What is nobody doing?
Julian Field
MailScanner at ecs.soton.ac.uk
Fri Mar 3 16:35:55 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
On 3 Mar 2006, at 16:12, Kevin Miller wrote:
> I posted the following a month ago, but didn't receive any
> responses so
> thought I'd try again. Is anyone else seeing this behavior? I'd
> hazard
> a guess that it's something in the bayes cache mechanism.
>
> Thanks.
>
> Kevin Miller wrote:
>> Since I upgraded one of my machines the other day (from 4.33 to
>> 4.50.?
>> beta) my /var/log/messages has been filling up with the messages
>> below. I opened two term windows, one running 'tail -f /var/log/mail'
>> and the other running 'tail -f /var/log/messges' then watched to see
>> what it was happening.
>>
>> /var/log/messages:
>> ==================
>> Feb 2 08:18:23 mail3 su: (to nobody) root on none
>> Feb 2 08:18:23 mail3 su: pam_unix2: session started for user nobody,
>> service su
>> Feb 2 08:18:23 mail3 su: pam_unix2: session finished for user
>> nobody,
>> service su
>>
>> /var/log/mail:
>> ==============
>> Feb 2 08:18:21 mail3 sendmail-in[6185]: k12HIK0g006185:
>> to=<AStubblefield at juneaupolice.com>, delay=00:00:00, mailer=esmtp,
>> pri=33805, stat=queued
>> Feb 2 08:18:22 mail3 MailScanner[5160]: New Batch: Scanning 1
>> messages, 4424 bytes
>>
>> Normally I see a few 'session started for user nobody' when updatedb
>> runs, but these are happening everytime new mail arrives. The su
>> seems to happen just after the message is queued, that is between the
>> first and second lines in the mail log. Is this expected behavior?
>> Why does root need to su to nobody to do whatever it's doing, when it
>> never had to before?
This may be caused by sendmail changing its username when it tries to
deliver mail, but I've never seen this before. MailScanner doesn't
change its username when running sendmail at all, so I don't see how
this is connected.
As for the /var/log/mail extract, this is perfectly normal. Sendmail
queues 1 incoming message into /var/spool/mqueue.in, which
MailScanner is then picking up as a new batch (a batch of 1 message
because there was only 1 message ready for processing when
MailScanner looked at the queue). You would expect to see this for
every new message that comes into your system.
- --
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.5 (Build 5050)
iQEVAwUBRAhwbfw32o+k+q+hAQFXbgf/T40G/1cBnSR1zKPEuFQ4kCUbl1kWWNWs
Cqhz2u72ByRX4ftiGGHP+QO5GP4dv40hC4oLVNr4+nEOnhcsJTjtygK6Zud3Kei8
0qIfoKAPQYcVs30SnZ3G0b1oazWpZtXBa298m2jWn1yWurMfGFZf8vhcxJ+tCcfh
t2ugoy4zhfUgFZW7C/oB04VjA0GeOcDsY+ppo5lKVxE3eFawM5CrYLggNoCfhDU1
xri24WfFjeu6lsfeqwg9sW7vJ/pcYsmJyTF245wyLsdiMrKE4ky0trh2FNwRdSdd
2eRaHuaaVOtQAMRZAwjuRPxjV8DUmSUNbvMcrR8rAxrsjcdXOyi0+Q==
=lm/i
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list