Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Trace mail downloaded from server?

Discussion in 'E-mail Discussion' started by JunCol, Jun 18, 2019.

  1. JunCol

    JunCol Member

    Joined:
    Jun 19, 2015
    Messages:
    6
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Singapore
    cPanel Access Level:
    Reseller Owner
    Hi guys,

    Is there a way that we can trace if a particular email (POP3) is being downloaded to a particular device?

    Intermittently, we would have users feedback that there's missing emails or emails not being received.
    Checking the webmail (Horde) shows that the mentioned email is there in the mailbox. That mail subject is not shown in bold text, indicating that it's being read or already downloaded and a copy is left on server.
    We initially, think that it could be due to unstable connection (which some of our offices are suffering from), and/or antivirus's antispam removing email w/o any notifications.

    Now it happens to me.
    That missing mail appears in the webmail and shown in not bold text. Meaning it's been downloaded. But it does not appear in my laptop's outlook.
    The email sent 3 mins before it, is appearing in both my laptop outlook, and webmail.
    The email sent 15mins after it, is appearing in both my laptop outlook, and webmail.

    Our network here is very stable. That removes the possibility of unstable network. Sophos Endpoint protection does not have antispam feature. So it's not possible to be due to that too.
     
  2. Max Miles

    Max Miles Registered

    Joined:
    Apr 21, 2018
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hello,

    I don't think you will be able to find who downloaded the mails.However if you have root level access, you can check the /var/log/maillog to see Which IP connected to which email account via which protocol (POP or IMAP). I guess looking at that would give you an idea at what timestamps were the particular email accounts accessed and based on that you can come to conclusion.

    Regards,
    Max Miles
     
  3. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    1,291
    Likes Received:
    91
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    Are you using outlook local client, like 2003, 2007,2010 or cloud outlook.
     
  4. JunCol

    JunCol Member

    Joined:
    Jun 19, 2015
    Messages:
    6
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Singapore
    cPanel Access Level:
    Reseller Owner
    i'm using Outlook 2010.
    The rest of the guys are mix of Outlook 2013, 2016.

    Just wondered.
    Is there some form of acknowledgement of each email being downloaded successfully?
     
  5. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,466
    Likes Received:
    505
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    You can most certainly do this if you have root access to the server, using /var/log/maillog.

    By default you'll see the following (as an example in the maillog for pop3 access:

    Code:
    Jun 21 10:33:13 server dovecot: pop3([email protected])<40486><j43WK9eLbtW4XsUC>: Disconnected: Logged out top=0/0, retr=848/35230089, del=0/848, size=35211518, bytes=8396/35261172
    You'll want to note specifically the following:

    Retrieved 848 messages out of a maximum of 35230089
    Code:
    retr=848/35230089
    Deleted 0 out of a maximum of 848 messages (meaning they're all still present on the server)
    Code:
    del=0/848
    Total size of the download/exchange in bytes
    Code:
    size=35211518
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice