Kerio Mailserver Storage Format

Published October 12th, 2005, updated February 10th, 2008.

Here are some notes on the Kerio Mailserver, version 6.1. My interest lays on the storage as I’m going to do some data injection :-)

kerio/$ ls

store/mail/domain.tld/username/ - that's it. see below.
store/mail/domain.tld/#public/ - shared user?
store/logs/ - ascii text log files and index for each of them
store/queue/nn/* - hashes or maildir or somewhat?
store/queue/pickup/ - working directory?
store/spamassassin/* - uninteresting
store/tmp/* - not interesting

kerio/store/mail/domain.tld/username/$ ls

Calendar - Calendar data, vcal + index
Contacts - Contacts, vcard + index
Deleted Items - All types + index
Drafts - mail?
INBOX - mail?
Junk E-mail - mail?
Sent Items - mail?
Tasks - unknown
filter.siv - mail filters, perl-like syntax
folder.map - shared folders mapping, simple xml
settings.usr - serialized php structure
stats.usr - unknown
sub.fld - optional (mail) folders

kerio/store/mail/domain.tld/username/Folder/$ ls

#assoc/ - unknown
#msgs/*.eml - VCALENDAR, VCARD, Mail, whatever
subfolders/ - like Folder, unsure where they are linked
deleted.fld - ??? unix timestamp + filename
index.fld - see below.
properties.fld - unknown
search.fld - sqlite2 database, somewhat broken; useless (or other format???)
sort.fld - unknown, may be cache
status.fld - unknown

kerio/store/mail/domain.tld/username/Folder/$ cat index.fld

U00000001 F80000001 S1133 D43032abf M4305f1b7 I0001 CIPM.Appointment

Format:
Unnnnnnnn = file name (#msg/nnnnnnnn.eml)
Fnnnnnnnn = unknown (assuming signed int, always? -2^31+1)
Snnnn = unknown
Dnnnnnnnn = create date (hex encoded unix timestamp)
Mnnnnnnnn = modify date (hex encoded unix timestamp)
Innnn = incremental counter
CIPM.* = file type
… = optional data behind

kerio/store/mail/domain.tld/username/Folder/$ cat deleted.fld

431d8fa3 00000005

Format:
timestamp (hex encoded) + filename

kerio/store/mail/domain.tld/username/Folder/$ cat status.fld

T2
G64590354-03bc-46fa-9d94-b5c19be217d7
V430adb2c
U0000000c
C00000001
M6
D0
R0
N0
S7514
Auser@domain.tld lrswicda

Format:
T – unknown
G – unique id, probably used to identify folder
V – timestamp, folder create date
U – next filename to use
C – counter?
M – folder type?
D – unknown, some delete flag?
R – unknown
N – unknown
S – unknown
A – mail address / user id + permissions?

That’s all. May be it helps you to tinker with the backend.