Oh... I'm so deceived!
Finally I caught the file entry on /var/log/auth.log
corresponding to an attempt of an unauthorized access of a non sudoer user, which as you now displays the following threatening message <user> is not in the sudoers file. This incident will be reported.
The 'report' part in the line is <date> ... <user> : user NOT in sudoers ; ... <command>