1 Topic by wh.leong

  • wh.leong
  • Member
  • Offline
  • Registered: 2019-10-31
  • Posts: 36

Topic: Emails suddenly disappear from the server itself

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
# more /etc/iredmail-release
1.0 MARIADB edition.
# Get professional support from iRedMail Team: http://www.iredmail.org/support.html
#

iRedMail    1.0
iRedAdmin-Pro    4.1.2 (MySQL)
====

Hi Huangbin.

We encountered an error where the email suddenly disappeared from the server.
The first occurrence is where my colleague sent folder all the past emails disappeared.
There is no ruleset set, neither she manually deleted the email.

The second occurrence now happen on another colleague where his inbox email sudden disappeared today as well. There is also no ruleset defined,  neither did he manually deleted the email.

Please advise what can be the cause of this issue.
Thanks.

Wai Hong

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Emails suddenly disappear from the server itself

Please check Dovecot log file (/var/log/dovecot/*.log), emails MIGHT be deleted or downloaded (via POP3) from another MUA.

3 Reply by wh.leong

  • wh.leong
  • Member
  • Offline
  • Registered: 2019-10-31
  • Posts: 36

Re: Emails suddenly disappear from the server itself

Hi Huangbin.

I only saw this error message - "mail dovecot: stats: Warning: UPDATE-CMD: Already expired".
What does that mean?
Thanks.

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Emails suddenly disappear from the server itself

wh.leong wrote:

I only saw this error message - "mail dovecot: stats: Warning: UPDATE-CMD: Already expired".
What does that mean?

"stats" doesn't impact in your case.

Please check log lines with "expunge", "move", etc which reflects email removal, move actions.

By the way, your email server still blocks mine: That's why you didn't receive my email reply yesterday.

Apr 25 21:32:17 mail postfix/smtp[1250954]: 4Q590J4j7Gz30l9: to=<wh.leong@YOUR-DOMAIN.COM>, relay=none, delay=59264, delays=59234/0.02/30/0, dsn=4.4.1, status=deferred (connect to mail.YOUR-DOMAIN.COM[203.125.98.230]:25: Connection timed out)

5 Reply by wh.leong

  • wh.leong
  • Member
  • Offline
  • Registered: 2019-10-31
  • Posts: 36

Re: Emails suddenly disappear from the server itself

Hi Huangbin.

I checked through the logs for my second colleague and didn't find any logs that specifically show on expunge or move. Rather, there is no logs from any of the mentioned file - dovecot.log / sieve.log / pop3.log / lda.log / imap.log.

6 Reply by wh.leong

  • wh.leong
  • Member
  • Offline
  • Registered: 2019-10-31
  • Posts: 36

Re: Emails suddenly disappear from the server itself

wh.leong wrote:

Hi Huangbin.

I checked through the logs for my second colleague and didn't find any logs that specifically show on expunge or move. Rather, there is no logs from any of the mentioned file - dovecot.log / sieve.log / pop3.log / lda.log / imap.log.

Hi Huangbin.

May I know if there is any advise on how to rectify this issue and what can be the cause of this issue?
Thanks.

Regards

7 Reply by wh.leong

  • wh.leong
  • Member
  • Offline
  • Registered: 2019-10-31
  • Posts: 36

Re: Emails suddenly disappear from the server itself

wh.leong wrote:

Hi Huangbin.

I checked through the logs for my second colleague and didn't find any logs that specifically show on expunge or move. Rather, there is no logs from any of the mentioned file - dovecot.log / sieve.log / pop3.log / lda.log / imap.log.

8 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Emails suddenly disappear from the server itself

Hi @wh.leong,

Cannot help much without digging into the log. sad

- If emails were removed by IMAP, there must be some "expunge" log line in /var/log/dovecot/imap.log.
- If emails were removed / downloaded via POP3, there must be some log lines in /var/log/dovecot/pop3.log.
- if emails were removed with shell command like "rm", please check user's shell history file instead.

By the way, please don't block my mail server IP address: 172.105.68.48

9 Reply by wh.leong

  • wh.leong
  • Member
  • Offline
  • Registered: 2019-10-31
  • Posts: 36

Re: Emails suddenly disappear from the server itself

Hi Huangbin.

Thanks for the update. We can confirm that there is indeed no logs in "/var/log/dovecot/imap.log" nor "/var/log/dovecot/pop3.log". I have not yet check on the user shell history yet. May I check where is the user shell history directory? Or will it be in the same file as "/var/log/dovecot/imap.log"?
What I did was to grep the logs based on their email address and didn't manage to find anything.
May I check if there are any other advise?
Thanks.

We did not block your IP address. "Connection timed out" usually refers to not able to connect to the host. Unless if you received an error message that shows "Connection refused", then it is the host system blocking you from reaching the network.

10 Reply by wh.leong

  • wh.leong
  • Member
  • Offline
  • Registered: 2019-10-31
  • Posts: 36

Re: Emails suddenly disappear from the server itself

Hi Huangbin.

May I check if there is any advise on this emails auto deletion issue?
Thanks.

11 Reply by Cthulhu (edited by Cthulhu 2023-05-06 05:23:23)

  • Cthulhu
  • Member
  • Offline
  • Registered: 2019-06-04
  • Posts: 816

Re: Emails suddenly disappear from the server itself

there is no auto deletion, and there should be no user shells at all on a mailserver
mails can't magically dissapear, they must have either beed deleted from a client or downloaded via pop3

12 Reply by wh.leong

  • wh.leong
  • Member
  • Offline
  • Registered: 2019-10-31
  • Posts: 36

Re: Emails suddenly disappear from the server itself

Hi Cthulhu.

I'm understand that. That is why I'm trying to find out what would be the cause of this. The only thing is that for the first colleague where her sent folder email was being removed was at a specific date before was automatically removed. The second colleague was also have his email in inbox at a specific date being automatically removed. Do note that both colleagues are having email being removed without any warning and both are of different date. Both maybe an isolated case, but we still need to find out the root cause and how to rectify this issue to retrieve the old emails.

13 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Emails suddenly disappear from the server itself

There're 3 ways to delete messages from mailbox:

- run commands like "rm"
- remove via IMAP from an IMAP client. E.g. a MUA like Thunderbird or webmail like Roundcube.
- download emails to user workstation via pop3.

Try to get log / evidence of above 3 ways and analyze.

Also, make sure Dovecot is configure to log required events: https://github.com/iredmail/iRedMail/bl … .conf#L238