HPE Community
Operating System - HP-UX
1751967 Members
4783 Online
108783 Solutions
New Discussion юеВ

Tracking sent messages.

 
RedBack
Frequent Advisor

тАО02-13-2003 01:58 PM

тАО02-13-2003 01:58 PM

Tracking sent messages.

I am trying to find out what is sending email from my HP-UX 11.0 server.
My Internet mail gateway is being bombarded with messages that have an incorrect domain name. I can not find what is generating all this mail. It seams that the mail is a result of a event or error but I'm not sure what. The send to address is user@mailgw. There appears to be no cron or AT jobs that are doing this. Is there default logging of all sent mail for each user? How can I track this down? Any help would be greatly appreciated.
0 Kudos
Reply
7 REPLIES 7
Jeff Schussele
Honored Contributor

тАО02-13-2003 02:00 PM

тАО02-13-2003 02:00 PM

Re: Tracking sent messages.

Hi Mark,

/var/adm/syslog/mail.log

is the defualt log for sendmail.

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Christopher Caldwell
Honored Contributor

тАО02-13-2003 02:05 PM

тАО02-13-2003 02:05 PM

Re: Tracking sent messages.

>I am trying to find out what is sending email from my HP-UX 11.0 server.

Post a snippet from /var/adm/syslog/mail.log that has the suspect address; give us about 10 lines or so.

>The send to address is user@mailgw.

Sound like an add on app (not HP). You might let us know what runs on this host.
0 Kudos
Reply
RedBack
Frequent Advisor

тАО02-13-2003 02:06 PM

тАО02-13-2003 02:06 PM

Re: Tracking sent messages.

Now I can see that the messages are going every few minutes. But what is causing it and why is the to address user@mailgw ?
0 Kudos
Reply
Jeff Schussele
Honored Contributor

тАО02-13-2003 02:19 PM

тАО02-13-2003 02:19 PM

Re: Tracking sent messages.

Hi Mark,

I'd stop sendmail
/sbin/init.d/sendmail stop
and let a msg or two build in the queue. Then look them over for clues.
They'll be sitting in
/var/spool/mqueue
and the msg ID - QAA12862 - in this case will denote the files in question. There will be 2 or 3. One's a header & one's the body.

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
RedBack
Frequent Advisor

тАО02-13-2003 02:55 PM

тАО02-13-2003 02:55 PM

Re: Tracking sent messages.

I have killed sendmail. There are no messages in the queue yet the mail log reports that messages are still being sent??? What is sending the messages?
0 Kudos
Reply
Christopher Caldwell
Honored Contributor

тАО02-13-2003 03:17 PM

тАО02-13-2003 03:17 PM

Re: Tracking sent messages.

What's imsdba? (Sound like the database administrator for something [IMS}).

Post the results of
$grep DS /etc/mail/sendmail.cf


Logs entries are created in /var/adm/syslog/mail.log for each piece of mail sent, regardless of whether the sendmail daemon is actually running or not (client calls to sendmail via mailx, mail, or elm don't require the sendmail daemon to run).

0 Kudos
Reply
Kasper Haitsma
Trusted Contributor

тАО02-14-2003 12:53 AM

тАО02-14-2003 12:53 AM

Re: Tracking sent messages.

Hi, stopping sendmail (/sbin/init.d/sendmail stop) does not prevent sending, it only stops the daemon, that takes care of receiving mail from external to the system and queue processing. If you change in /etc/mail/sendmail.cf (somewhere around line 810 -850 for a default sendmail.cf) :
O DeliveryMode=queue
instead of background, sent messages will be put in /var/spool/mqueue, waiting to be processed by the deamon (no need to stop/start, since we want it stopped and changes of sendmail.cf take effect immediately except for an active daemon).
In a 'stopped' situation, all newly sent mail on this system will be queued (watch for file system full issues now). You have now stopped the bombardment, if it is comming from this new hp-ux 11.0 system (new11.0), at least you have eliminated new11.0 from sending.
If these messages come from new11.0, you can now analize the messages in the queue. It is helpfull, if you would post an excerpt from /var/adm/syslog/mail.log here (as has been requested before) and/or a qf.... file from the mqueue directory. That way, we can assist you.

HTH
Kasper
It depends
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.