As part of my new gig, I inherited an email server. It is an Intel NUC running Linux. I have almost no information on it, other than its login info. Looking at various logs, I find a folder /var/log/Exim4 with mail logs in it. It has a series of log files titled mainlog with owner of Debian-exim and group of adm.
In looking at the log, it has an entry every morning at 0625 that seems to be sending an email to an unknown person. I have obscured the identity data. 2021-03-18 06:25:02 1lMse6-0001wL-1W <= r...@mailx.mydomain.com U=root P=local S=707 2021-03-18 06:25:06 1lMse6-0001wL-1W => some...@somewhere.org < r...@mailx.mydomain.com> R=dnslookup T=remote_smtp H= in1-smtp.messagingengine.com [66.111.4.73] X=TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256 CV=yes DN="C=AU,ST=Victoria,L=Melbourne,O=FastMail Pty Ltd,CN=*.messagingengine.com" K C="250 2.0.0 Queued as 89A962AC350" 2021-03-18 06:25:06 1lMse6-0001wL-1W Completed Any ideas on exactly what is happening here? I certainly don't want this thing sending someone emails every day that I do not know about. Thanks, Michael _______________________________________________ PLUG: https://pdxlinux.org PLUG mailing list PLUG@pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug