Autor: W B Hacker Datum: To: exim users Betreff: Re: [exim] View message?
HDG wrote: > I'm seeing a lot of messages being sent out by a certain user. It's from
> username@???, so I need to figure out how/why these are being
> sent. Any ideas how I should do this? I can see the message ID, but not the
> actual message. Maybe seeing the actual message would help, how would I do
> that?
One of several ways is to use an 'unseen' on the router, add a router following
it that archives a copy.
Mine are SQL-driven, so I'll spare you the confusion of posting it.
Basically the archive router resembles the one you use for local delivery to
user mail storage, but to a different dirtree and probably arranged by sender
rather than destination. We do both.
Quick & dirty way to view the headers and body over an ssh link is:
lynx /wherever/you/archived/it
(presumes lynx is installed on the server).
NB: Depending on where you sit in the command structure, probably prudent to
advise management and/or users that you are A) archiving, B) inspecting their
traffic, 'in order to <insert good reason here>'
That may still not tell you the why or how, though.
'log_selector = +all'
then grep/exigrep plus manual inspection of the logs should help show you where
the message entered the system (local, submission port, forgery using a relay
'hole' you were not aware of, etc.) and which router(s) handled it.