Since I am using procmail, which I think is an MDA, this would make sense. But the question about why Debian thinks it's unsafe still remains. I guess I'm just trying to find out what risk I've accepted by doing it!
Running *anything* as root is potentially dangerous Imagine a situation where a vulnerability existed in fetchmail that allowed arbitrary code to be executed due to, say, a specific mangling of mail headers. A malicious person could build an email worm that propagated in this way, the code would be attached to the email and is executed when processed by fetchmail, by the user fetchmail is run as. So far, so bad if fetchmail runs as an unprivileged user, the harm that can be done is minimal, but if fetchmail were to run as root, then in this example, anything could happen, the sky really would be the limit, backdoored versions of smtp, dns, http etc daemons could be installed, the world as we know it would crumble, and we would be returned to the dark ages, all because of running fetchmail as root ;-) Seriously though, I suspect the first line of my reply is the root (no pun intended) of the Debian maintainers' caution. -- James Ogley, Webmaster, Rubber Turnip james@rubberturnip.org.uk http://www.rubberturnip.org.uk Jabber: riggwelter@myjabber.net Using Free Software since 1994, running GNU/Linux (SuSE 8.1). GNOME updates for SuSE: http://www.usr-local-bin.org