Benjamin Schweizer.

Here are some notes on the Kerio Mailserver, version 6.1. My interest lays on the storage as I’m going to do some data injection :-)

kerio/$ ls

store/mail/domain.tld/username/ - that's it. see below.
store/mail/domain.tld/#public/ - shared user?
store/logs/ - ascii text log files and index for each of them
store/queue/nn/* - hashes or maildir or somewhat?
store/queue/pickup/ - working directory?
store/spamassassin/* - uninteresting
store/tmp/* - not interesting

kerio/store/mail/domain.tld/username/$ ls

Calendar - Calendar data, vcal + index
Contacts - Contacts, vcard + index
Deleted Items - All types + index
Drafts - mail?
INBOX - mail?
Junk E-mail - mail?
Sent Items - mail?
Tasks - unknown
filter.siv - mail filters, perl-like syntax
folder.map - shared folders mapping, simple xml
settings.usr - serialized php structure
stats.usr - unknown
sub.fld - optional (mail) folders

kerio/store/mail/domain.tld/username/Folder/$ ls

#assoc/ - unknown
#msgs/*.eml - VCALENDAR, VCARD, Mail, whatever
subfolders/ - like Folder, unsure where they are linked
deleted.fld - ??? unix timestamp + filename
index.fld - see below.
properties.fld - unknown
search.fld - sqlite2 database, somewhat broken; useless (or other format???)
sort.fld - unknown, may be cache
status.fld - unknown

kerio/store/mail/domain.tld/username/Folder/$ cat index.fld

U00000001 F80000001 S1133 D43032abf M4305f1b7 I0001 CIPM.Appointment

Format:
Unnnnnnnn = file name (#msg/nnnnnnnn.eml)
Fnnnnnnnn = unknown (assuming signed int, always? -2^31+1)
Snnnn = unknown
Dnnnnnnnn = create date (hex encoded unix timestamp)
Mnnnnnnnn = modify date (hex encoded unix timestamp)
Innnn = incremental counter
CIPM.* = file type
… = optional data behind

kerio/store/mail/domain.tld/username/Folder/$ cat deleted.fld

431d8fa3 00000005

Format:
timestamp (hex encoded) + filename

kerio/store/mail/domain.tld/username/Folder/$ cat status.fld

T2
G64590354-03bc-46fa-9d94-b5c19be217d7
V430adb2c
U0000000c
C00000001
M6
D0
R0
N0
S7514
Auser@domain.tld lrswicda

Format:
T – unknown
G – unique id, probably used to identify folder
V – timestamp, folder create date
U – next filename to use
C – counter?
M – folder type?
D – unknown, some delete flag?
R – unknown
N – unknown
S – unknown
A – mail address / user id + permissions?

That’s all. May be it helps you to tinker with the backend.

This entry was posted on Wednesday, October 12th, 2005 at 12:00 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.