I have a solaris machine serving as a DNS server for my environment. Everytime I go into /var/spool/mqueue , there are an aweful lot of emails with names likes:
qfqB6ChrpL006644.
When I cat the file , I get the following output:
H??Received: from machine.domain.com (machine.domain.com [172.21.5.17])
by machine.domain.com (8.13.8+Sun/8.13.8) with ESMTP id qB6Dk5ow015892
for <user@machine.domain.com>; Thu, 6 Dec 2012 18:46:05 +0500 (PKT)
H??Received: (from user@localhost)
by machine.domain.com (8.14.4+Sun/8.14.4/Submit) id qB6Dk0td018573
for orb2; Thu, 6 Dec 2012 18:46:00 +0500
H??Date: Thu, 6 Dec 2012 18:46:00 +0500
H??From: Orb Second Instance User <ouser@machine2.domain.com>
H??Message-Id: <201212061346.qB6Dk0td018573@machine.domain.com>
H??To: user@machine2.domain.com
H??Subject: Couldn't run your "cron" job
H??MIME-Version: 1.0
H??Content-Type: text/plain
It seems that crons from other machines are sending random mails. How do I identify on other machines the script that are sending these emails to my dns server. I want them to stop.
Do you know what is 172.21.5.17? That might give you a clue.
If you don't use unix based e-mail except for outgoing notices, then perhaps you could turn off the service. I expect it runs on port 25 as a default SMTP service will.
If you can avoid unix email as a human user, then that's probably best.
Command is simply mail, but read the manual page first as it is a bit messy. probably the best way to use mail is as a notifier, but you will need to set up your sendmail.cf file (often down /etc) and tweak a few records. Assuming that you have more sensible mail with a central server of some sort that will accept SMTP messsages then you can enable and set the DS record in this file. For me, I set the record to be:-
DSliverpool-relay-01.mycompany.co.uk
You need to ensure that the name can be resolved by DNS preferably and that the port is available. If you do the following, you should get similar output if it is alive:-
RBATTE1 @ /home/RBATTE1> telnet liverpool-relay-01 25
Trying...
Connected to liverpool-relay-01.mycompany.co.uk.
Escape character is '^]'.
220-SMTP Relay
220 Warning: no name found in DNS for your host address
HELO
250 OK
QUIT
221 mycompany.co.uk closing
Connection closed.
RBATTE1 @ /home/RBATTE1>
It may take a few seconds to connect so be patient, but if you are getting over 20 seconds, there is probably a block on the port.
You then use the mail or the sendmail command, to send mail to your normal e-mail account.
If your directory /var/spool/mqueue is filling up, then this is probably outgoing mail that is stuck. Fixing the above may then start delivering them to (I presume you have obscured it) user@machine.domain.com
I hope that this is useful, but let me know if I have completely missed the point.
(