Root Mail was Fwd: Re: Postfix, Mutt And No Root Mail?

Sat Oct 27 02:17:11 UTC 2007

--- NoOp <glgxg at sbcglobal.net> wrote:

> On 10/26/2007 05:15 PM, Leonard Chatagnier wrote:
> > --- NoOp <glgxg at sbcglobal.net> wrote:
> > 
> >> On 10/26/2007 11:07 AM, Leonard Chatagnier wrote:
> >> 
> >> >> 
> >> > Hey, Gary,
> >> > My experience with Debian was just opposite. 
> On a
> >> tty<snip>
> >> > you who you wanted root mail to be sent to. 
> >> Haven't
> >> > seen that on Ubuntu that I recall.  FWIW.
> >> > 
> >> > Len
> >> 
> >> Found the culprit... Back in August I had run
> >> Rootkit Hunter - that sent
> >> the mail; found it in /var/spool/mail :-)
> >> 
> >> Thanks & sorry to have interupted the thread.
> >> 
> > Hey Gary,
> > 
> > You may have hit on my problem.  I remember
> playing
> > around with "rootkit" earlier, didn't understand
> it,
> > just forgot about it and don't know what it might
> have
> > done.  Would you elaborate on what you did,
> please?
> > All I have in /var/spool/mail is:
> > lchata at ubuntu:/var/spool/mail$ ls -al
> > total 6564
> > drwxrwsr-x  2 root   mail    4096 2007-10-26 15:03
> .
> > drwxr-xr-x 17 root   root    4096 2007-08-12 17:04
> ..
> > -rw-------  1 lchata mail 6664829 2007-10-26 18:07
> > lchata
> > -rw-r--r--  1 lchata mail   32490 2007-10-26 18:07
> > msg-id-archive-file
> > lchata at ubuntu:/var/spool/mail$ 
> > Thyanks,
> 
> rkhunter by default installs a mail server:
> 
> http://packages.ubuntu.com/gutsy/admin/rkhunter
> <quote>
> exim4
>     meta-package to ease Exim MTA (v4) installation
> or postfix
>     High-performance mail transport agent
> or sendmail
>     powerful, efficient, and scalable Mail Transport
> Agent
> or mail-transport-agent
>     Virtual package
>  .
>  .
>  .
> mailx
>     A simple mail user agent
> </quote>
> 
> I can't recall exactly what I did when I ran it (it
> was in August) but
> it will also send an email to root@<username>
> advising you of what it
> has found. When I looked at /var/spool/mail from
> Nautilus I found the
> file & also found that I couldn't delete it from a
> standard terminal - I
> had to go to root to do it (gksu nautilus).
> 
> Unfortunately I've deleted the mail that I found
> from it in
> /var/spool/mail but I can reinstall on the test
> server & see if I can
> recreate if you'd like.
> 
Thanks Gary for the feedback. I'll keep this in my
Debian folder until I can dig into it.
Ooops, though, my bad.  I had installed chkrootkit and
not rootkit to look for evil programs and am not sure
just what it does or how to interpret the results. 
Maybe RTFM will help, maybe.  Thanks

Leonard Chatagnier
lenc5570 at sbcglobal.net