Regarding lost messages from the MAIL SERVER (Red Hat 8.0)

Hi Experts,
Recently,  I have been geeting a very peculiar problem regarding the mailbox of one user. Actually, as sysadmin, I checked for his stored messages in /var/spool/mail but could find messages for just last two days. There is no problem with the mailboxes of other users and even there is sufficient disk space on the mailserver(Red Hat 8.0). Actually, the user in question sometimes log in from different places and he told me that he is not using POP client.How can I track his lost messages ? Secondly, are there any log entries created somewhere when someone stores messages locally on the machine using POP client so that it can be used as a proof for arguement ?
Thanks alot  in advance for co-operation
mn210Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jlevieCommented:
How does he know that there are "lost messages" as opposed to mail that may have never reached your server? Seems to me that he/she would only know that mail was missing if they had read messages that are no longer there. And in that case I'd want to know what they were using to look at the mail and could it have downloaded the missing messages and deleted them from the server.

If this person isn't using POP how are they reading mail?

In the case where a user claims that they should have received a message and it's not there I check the maillog for evidence that I received something from that sender and find out what happened to it.
0
mn210Author Commented:
The user have already read his messages for last couple of days and when he logged on today, he could retrieve messages for only last two days. As per his words, he is using IMAP for reading mail.

0
jlevieCommented:
In a case like this that only affects a single user Occam's Razor would suggest that the simplest explanation is the most likely. Namely that the user ran a client MUA that downloaded and deleted mail from his/her INBOX. That could be web surfing with browser configured for POP, logging in to the mail server and check mail with "mail' or 'pine', or similar. I'd suggest that you search your logs for this username and see what you can find.
0
mn210Author Commented:
I will check the maillog .Should I check the maillog on  the mailserver or also on the webserver ?
Secondly, I want to save an archive of the messages of all users (which is about of size 180MB).As SENDMAIL deamon is running all the time, can you please advice as how can I achieve my objective ?
0
jlevieCommented:
Check both maillog and messages on the mail server. That should show what forms of access this user employed.

If you want to be certain that the backup is valid you'll want to stop sendmail (service sendmail stop) and disable the IMAP and POP services. It's been so long since I ran a UWash IMAP server that I don't remember the service names, but the'll show up in the output of 'chkconfig --list' as perhaps imap and pop3. Then you just do 'chkconfig imap off', etc.

Once you've made the backup, perhaps like:

cd /var/spool
tar cvzf /path-to/mail-backup.tar.gz mail

you can reverse the mail shutdown steps.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.