Hi All,
I really hope someone has an idea on this one.
Im trying to figure out what happened to an email.
One of my clients ([email protected]) sent an email to [email protected] at 10.44am today.
According to the logs, it looks like the mail was delivered normally.
The message was never picked up from the mailbox according to my user.
I have tried to verify this with my limited knowledge and what i have found so far appears to backup my user in that the message was never picked up.
From what i can see, the file /var/log/maillog contains an entry for each authenticated POP3 session that connects, and an entry for when it disconnects. It also looks to contain a line between the above two for each message that was downloaded in the session, indicating how many bytes were in the message.
I have tested this myself by sending myself emails that i can easily spot the size of and it all seems to tally up ok.
The file that was sent above, according to the logs that i pasted is 389661 bytes long. (>300k)
The message was a forwarded message that [email protected] had received earlier.
I issued this command 'cat maillog | grep "accounts" | less' from the /var/log folder of an SSH shell to give me a list of pop3 logins. (which it did.)
The last login to the accounts mailbox before that email was sent was at 9:10am.
The first login after that email was at 12noon. log snippet follows:
As you can see, it looks as though there was 1 message downloaded that was about 6k.
I then went and checked the subsequent logins in case it was not downloaded on the first attempt but i did not find any downloads of >300k.
I then went and did 'cat maillog | grep "bytes" | less' to list all 'bytes' lines in the maillog file.
I skipped up to 10:44am and then checked the size of each message listed.
I have looked at every entry that is 3xxxxx or 4xxxxx bytes (which there were only about 5) and confirmed that they were not this email delivered to the wrong mailbox.
Where do i look next and/or what do i tell my client happened to their email.
Any suggestions would be appreciated.
I am running: (info from DA srv spec page)
Apache 1.3.29
DirectAdmin 1.22.2
Exim 4.24
MySQL 4.0.16
Named 9.1.3
ProFTPd 1.2.9
sshd
vm-Pop3d 1.1.7e
I really hope someone has an idea on this one.
Im trying to figure out what happened to an email.
One of my clients ([email protected]) sent an email to [email protected] at 10.44am today.
According to the logs, it looks like the mail was delivered normally.
The message was never picked up from the mailbox according to my user.
I have tried to verify this with my limited knowledge and what i have found so far appears to backup my user in that the message was never picked up.
From what i can see, the file /var/log/maillog contains an entry for each authenticated POP3 session that connects, and an entry for when it disconnects. It also looks to contain a line between the above two for each message that was downloaded in the session, indicating how many bytes were in the message.
I have tested this myself by sending myself emails that i can easily spot the size of and it all seems to tally up ok.
The file that was sent above, according to the logs that i pasted is 389661 bytes long. (>300k)
The message was a forwarded message that [email protected] had received earlier.
I issued this command 'cat maillog | grep "accounts" | less' from the /var/log folder of an SSH shell to give me a list of pop3 logins. (which it did.)
The last login to the accounts mailbox before that email was sent was at 9:10am.
The first login after that email was at 12noon. log snippet follows:
I then did 'cat maillog | grep "32136" | less' to get the log for the entire session:
As you can see, it looks as though there was 1 message downloaded that was about 6k.
I then went and checked the subsequent logins in case it was not downloaded on the first attempt but i did not find any downloads of >300k.
I then went and did 'cat maillog | grep "bytes" | less' to list all 'bytes' lines in the maillog file.
I skipped up to 10:44am and then checked the size of each message listed.
I have looked at every entry that is 3xxxxx or 4xxxxx bytes (which there were only about 5) and confirmed that they were not this email delivered to the wrong mailbox.
Where do i look next and/or what do i tell my client happened to their email.
Any suggestions would be appreciated.
I am running: (info from DA srv spec page)
Apache 1.3.29
DirectAdmin 1.22.2
Exim 4.24
MySQL 4.0.16
Named 9.1.3
ProFTPd 1.2.9
sshd
vm-Pop3d 1.1.7e