Missing Emails after finding malicious software


May 3, 2019
cPanel Access Level
Website Owner
Up front, I am not a seasoned user of backend of cPanel but my hosting provider has been no help with recovering our email. I can see all of our data from each email address so I know they have not been deleted.

what i have done:
1. ask my provider to restore but have received no response / backup options
2. try to add missing account but cpanel said error already exist the user
3. create new fresh account is working
4. /home/username/.cpanel/email_accounts.json - does not list all the accounts
5. Shadow file (home/username/etc/domain/shadow) only listed the fresh account - it was edited when the malicious software was installed
6. Manually edited the shadow file to include one of the missing accounts which did then list the account on the cPanel front end

My issue is that now that I know how to manually add a missing account to that shadow file, I cannot check that email inbox through webmail. I get the error "User is not authorized for Mail". Is there another place that I need to edit to now allow for authorization to access the mail?


Staff member
Apr 11, 2011
Hello @Tolomir,

I recommend waiting for a response from your web hosting provider. There are several filesystem locations where email data is stored, so manually adjusting the shadow file on it's own is not a valid workaround. Your hosting provider should be able to restore this data from backups of the account, and if no backups exist, they should be able to backup the email data from /home/username/mail, re-create the email accounts, and then restore the mail data.

Thank you.