Tuesday, October 16, 2007

Recovering a Corrupted Mailbox -- UNIX

The other day I had user who was having problems popping mail from the mail server. My first thoughts were wrong password, POP server issue or permissions. Well, it was none of the above. Then I started thinking about the mailbox itself. Here's what I found.

Btw, this example is not the original user's mailbox but it should demonstrate the problem.

Notice there are three lines that don't make much sense.

# cd /var/mail
# more user1
Status: RO
X-Status: $$$$
X-UID: 0000000001

From user2 Fri Jun 29 22:51:34 2007
Return-Path:
Received: (from user2@localhost)
by esoft (8.11.6+Sun/8.11.6) id l5TDpYJ01536
for root; Fri, 29 Jun 2007 22:51:34 +0900 (KST)
Date: Fri, 29 Jun 2007 22:51:34 +0900 (KST)
From: Super-User
Message-Id: <200706291351.l5tdpyj01536@esoft>
...
...

I deleted those 3 lines (plus the blank line) and re-saved the mailbox. After that, he was able to pull his mail successfully.

# more user1
From user2 Fri Jun 29 22:51:34 2007
Return-Path:
Received: (from user2@localhost)
by esoft (8.11.6+Sun/8.11.6) id l5TDpYJ01536
for root; Fri, 29 Jun 2007 22:51:34 +0900 (KST)
Date: Fri, 29 Jun 2007 22:51:34 +0900 (KST)
From: Super-User
Message-Id: <200706291351.l5tdpyj01536@esoft>
...
...

4 comments:

M said...

Hi there,
The problem certainly looks interesting, but could you elaborate more on what mail client was the user using? Did you find out how those three lines got in there? Why did taking those lines from there make the difference?
Sorry if the questions sound dumb :(

esofthub said...

Good question.

When the problem was discovered, a user was attempting to retrieve mail from the UNIX mail server via Windows Mail Client (Outlook).

How did the extra lines get in there? I'm not really sure because this happens so infrequently. I suspect either a message came in with an issue or POP issue (residual data from previous pull)--less likely IMHO.

Anyways, I made a copy of the user's mail file and then zeroed (cat /dev/null > user) out its contents. Then I attempted a pull from MS Outlook. It worked fine so there’s no problem with POP or authentication. Then I compared the user’s mail header with my own. Everything looked normal except those three lines. I copied the backup file to its original filename and then deleted those 3 lines. The Outlook client retrieved the mail without incident.

M said...

Thanks so much for the elaborate and prompt reply :) That answers the questions perfectly :)
~M~

planzersan said...

Hi, I have the same issue, do you know what the cause is?

regards.