• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 254
  • Last Modified:

Possible to know if an Email have been read by someone else?

Hi,

on my server are several domains and one of my customers would like to know if it's possible to know if an email sent to her account has been read by someone else.

She has the feeling that someone else is reading her emails - it might be possible because a technican might have had a look at her email and password. If that guy has set up his email client that way that the emails aren't deleted from the server when receiving them, is it possible to know if someone did it like that way?
Are there logfiles who accessed the emails? My client has a static ip address, btw.

We will change the password soon, but before we're going to do this, we want to ensure that no one else than her is reading the mails.

Thanks,
su-n
0
su-n
Asked:
su-n
  • 3
  • 2
  • 2
  • +5
7 Solutions
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
It's possible, but there's no certain way of knowing.  If their mail servers are on linux, then someone could simply CAT the mail file and read it raw - that would not appear in the logs.
0
 
su-nAuthor Commented:
It's a linux system. If the guy does only have the username/password for the email account, no ssh or this. Would't anything for accessing appear in some logs?
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
I'm not THAT familiar with linux - the POP3 server should have logs of access by IP address - that would give you a clue.  See what others can direct you to.
0
On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

 
ravenplCommented:
The server admin should be able to list all account logins, along with source IP...
usually /var/log/maillog
0
 
Dushan De SilvaTechnology ArchitectCommented:
check logs in email server.

BR Dushan
0
 
su-nAuthor Commented:
@ ravenpl: In /var/log isn't a file or folder maillog.
@Dushan911: if you could be a little more specific, I'll do so

Thanks,
su-n
0
 
nls73mCommented:
the linux admin can always edit and delete log files. you can always check log files like the previous posts to see who has logged into the linux server. you can also check his / her last commands - .bash_history. It is not very good that you don't trust your admin, maybe replace that person. email admins should be someone who you trust. log files can show info, but only if they are not edited. check the command history though

0
 
cjl7freelance for hireCommented:
"on my server are several domains and one of my customers would like to know if it's possible to know if an email sent to her account has been read by someone else."

Yes everybody can read her email if they are not encrypted. Emails are (normally) sent as plaintext across the world...
And it doesn't require to enter the mailserver or accessing any protocol like pop or imap...

So is it possible to read it? Yes!!!
Is it possible to know? If the intruder (read: admin) does it on the box it is possible, otherwise No!


Mail is unsecure by nature, if you want it secure you (she) have to encrypt the mail message itself.

//jonas
0
 
Dushan De SilvaTechnology ArchitectCommented:
I mean by looking at logs in your email sever, you can trace backword that who has read email, when and from where emails camed ..etc.

BR Dushan
0
 
nociSoftware EngineerCommented:
You will never know if your mail is read or not, it can be read in transit (on other mailservers) without you knowing it.
If you need confidentiality you need - pgp - gpg or s/mime to encrypt the mail.

0
 
RedfeatherCommented:
Most email servers (postfix, sendmail) have read messages in the user's ./cur directory and unread messages in the ./new directory from that way you can see if the messages are read or not :)
0
 
nociSoftware EngineerCommented:
With read, it also means eavesdropping on the wire, looking in the .new folder without use of a mailer, looking in the mail spooler, possibly on the server of your ISP, the receipient, any intermediary MTA etc. etc.

So you will never know if the message is read by some else or not.
0
 
RedfeatherCommented:
@noci

I completely agree with you on all terms..

But given the fact that the questioner thinks that the attacker is just using the login information of the customer, i think that just checking /cur en /new is enough.

When the attacker has shell access to the server yeah then you'll never know and ultimately you'll nerver know as the server might be compromised.
0
 
nociSoftware EngineerCommented:
@Redfeather,

It is nowhere stated that maildirs are used, there you have a point is an imap or pop server is used.
If it are mailbox files or f.e. a cyrus imap store, then you can only tell if the users own account is used, others leave no marks.
0
 
cjl7freelance for hireCommented:
"Most email servers (postfix, sendmail) have read messages in the user's ./cur directory and unread messages in the ./new directory from that way you can see if the messages are read or not :)"

Not true...

Postfix uses Maildir (or mailbox) = cur,new...

Sendmail uses mailbox = 1 file that gets appended to (/var/spool/mail/username)


//jonas
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 3
  • 2
  • 2
  • +5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now