Kerio Mailserver Storage Format

Published October 12th, 2005, updated February 10th, 2008.

Here are some notes on the Kerio Mailserver, version 6.1. My interest lays on the storage as I’m going to do some data injection :-)

kerio/$ ls

store/mail/domain.tld/username/ - that's it. see below.
store/mail/domain.tld/#public/ - shared user?
store/logs/ - ascii text log files and index for each of them
store/queue/nn/* - hashes or maildir or somewhat?
store/queue/pickup/ - working directory?
store/spamassassin/* - uninteresting
store/tmp/* - not interesting

kerio/store/mail/domain.tld/username/$ ls

Calendar - Calendar data, vcal + index
Contacts - Contacts, vcard + index
Deleted Items - All types + index
Drafts - mail?
INBOX - mail?
Junk E-mail - mail?
Sent Items - mail?
Tasks - unknown
filter.siv - mail filters, perl-like syntax - shared folders mapping, simple xml
settings.usr - serialized php structure
stats.usr - unknown
sub.fld - optional (mail) folders

kerio/store/mail/domain.tld/username/Folder/$ ls

#assoc/ - unknown
#msgs/*.eml - VCALENDAR, VCARD, Mail, whatever
subfolders/ - like Folder, unsure where they are linked
deleted.fld - ??? unix timestamp + filename
index.fld - see below.
properties.fld - unknown
search.fld - sqlite2 database, somewhat broken; useless (or other format???)
sort.fld - unknown, may be cache
status.fld - unknown

kerio/store/mail/domain.tld/username/Folder/$ cat index.fld

U00000001 F80000001 S1133 D43032abf M4305f1b7 I0001 CIPM.Appointment

Unnnnnnnn = file name (#msg/nnnnnnnn.eml)
Fnnnnnnnn = unknown (assuming signed int, always? -2^31+1)
Snnnn = unknown
Dnnnnnnnn = create date (hex encoded unix timestamp)
Mnnnnnnnn = modify date (hex encoded unix timestamp)
Innnn = incremental counter
CIPM.* = file type
… = optional data behind

kerio/store/mail/domain.tld/username/Folder/$ cat deleted.fld

431d8fa3 00000005

timestamp (hex encoded) + filename

kerio/store/mail/domain.tld/username/Folder/$ cat status.fld

Auser@domain.tld lrswicda

T – unknown
G – unique id, probably used to identify folder
V – timestamp, folder create date
U – next filename to use
C – counter?
M – folder type?
D – unknown, some delete flag?
R – unknown
N – unknown
S – unknown
A – mail address / user id + permissions?

That’s all. May be it helps you to tinker with the backend.