Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Prove that an email was sent and received by destination server?

Discussion in 'E-mail Discussion' started by zodiac9797, Jan 24, 2019.

  1. zodiac9797

    zodiac9797 Active Member

    Joined:
    Apr 17, 2011
    Messages:
    34
    Likes Received:
    4
    Trophy Points:
    58
    How can someone prove that an email was sent some time ago and received on a destination server?

    There is no email in the sent mailbox, deleted by user.
    Exim logs are in a 4 weeks rotation.
    Mailscanner by default keeps only last 30 days record.
    There is no e-mail backup old enough, only last 60 days.

    Any other place, log or server to check?
    ISP, do they keep any records?
     
  2. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    1,266
    Likes Received:
    86
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    A long shot but what about the users deleted items ??
    Most of my users forget that this exists
     
  3. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    1,266
    Likes Received:
    86
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    I've no idea what email client you're referring to, but I found this which refers to Outlook 2010.
     
    #3 keat63, Jan 25, 2019
    Last edited by a moderator: Jan 25, 2019
  4. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,262
    Likes Received:
    481
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hello,


    If you're archiving old mail logs you should be able to see the transaction for a few months back in the exim_mainlogs, you'll find them in /var/log/
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. zodiac9797

    zodiac9797 Active Member

    Joined:
    Apr 17, 2011
    Messages:
    34
    Likes Received:
    4
    Trophy Points:
    58
    They use webmail (roundcube). Trash is cleaned automatically by server every 30 days.
    Thank you for trying to help. :)
     
  6. zodiac9797

    zodiac9797 Active Member

    Joined:
    Apr 17, 2011
    Messages:
    34
    Likes Received:
    4
    Trophy Points:
    58
    Hi, all logs are in a 4 week rotation. If you are refering to a /var/log/exim_mainlog there are logs only for the four last weeks. :(
     
  7. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    1,088
    Likes Received:
    442
    Trophy Points:
    113
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Your ISP may well keep records of messages transiting its network (usually only the email metadata, and the time that the data is retained may be limited - eg 12 months in the UK), however, getting any information out of them may be a lengthy and complicated process, and is usually only released on presentation of a court order.

    The joke used to be that nobody needed to worry about deleting an email, as the NSA would always have a copy - I wouldn't try and ask for any information from them though !! :eek:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. zodiac9797

    zodiac9797 Active Member

    Joined:
    Apr 17, 2011
    Messages:
    34
    Likes Received:
    4
    Trophy Points:
    58
    @rpvw I was thinking the same regarding the ISP. Currently I am trying to use this situation to learn something new and do some server modifications for the possible future situations like this one. ;)

    I think I will skip NSA this time. :D
     
  9. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    1,088
    Likes Received:
    442
    Trophy Points:
    113
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    There are some tricks that have been tried in the past - nothing is infallible and some are easier to implement than others.

    • The first is obviously to request an automated read or return receipt - but many users disable that by default in their email clients or webmail configurations, or don't bother even if prompted.
    • The next is to use an HTML message that contains a web-bug - usually a one pixel image that is called from your server, so that you will see a get request and the IP that made it when the mail is opened - several problems here: the first is if the user only displays their incoming mail in text format, the next is if they configure not to load external images, and another is that whilst you may be able to see that the mail was opened by someone on an IP, there may be no way of linking the event to the intended recipient of that email.
    It should be mentioned that any tracking method may contravene one or other bits of privacy legislation - especially if working across state/national lines or borders

    If you are depending on the receipt of emails to constitute a contract, the best method is to consider the contract void until such time as the intended recipient sends you back the mail suitably annotated to confirm their receipt and acceptance.

    Hope this helps
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. zodiac9797

    zodiac9797 Active Member

    Joined:
    Apr 17, 2011
    Messages:
    34
    Likes Received:
    4
    Trophy Points:
    58
    Hi @rpvw, thank you for your advice.

    I am aware of them, the first one doesn't work with services like gmail and the second one requires some computer/html knowledge.

    I saw that there is a lot of services which you can use for tracking your emails when you send an email. This service can provide you with a report if your email was received, opened, clicked... so I advised my client to check one of those solutions and try using them.
    But this is for the future usage. I was trying to find out is there any way to prove that an email was sent in the past. :)

    Best regards
     
  11. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,262
    Likes Received:
    481
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    HI @zodiac9797

    There's also Mail Delivery reports in WHM as well as cPanel. From here you can search an email message and see it's submission status as well as any notifications as to why a message was not delivered. This will only work with data that is currently in your logs though, otherwise, you'll need to access the server using ssh to access archived logs. If you're unsure how to do this I'd suggest enlisting the assistance of a qualified system administrator. If you don't have one you might find one here: https.go.cpanel.net/sysadmin


    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. zodiac9797

    zodiac9797 Active Member

    Joined:
    Apr 17, 2011
    Messages:
    34
    Likes Received:
    4
    Trophy Points:
    58
    Hi @cPanelLauren all reports are kept for the last 30 days, so there is no use of the mail delivery reports. :(
    By archived logs you mean /var/log/ dir? There I can find only last 4 weeks, since they are in a 4 week rotation, or there are some other log files that I am not aware of? Where? :)
     
  13. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,262
    Likes Received:
    481
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @zodiac9797

    The exim main log archives are kept in /var/log/ if they're not present they've been rotated out. This means that all transactional data for email transactions would have also been rotated out with the logs so there's no way to research a message like this.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    zodiac9797 likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice