[wellylug] anti-rootkit programs: WAS Re: Mutt & exim4 freeze outgoing mail ..

Adam Bogacki afb at paradise.net.nz
Fri Jan 26 16:40:32 NZDT 2007


>> Hmm .. My ISP rang to tell me that mail is arriving
>> From: 'root at paradise.net.nz' again, since the latest
>>'dpkg-reconfigure exim4-config' (correctly done as root).
>> 
>> /etc/exim4/update-exim4.conf.conf .. looks OK.
>>
>> I'm bit stumped at the moment.
>>
>> Any ideas ?
> 
>Um, I have slightly different setup here. My Exim is in its own Domain
>and I get my mail from my ISP via fetchmail, so I don't use their Domain.
>
>I don't believe that exim, by default, does anything with the sender's
>address. I believe that you will have to look at mutt for that. In my
>mail client, Thunderbird, I set the address. If I use, eg, the 'mail'
>command it defaults to root@<mydomain>.

>I had a quick look at the 'mutt' man page. I *think* you can set it as
>an environment variable or perhaps in the .muttrc.

>There are some mutt users around. Maybe they can tell us for sure.

The Paradise Webmaster sent me a sample of the offending emails. They originated
with recently installed anti-rootkit programs 'logcheck', 'rkhunter', and
'tripwire'. I knew they would be emailing my 'root' account, but not via the ISP.
Probably a config issue - most 'apt-get' Debian stuff just works, but this is
Ubuntu's Edgy Eft. I uninstalled 'logcheck' and checked 'man rkhunter'
but saw no reference as to why this may occur.

Why would Ubuntu's default config suggest that 'root' lives at 'paradise.net.nz'
rather than 'Tux', my system ? If not an Ubuntu issue, where should I best start looking ?

Adam Bogacki,
afb at paradise.net.nz 




More information about the wellylug mailing list