UNIX for Dummies Questions & Answers

Hi all

I need help finding a process that is continuing to create files in the above area. There are three sub folder titled addr q.local and msg . I have already found a process called mmdf running and have used the kill command to stop this from running. I have also looked for sendmail or qmail but neither are running.

These files continue to be created and all start with msg and then have very obscure names after the dot. The system in question is also running slow which I can only assume is caused by the same process that it doing this.

The O/S is Sco Unix Release 5. Any help would be appreciated.

Hi,
One approach i can think of is to first list the process ids
1. ps -eaf | tr -s " " | cut -f 1 -d " " > mytemppid.txt
2. sed '1d' mytemppid.txt > mypid.txt //Deleting first line teh header

Now for each process id see what files it has opened using
4. /usr/proc/bin/pfiles <pid>
Where pid is the process-id of the process.
It lists the inode numbers of all the files, opened
by that process.

Since its list inode number you need to know the inode number fo your file .
ls -li gives inode number for your file.

Hope this helps.
Regs,
Reddy

On running ps -eaf | tr -s " " | cut -f 1 -d " " > pidlist I get an empty file, is this because the ps command has something different for SCO? I know that running ps -ef would work but what does the a parameter do?

this should probably give you some listing,
eccentric that you dont get any output
atleast you can try this,
try executing the commands individually and you can find the point

besides,
-a option would eliminate listing of session leaders and process that are not connected to the terminal

mmdf is the SCO mail daemon - the files being created are probably email to be sent. If it's like Sendmail, the mail will still be running even though you killed the mmdf process. This means killing the process doesn't stop email from being created and put into the queue to be sent - it just means you can't receive mail on that server (again, assuming MMD works like Sendmail).

Check what type of files are being put into the directories - file * should list them. If they are type ascii, cat a couple of them. You will probably find they are emails. Check to see if any of the files seem to be spam. You may not have your mmdf set up properly and could be a relay for a spammer.

Killing off the mmdf probably didn't do a thing for you. And if the system is slow (and email isn't going out), then you probably have a problem with DNS (again, this is assuming that mmdf works like Sendmail) OR with someone using your system as a mail relay.

mmdf relay
MMDF overview

Quote from MMDF overview:

The files in these folder start with msg. followed by very unusal characters including ASCII line graphics . I will however attempt to view one of these files and thanks for the input on this. The strange part is that this server is not used for emailing so these messages must aimed at the admin?

I have viewed one of these files and it contains the following lines (I have had to edited the details after the @ sign due to it being a security matter)

1143335643m2
mmdf@madeup.domain.com
- m local, , root

Does this help anymore on why this is happening?