Hi, On Wed, Sep 06, 2006 at 09:27:51AM +0200, Zbigniew Szalbot wrote: > > So are these messages stuck in an exim queue that you control? If so, you > > can > > use "mailq" to show the contents of the queue, and commands like "exim -Mvh > > 1GKlnS-0000Hv-AV" to show the headers of a message in the queue (given its > > ID), or "exim -Mvb 1GKlnS-0000Hv-AV" for the body. That should help you > > work > > out what submitted the message, hopefully. > > All of them are along the following line: > > 204P Received: from root by szalbot.homedns.org with local (Exim 4.60 > (FreeBSD)) > (envelope-from <[EMAIL PROTECTED]>) > id 1GKlnS-0000Hv-AV > for [EMAIL PROTECTED]; Wed, 06 Sep 2006 03:01:42 +0200 > 009* To: root > 029T To: [EMAIL PROTECTED] > 043 Subject: 192.168.11.51 security run output > 052I Message-Id: <[EMAIL PROTECTED]> > 046F From: Charlie Root <[EMAIL PROTECTED]> > 038 Date: Wed, 06 Sep 2006 03:01:42 +0200 > > So I guess this is some kind of security problem/issue. Hope I have not > been compromised yet...
As Dave already pointed out, this mail was generated by a daily cron job. The problem is, that exim refuses to deliver the mail to the local user root because of security concerns. The fix is simply to forward these mails to an existing account, e.g. to [EMAIL PROTECTED] by adding the following line to /etc/aliases: root: [EMAIL PROTECTED] BTW: The Received line shows that you are using Exim version 4.60. This version has been replaced same weeks ago. I strongly recommend to read the FreeBSD documentation about cvsup to keep your installation up to date. -- Gruss / Best regards | LF.net GmbH | fon +49 711 90074-411 Matthias Waffenschmidt | Ruppmannstr. 27 | fax +49 711 90074-33 [EMAIL PROTECTED] | D-70565 Stuttgart | http://www.lf.net -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
