The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

User has lost e-mails

Discussion in 'E-mail Discussions' started by n000b, Jul 17, 2009.

  1. n000b

    n000b Well-Known Member

    Joined:
    Apr 7, 2005
    Messages:
    142
    Likes Received:
    0
    Trophy Points:
    16
    One of my users has lost all of their e-mails in their inbox from before July 10th.

    They are currently using IMAP to access their mailbox.

    I checked /var/log/maillog and it shows up a lot of entries for both POP3 and IMAP:

    It seems as though there is something accessing the account via POP3 every 5 minutes. I don't know if the IP address listed against the POP3 records is the clients or not, I will find out.

    So, I have two questions:

    - there are currently e-mails since July 10th that are still sitting in her mailbox, if something is accessing the mailbox via POP3 why haven't these been downloaded?
    - is there any way to tell when/where these e-mails were downloaded/removed?

    Thanks :)
     
  2. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    POP3 by default deletes mail from the server unless specifically
    programmed to do otherwise which means from your log someone
    is likely checking the account using a POP3 client and erasing
    the messages in the process.

    If the messages have been read as from SOME of the webmail
    clients, they might not be picked up by the POP3 client; It
    has to do with how messages are flagged as read on the
    mail system that Cpanel typically uses.

    The big question is WHO is using the POP3 client. Since it would
    require password authentication to login and subsquently delete
    message with POP3, I would strongly suspect it is your client
    who deleted their own messages not knowing what they were
    doing and most likely the one with the POP3 client.

    I would check their previous access IP address and compare
    it to what you have on record for the POP3 client to confirm
    to see if it is at least the same ISP. If so, you probably should
    ask the client what mail programs they have recently setup
    on their computer (because that is probably where their
    missing mesages are now located if they didn't delete them)
     
  3. n000b

    n000b Well-Known Member

    Joined:
    Apr 7, 2005
    Messages:
    142
    Likes Received:
    0
    Trophy Points:
    16
    Thanks, that information is very useful :) I will get in touch with the client and see if they have been downloading the e-mails somehow.
     
Loading...

Share This Page