Inbox suddenly empty, any log trace to check?

iso99

• November 04, 2014 20:32

Hi guys, I'm at lost here. One of my client's inbox just got suddenly empty. Fortunately there were backups although a week late. The day the most recent backup run was the day the inbox got empty. Now, I have a suspicion that the client used a POP3 connection from another device. Still checking on that. Is there a way I can trace back in the logs if the emails got deleted manually by someone, or some script pruned that certain inbox? Thank you. UPDATE: There were a lot of incoming POP3 connections from the server IP to this email account (according to /var/log/maillog). What script is accessing this?

• 

  cPanelMichael

  • November 05, 2014 11:37

  Hello :) Yes, /var/log/maillog is the log file you should review to review the POP3 connections. There's no way to know what exact POP3 email application was accessed, but you may want to review their account to see if any custom webmail scripts were installed. Thank you.

  0
• 

  iso99

  • November 14, 2014 23:52

  Update: A certain Wordpress newsletter plugin is accessing her email via POP3. That is the local IP access I'm seeing from the logs. Issue resolved.

  0
• 

  cPanelMichael

  • November 17, 2014 17:45

  I am happy to see the issue is now resolved. Thank you for updating us with the outcome.

  0

Please sign in to leave a comment.