Solved

Regarding lost messages from the MAIL SERVER (Red Hat 8.0)

Posted on 2004-09-24
5
215 Views
Last Modified: 2013-12-16
Hi Experts,
Recently,  I have been geeting a very peculiar problem regarding the mailbox of one user. Actually, as sysadmin, I checked for his stored messages in /var/spool/mail but could find messages for just last two days. There is no problem with the mailboxes of other users and even there is sufficient disk space on the mailserver(Red Hat 8.0). Actually, the user in question sometimes log in from different places and he told me that he is not using POP client.How can I track his lost messages ? Secondly, are there any log entries created somewhere when someone stores messages locally on the machine using POP client so that it can be used as a proof for arguement ?
Thanks alot  in advance for co-operation
0
Comment
Question by:mn210
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 12146472
How does he know that there are "lost messages" as opposed to mail that may have never reached your server? Seems to me that he/she would only know that mail was missing if they had read messages that are no longer there. And in that case I'd want to know what they were using to look at the mail and could it have downloaded the missing messages and deleted them from the server.

If this person isn't using POP how are they reading mail?

In the case where a user claims that they should have received a message and it's not there I check the maillog for evidence that I received something from that sender and find out what happened to it.
0
 

Author Comment

by:mn210
ID: 12147070
The user have already read his messages for last couple of days and when he logged on today, he could retrieve messages for only last two days. As per his words, he is using IMAP for reading mail.

0
 
LVL 40

Expert Comment

by:jlevie
ID: 12147600
In a case like this that only affects a single user Occam's Razor would suggest that the simplest explanation is the most likely. Namely that the user ran a client MUA that downloaded and deleted mail from his/her INBOX. That could be web surfing with browser configured for POP, logging in to the mail server and check mail with "mail' or 'pine', or similar. I'd suggest that you search your logs for this username and see what you can find.
0
 

Author Comment

by:mn210
ID: 12147816
I will check the maillog .Should I check the maillog on  the mailserver or also on the webserver ?
Secondly, I want to save an archive of the messages of all users (which is about of size 180MB).As SENDMAIL deamon is running all the time, can you please advice as how can I achieve my objective ?
0
 
LVL 40

Accepted Solution

by:
jlevie earned 125 total points
ID: 12148178
Check both maillog and messages on the mail server. That should show what forms of access this user employed.

If you want to be certain that the backup is valid you'll want to stop sendmail (service sendmail stop) and disable the IMAP and POP services. It's been so long since I ran a UWash IMAP server that I don't remember the service names, but the'll show up in the output of 'chkconfig --list' as perhaps imap and pop3. Then you just do 'chkconfig imap off', etc.

Once you've made the backup, perhaps like:

cd /var/spool
tar cvzf /path-to/mail-backup.tar.gz mail

you can reverse the mail shutdown steps.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Moving from Mcrypt to OpenSSL 18 74
Apache module 5 84
Certificate Request CentOS/Apache 1 56
How many users could squid support? 21 57
Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question