Atomicorp

Was just wondering if Plesk on Linux kept any logfile as to mailbox deletion of contents.


An imap client is missing some mail, I'm thinking he may have deleted it from his iphone, not sure if I have anything to tell me when/if this occurred.

If you had auditd enabled that may have logged a delete action. That would be in /var/log/audit/

no such luck, empty folder

Not much else logged then, at most you'll get a successful login record from the imap server, but nothing about what the user did. Any chance the user had multiple devices connecting to the account?

At least outlook 2010 and an iphone, maybe another device too.

Many folders, folders exist, contents gone. No archive file or deleted items to be found.

Was able to restore, but still... I'd like to know why they went to begin with.

This auditd, how does it work to give me more info in future. (googling now)

So an observation Ive had here, the iphone clients (and many others) default to using POP. If that is the case (and it will be logged as a POP connection) then what could be happening is that the mail is being downloaded to the specific phone, which is going to delete the message off the server unless it is configured not to.

If he has another device, that may be possible, but the iphone I'm aware of is definitely set to imap.