• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Issue Abnormal traffic usage caused by POP3/IMAP

S

stevepa

New Pleskian
Server operating system version
Ubuntu 20.04.6 LTS
Plesk version and microupdate number
18.0.63 Update #4
Dear all,

I've got asubscription for a customer in my plesk environment with "normal" usage of 2 GB.
Traffic was constantly 2-5GB a month, but a few months ago monthly traffic was suddenly 300, 400, 500 GB a month, up to 3 TB.

Nothing changed, costumer is still using his email as before.
All traffic is caused by POP3/IMAP. Outgoing Mail Control is enabled (max. 30 mails an hour).

There are no anomalies in /var/log/maillog and maillog.processed - this is all minimal.

Any ideas?

Thanks a lot.
 
Since mail accounts authentication is performed via POP3/IMAP, this may be the cause of high traffic statistics. However, you would have probably noticed lots of entries in the maillog. Could you please try one of the following scripts and let us know what's the result you see?
 
maybe a stuck email in the inbox, that the client tries to download over and over again? (I've only seen such things in the past, when using POP3)
 
Sebahat.hadzhi said:
Since mail accounts authentication is performed via POP3/IMAP, this may be the cause of high traffic statistics. However, you would have probably noticed lots of entries in the maillog. Could you please try one of the following scripts and let us know what's the result you see?
Click to expand...
POP3/IMAP stats for info@********.net

Bytes:
SENT=340539725191
RCVD=8086097

KiloBytes:
SENT=332558325.38
RCVD=7896.58

MegaBytes:
SENT=324763.99
RCVD=7.71

GigaBytes:
SENT=317.15
RCVD=.01
 
Hi, I have also a customer with only one mailbox. He sent no big mails, only mails with some KB in attachement. The above script returns:
Bytes:
SENT=253712977235
RCVD=84056767

KiloBytes:
SENT=247766579.33
RCVD=82086.69

MegaBytes:
SENT=241959.55
RCVD=80.16

GigaBytes:
SENT=236.29
RCVD=.08

There is no alert for to much mails sending from outgoing mail control. In mail statistic on sent mails the most days are 0 (zero) mails. That is also very suspicious. Today the customer has only 6 mails sent (1 in one hour). Yesterday and day before zero mails. And day before 2 mails. But day before there are 0 mail sent in statistic.

Is there a problem with server? There are many mailboxes on the server. Only one mailbox generate this big traffic in statistic.
What can I do to check?
 
In my case there was problem with a Apple Device. Apparently a service has hung up and has repeatedly retrieved or sent data.
Deleting the Mailaccount from the affected device was the solution,
 
I had to debug such a case recently. The log doesn't show any additional details on why the email client downloaded so much data.

You can debug this issue further by enabling mail_debug in Dovecot.

Check the value:
Code: 
doveconf | grep mail_debug

Edit /etc/dovecot/dovecot.conf removing the # from before mail_debug, afterwards restart dovecot:
Code: 
grep mail_debug /etc/dovecot/dovecot.conf  -n
122:#mail_debug = yes

Check new sessions to see which one had a lot of data transferred and see what happened before the session terminated:
Code: 
grep -E "service=imap|service=pop3" /var/log/maillog | grep Disconnected | awk '{print $1" "$2" "$3" "$7" "$NF}' | awk -F"=" '{print $1" "$2" "$NF/1024" MB"}'
Apr 2 15:36:06 user [email protected], sent 21.5195 MB
Apr 2 15:52:23 user [email protected], sent 125.363 MB
Apr 4 12:06:23 user [email protected], sent 0.849609 MB
Apr 4 22:02:17 user [email protected], sent 169.811 MB
Apr 4 22:02:17 user [email protected], sent 85.2939 MB
Apr 7 22:10:28 user [email protected], sent 63.7705 MB
Apr 7 22:30:12 user [email protected], sent 684.421 MB
 
You must log in or register to reply here.

Similar threads

VirtualHorror
Issue Plesk backup issue - taking too long to list files of a particular website
2
Replies
20
Views
5K
VirtualHorror
VirtualHorror
Cristian Rodriguez
Resolved To many Apache process eating memory
Replies
6
Views
26K
Cristian Rodriguez
Cristian Rodriguez
M
Resolved How to check details about POP3/IMAP traffic for single email
2
Replies
24
Views
20K
javcove
J
L
Migrate to Plesk on AWS from Plesk, cPanel or DirectAdmin
Replies
0
Views
5K
Lukas Hertig
L
M
Huge traffic for POP3/IMAP
Replies
10
Views
5K
MarcSerra
M
Back
Top