Hy,
I have found a big “.pag” file in the “/home/DomOwner/.usermin/Mailbox” folder of a domain owner.
I don’t know what it’s used for nor what process or user action generates/updates it…
-rw------- 1 DomOwner DomOwner 13921280 Oct 16 12:00 home_DomOwner_Maildir.byid.findex.pag
This file is much bigger (~ 14 MIB) than DomOwner’s mailbox (78.3 KiB).
The total size of maiboxes of users declared in the domain (excluding sub-domains) is ~ 65 MiB.
Can I delete this big “byid.index.pag” ?
Thanks for help.
Bleck
Here is the content of the Mailbox directory :
drwx------ 2 DomOwner DomOwner 4096 Oct 29 19:02 .
drwx------ 7 DomOwner DomOwner 4096 May 17 2016 …
-rw------- 1 DomOwner DomOwner 0 Oct 29 18:56 1.byid.index.dir
-rw------- 1 DomOwner DomOwner 1024 Oct 29 18:57 1.byid.index.pag
-rwx------ 1 DomOwner DomOwner 612 Oct 29 18:57 1.virt
-rw------- 1 DomOwner DomOwner 4096 Oct 29 18:37 attach.dir
-rw------- 1 DomOwner DomOwner 1026048 Oct 29 18:57 attach.pag
-rw-r–r-- 1 DomOwner DomOwner 104 Oct 16 11:59 config
-rw------- 1 DomOwner DomOwner 4096 Oct 29 18:52 delreplies.dir
-rw------- 1 DomOwner DomOwner 2078720 Oct 29 18:57 delreplies.pag
-rw------- 1 DomOwner DomOwner 4096 Oct 16 11:58 dsnreplies.dir
-rw------- 1 DomOwner DomOwner 1026048 Oct 29 18:57 dsnreplies.pag
-rw------- 1 DomOwner DomOwner 4096 Oct 16 11:54 _home_DomOwner_Maildir.byid.findex.dir
-rw------- 1 DomOwner DomOwner 13921280 Oct 16 12:00 _home_DomOwner_Maildir.byid.findex.pag
-rwx------ 1 DomOwner DomOwner 42 Oct 29 12:23 inbox.imap
-rwxr-x— 1 DomOwner DomOwner 6 Oct 29 18:37 lastfolder
-rw------- 1 DomOwner DomOwner 0 Aug 21 2011 read.dir
-rw------- 1 DomOwner DomOwner 1024 Sep 14 14:22 read.pag
I have made a backup of the file and deleted it. I will see what happens
It’s a very frustrating way to maintain a server…
Can someone tell me where are these “.pag” and “.dir” files documented ?
Some of theses files are updated when the mailbox is accessed through Usermin and the search functionality is used . This way, I could update : dnsreplies.pag, delreplies.pag, 1.virt, 1.byid.index.pag, attach.pag and lastforder.
All other files where were left untouched, including the big “_home_DomOwner_Maildir.byid.findex.pag” file
Concerning mail content, these files appear in the “mailbox” sub-directory of the user’s “.usermin” directory. It seems to be consistent with the fact that some files are modified when the mailbox is accessed through usermin and are untouched when accessed though imap. The mailbox content is stored somewhere else, in the /home/DomOwner/Mailbox directory, I guess.
What is running on the domains and sub-domains onwned by “owner2” and “DomOwner” ?
Both domains run PHP Web widespread applications and manage mail for their users. Users access mail using IMAP or POP but don’t use Usermin interface.
It wasn’t clear to me why no one answered me. I understand that the reason is that these files do not exist in any clean running installation of Webmin/Virtualmin/Usermin. Really ?
I guess it’s hard to accept but I may have to assume that this server has been compromised.
In this case, it would be pretty serious since the code that generates/updates files such as " 1.byid.index.pag" is triggered through the Usermin interface
OK. for me that just about confirms that it is not a bug in Usermin.
Not yet! - just because some thing rogue is getting in through an email does not mean it has broken everything.
I’d concentrate on stopping/limiting those apps/users (temporarily) to determine if they are at fault. Are they using a specific mail program - well maintained. can you catch them using logging? why is the app generating these files what is/was their purpose. is it some alien plugin to the app?