I recently faced an environment where there is no MTA.

WTF? The reason is that people who work there get security audits on a regular basis, and the security people are usually mo...deratly skilled guys who blindly run a set of scripts, e.g. by ordering to disable Apache modules that "where seen enabled in /etc/apache2/mods-available/"...

To avoid spending days arguing with them and nitpicking with non-technical managers, the system is trimmed to the minimum - and there is no MTA. No MTA, so no cron output, so difficulty to understand why last night's cron job failed miserably.

Since it was not my role to reshape the whole business unit, I decided to hack a super-light, but functional way to get my cron output:

cat <<'EOF' > /usr/sbin/sendmail
    echo "From me  $(LANG=C date)"
) >> /var/mail/all
chmod 755 /usr/sbin/sendmail

It works! :)

There is a companion logrotate script, to avoid filling the file system:

cat <<'EOF' > /etc/logrotate.d/mail-all
/var/mail/all {
  rotate 10
  create 622 root mail

Bootstrap with:

touch /var/mail/all
logrotate -f /var/mail/all

You now can check your sys-mails with:

mutt -f /var/mail/all


So, to make things really secure, they remove a standard reporting facility for alerting of configuration or security issues (the MTA)...

Instead, this script was needed, to allow any user to append an executable file owned by root, who would later read it with mutt running only as superuser (create 722 root mail)? Via the shell script, a user could insert extra From lines with spoofed date/time. Or writing directly to the file they could truncate it to delete old messages, and after all this leave no way to see which user ID really wrote any of them.

That aside, this was a nifty idea for scripting something useful with only basic tools.

Comment by Anonymous Tue Feb 14 02:07:10 2012
I've dealt with places like that before and share your pain. Sometimes an evil script is a much simpler solution than trying to bang your head against a wall convincing them otherwise.
Comment by Anonymous Tue Feb 14 04:56:04 2012

722 should be 622, typo.

Indeed, even if though those systems do not offer local access, this isn't super-secure :P

Comment by beuc Tue Feb 14 09:05:00 2012

Instead of the subshell, consider this:

exec >> /var/mail/all
echo "From me  $(LANG=C date)"
chmod 755 /usr/sbin/sendmail

– madduck

Comment by Anonymous Tue Feb 14 11:33:02 2012

If the message body contains a line starting with "From " then this will fail a little bit. Suggest replacing "cat" with

sed -e 's/^([>]*From )/>\1/'

Comment by barak Tue Feb 14 17:47:33 2012
Nifty. I didn't know about "exec >> io-redirected.txt" :)
Comment by beuc Tue Feb 14 20:29:04 2012

There was a rather long discussion about the topic of having no MTA on Fedora by default : https://fedoraproject.org/wiki/Features/NoMTA

And the outcome was that cronie ( a cron daemon ) can be used without a mta. So maybe switching to this would help you ?

Comment by Anonymous Tue Feb 14 21:54:16 2012
"LANG=C" is not a correct way to sanitize locale. Use "LC_ALL=C".
Comment by Anonymous Wed Feb 15 09:06:51 2012
Never ever use LC_ALL.
Comment by Anonymous Thu Feb 16 14:41:05 2012