Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 224
  • Last Modified:

Regarding lost messages from the MAIL SERVER (Red Hat 8.0)

Hi Experts,
Recently,  I have been geeting a very peculiar problem regarding the mailbox of one user. Actually, as sysadmin, I checked for his stored messages in /var/spool/mail but could find messages for just last two days. There is no problem with the mailboxes of other users and even there is sufficient disk space on the mailserver(Red Hat 8.0). Actually, the user in question sometimes log in from different places and he told me that he is not using POP client.How can I track his lost messages ? Secondly, are there any log entries created somewhere when someone stores messages locally on the machine using POP client so that it can be used as a proof for arguement ?
Thanks alot  in advance for co-operation
0
mn210
Asked:
mn210
  • 3
  • 2
1 Solution
 
jlevieCommented:
How does he know that there are "lost messages" as opposed to mail that may have never reached your server? Seems to me that he/she would only know that mail was missing if they had read messages that are no longer there. And in that case I'd want to know what they were using to look at the mail and could it have downloaded the missing messages and deleted them from the server.

If this person isn't using POP how are they reading mail?

In the case where a user claims that they should have received a message and it's not there I check the maillog for evidence that I received something from that sender and find out what happened to it.
0
 
mn210Author Commented:
The user have already read his messages for last couple of days and when he logged on today, he could retrieve messages for only last two days. As per his words, he is using IMAP for reading mail.

0
 
jlevieCommented:
In a case like this that only affects a single user Occam's Razor would suggest that the simplest explanation is the most likely. Namely that the user ran a client MUA that downloaded and deleted mail from his/her INBOX. That could be web surfing with browser configured for POP, logging in to the mail server and check mail with "mail' or 'pine', or similar. I'd suggest that you search your logs for this username and see what you can find.
0
 
mn210Author Commented:
I will check the maillog .Should I check the maillog on  the mailserver or also on the webserver ?
Secondly, I want to save an archive of the messages of all users (which is about of size 180MB).As SENDMAIL deamon is running all the time, can you please advice as how can I achieve my objective ?
0
 
jlevieCommented:
Check both maillog and messages on the mail server. That should show what forms of access this user employed.

If you want to be certain that the backup is valid you'll want to stop sendmail (service sendmail stop) and disable the IMAP and POP services. It's been so long since I ran a UWash IMAP server that I don't remember the service names, but the'll show up in the output of 'chkconfig --list' as perhaps imap and pop3. Then you just do 'chkconfig imap off', etc.

Once you've made the backup, perhaps like:

cd /var/spool
tar cvzf /path-to/mail-backup.tar.gz mail

you can reverse the mail shutdown steps.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now