[PLUG] What Is Sending Email?
James Bertelson
James at bertelson.me
Fri Mar 19 00:04:27 UTC 2021
Cron.daily runs at 0625 on Ubuntu. I’d check /etc/cron.daily for scripts.
Sent from a mobile device
> On Mar 18, 2021, at 7:54 PM, Michael Barnes <barnmichael at gmail.com> wrote:
>
> As part of my new gig, I inherited an email server. It is an Intel NUC
> running Linux. I have almost no information on it, other than its login
> info. Looking at various logs, I find a folder /var/log/Exim4 with mail
> logs in it. It has a series of log files titled mainlog with owner of
> Debian-exim and group of adm.
>
> In looking at the log, it has an entry every morning at 0625 that seems to
> be sending an email to an unknown person. I have obscured the identity data.
>
> 2021-03-18 06:25:02 1lMse6-0001wL-1W <= root at mailx.mydomain.com U=root
> P=local S=707
> 2021-03-18 06:25:06 1lMse6-0001wL-1W => someone at somewhere.org <
> root at mailx.mydomain.com> R=dnslookup T=remote_smtp H=
> in1-smtp.messagingengine.com [66.111.4.73]
> X=TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256 CV=yes
> DN="C=AU,ST=Victoria,L=Melbourne,O=FastMail Pty Ltd,CN=*.messagingengine.com"
> K C="250 2.0.0 Queued as 89A962AC350"
> 2021-03-18 06:25:06 1lMse6-0001wL-1W Completed
>
> Any ideas on exactly what is happening here? I certainly don't want this
> thing sending someone emails every day that I do not know about.
>
> Thanks,
> Michael
> _______________________________________________
> PLUG: https://pdxlinux.org
> PLUG mailing list
> PLUG at pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
More information about the PLUG
mailing list