Hello,
On Wed, 6 Sep 2006, Dave Evans wrote:
>> 2006-09-06 03:01:42 +0200 1GKlnS-0000Hv-AV <= root@???
>> U=root P=local S=2592
>
> This log line indicates mail /from/ root@???, not /to/ it. I
> wasn't sure if you knew that already.
OK. Now I know. I thing I got it wrong. Sorry and thanks for pointing it
out!
> So are these messages stuck in an exim queue that you control? If so, you can
> use "mailq" to show the contents of the queue, and commands like "exim -Mvh
> 1GKlnS-0000Hv-AV" to show the headers of a message in the queue (given its
> ID), or "exim -Mvb 1GKlnS-0000Hv-AV" for the body. That should help you work
> out what submitted the message, hopefully.
All of them are along the following line:
204P Received: from root by szalbot.homedns.org with local (Exim 4.60
(FreeBSD))
(envelope-from <root@???>)
id 1GKlnS-0000Hv-AV
for root@???; Wed, 06 Sep 2006 03:01:42 +0200
009* To: root
029T To: root@???
043 Subject: 192.168.11.51 security run output
052I Message-Id: <E1GKlnS-0000Hv-AV@???>
046F From: Charlie Root <root@???>
038 Date: Wed, 06 Sep 2006 03:01:42 +0200
So I guess this is some kind of security problem/issue. Hope I have not
been compromised yet...
Thank you a lot dear Dave for showing me how to check it!
Warm regards,
