HDG wrote: > I'm seeing a lot of messages being sent out by a certain user. It's from > [EMAIL PROTECTED], so I need to figure out how/why these are being > sent. Any ideas how I should do this? I can see the message ID, but not the > actual message. Maybe seeing the actual message would help, how would I do > that?
One of several ways is to use an 'unseen' on the router, add a router following it that archives a copy. Mine are SQL-driven, so I'll spare you the confusion of posting it. Basically the archive router resembles the one you use for local delivery to user mail storage, but to a different dirtree and probably arranged by sender rather than destination. We do both. Quick & dirty way to view the headers and body over an ssh link is: lynx /wherever/you/archived/it (presumes lynx is installed on the server). NB: Depending on where you sit in the command structure, probably prudent to advise management and/or users that you are A) archiving, B) inspecting their traffic, 'in order to <insert good reason here>' That may still not tell you the why or how, though. 'log_selector = +all' then grep/exigrep plus manual inspection of the logs should help show you where the message entered the system (local, submission port, forgery using a relay 'hole' you were not aware of, etc.) and which router(s) handled it. I'd start with just the enhanced logging. HTH, Bill Hacker -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
