Prove that an email was sent and received by destination server?

zodiac9797

Active Member
Apr 17, 2011
34
4
58
How can someone prove that an email was sent some time ago and received on a destination server?

There is no email in the sent mailbox, deleted by user.
Exim logs are in a 4 weeks rotation.
Mailscanner by default keeps only last 30 days record.
There is no e-mail backup old enough, only last 60 days.

Any other place, log or server to check?
ISP, do they keep any records?
 

keat63

Well-Known Member
Nov 20, 2014
1,387
108
93
cPanel Access Level
Root Administrator
I've no idea what email client you're referring to, but I found this which refers to Outlook 2010.
If you accidentally delete a message in Outlook 2010, this can be quickly recovered. First of all, look in the Deleted Items folder in your mailbox. This is a good place to start and you can also find other items, such as a calendar appointment, contact, or task. You can also recover a deleted folder.

Go to your email folder list, and then click Deleted Items. Then locate the message you want to recover, right-click it, and then click Move > Other Folder. Then move the message to the inbox and click OK.

If you delete a folder, it appears as a subfolder in the Deleted Items folder. To recover this click Move Folder, and then select a folder to move it to.

If you can’t find the message in the Deleted Items folder, the next place to look is the Recoverable Items folder. This hidden folder is where items deleted from the Deleted Items folder goes.

To recover items from the Recoverable Items folder, do the following. In Outlook, click the Folder tab, and then click Recover Deleted Items. Choose the item you want to recover and click Recover Selected Items. These items then move to the Deleted Items folder. You can then move them back to the folder in your inbox.

You can recover multiple items by holding down the control key while clicking on the items. To recover all items, click Select All, and then click Recover Selected Items.

If Recover Deleted Items is greyed out or isn't there, this could be because you are not using an Exchange account or you are working offline.
 
Last edited by a moderator:

zodiac9797

Active Member
Apr 17, 2011
34
4
58
A long shot but what about the users deleted items ??
Most of my users forget that this exists
They use webmail (roundcube). Trash is cleaned automatically by server every 30 days.
Thank you for trying to help. :)
 

zodiac9797

Active Member
Apr 17, 2011
34
4
58
Hello,
If you're archiving old mail logs you should be able to see the transaction for a few months back in the exim_mainlogs, you'll find them in /var/log/
Hi, all logs are in a 4 week rotation. If you are refering to a /var/log/exim_mainlog there are logs only for the four last weeks. :(
 

rpvw

Well-Known Member
Jul 18, 2013
1,088
446
113
UK
cPanel Access Level
Root Administrator
ISP, do they keep any records?
Your ISP may well keep records of messages transiting its network (usually only the email metadata, and the time that the data is retained may be limited - eg 12 months in the UK), however, getting any information out of them may be a lengthy and complicated process, and is usually only released on presentation of a court order.

The joke used to be that nobody needed to worry about deleting an email, as the NSA would always have a copy - I wouldn't try and ask for any information from them though !! :eek:
 

zodiac9797

Active Member
Apr 17, 2011
34
4
58
@rpvw I was thinking the same regarding the ISP. Currently I am trying to use this situation to learn something new and do some server modifications for the possible future situations like this one. ;)

I think I will skip NSA this time. :D
 

rpvw

Well-Known Member
Jul 18, 2013
1,088
446
113
UK
cPanel Access Level
Root Administrator
There are some tricks that have been tried in the past - nothing is infallible and some are easier to implement than others.

  • The first is obviously to request an automated read or return receipt - but many users disable that by default in their email clients or webmail configurations, or don't bother even if prompted.
  • The next is to use an HTML message that contains a web-bug - usually a one pixel image that is called from your server, so that you will see a get request and the IP that made it when the mail is opened - several problems here: the first is if the user only displays their incoming mail in text format, the next is if they configure not to load external images, and another is that whilst you may be able to see that the mail was opened by someone on an IP, there may be no way of linking the event to the intended recipient of that email.
It should be mentioned that any tracking method may contravene one or other bits of privacy legislation - especially if working across state/national lines or borders

If you are depending on the receipt of emails to constitute a contract, the best method is to consider the contract void until such time as the intended recipient sends you back the mail suitably annotated to confirm their receipt and acceptance.

Hope this helps
 

zodiac9797

Active Member
Apr 17, 2011
34
4
58
Hi @rpvw, thank you for your advice.

I am aware of them, the first one doesn't work with services like gmail and the second one requires some computer/html knowledge.

I saw that there is a lot of services which you can use for tracking your emails when you send an email. This service can provide you with a report if your email was received, opened, clicked... so I advised my client to check one of those solutions and try using them.
But this is for the future usage. I was trying to find out is there any way to prove that an email was sent in the past. :)

Best regards
 

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
8,110
660
263
Houston
cPanel Access Level
DataCenter Provider
HI @zodiac9797

There's also Mail Delivery reports in WHM as well as cPanel. From here you can search an email message and see it's submission status as well as any notifications as to why a message was not delivered. This will only work with data that is currently in your logs though, otherwise, you'll need to access the server using ssh to access archived logs. If you're unsure how to do this I'd suggest enlisting the assistance of a qualified system administrator. If you don't have one you might find one here: https.go.cpanel.net/sysadmin


Thanks!
 

zodiac9797

Active Member
Apr 17, 2011
34
4
58
Hi @cPanelLauren all reports are kept for the last 30 days, so there is no use of the mail delivery reports. :(
By archived logs you mean /var/log/ dir? There I can find only last 4 weeks, since they are in a 4 week rotation, or there are some other log files that I am not aware of? Where? :)