?
Solved

Regarding lost messages from the MAIL SERVER (Red Hat 8.0)

Posted on 2004-09-24
5
Medium Priority
?
219 Views
Last Modified: 2013-12-16
Hi Experts,
Recently,  I have been geeting a very peculiar problem regarding the mailbox of one user. Actually, as sysadmin, I checked for his stored messages in /var/spool/mail but could find messages for just last two days. There is no problem with the mailboxes of other users and even there is sufficient disk space on the mailserver(Red Hat 8.0). Actually, the user in question sometimes log in from different places and he told me that he is not using POP client.How can I track his lost messages ? Secondly, are there any log entries created somewhere when someone stores messages locally on the machine using POP client so that it can be used as a proof for arguement ?
Thanks alot  in advance for co-operation
0
Comment
Question by:mn210
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 12146472
How does he know that there are "lost messages" as opposed to mail that may have never reached your server? Seems to me that he/she would only know that mail was missing if they had read messages that are no longer there. And in that case I'd want to know what they were using to look at the mail and could it have downloaded the missing messages and deleted them from the server.

If this person isn't using POP how are they reading mail?

In the case where a user claims that they should have received a message and it's not there I check the maillog for evidence that I received something from that sender and find out what happened to it.
0
 

Author Comment

by:mn210
ID: 12147070
The user have already read his messages for last couple of days and when he logged on today, he could retrieve messages for only last two days. As per his words, he is using IMAP for reading mail.

0
 
LVL 40

Expert Comment

by:jlevie
ID: 12147600
In a case like this that only affects a single user Occam's Razor would suggest that the simplest explanation is the most likely. Namely that the user ran a client MUA that downloaded and deleted mail from his/her INBOX. That could be web surfing with browser configured for POP, logging in to the mail server and check mail with "mail' or 'pine', or similar. I'd suggest that you search your logs for this username and see what you can find.
0
 

Author Comment

by:mn210
ID: 12147816
I will check the maillog .Should I check the maillog on  the mailserver or also on the webserver ?
Secondly, I want to save an archive of the messages of all users (which is about of size 180MB).As SENDMAIL deamon is running all the time, can you please advice as how can I achieve my objective ?
0
 
LVL 40

Accepted Solution

by:
jlevie earned 500 total points
ID: 12148178
Check both maillog and messages on the mail server. That should show what forms of access this user employed.

If you want to be certain that the backup is valid you'll want to stop sendmail (service sendmail stop) and disable the IMAP and POP services. It's been so long since I ran a UWash IMAP server that I don't remember the service names, but the'll show up in the output of 'chkconfig --list' as perhaps imap and pop3. Then you just do 'chkconfig imap off', etc.

Once you've made the backup, perhaps like:

cd /var/spool
tar cvzf /path-to/mail-backup.tar.gz mail

you can reverse the mail shutdown steps.
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

rdate is a Linux command and the network time protocol for immediate date and time setup from another machine. The clocks are synchronized by entering rdate with the -s switch (command without switch just checks the time but does not set anything). …
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses
Course of the Month9 days, 15 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question