Solved

Regarding lost messages from the MAIL SERVER (Red Hat 8.0)

Posted on 2004-09-24
5
216 Views
Last Modified: 2013-12-16
Hi Experts,
Recently,  I have been geeting a very peculiar problem regarding the mailbox of one user. Actually, as sysadmin, I checked for his stored messages in /var/spool/mail but could find messages for just last two days. There is no problem with the mailboxes of other users and even there is sufficient disk space on the mailserver(Red Hat 8.0). Actually, the user in question sometimes log in from different places and he told me that he is not using POP client.How can I track his lost messages ? Secondly, are there any log entries created somewhere when someone stores messages locally on the machine using POP client so that it can be used as a proof for arguement ?
Thanks alot  in advance for co-operation
0
Comment
Question by:mn210
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 12146472
How does he know that there are "lost messages" as opposed to mail that may have never reached your server? Seems to me that he/she would only know that mail was missing if they had read messages that are no longer there. And in that case I'd want to know what they were using to look at the mail and could it have downloaded the missing messages and deleted them from the server.

If this person isn't using POP how are they reading mail?

In the case where a user claims that they should have received a message and it's not there I check the maillog for evidence that I received something from that sender and find out what happened to it.
0
 

Author Comment

by:mn210
ID: 12147070
The user have already read his messages for last couple of days and when he logged on today, he could retrieve messages for only last two days. As per his words, he is using IMAP for reading mail.

0
 
LVL 40

Expert Comment

by:jlevie
ID: 12147600
In a case like this that only affects a single user Occam's Razor would suggest that the simplest explanation is the most likely. Namely that the user ran a client MUA that downloaded and deleted mail from his/her INBOX. That could be web surfing with browser configured for POP, logging in to the mail server and check mail with "mail' or 'pine', or similar. I'd suggest that you search your logs for this username and see what you can find.
0
 

Author Comment

by:mn210
ID: 12147816
I will check the maillog .Should I check the maillog on  the mailserver or also on the webserver ?
Secondly, I want to save an archive of the messages of all users (which is about of size 180MB).As SENDMAIL deamon is running all the time, can you please advice as how can I achieve my objective ?
0
 
LVL 40

Accepted Solution

by:
jlevie earned 125 total points
ID: 12148178
Check both maillog and messages on the mail server. That should show what forms of access this user employed.

If you want to be certain that the backup is valid you'll want to stop sendmail (service sendmail stop) and disable the IMAP and POP services. It's been so long since I ran a UWash IMAP server that I don't remember the service names, but the'll show up in the output of 'chkconfig --list' as perhaps imap and pop3. Then you just do 'chkconfig imap off', etc.

Once you've made the backup, perhaps like:

cd /var/spool
tar cvzf /path-to/mail-backup.tar.gz mail

you can reverse the mail shutdown steps.
0

Featured Post

Enroll in June's Course of the Month

June’s Course of the Month is now available! Experts Exchange’s Premium Members, Team Accounts, and Qualified Experts have access to a complimentary course each month as part of their membership—an extra way to sharpen your skills and increase training.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…

689 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question