Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
If it's spam e-mails then do the whole world a favour and firewall outbound mail connections or take your server off-line until you resolve the problem.
Look for any suspicious processes running using ps
If it's a web server then shut down your httpd service (probably apache) and look for any processes that remain with the name "httpd". If the mail stops when you shut down apache then check your website(s) for any additional code or modified files. If necessary, disable all vhosts and bring them back one at a time to see if you can identify which site.
If you allow users to login via SSH then check to see if any of them have any running processes, check also the log files to see if there's any suspicious activity around a particular user.
There's also loads of similar threads in here or in the Security forum.
It's actually not sending spam. It's sending alerts similar to this:
ORA-1653: unable to extend table WEBDB.TP_USER_LOG by 16 in tablespace TP_DATA
I have already checked with the DBA and he assures me that there isn't anything in the Oracle configuration that is sending these. I have my doubts, but now it would seem that it's on me to prove otherwise. I've tried searching through scripts in the Oracle home directory, looked in cron, etc. but I'm unable to find anything.
The server is only listening on the loopback interface for port 25 and isn't exposed to the internet.
What I was hoping was that I could put postfix/smtpd/whatever into some kind of debug mode that would log what process was sending the actual mail, but I'm not sure how to do this.
While I don't disagree with you, it would be useful to know how to determine what is sending emails in a general sense for other situations that don't involve Oracle. This is why I didn't initially include this information.
It sounds like you're not sure how to do that, so maybe someone else will come across this thread will have some ideas on how to accomplish this.
It sounds like you're not sure how to do that, so maybe someone else will come across this thread will have some ideas on how to accomplish this.
That's an oracle error message, quite well documented in Google, so..... refer it to your Oracle DBA or Oracle support, or wait until someone else on here tells you exactly the same thing. Good luck.
I agree that it's an Oracle error. I'm not interested in the error itself, just figuring out what is sending the emails. What I'm trying to determine is if it is Oracle itself that is sending it, or a script that someone implemented that scrapes an Oracle log and sends it. It very well could be the later, in which case Oracle support will be no help.
What I'm trying to determine is if it is Oracle itself that is sending it, or a script that someone implemented that scrapes an Oracle log and sends it. It very well could be the later, in which case Oracle support will be no help.
So if you suspect it's a script that's scraping logs then look in your cron log or the various users crontabs to see if there's anything running on a regular basis.
Thanks. I'll look into that link. Unfortunately my understanding of Oracle is limited, and the DBA isn't exactly being helpful, which of course isn't a technical issue that I'm looking to solve here, but is something that I have to deal with. :-)
Thanks. I'll look into that link. Unfortunately my understanding of Oracle is limited, and the DBA isn't exactly being helpful, which of course isn't a technical issue that I'm looking to solve here, but is something that I have to deal with. :-)
Set up a mail forward that CC's those mails to your DBA. When we do this we find that suddenly they become extremely helpful.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.