Am 09.03.2021 12:10, schrieb Evgeniy Berdnikov via Exim-users:
Hi Evgeniy
>> Where the evil comes this sendmail-call?!?
>
> I suspect Kaspersky library as source of this process.
I suspect it too, but I'd like to confirm that...
> There are simple ways to check it:
>
> 1. Run exim -bh under strace:
>
> strace -s200 -e fork,clone,execve exim ... -bh ...
>
> 2. Put some wrapper script in place of /usr/sbin/sendmail, such as
>
> -------------------------------------
> #!/bin/bash
> ps wwh $PPID > /tmp/sendmail.log 2>&1
> exec /path/to/exim "$@"
> -------------------------------------
>
> make it executable (chmod +x /usr/sbin/sendmail), run,
> then look into /tmp/sendmail.log.
Well, I did it.
This is my /tmp/sendmail.log:
6366 pts/0 S+ 0:00 exim -d+all -bh 185.242.112.224
Do I understand correctly, that Exim generate the E-Mail?
Thanks
Luca Bertoncello
(lucabert@???)
