Re: [exim] finding sender for user@

Top Page
Delete this message
Reply to this message
Author: Matthias Waffenschmidt
Date:  
To: Zbigniew Szalbot
CC: exim-users
Subject: Re: [exim] finding sender for user@
Hi,

On Wed, Sep 06, 2006 at 09:27:51AM +0200, Zbigniew Szalbot wrote:
> > So are these messages stuck in an exim queue that you control? If so, you can
> > use "mailq" to show the contents of the queue, and commands like "exim -Mvh
> > 1GKlnS-0000Hv-AV" to show the headers of a message in the queue (given its
> > ID), or "exim -Mvb 1GKlnS-0000Hv-AV" for the body. That should help you work
> > out what submitted the message, hopefully.
>
> All of them are along the following line:
>
> 204P Received: from root by szalbot.homedns.org with local (Exim 4.60 
> (FreeBSD))
>          (envelope-from <root@???>)
>          id 1GKlnS-0000Hv-AV
>          for root@???; Wed, 06 Sep 2006 03:01:42 +0200
> 009* To: root
> 029T To: root@???
> 043  Subject: 192.168.11.51 security run output
> 052I Message-Id: <E1GKlnS-0000Hv-AV@???>
> 046F From: Charlie Root <root@???>
> 038  Date: Wed, 06 Sep 2006 03:01:42 +0200

>
> So I guess this is some kind of security problem/issue. Hope I have not
> been compromised yet...


As Dave already pointed out, this mail was generated by a daily cron
job.

The problem is, that exim refuses to deliver the mail to the local
user root because of security concerns.

The fix is simply to forward these mails to an existing account,
e.g. to admin@??? by adding the following line to
/etc/aliases:

root: admin@???

BTW: The Received line shows that you are using Exim version
4.60. This version has been replaced same weeks ago. I strongly
recommend to read the FreeBSD documentation about cvsup to keep your
installation up to date.

-- 
Gruss / Best regards   |  LF.net GmbH        |  fon +49 711 90074-411
Matthias Waffenschmidt |  Ruppmannstr. 27    |  fax +49 711 90074-33
mw@???              |  D-70565 Stuttgart  |  http://www.lf.net