarding esmtp, I'm very reluctant to enable the set-uid bit there.
> Upstream of esmtp even expects that the MDA (procmail) will have the set-uid
> bit, not esmtp. ("To deliver to other users beside yourself, the MDA must be
> installed with setuid flag" [2]). I will discuss this point with my
> colleague.
> 
> If you want a properly working MTA, please use something sane, such as
> Postfix.

OK, so esmtp is just broken?

I don't want security holes added to make this work, but the current settings are useless. We have packages in Fedora such as rkhunter which are configured by default to send emails, which can't be delivered using the default mail settings, so I just get loads of crap building up in /root/.esmtp_queue/ every day.

If there's no sane way to enable local mail delivery in the default install then cron jobs should not be sending undeliverable local email.

(In reply to Jonathan Wakely from comment #2)
> I mean literally the environment variable, that's the exact command I ran.
> But it doesn't matter if I replace $USER with my username, or with "root", I
> get the same result.
> 
> Sending mail to myself does not work.

Well, that is strange. To be sure, can you post your /etc/esmtprc?

> On a different F24 system I get a different error:
> 
> tmp$ echo test | mail -s test $USER
> tmp$ Failed to parse headers
> 
> This time there isn't even anything in ~/.esmtp_queue

I don't know what could cause that, can you post the output of the following?
ls -l $(which mail)
rpm -q --whatprovides $(which mail)

> OK, so esmtp is just broken?

Basically yes, I think so. You could try finding another MDA to replace procmail, which has the set-uid bit.

> If there's no sane way to enable local mail delivery in the default install
> then cron jobs should not be sending undeliverable local email.

So you ended up with esmtp as the default MTA after a fresh install of F24? Or is it an older release which you upgraded to F24? If esmtp gets installed by default, then that is something that could be changed in my opinion.

Also, post your ~/.esmtprc if you have one.

(In reply to Ondřej Lysoněk from comment #3)
> (In reply to Jonathan Wakely from comment #2)
> > I mean literally the environment variable, that's the exact command I ran.
> > But it doesn't matter if I replace $USER with my username, or with "root", I
> > get the same result.
> > 
> > Sending mail to myself does not work.
> 
> Well, that is strange. To be sure, can you post your /etc/esmtprc?

It's just one line:

mda "procmail -d %T"

(same one both machines)

> I don't know what could cause that, can you post the output of the following?
> ls -l $(which mail)
> rpm -q --whatprovides $(which mail)

wraith:tmp$ ls -l $(which mail)
lrwxrwxrwx. 1 root root 5 Feb  4  2016 /usr/bin/mail -> mailx
wraith:tmp$ rpm -q --whatprovides /usr/bin/mail
mailx-12.5-19.fc24.x86_64
wraith:tmp$ rpm -q --whatprovides /usr/bin/mailx
mailx-12.5-19.fc24.x86_64

(same on both machines)

> > If there's no sane way to enable local mail delivery in the default install
> > then cron jobs should not be sending undeliverable local email.
> 
> So you ended up with esmtp as the default MTA after a fresh install of F24?
> Or is it an older release which you upgraded to F24? If esmtp gets installed
> by default, then that is something that could be changed in my opinion.

I think both boxes were upgraded from F23.

Oh, and I have no ~/.esmtprc on either machine, neither as root or my own user.

Ok, it seems to me that the mail command puts something like $USER@localhost as recipient or to the From header, instead of just $USER, which confuses esmtp or procmail respectively. I think that causes the 'Insufficient privileges' and 'SMTP server problem' messages. I don't know yet what causes the 'Failed to parse headers' message.

On both machines, both as your own user and root, can you do the following?
1. Clear your ~/.esmtp_queue
2. Run 'echo test | mail -s test $USER'
3. Post the files ~/.esmtp_queue/*/cmd and ~/.esmtp_queue/*/mail

Machine 1 as normal user:

It worked, mail was delivered! All that changed since I last tried was that I rebooted, and removed one directory under ~/.esmtp_queue

Machine 1 as root:

Also worked! Mail was delivered (but I still for the "SMTP server problem Connection refused" mail from the rkhunter cron job at 3am today). Again, apart from removing 100+ directories under ~/.esmtp_queue and rebooting I didn't change anything.

Same results on the second machine, which hasn't even been rebooted. Now I'm confused. Did clearing out the contents of ~/.esmtp_queue make the difference?

Well I didn't expect that, but it's starting to make sense now.

Whenever you try sending mail with the mail command, esmtp tries to deliver everything it finds piled up in the ~/.esmtp_queue directory. There were probably some emails that esmtp couldn't handle, so each time you tried sending mail it printed error messages. By clearing the queue you got rid of the bad mail, so no more error messages. Except for those from rkhunter. rkhunter probably is the producent of some of the bad mail, I'll look into it.

But the strange thing is that you say that when you earlier tried sending mail to yourself, it didn't work. Are you sure about this? The fact that the error messages were printed doesn't mean that the mail you were trying to send wasn't delivered. The error messages could have belonged to some other messages in the queue. Try looking in /var/mail/$USER.

(In reply to Ondřej Lysoněk from comment #9)
> But the strange thing is that you say that when you earlier tried sending
> mail to yourself, it didn't work. Are you sure about this? The fact that the
> error messages were printed doesn't mean that the mail you were trying to
> send wasn't delivered. The error messages could have belonged to some other
> messages in the queue. Try looking in /var/mail/$USER.

Yes, I now think it was retrying some of the bad mail in ~/.esmtp_queue and giving errors for those mails instead, as there were more mails in /var/spool/mail than just the test ones I tried today.

So possibly I just had some borked mail still queued up from before the Oct 27 fixes for Bug 1303305 (and the related selinux policy changes). Clearing out the queue has solved that problem.

Shall I close this then, as the errors I was seeing are gone now?

Well if I understood you correctly then the 'SMTP server problem Connection refused' messages still appear, don't they? And if it's rkhunter that generates the bad mail, then the mail will keep piling up. I'll look for the cause of this.

Actually if you're still seeing the errors, can you post some of the mail you have in /root/.esmtp_queue?

I've deleted them now, but should get another one tomorrow morning and will post it tomorrow.

(Thanks for your help so far - I should have tried just deleting all the old queued mail!)

No problem.

rkhunter indeed sends mail to root@localhost and esmtp can't handle that (it expects a running SMTP server on the machine). I'll file a bug against rkhunter to change the adress to just 'root', that seems like the simplest solution.

esmtp-1.2-5.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2016-03cd500b0b

esmtp-1.2-5.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-d8f70731ae

I changed my mind. I made esmtp deliver the mail to a local mailbox, if the host in the recipient address refers to the local host. Can you test if it's working for you?

Sounds good - I'll try it as soon as it hits updates-testing.

Here are the first entries in ~root/.esmtp_queue after clearing the queue:

[root@wraith ~]# cat  ~/.esmtp_queue/VwO9aGdU/cmd
-i -- root@localhost
[root@wraith ~]# cat  ~/.esmtp_queue/VwO9aGdU/mail 
Date: Sat, 17 Dec 2016 03:38:02 +0000
To: root@localhost
Subject: rkhunter Daily Run on wraith.home
User-Agent: Heirloom mailx 12.5 7/5/10
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit


--------------------- Start Rootkit Hunter Update ---------------------
[ Rootkit Hunter version 1.4.2 ]

Checking rkhunter data files...
  Checking file mirrors.dat                                  [ No update ]
  Checking file programs_bad.dat                             [ No update ]
  Checking file backdoorports.dat                            [ No update ]
  Checking file suspscan.dat                                 [ No update ]
  Checking file i18n/cn                                      [ No update ]
  Checking file i18n/de                                      [ No update ]
  Checking file i18n/en                                      [ No update ]
  Checking file i18n/tr                                      [ No update ]
  Checking file i18n/tr.utf8                                 [ No update ]
  Checking file i18n/zh                                      [ No update ]
  Checking file i18n/zh.utf8                                 [ No update ]

---------------------- Start Rootkit Hunter Scan ----------------------
Warning: Suspicious file types found in /dev:
         /dev/shm/jwakely-Shm_34d6b6af: data
         /dev/shm/jwakely-Shm_2dbb2f51: data
         /dev/shm/jwakely-Shm_125376fc: data
         /dev/shm/jwakely-Shm_ab485e4f: data
         /dev/shm/jwakely-Shm_b225c7b1: data
         /dev/shm/jwakely-Shm_11b8dc07: data
         /dev/shm/jwakely-Shm_bd857ed0: data
         /dev/shm/jwakely-Shm_3d9d4079: data
         /dev/shm/jwakely-Shm_eec7db1e: data
         /dev/shm/jwakely-Shm_3c3a3c3d: data
         /dev/shm/jwakely-Shm_c9edbd50: data
         /dev/shm/jwakely-Shm_5c344313: data
         /dev/shm/mono-shared-1000-shared_fileshare-wraith.home-Linux-x86_64-40-12-0: data
         /dev/shm/mono-shared-1000-shared_data-wraith.home-Linux-x86_64-328-12-0: data

----------------------- End Rootkit Hunter Scan -----------------------



The first day after clearing the queue I got:


From: Anacron <root>
To: root
Subject: Anacron job 'cron.daily' on wraith.home

/etc/cron.daily/rkhunter:

SMTP server problem Connection refused


And each subsequent day there's one extra "Connection refused" line, as each new entry in the queue gets retried.

esmtp-1.2-5.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-d8f70731ae

esmtp-1.2-5.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-03cd500b0b

The F24 update works well, thanks very much.

esmtp-1.2-5.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.

esmtp-1.2-5.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Hi,

how I move ~/.esmtp_queue to /var/spool/mail to read emails with mutt ?

or how I read the emails in ~/.esmtp_queue ? 


Thank you

cp /usr/share/doc/esmtp/sample.esmtprc /etc/esmtprc 
/usr/bin/esmtp-wrapper 

did the trick