I had some strange happenings with my mail server last night and would
appreciate any input that can be given.
A little background. I am running Qmail+VPopmail+SQWebmail. My versions
are Vpopmail 4.9.8, Qmail 1.03, and sqwebmail 2.0, Redhat 7.0. My
/home/vpopmail/domains directory is actually and additional 40GB Hard Drive
mounted to that point. The server currently hosts about 150 domains.
Last night all of the data from one of the domain folders disappeared (this
domain is the vpopmail default domain also), including all MailDirs and
.qmail files. However the domain folder remained, as well as all users were
still had a record in the MYSQL Database, and no other domains seem to be
affected. So I re-created the .qmail-default file, and with every mail that
was recieved a new MailDir for that user was re-created. So the problem
started healing itself. However, I am baffled as to where the data went.
Looking through the logs I was able to narrow down to a 3 minute period of
time when the data disappeared and the mail started bouncing. I then looked
through every other log on the system and cannot find any suspicious
behaviour surrounding that time. My first thought was a breakin, but I
haven't been able to find any evidence of that yet.
Any comments or light anyone can shed on this situation would be
appreciated.
_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE*
http://join.msn.com/?page=features/virus