Re: [exim] View message?

Startseite
Nachricht löschen
Nachricht beantworten
Autor: W B Hacker
Datum:  
To: exim users
Betreff: Re: [exim] View message?
HDG wrote:
> I'm seeing a lot of messages being sent out by a certain user. It's from
> username@???, so I need to figure out how/why these are being
> sent. Any ideas how I should do this? I can see the message ID, but not the
> actual message. Maybe seeing the actual message would help, how would I do
> that?


One of several ways is to use an 'unseen' on the router, add a router following
it that archives a copy.

Mine are SQL-driven, so I'll spare you the confusion of posting it.

Basically the archive router resembles the one you use for local delivery to
user mail storage, but to a different dirtree and probably arranged by sender
rather than destination. We do both.

Quick & dirty way to view the headers and body over an ssh link is:

lynx /wherever/you/archived/it

(presumes lynx is installed on the server).

NB: Depending on where you sit in the command structure, probably prudent to
advise management and/or users that you are A) archiving, B) inspecting their
traffic, 'in order to <insert good reason here>'

That may still not tell you the why or how, though.


'log_selector = +all'

then grep/exigrep plus manual inspection of the logs should help show you where
the message entered the system (local, submission port, forgery using a relay
'hole' you were not aware of, etc.) and which router(s) handled it.

I'd start with just the enhanced logging.

HTH,

Bill Hacker