Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page Discovering who deleted shared email

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 12-01-2008, 07:06 AM
Senior Member
  
Posts: 50
Default Discovering who deleted shared email
I have a very small install of Zimbra where I work. Today, I noticed that all the emails in my companies main inbox are all gone. This inbox is a shared folder that all the salespeople have access to, but no one will say they did it). I am not sure how best to discover who deleted the emails, and when (I have 3 days of backups using the backup script, but most people were gone for the holiday, and so I am pretty sure the emails are gone).

Sent and trash still exist, but I wanted to know if there was a way to find out who deleted what, and when.

Thanks,
Cryo

P.S. I was able to send a test message to the mailbox, and it appeared, so the mailbox appears to be working.
Last edited by Cryophallion; 12-01-2008 at 07:12 AM.. Reason: added info
Reply With Quote
  #2 (permalink)  
Old 12-01-2008, 08:03 AM
Moderator
  
Posts: 7,928
Default
Have a look in /opt/zimbra/log/audit.log to see who accessed the mailbox (I think it has those details).
__________________
Reply With Quote
  #3 (permalink)  
Old 12-01-2008, 08:11 AM
Senior Member
  
Posts: 50
Default
Only shows today's activity (due to the shutdown from the backups script I assume), and I'm the first one to access it.

Is there some record in the mysql database?
Reply With Quote
  #4 (permalink)  
Old 12-01-2008, 08:12 AM
Moderator
  
Posts: 7,928
Default
Is there a audit.1.gz file where it has been rotated ?
__________________
Reply With Quote
  #5 (permalink)  
Old 12-01-2008, 08:22 AM
Senior Member
  
Posts: 50
Default
Of course it was rotated... I am officially an idiot.

Hmm, nothing really there, which means it must have happened this morning (since the account has no email in the inbox, except the one I sent it, and that account gets lots of email).

So it was one of 3 of us. Nothing somewhere that records deletions? oh well.
Reply With Quote
  #6 (permalink)  
Old 12-03-2008, 09:24 AM
Senior Member
  
Posts: 50
Default
Upon further thought, I have to assume a bit flipped or something, as it would have taken some work to delete all that email (multiple pages), although mysql reports it is fine, and an upgrade to 5.11 changed nothing (nor did a re-index). Any thoughts from anyone else?
Reply With Quote
  #7 (permalink)  
Old 12-03-2008, 09:37 AM
Moderator
  
Posts: 1,147
Default
Did somebody access the mailbox via POP3? Or IMAP for that matter...but via IMAP they would have had to delete it themselves whereas with POP it would have deleted everything downloaded...
Reply With Quote
  #8 (permalink)  
Old 12-03-2008, 09:49 AM
Senior Member
  
Posts: 50
Default
Nope, both are disabled. Only access is via web client, and the people who were accessing it wouldn't have done it (nor have the time to delete all those pages of emails)
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.