Since this is a message going to root@localhost, my guess would be that
this is coming from cron or some such admin process.
You can use qmHandle to display the whole message while it's still in
the queue. Run qmHandle with no args to see what the options are.
HTH.
--
-Eric 'shubes'
On 02/01/2013 11:42 PM, Mr Denny Jones wrote:
Bharath,
Thank you for the reply!
This is a stand alone mail server. The only website on it is the web
mail interface which is based upon RoundCube.
I wouldn't think RoundCube would have a hole in it like that - at least
I can't find a hole like that.
That is why it would be helpful to know what IP is generating this
message. I was hoping there was some mechanism that might facilitate
that. I did a search through the logs with qmlog and the only log file
that had the [email protected] was the send/current log.
Alternatively, is there a way to follow a message all the way through
the logs: smtp, pop3, spamd, send, etc? If I co uld do that I might have
a chance to grab the IP and slueth it from there.
Thanks,
Denny
------------------------------------------------------------------------
*From:* Bharath Chari <[email protected]>
*To:* [email protected]
*Sent:* Friday, February 1, 2013 11:18 PM
*Subject:* Re: [qmailtoaster] Qmail Send Log Issue
Mr Denny Jones <[email protected]
<mailto:[email protected]>> wrote:
>Hello,
>
>I've had a long standing issue I've not been able to find an
answer to.
>
>Given the following lines in my /var/log/qmail/send/current file:
>
>
>2013-02-01 22:35:43.722132500 new msg 48367517
>2013-02-01 22:35:43.722134500 info msg 48367517: bytes 1683 from
><[email protected]
<mailto:[email protected]>> qp 31991 uid 0
>2013-02-01 22:35:43.726047500 starting delivery 198: msg 48367517 to
>remote [email protected] <mailto:[email protected] in>
>2013-02-01 22:35:43.769474500 delivery 198: failure:
>Sorry,_I_couldn't_find_any_host_named_localhost.localdomain._(#5.1.2)/
>2013-02-01 22:35:43.774195500 bounce msg 48367517 qp 32416
>2013-02-01 22:35:43.774197500 end msg 48367517
>2013-02-01 22:35:43.774383500 new msg 48367763
>2013-02-01 22:35:43.774385500 info msg 48367763: bytes 2282 from <> qp
>32416 uid 7796
>2013-02-01 22:35:43.777942500 starting delivery 199: msg 48367763 to
>remote [email protected]
<mailto:[email protected]>
>2013-02-01 22:35:43.823420500 delivery 199: failure:
>Sorry,_I_couldn't_find_any_host_named_localhost.localdomain._(#5.1.2)/
>2013-02-01 22:35:43.827341500 bounce msg 48367763 qp 32418
& gt;2013-02-01 22:35:43.827342500 end msg 48367763
>2013-02-01 22:35:43.827530500 new msg 48367529
>2013-02-01 22:35:43.827532500 info msg 48367529: bytes 2767 from
<#@[]>
>qp 32418 uid 7796
>2013-02-01 22:35:43.831085500 starting delivery 200: msg 48367529 to
>local lhtek.com-@@lhtek.com
>2013-02-01 22:35:43.852956500 delivery 200: failure:
>invalid_username/[email protected]
<mailto:[email protected]>/
>2013-02-01 22:35:43.852960500 triple bounce: discarding
bounce/48367529
>2013-02-01 22:35:43.852961500 end msg 48367529
>
>
>How do I find out the origin IP of [email protected]
<mailto:[email protected]>? Who
>is sending that message?
>
>
>Also, I assume the #@[] is a double bounce?
>
>Thanks,
>Denny
I may be off the mark here, but is there a possibility that you have
a web page hosted on the same server that has some kind of
mail/contact form? In which case the originating address would be
localhost.
I've seen things like this as a result of insecure web forms.
Bharath
---------------------------------------------------------------------
To unsubscribe, e-mail:
[email protected]
<mailto:[email protected]>
For additional commands, e-mail:
[email protected]
<mailto:[email protected]>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
