[PLUG] What Is Sending Email?
TomasK
tomas.kuchta.lists at gmail.com
Mon Mar 22 22:17:15 UTC 2021
If you cannot find the variable by: grep -r E4BCD_ config_dir
.. you can always add a few lines to send yourself email containing the
variables at the next execution.
Once you know the email address - it should be trivial to find it in
files.
Hope it helps, Tomas
On Mon, 2021-03-22 at 11:14 -0700, Michael Barnes wrote:
> Okay, I found /etc/cron.daily/exim4-base which seems to be the script
> that
> is running each morning. I'm not really that smart in reading these
> scripts. I find the mail command and the subject line. What I don't
> seem to
> find is the TO: line. I do see references of $E4BCD_DAILY_REPORT_TO
> which
> may be the TO: string, but I can't find that variable defined. I find
> these
> declarations at the beginning of the script:
>
> E4BCD_DAILY_REPORT_TO=""
> E4BCD_DAILY_REPORT_OPTIONS=""
> E4BCD_WATCH_PANICLOG="yes"
> # Number of lines of paniclog quoted in warning email.
> E4BCD_PANICLOG_LINES="10"
> E4BCD_PANICLOG_NOISE=""
>
> but those are empty strings.
>
> I did move the exim4-base script out of the cron.daily folder which,
> I
> hope, should stop the outgoing emails. I do need to get this
> mailserver
> working again. Is exim4 still a good choice? Anybody recommend a good
> tutorial on it? I haven't worked with mailservers since about 2005 so
> I'm a
> bit rusty and need to get caught up on current practices.
>
> Thanks,
> Michael
>
>
>
>
> On Thu, Mar 18, 2021 at 5:04 PM James Bertelson <James at bertelson.me>
> wrote:
>
> > Cron.daily runs at 0625 on Ubuntu. I’d check /etc/cron.daily for
> > scripts.
> >
> > Sent from a mobile device
> >
> > > On Mar 18, 2021, at 7:54 PM, Michael Barnes <barnmichael at gmail.co
> > > m>
> >
> > wrote:
> > >
> > > As part of my new gig, I inherited an email server. It is an
> > > Intel NUC
> > > running Linux. I have almost no information on it, other than its
> > > login
> > > info. Looking at various logs, I find a folder /var/log/Exim4
> > > with mail
> > > logs in it. It has a series of log files titled mainlog with
> > > owner of
> > > Debian-exim and group of adm.
> > >
> > > In looking at the log, it has an entry every morning at 0625 that
> > > seems
> >
> > to
> > > be sending an email to an unknown person. I have obscured the
> > > identity
> >
> > data.
> > >
> > > 2021-03-18 06:25:02 1lMse6-0001wL-1W <= root at mailx.mydomain.com
> > > U=root
> > > P=local S=707
> > > 2021-03-18 06:25:06 1lMse6-0001wL-1W => someone at somewhere.org <
> > > root at mailx.mydomain.com> R=dnslookup T=remote_smtp H=
> > > in1-smtp.messagingengine.com [66.111.4.73]
> > > X=TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256 CV=yes
> > > DN="C=AU,ST=Victoria,L=Melbourne,O=FastMail Pty Ltd,CN=*.
> >
> > messagingengine.com"
> > > K C="250 2.0.0 Queued as 89A962AC350"
> > > 2021-03-18 06:25:06 1lMse6-0001wL-1W Completed
> > >
> > > Any ideas on exactly what is happening here? I certainly don't
> > > want this
> > > thing sending someone emails every day that I do not know about.
> > >
> > > Thanks,
> > > Michael
> > > _______________________________________________
> > > PLUG: https://pdxlinux.org
> > > PLUG mailing list
> > > PLUG at pdxlinux.org
> > > http://lists.pdxlinux.org/mailman/listinfo/plug
> >
> > _______________________________________________
> > PLUG: https://pdxlinux.org
> > PLUG mailing list
> > PLUG at pdxlinux.org
> > http://lists.pdxlinux.org/mailman/listinfo/plug
> >
>
> _______________________________________________
> PLUG: https://pdxlinux.org
> PLUG mailing list
> PLUG at pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
More information about the PLUG
mailing list