Okay, I found /etc/cron.daily/exim4-base which seems to be the script that is running each morning. I'm not really that smart in reading these scripts. I find the mail command and the subject line. What I don't seem to find is the TO: line. I do see references of $E4BCD_DAILY_REPORT_TO which may be the TO: string, but I can't find that variable defined. I find these declarations at the beginning of the script:
E4BCD_DAILY_REPORT_TO="" E4BCD_DAILY_REPORT_OPTIONS="" E4BCD_WATCH_PANICLOG="yes" # Number of lines of paniclog quoted in warning email. E4BCD_PANICLOG_LINES="10" E4BCD_PANICLOG_NOISE="" but those are empty strings. I did move the exim4-base script out of the cron.daily folder which, I hope, should stop the outgoing emails. I do need to get this mailserver working again. Is exim4 still a good choice? Anybody recommend a good tutorial on it? I haven't worked with mailservers since about 2005 so I'm a bit rusty and need to get caught up on current practices. Thanks, Michael On Thu, Mar 18, 2021 at 5:04 PM James Bertelson <ja...@bertelson.me> wrote: > Cron.daily runs at 0625 on Ubuntu. I’d check /etc/cron.daily for scripts. > > Sent from a mobile device > > > On Mar 18, 2021, at 7:54 PM, Michael Barnes <barnmich...@gmail.com> > wrote: > > > > As part of my new gig, I inherited an email server. It is an Intel NUC > > running Linux. I have almost no information on it, other than its login > > info. Looking at various logs, I find a folder /var/log/Exim4 with mail > > logs in it. It has a series of log files titled mainlog with owner of > > Debian-exim and group of adm. > > > > In looking at the log, it has an entry every morning at 0625 that seems > to > > be sending an email to an unknown person. I have obscured the identity > data. > > > > 2021-03-18 06:25:02 1lMse6-0001wL-1W <= r...@mailx.mydomain.com U=root > > P=local S=707 > > 2021-03-18 06:25:06 1lMse6-0001wL-1W => some...@somewhere.org < > > r...@mailx.mydomain.com> R=dnslookup T=remote_smtp H= > > in1-smtp.messagingengine.com [66.111.4.73] > > X=TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256 CV=yes > > DN="C=AU,ST=Victoria,L=Melbourne,O=FastMail Pty Ltd,CN=*. > messagingengine.com" > > K C="250 2.0.0 Queued as 89A962AC350" > > 2021-03-18 06:25:06 1lMse6-0001wL-1W Completed > > > > Any ideas on exactly what is happening here? I certainly don't want this > > thing sending someone emails every day that I do not know about. > > > > Thanks, > > Michael > > _______________________________________________ > > PLUG: https://pdxlinux.org > > PLUG mailing list > > PLUG@pdxlinux.org > > http://lists.pdxlinux.org/mailman/listinfo/plug > > _______________________________________________ > PLUG: https://pdxlinux.org > PLUG mailing list > PLUG@pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug > _______________________________________________ PLUG: https://pdxlinux.org PLUG mailing list PLUG@pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug