Hello,

I have a server that is sending out emails, but I cannot tell what is actually generating the emails.

I suspect there is a script being ran that is using the "mail" command to put the emails in the postfix queue, but I'm at a loss on how to trace this.

Has anyone ran into a similar problem/solution?

Thanks!
Michael

If it's spam e-mails then do the whole world a favour and firewall outbound mail connections or take your server off-line until you resolve the problem.

Look for any suspicious processes running using ps
If it's a web server then shut down your httpd service (probably apache) and look for any processes that remain with the name "httpd". If the mail stops when you shut down apache then check your website(s) for any additional code or modified files. If necessary, disable all vhosts and bring them back one at a time to see if you can identify which site.
If you allow users to login via SSH then check to see if any of them have any running processes, check also the log files to see if there's any suspicious activity around a particular user.

There's also loads of similar threads in here or in the Security forum.

1 members found this post helpful.

Oh, and also check that your mail server isn't acting as an open relay.

1 members found this post helpful.

It's actually not sending spam. It's sending alerts similar to this:

ORA-1653: unable to extend table WEBDB.TP_USER_LOG by 16 in tablespace TP_DATA

I have already checked with the DBA and he assures me that there isn't anything in the Oracle configuration that is sending these. I have my doubts, but now it would seem that it's on me to prove otherwise. I've tried searching through scripts in the Oracle home directory, looked in cron, etc. but I'm unable to find anything.

The server is only listening on the loopback interface for port 25 and isn't exposed to the internet.

What I was hoping was that I could put postfix/smtpd/whatever into some kind of debug mode that would log what process was sending the actual mail, but I'm not sure how to do this.

Thanks for your help.

Contact Oracle, that's why you're paying them for support.

Next time you start a thread why not include important information like that, would have saved me giving general answers to your general question.

While I don't disagree with you, it would be useful to know how to determine what is sending emails in a general sense for other situations that don't involve Oracle. This is why I didn't initially include this information.

It sounds like you're not sure how to do that, so maybe someone else will come across this thread will have some ideas on how to accomplish this.

Thanks! :-)

That's an oracle error message, quite well documented in Google, so..... refer it to your Oracle DBA or Oracle support, or wait until someone else on here tells you exactly the same thing. Good luck.

I agree that it's an Oracle error. I'm not interested in the error itself, just figuring out what is sending the emails. What I'm trying to determine is if it is Oracle itself that is sending it, or a script that someone implemented that scrapes an Oracle log and sends it. It very well could be the later, in which case Oracle support will be no help.

Thanks for your help!

So if you suspect it's a script that's scraping logs then look in your cron log or the various users crontabs to see if there's anything running on a regular basis.

Maybe the first result of a google search for "oracle error reporting by email" may be of help:

http://www.dba-oracle.com/job_schedu...ifications.htm

I've checked there and was unable to find anything.

Thanks. I'll look into that link. Unfortunately my understanding of Oracle is limited, and the DBA isn't exactly being helpful, which of course isn't a technical issue that I'm looking to solve here, but is something that I have to deal with. :-)

Set up a mail forward that CC's those mails to your DBA. When we do this we find that suddenly they become extremely helpful.

2 members found this post helpful.

lol!