- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Finding scripts sending emails
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-20-2009 03:09 AM
тАО07-20-2009 03:09 AM
Finding scripts sending emails
Is there anyway I can find out which script or which programme does send that email in any one system ?
I suspect most of these are automated entries like the ones in crontab/automated scripts.
The idea is to pinpoint the scripts which send such emails.
I just see the logs like below
Jul 17 02:24:28 apple sendmail[15684]: [ID 801593 mail.info] n6H1ORS15682: to=
Jul 17 02:24:01 apple sendmail[15287]: [ID 801593 mail.info] n6H1O1S15265: to=
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-20-2009 03:22 AM
тАО07-20-2009 03:22 AM
Re: Finding scripts sending emails
From the message you can get a subject to do the search.
From crontab, you can look for scripts invoking mailx, mail or sendmail.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-20-2009 03:48 AM
тАО07-20-2009 03:48 AM
Re: Finding scripts sending emails
As Dennis said, a "brute" force search might be the fastest way.
> Dennis: From crontab, you can look for scripts invoking mailx, mail or sendmail.
Yes, not only that but remember that any output (STDOUT or STDERR) from a crontask that isn't redirected to a file will generate mail to the initiating user. Thus, you need to examine the user's crontab entries for this behavior, too.
Regards!
...JRF...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-20-2009 03:52 AM
тАО07-20-2009 03:52 AM
Re: Finding scripts sending emails
There is no way from a sendmail log to know what script started the send.
What you can do is get the exact start time and compare it to the cron schedule on the system and the keystroke logs of the users involved.
You can get enough data to know what user sent the email, though a root cron job with a su - username 'command' can send as any user on the system.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-20-2009 04:33 AM
тАО07-20-2009 04:33 AM
Re: Finding scripts sending emails
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-20-2009 10:06 AM
тАО07-20-2009 10:06 AM
Re: Finding scripts sending emails
MYNAME=${0##*/}
MAILTO=$MYNAME
...
echo "something to mail" | mailx -s "$MYNAME: someTitle" $MYNAME
Assumming the script's name is abc.ksh, then the mailx line looks like this:
echo "something to mail" | mailx -s "$abc.ksh: someTitle" abc.ksh
And in /etc/mail/aliases, I create an alias called abc.txt and set it to the distribution list. This now documents the name of the script in the subject and it allows me to change the distribution list without modifying the script at all.
(scripting note: ${0##*} is the more efficient shell way to implement the basename command)
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-20-2009 10:45 AM
тАО07-20-2009 10:45 AM
Re: Finding scripts sending emails
find /startdir_where_script_are |xargs grep -l "the particular from user"
If your scripts tend to be in just one or two locations, it's a relatively simple matter.
Pete
Pete
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-20-2009 10:46 AM
тАО07-20-2009 10:46 AM
Re: Finding scripts sending emails
Pete
Pete
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-20-2009 08:01 PM
тАО07-20-2009 08:01 PM
Re: Finding scripts sending emails
Yes and the mail you get tells you exactly that. It is from root with the subject "cron". And it lists the crontab command.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-20-2009 08:38 PM
тАО07-20-2009 08:38 PM
Re: Finding scripts sending emails
1]Please go though the logs carefully.Which will give the details of from whom this mail is coming and to which id it is sending mail.
2] I believe in this case "apple" user is sending mail.
3]U can check /var/mail/"user" file.
4] Once u get the details of users then check the cron details of that user using #crontab -l "username" |grep -i scriptname
5]May be thease steps will help you out.
Rgds
Yogesh