{"id":36,"date":"2014-12-04T17:08:11","date_gmt":"2014-12-04T11:38:11","guid":{"rendered":"https:\/\/www.mailxaminer.com\/blog\/?p=36"},"modified":"2025-05-22T12:37:32","modified_gmt":"2025-05-22T07:07:32","slug":"mailenable-server-forensics","status":"publish","type":"post","link":"https:\/\/www.mailxaminer.com\/blog\/mailenable-server-forensics\/","title":{"rendered":"MailEnable Email Server Forensics"},"content":{"rendered":"<p><strong>MailEnable<\/strong> primarily developed for Microsoft Windows Platform, is a powerful hosted messaging platform. Focused over email server hosting, the client is known for its stability, flexibility, and prime focused features. It provisions unified management interface, enabling administrators to take a proficient system overview. This eases out the investigator\u2019s work in examining the whole server administration and working. The mail server keeps up with the common protocols such as POP, IMAP, and SMTP to exchange emails and also offers webmail services.<\/p>\n<p>Investigations demand knowledge about how secure the mail server was and its open vulnerabilities before further examining the email artifacts. MailEnable however, scores its way up towards making things secure by provisioning IP blocking functions, relay, and filter properties. Several authentication methods and third party anti-spam utilities such as spam assassin can be deployed easily with the server configuration. MailEnable also features support for other protocols such as; MAPI connectivity, HTTPMail, Mobile device Sync, LDAP Service, etc.\u00a0for other license variants of the server deployment.<\/p>\n<h2>Understanding MailEnable Storage Mechanism<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-50 alignnone\" src=\"https:\/\/www.mailxaminer.com\/blog\/wp-content\/uploads\/2014\/12\/file-system.png\" alt=\"mailenable-file-storage\" width=\"111\" height=\"284\" align=\"right\" \/><\/p>\n<p style=\"align: left;\">MailEnable offers an Admin module which enables a bird\u2019s eye view of the Messaging management, Server Configuration, &amp; current status. The server maintains Post Offices which consist of the domains, user mailboxes, groups, and lists. Information useful during investigation could be unveiled after analyzing the mailboxes and the logs. Irrespective of the server availability, if we have an acquired logical image of the server deployment, then the artifacts could be found residing in the file structure.<\/p>\n<p style=\"text-align: left;\">The server stores most of the information at the installation location: \u201c<em>root: \\Program Files\\Mail Enable<\/em>\u201d. It consists of the individual post offices deployed under the server which requires further recursion to unveil information. Each of the domains maintains a MAILROOT directory which consists of the personal mailboxes created under the domain. Mails originated via Webmail or other email clients are synchronized at the server side simultaneously, as soon as any message is sent\/ received or deleted.<\/p>\n<p><strong>File Extensions<\/strong><br \/>\nMailEnable Server Forensics begins with understanding its configuration and working, but primarily the data file in which it stores data should be given the top priority while investigating. MailEnable Server maintains <strong>.MAI<\/strong> file format to store email messages and maintains individual message storage in singular files. Outbound, Incoming or Draft folders store the email messages separately, thus easing out collecting information by navigating to specific folders. Contacts, Calendars, Journals, etc., are stored in a way similar to that of the emails, and in the commonly utilized file formats. DAT and XML Files also maintain the user mailbox or folder information respectively.<\/p>\n<h2>Exploring Email Server Backups<\/h2>\n<p>Like every mail server, MailEnable also offers a complete Post office backup of the domain. It gets updated manually by the user defined interval and is quite useful in case of server failure or malicious purge of information. The following snapshot from MailEnable Server\u2019s Backup and Restore utility is shown where the user backs his Message Store, Configuration Files and Log Files. Which completely sums up the whole information to be used while restoring the server after an attack.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-51\" src=\"https:\/\/www.mailxaminer.com\/blog\/wp-content\/uploads\/2014\/12\/mailenable-backup-restore.png\" alt=\"mailenabl-backup-restore\" width=\"495\" height=\"346\" \/><\/p>\n<p>Usually the hackers or crackers test the server functionality in a controlled environment and try to attack the machine using vivid mechanism such as; DDOS, Trojan, or Malware. As soon as the server crashes, hackers debug the point of failure and use the knowledge to deploy applications that does so. A compromised server image kept chained and preserved by the custodian requires re-affirmation of the residual information collected from the server and the preserved backups.<\/p>\n<p>Most of the phases in an investigation are reshaped by analyzing mail server backups as; often email evidence are tampered to cover traces. MailEnable\u2019s logging ensures that the data could be tallied to figure out what\u2019s right and what\u2019s wrong. Further securing the information organizes &amp; maintains logging as per the protocols utilized by the users.<\/p>\n<p><strong>Conclusion<\/strong><br \/>\nForensic analysis of MailEnable email server requires complete knowledge about the information storage mechanism followed by the server. Server side examination becomes easy due to MailEnable\u2019s distinguished and easy to manage architecture. The server side email artifacts consist huge amount of information to be revealed and analyzed which gets stored in .MAI File format which can be analyzed using <a title=\"Email Forensics\" href=\"https:\/\/www.mailxaminer.com\/product\/\" target=\"_blank\" rel=\"noopener\">email forensic utility <\/a>such as <strong>MailXaminer<\/strong>. Every email gets stored in a separate MAI file which requires an email examination tool to comprehend the message information. If clients using MailEnable server use webmail as their email client, then the client machine plays no role other than browser logs to investigate. In that context server examination should be preferred to unveil artifacts. Further, if the suspect had a desktop based email client configured, then the data file should be inspected thoroughly.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>MailEnable primarily developed for Microsoft Windows Platform, is a powerful hosted messaging platform. Focused over email server hosting, the client <a href=\"https:\/\/www.mailxaminer.com\/blog\/mailenable-server-forensics\/\" >Read More&#8230;<\/a><\/p>\n","protected":false},"author":8,"featured_media":60,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"class_list":["post-36","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-forensics"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>MailEnable Email Server Forensics \u2013 Analyze E-Mail Header<\/title>\n<meta name=\"description\" content=\"Perform MailEnable Email Server Forensic Analysis &amp; Artifacts Investigation. Know where to locate &amp; carve evidence from an expert\u2019s viewpoint.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.mailxaminer.com\/blog\/mailenable-server-forensics\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"MailEnable Email Server Forensics \u2013 Analyze E-Mail Header\" \/>\n<meta property=\"og:description\" content=\"Perform MailEnable Email Server Forensic Analysis &amp; Artifacts Investigation. Know where to locate &amp; carve evidence from an expert\u2019s viewpoint.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mailxaminer.com\/blog\/mailenable-server-forensics\/\" \/>\n<meta property=\"og:site_name\" content=\"MailXaminer Official Blog\" \/>\n<meta property=\"article:published_time\" content=\"2014-12-04T11:38:11+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-22T07:07:32+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mailxaminer.com\/blog\/wp-content\/uploads\/2014\/12\/mailenable1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"180\" \/>\n\t<meta property=\"og:image:height\" content=\"120\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Mansi Joshi\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mansi Joshi\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/mailenable-server-forensics\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/mailenable-server-forensics\\\/\"},\"author\":{\"name\":\"Mansi Joshi\",\"@id\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/#\\\/schema\\\/person\\\/c9207395234d7178f353e02c45490a95\"},\"headline\":\"MailEnable Email Server Forensics\",\"datePublished\":\"2014-12-04T11:38:11+00:00\",\"dateModified\":\"2025-05-22T07:07:32+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/mailenable-server-forensics\\\/\"},\"wordCount\":790,\"image\":{\"@id\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/mailenable-server-forensics\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/wp-content\\\/uploads\\\/2014\\\/12\\\/mailenable1.png\",\"articleSection\":[\"Forensics\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/mailenable-server-forensics\\\/\",\"url\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/mailenable-server-forensics\\\/\",\"name\":\"MailEnable Email Server Forensics \u2013 Analyze E-Mail Header\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/mailenable-server-forensics\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/mailenable-server-forensics\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/wp-content\\\/uploads\\\/2014\\\/12\\\/mailenable1.png\",\"datePublished\":\"2014-12-04T11:38:11+00:00\",\"dateModified\":\"2025-05-22T07:07:32+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/#\\\/schema\\\/person\\\/c9207395234d7178f353e02c45490a95\"},\"description\":\"Perform MailEnable Email Server Forensic Analysis & Artifacts Investigation. Know where to locate & carve evidence from an expert\u2019s viewpoint.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/mailenable-server-forensics\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/mailenable-server-forensics\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/mailenable-server-forensics\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/wp-content\\\/uploads\\\/2014\\\/12\\\/mailenable1.png\",\"contentUrl\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/wp-content\\\/uploads\\\/2014\\\/12\\\/mailenable1.png\",\"width\":180,\"height\":120,\"caption\":\"MailEnable\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/mailenable-server-forensics\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog Home\",\"item\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Forensics\",\"item\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/category\\\/forensics\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"MailEnable Email Server Forensics\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/\",\"name\":\"MailXaminer Official Blog\",\"description\":\"Tech Talks by Forensics Experts\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/#\\\/schema\\\/person\\\/c9207395234d7178f353e02c45490a95\",\"name\":\"Mansi Joshi\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4a54472a1711bb8296f5bf3df3d4f5a01f1667ce788bdb2e834f92f9d7133ac2?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4a54472a1711bb8296f5bf3df3d4f5a01f1667ce788bdb2e834f92f9d7133ac2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4a54472a1711bb8296f5bf3df3d4f5a01f1667ce788bdb2e834f92f9d7133ac2?s=96&d=mm&r=g\",\"caption\":\"Mansi Joshi\"},\"description\":\"Tech enthusiast &amp; cyber expert for the past 5 years. Love to solve complicated scenarios to counter cyber crimes with in-depth technical knowledge.\",\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/in\\\/mansi-joshi-54414524a\\\/\",\"https:\\\/\\\/www.mailxaminer.com\\\/assets\\\/author\\\/mansi-joshi.png\"],\"url\":\"https:\\\/\\\/www.mailxaminer.com\\\/blog\\\/author\\\/mansi-joshi\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"MailEnable Email Server Forensics \u2013 Analyze E-Mail Header","description":"Perform MailEnable Email Server Forensic Analysis & Artifacts Investigation. Know where to locate & carve evidence from an expert\u2019s viewpoint.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.mailxaminer.com\/blog\/mailenable-server-forensics\/","og_locale":"en_US","og_type":"article","og_title":"MailEnable Email Server Forensics \u2013 Analyze E-Mail Header","og_description":"Perform MailEnable Email Server Forensic Analysis & Artifacts Investigation. Know where to locate & carve evidence from an expert\u2019s viewpoint.","og_url":"https:\/\/www.mailxaminer.com\/blog\/mailenable-server-forensics\/","og_site_name":"MailXaminer Official Blog","article_published_time":"2014-12-04T11:38:11+00:00","article_modified_time":"2025-05-22T07:07:32+00:00","og_image":[{"width":180,"height":120,"url":"https:\/\/www.mailxaminer.com\/blog\/wp-content\/uploads\/2014\/12\/mailenable1.png","type":"image\/png"}],"author":"Mansi Joshi","twitter_misc":{"Written by":"Mansi Joshi","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mailxaminer.com\/blog\/mailenable-server-forensics\/#article","isPartOf":{"@id":"https:\/\/www.mailxaminer.com\/blog\/mailenable-server-forensics\/"},"author":{"name":"Mansi Joshi","@id":"https:\/\/www.mailxaminer.com\/blog\/#\/schema\/person\/c9207395234d7178f353e02c45490a95"},"headline":"MailEnable Email Server Forensics","datePublished":"2014-12-04T11:38:11+00:00","dateModified":"2025-05-22T07:07:32+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mailxaminer.com\/blog\/mailenable-server-forensics\/"},"wordCount":790,"image":{"@id":"https:\/\/www.mailxaminer.com\/blog\/mailenable-server-forensics\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mailxaminer.com\/blog\/wp-content\/uploads\/2014\/12\/mailenable1.png","articleSection":["Forensics"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mailxaminer.com\/blog\/mailenable-server-forensics\/","url":"https:\/\/www.mailxaminer.com\/blog\/mailenable-server-forensics\/","name":"MailEnable Email Server Forensics \u2013 Analyze E-Mail Header","isPartOf":{"@id":"https:\/\/www.mailxaminer.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mailxaminer.com\/blog\/mailenable-server-forensics\/#primaryimage"},"image":{"@id":"https:\/\/www.mailxaminer.com\/blog\/mailenable-server-forensics\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mailxaminer.com\/blog\/wp-content\/uploads\/2014\/12\/mailenable1.png","datePublished":"2014-12-04T11:38:11+00:00","dateModified":"2025-05-22T07:07:32+00:00","author":{"@id":"https:\/\/www.mailxaminer.com\/blog\/#\/schema\/person\/c9207395234d7178f353e02c45490a95"},"description":"Perform MailEnable Email Server Forensic Analysis & Artifacts Investigation. Know where to locate & carve evidence from an expert\u2019s viewpoint.","breadcrumb":{"@id":"https:\/\/www.mailxaminer.com\/blog\/mailenable-server-forensics\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mailxaminer.com\/blog\/mailenable-server-forensics\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mailxaminer.com\/blog\/mailenable-server-forensics\/#primaryimage","url":"https:\/\/www.mailxaminer.com\/blog\/wp-content\/uploads\/2014\/12\/mailenable1.png","contentUrl":"https:\/\/www.mailxaminer.com\/blog\/wp-content\/uploads\/2014\/12\/mailenable1.png","width":180,"height":120,"caption":"MailEnable"},{"@type":"BreadcrumbList","@id":"https:\/\/www.mailxaminer.com\/blog\/mailenable-server-forensics\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog Home","item":"https:\/\/www.mailxaminer.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Forensics","item":"https:\/\/www.mailxaminer.com\/blog\/category\/forensics\/"},{"@type":"ListItem","position":3,"name":"MailEnable Email Server Forensics"}]},{"@type":"WebSite","@id":"https:\/\/www.mailxaminer.com\/blog\/#website","url":"https:\/\/www.mailxaminer.com\/blog\/","name":"MailXaminer Official Blog","description":"Tech Talks by Forensics Experts","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mailxaminer.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.mailxaminer.com\/blog\/#\/schema\/person\/c9207395234d7178f353e02c45490a95","name":"Mansi Joshi","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/4a54472a1711bb8296f5bf3df3d4f5a01f1667ce788bdb2e834f92f9d7133ac2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/4a54472a1711bb8296f5bf3df3d4f5a01f1667ce788bdb2e834f92f9d7133ac2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4a54472a1711bb8296f5bf3df3d4f5a01f1667ce788bdb2e834f92f9d7133ac2?s=96&d=mm&r=g","caption":"Mansi Joshi"},"description":"Tech enthusiast &amp; cyber expert for the past 5 years. Love to solve complicated scenarios to counter cyber crimes with in-depth technical knowledge.","sameAs":["https:\/\/www.linkedin.com\/in\/mansi-joshi-54414524a\/","https:\/\/www.mailxaminer.com\/assets\/author\/mansi-joshi.png"],"url":"https:\/\/www.mailxaminer.com\/blog\/author\/mansi-joshi\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mailxaminer.com\/blog\/wp-json\/wp\/v2\/posts\/36","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mailxaminer.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mailxaminer.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mailxaminer.com\/blog\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mailxaminer.com\/blog\/wp-json\/wp\/v2\/comments?post=36"}],"version-history":[{"count":2,"href":"https:\/\/www.mailxaminer.com\/blog\/wp-json\/wp\/v2\/posts\/36\/revisions"}],"predecessor-version":[{"id":6398,"href":"https:\/\/www.mailxaminer.com\/blog\/wp-json\/wp\/v2\/posts\/36\/revisions\/6398"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.mailxaminer.com\/blog\/wp-json\/wp\/v2\/media\/60"}],"wp:attachment":[{"href":"https:\/\/www.mailxaminer.com\/blog\/wp-json\/wp\/v2\/media?parent=36"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mailxaminer.com\/blog\/wp-json\/wp\/v2\/categories?post=36"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}