Results 1 to 8 of 8

Thread: Email Recovery.

  1. #1
    pradip is offline Intermediate Member
    Join Date
    Aug 2011
    Posts
    15
    Rep Power
    4

    Post Email Recovery.

    Hi

    One of my email user id has been compromised and all emails of inbox deleted, I don't have a backup mechanism in place, also emails are not in trash. So I don't have any idea about how to debug this issue. Can anybody help me out about to recover the deleted emails from hacker.

    I have not enable dumpster folder so that i can recover it from that. Please help me out somebody as that mailbox was of senior management.

    Regards,

    Pradip Thite

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,581
    Rep Power
    57

    Default

    Quote Originally Posted by pradip View Post
    One of my email user id has been compromised and all emails of inbox deleted, I don't have a backup mechanism in place, also emails are not in trash. So I don't have any idea about how to debug this issue. Can anybody help me out about to recover the deleted emails from hacker.
    If the mail has been deleted from the Inbox and Trash folders then the mail is gone, it's not possible to recover it.

    Quote Originally Posted by pradip View Post
    I have not enable dumpster folder so that i can recover it from that. Please help me out somebody as that mailbox was of senior management.
    Then they should know better than to use an insecure password on their mailbox. You should implement strong password rules in Zimbra.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    pradip is offline Intermediate Member
    Join Date
    Aug 2011
    Posts
    15
    Rep Power
    4

    Default

    Thanks Bill,

    Will do that, actually i had a same problem mention by blueflametuna at below link
    Accounts compromised - changed forwarding

    2011-02-02 03:19:13,087 INFO [btpool0-9] [name=joeuser@mynetwork.com;mid=663;oip=41.155.56.2 14;ua=zclient/5.0.21_GA_3150
    .RHEL5_64;] soap - BatchRequest
    2011-02-02 03:19:13,088 INFO [btpool0-9] [name=joeuser@mynetwork.com;mid=663;oip=41.155.56.2 14;ua=zclient/5.0.21_GA_3150
    .RHEL5_64;] soap - (batch) GetInfoRequest
    2011-02-02 03:19:13,519 INFO [btpool0-9] [name=joeuser@mynetwork.com;mid=663;oip=41.155.56.2 14;ua=zclient/5.0.21_GA_3150
    .RHEL5_64;] soap - (batch) SearchRequest

    Is there any solution to avoid this in future or can we block that access from.
    where i also got similar log of

  4. #4
    bofh is offline Elite Member
    Join Date
    May 2010
    Posts
    272
    Rep Power
    5

    Default

    Hmm but honestly - no backup at all?

    not even with the zdesktop backup function?
    man.... omg

    as phoenix already said no chance of getting it back
    but really after havong those issues you never made a backup? not even once ?

    if you got an old backup you can temp restore it export that inbox restore the actual zimbra and restore the saved inbox so at least an old version is done

    of course only if you got something

  5. #5
    pradip is offline Intermediate Member
    Join Date
    Aug 2011
    Posts
    15
    Rep Power
    4

    Default

    Actually No,

    I am a newbie in Zimbra so i have not tried any backup script available on forum. Now i think i have to start using that so that i can restore a mails.
    Could you suggest any reliable source of backup script for FOSS as there are many script available on forum but i am little bit afraid to use one of them, please suggest me any reliable and easy script for BACKUP & RESTORE PER USER
    Very Important.

    Thanks,
    Pradip

  6. #6
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,581
    Rep Power
    57

    Default

    Quote Originally Posted by pradip View Post
    Is there any solution to avoid this in future or can we block that access from.
    If your users are allowed access from the internet then you should implement strong passwords, look at those settings in the Admin UI. If the 'attacks' are frequent and brute force then you could use something like fail2ban or similar solutions (assuming your server is on a public IP), search the forums and the internet for details

    Quote Originally Posted by pradip View Post
    I am a newbie in Zimbra so i have not tried any backup script available on forum. Now i think i have to start using that so that i can restore a mails.
    Could you suggest any reliable source of backup script for FOSS as there are many script available on forum but i am little bit afraid to use one of them, please suggest me any reliable and easy script for BACKUP & RESTORE PER USER
    Very Important.
    Any of the backup scripts in the forums should work, for single user backup/restore there are a couple of solutions in the forums, take a look at those and use them on a test server. When you're happy that you can backup/restore single user accounts to your requirements and you've documented how to use the backup then implement it on your live server. You have to make sure that you know exactly how the scripts work and you are confident that it will do what you need. Any scripts you use from the forums are community supported, if you really want an effective solution with support then Zimbra NE is the solution.

    You might also consider setting up an archive facility in your environment where all inbound/outbound mail is sent to a second server for archiving purposes. There are details in the forums on how to do this with "always_bcc" and products such as MaiArchiva.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  7. #7
    pradip is offline Intermediate Member
    Join Date
    Aug 2011
    Posts
    15
    Rep Power
    4

    Default

    Thanks Bill for your help..

    Pradip

  8. #8
    bofh is offline Elite Member
    Join Date
    May 2010
    Posts
    272
    Rep Power
    5

    Default

    About backup
    Ne backup is not bad but it lacks some features which are needed to have a relyable backup

    most important the ability to backup offsite (nfs or another mounted drive) - i mean you can do that but the problem is what happens if that connection drops during backup

    of course you can do backup on the same machine and later rsync or use another backup software to sync it away - still not the backupsolution we would need.


    the community script have similar issues about relyability.
    scripting is a fine thing but more complicated it gets more problematic it will be
    none of the scripts have by default any kind of fallback or warning if for example storage on the offsite location is full or misses because of no connection

    those things among some others have to taken into account even if your backup box is 5 meter aways form the zimbra device many things can happen (broken switch, full/damaged disk, changed firewall and so on)


    so i recommend a real active client / server backup solution.
    i do not recommend produtcs here but there a lot out there - if you got a tape backup server and wanna stick with opensource software you can give bacula a shot


    i personally use for ne ans oss versions our onlinebackup software because it do excalty whats needed
    it reconnect on fail for a time
    it reports back everytime also in case of a fail
    it encrypt and compress bevore upload
    and more important i can reduce downtime with several backups a day because of using one datapool and infile deltas


    to make a real backup you need to shutdown zimbra (oss) NE version can do without if you use the ne backup solution
    so what i do is i make several hot backups (they are not usefull but they upload most of the data) and one cold
    that way i got a downtime of 3.5 minutes for a hole cold server backup even if i have 5 or 10 gig more data

    also the steady reports are very important - with a filter in zimbras inbox i see them only if it fails - if its ok they are in archive


    downside is they are not per user level backup -
    so if i want to restore a single mailbox ife to restore lates backup on a virtual host start zimbra there - extract by rest the mailbox and upload it to the real zimbra server
    but this works

    ife also an ne server but i do not longer use the backup there simply because ife to reduce the amount of data
    double and tripplebackup make no sense just to restore one mailbox a month a bit easier...

    of course its always a thing about amount of data we are talking about.


    btw bevore you find your solution you can simply copy hole zimbra while running - then shutdown - recopy and overwrite only different files - (or do that with rsync) just to have at least anything with minimum downtime
    which you should do bevore any update of zimbra anyway

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 23
    Last Post: 01-24-2013, 03:44 PM
  2. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 07:46 PM
  3. upgrade to 4.0.3 antispam does'nt work
    By lucanannipieri in forum Administrators
    Replies: 14
    Last Post: 11-07-2006, 03:56 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •