Hello,
On Wed, 6 Sep 2006, Dave Evans wrote:
>> 2006-09-06 03:01:42 +0200 1GKlnS-0000Hv-AV <= [EMAIL PROTECTED]
>> U=root P=local S=2592
>
> This log line indicates mail /from/ [EMAIL PROTECTED], not /to/ it. I
> wasn't sure if you knew that already.
OK. Now I know. I thing I got it wrong. Sorry and thanks for pointing it
out!
> So are these messages stuck in an exim queue that you control? If so, you can
> use "mailq" to show the contents of the queue, and commands like "exim -Mvh
> 1GKlnS-0000Hv-AV" to show the headers of a message in the queue (given its
> ID), or "exim -Mvb 1GKlnS-0000Hv-AV" for the body. That should help you work
> out what submitted the message, hopefully.
All of them are along the following line:
204P Received: from root by szalbot.homedns.org with local (Exim 4.60
(FreeBSD))
(envelope-from <[EMAIL PROTECTED]>)
id 1GKlnS-0000Hv-AV
for [EMAIL PROTECTED]; Wed, 06 Sep 2006 03:01:42 +0200
009* To: root
029T To: [EMAIL PROTECTED]
043 Subject: 192.168.11.51 security run output
052I Message-Id: <[EMAIL PROTECTED]>
046F From: Charlie Root <[EMAIL PROTECTED]>
038 Date: Wed, 06 Sep 2006 03:01:42 +0200
So I guess this is some kind of security problem/issue. Hope I have not
been compromised yet...
Thank you a lot dear Dave for showing me how to check it!
Warm regards,
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
