[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 248
  • Last Modified:

Possible to know if an Email have been read by someone else?

Hi,

on my server are several domains and one of my customers would like to know if it's possible to know if an email sent to her account has been read by someone else.

She has the feeling that someone else is reading her emails - it might be possible because a technican might have had a look at her email and password. If that guy has set up his email client that way that the emails aren't deleted from the server when receiving them, is it possible to know if someone did it like that way?
Are there logfiles who accessed the emails? My client has a static ip address, btw.

We will change the password soon, but before we're going to do this, we want to ensure that no one else than her is reading the mails.

Thanks,
su-n
0
su-n
Asked:
su-n
  • 3
  • 2
  • 2
  • +5
7 Solutions
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
It's possible, but there's no certain way of knowing.  If their mail servers are on linux, then someone could simply CAT the mail file and read it raw - that would not appear in the logs.
0
 
su-nAuthor Commented:
It's a linux system. If the guy does only have the username/password for the email account, no ssh or this. Would't anything for accessing appear in some logs?
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
I'm not THAT familiar with linux - the POP3 server should have logs of access by IP address - that would give you a clue.  See what others can direct you to.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
ravenplCommented:
The server admin should be able to list all account logins, along with source IP...
usually /var/log/maillog
0
 
Dushan De SilvaCommented:
check logs in email server.

BR Dushan
0
 
su-nAuthor Commented:
@ ravenpl: In /var/log isn't a file or folder maillog.
@Dushan911: if you could be a little more specific, I'll do so

Thanks,
su-n
0
 
nls73mCommented:
the linux admin can always edit and delete log files. you can always check log files like the previous posts to see who has logged into the linux server. you can also check his / her last commands - .bash_history. It is not very good that you don't trust your admin, maybe replace that person. email admins should be someone who you trust. log files can show info, but only if they are not edited. check the command history though

0
 
cjl7Commented:
"on my server are several domains and one of my customers would like to know if it's possible to know if an email sent to her account has been read by someone else."

Yes everybody can read her email if they are not encrypted. Emails are (normally) sent as plaintext across the world...
And it doesn't require to enter the mailserver or accessing any protocol like pop or imap...

So is it possible to read it? Yes!!!
Is it possible to know? If the intruder (read: admin) does it on the box it is possible, otherwise No!


Mail is unsecure by nature, if you want it secure you (she) have to encrypt the mail message itself.

//jonas
0
 
Dushan De SilvaCommented:
I mean by looking at logs in your email sever, you can trace backword that who has read email, when and from where emails camed ..etc.

BR Dushan
0
 
nociSoftware EngineerCommented:
You will never know if your mail is read or not, it can be read in transit (on other mailservers) without you knowing it.
If you need confidentiality you need - pgp - gpg or s/mime to encrypt the mail.

0
 
RedfeatherCommented:
Most email servers (postfix, sendmail) have read messages in the user's ./cur directory and unread messages in the ./new directory from that way you can see if the messages are read or not :)
0
 
nociSoftware EngineerCommented:
With read, it also means eavesdropping on the wire, looking in the .new folder without use of a mailer, looking in the mail spooler, possibly on the server of your ISP, the receipient, any intermediary MTA etc. etc.

So you will never know if the message is read by some else or not.
0
 
RedfeatherCommented:
@noci

I completely agree with you on all terms..

But given the fact that the questioner thinks that the attacker is just using the login information of the customer, i think that just checking /cur en /new is enough.

When the attacker has shell access to the server yeah then you'll never know and ultimately you'll nerver know as the server might be compromised.
0
 
nociSoftware EngineerCommented:
@Redfeather,

It is nowhere stated that maildirs are used, there you have a point is an imap or pop server is used.
If it are mailbox files or f.e. a cyrus imap store, then you can only tell if the users own account is used, others leave no marks.
0
 
cjl7Commented:
"Most email servers (postfix, sendmail) have read messages in the user's ./cur directory and unread messages in the ./new directory from that way you can see if the messages are read or not :)"

Not true...

Postfix uses Maildir (or mailbox) = cur,new...

Sendmail uses mailbox = 1 file that gets appended to (/var/spool/mail/username)


//jonas
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 2
  • 2
  • +5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now