Just to clarify - there was no node in the tab associated with email, they have all been removed. To my mind, as no email node is present in the flow, no email should be sent. The only thing remaining in Node Red concerning emails is node-red-node-email 1.7.8 (Sorry, Nodes and Nodes, getting confused!!)
Reading your reply, I have done my interpretation of it, which I hope is OK, or at least helpful. My server is headless and so Text Editing options are limited. With this in mind, I...
...exported both the Tab Flow and All Flows and put them into Atom, I also grabbed the Project.json file. On all of them I have done CTRL-F to find 'Octopus slots for today' the Subject of the offending email, also the email address it is sent from. Nothing came up in the search.
I can post the code, but I am not sure how much you would want. Current Project size is >266k.
Sorry, I misinterpreted your message. So that is even stranger, you have removed all email nodes but it still sends one. What does it show if you use Search in the node red editor (Ctrl-F or Hamburger menu, Search Flows) for e-mail? The email node type has a dash in it which has confused me in the past.
I didn't mean to export the flow as that may not export everything, I don't know. I meant to look in the flows file itself. If you don't know where that is if you stop and restart node-red in a terminal it will tell you where it is. If you look at that with Atom (maybe make a copy just in case, but I am sure you have it backed up anyway) and search there for e-mail it will show you if you actually still have an e-mail node that you can't see for some reason.
So you did verify that the email doesn't come if Node-RED is shutdown at the time? I started thinking if it could be some kind of a retry loop on the SMTP server. At the same time each day it would go through the emails that bounced back and retry sending but the receiving server would fail to respond, leaving the sender to believe the email didn't go through.
@Colin
I looked in the Project folder and had downloaded flow.json and did CTRL-F in Atom, done it again just in case. (Yes, backed up - had a very embarrassing incident recently that lost me 6 months work! A case of 'Practice what you preach'!! stuck_out_tongue_closed_eyes:)
Node-red search reveals nothing. (searched for errant subject, email address and 'mail', just to avoid hypen).
@ristomatti
I will try that tomorrow. Can't really leave the system offline for too long, it is involved with a lot of stuff, so I will stop and start Node-Red over the time the offending email is sent.
If I look at my ISPConfig 3 SMTP server, there are no messages in the queue (Postfix - postqueue -p)
It doesn't sound like the culprit then. It also just occurred to me that you could check the emails if the headers are the same each day or if the sent date is indeed current.
I can confirm that the headers on the emails show the 'current' date and time i.e. they are all fresh and carry the data for that day. I have noticed that the Date: header is at 0700 +0000, but the first Received: header is for <5 seconds before 0800 +0100 (BST). I think this suggests that the email is being sent from a different computer, or at least somewhere using a different clock.
Node Red is on X.X.X.56, ISPConfig3 is on X.X.X.3. Doing 'top' on both computers through SSH shows that they are well within a second of each other (rather than 'a few seconds'), which to me suggests that some other processing is taking place before the email is sent.
Hmmmm! Node Red stopped, still get email!!! Tomorrow shutdown NodeRed server and see what happens!
I do have a resolution to cure the symptom, but it doesn't cure the problem, which is annoying to me!! Or, of course, a complete rebuild. We shall see...
Something must be triggering it. I presume you have checked the system cron, to re-check run
crontab -l
sudo crontab -l
Repeat crontab -l for each users on the system.
Also check all the scripts in /etc/cron.hourly
Does (or can) your email server log details of all emails and where they were initiated?
Checked all ~$USER both NR and ISPConfig, only crontab is in ISPConfig and concerns ISPConfig itself.
crontab -l
sudo crontab -l
Also manually checked...
Node-Red server syslog shows nothing while node-red stopped (and I mean there are NO log entries)
cron.d no entries
cron.daily just housekeeping
cron.hourly fake-hwclock
ISPConfig3
Cron.d has entries, but nothing regarding mail other than Spam Assassin
cron.daily just housekeeping
cron.hourly no entries
Must admit that it still looks like this is coming from outside, but with no authentication as previously noted, this should not happen. No-one I know uses Virgin and I really don't understand how they are reading data from Node Red as the system is not available unless you are inside my network (which is frightening!). I will look at blacklisting the IP address in Postfix. Attached is extract from ISPConfig mail.log maillog.txt (2.9 KB)
I know Colin, I too read the words and see it's implications, but don't fully understand exactly what it is saying.
Tomorrow I will shutdown the Node Red server completely (as in power off) and see what happens. Depending upon result, I will then disconnect Internet connection on Saturday. In the meantime I need to tear the log apart to get the absolute meaning and also see how I can blacklist the IP in preparation for the next stages!
Intriguing!!! I really don't want to be beaten on this, however, on the plus side, it does give me something to do during the spare time I have between my daily exercise. (All we are allowed to do at the moment.)
I do appreciate these pointers and the support, they all enable me to learn!
Thank you so much for all of your help. You will be pleased to hear that it is not the Node Red server sending the email. It was definitely off when the email was sent this morning, syslog proves it!!
Now I need to look at ISPConfig3, but that is another story, and doesn't belong here.
Always been impressed by this forum, the manners, the patience, the suggestions. Keep it up!
..and Steve, I will be checking out the new CronPlus. It looks very impressive.
Please do let us know where it was coming from when you find out. Even if it is embarrassing (which these things often are). Others may learn from your experience. I had a rather similar experience a little while ago with phantom messages arriving via MQTT. Eventually I discovered that at some point I had imported a flow snippet into the wrong node-red system and it had been sitting there occasionally injecting garbage into my otherwise working system.
Yes, I have already planned on doing that, after all, this is how we learn, and I also owe it to you guys. As you say, it may help someone else and save them going through the same pain.
It may take a little time, but, if all else fails I had intended to update ISPConfig3 once Ubuntu 20.04 LTS is a bit more mature. I have an old Asus EEE box laying around for that, just need a new disk drive. Having said that, I do intend and need to find the fault for my own peace of mind.
As an Engineer, I have always used the maxim that you need to fix the problem, not the symptoms. It has always stood me well.
I had an epiphany during the wee small hours of this morning.
It turns out that this email was coming from a valid Node Red installation elsewhere, but not in my Network!!
I developed this flow after reading one of the threads on the forum regarding Octopus Agile pricing. I shared my flow with another member and mistakenly left my email address in one of the functions. The flow was run with the email part being left in to 'have a play with later', with some of the information REM'd out, but unfortunately, one bit was left non-REM'd - that is where the email was coming from.
Mia Culpa, left my email addresses in shared code. I won't be doing that again in a hurry.
I was gona suggest you might have another node-red running this - but declined to say as you seem to know your onions and I thought it a bit cheeky to suggest it - i didnt imagine you had shared your work and someone has unwittingly used it without modification haha
I am relieved that I found the problem, even if a little embarrassed that it was self inflicted. I was dreading it being some weird bug somewhere, in whatever software. Traced a few of those in my time.
The problem is, I am aware that I know just enough to be dangerous in these things and I would hope that I will always have the decency to take on board suggestions from those with greater knowledge and who offer assistance in these things. After all, I asked for the help.
haha
