• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

pop3/imap login question: can distance increase traffic?

S

Sven L.

Regular Pleskian
hello,

as I mentioned in another post, I am having problems with a new customer, they usually consumed around 300MB bandwidth per month and suddenly, in past 48h. they consumed 8GB!

Statistics tell me it's all from pop3/imap access and I don't even know what I should be looking for.

I went to the maillog and I see they do a login every 3 seconds, even deep in the night. so I guess it's a smartphone

this new customer is from Marroc

here is a extract:

Sep 27 04:29:27 vps01 courier-pop3d: LOGIN, [email protected], ip=[<private>], port=[1649]
Sep 27 04:29:27 vps01 courier-pop3d: LOGOUT, [email protected], ip=[<private>], port=[1649], top=0, retr=0, rcvd=24, sent=6359, time=0
Sep 27 04:29:45 vps01 courier-pop3d: Connection, ip=[<private>]
Sep 27 04:29:45 vps01 courier-pop3d: LOGIN, [email protected], ip=[<private>], port=[3100]
Sep 27 04:29:45 vps01 courier-pop3d: LOGOUT, [email protected], ip=[<private>], port=[3100], top=0, retr=0, rcvd=24, sent=9858, time=0
Sep 27 04:29:53 vps01 courier-pop3d: Connection, ip=[<private>]
Sep 27 04:29:53 vps01 courier-pop3d: LOGIN, [email protected], ip=[<private>], port=[4139]
Sep 27 04:29:54 vps01 courier-pop3d: LOGOUT, [email protected], ip=[<private>], port=[4139], top=0, retr=0, rcvd=12, sent=39, time=1
Click to expand...

NOTE: my server is in the Netherlands
as you see, the two users from .ma (aka: Marroc) are doing connections. they do this every 3 seconds even at night.
but I have other customers who do the same, and they don't have a bandwidth problem

so, what I am seeing here is, the two Marroc accounts do a connection and send 5-10K of info everytime, while the Spanish users only send 25-100 bytes
that is a huge difference, but I have no clue what would be the cause of this...

so my question is:
would it be possible that, due being so far away, paquets travel over more routers and do more checks, generating much more traffic just for a login/logout process?
 
IMO, highly unlikely. While being far away may increase TCP packet retransmissions, increasing real bandwidth usage, this will not be visible in logs (since IMAP/POP3 server shouldn't be aware of retransmissions at all - this is kernel TCP stack work).

I think the issue is rather in mail client that is being used. Or maybe mailbox has a lot of mails, so its listing is too heavy. Judging by rcvd count client did not send many commands.
 
You must log in or register to reply here.

Similar threads

S
Resolved Dovecot Broken After Latest Update
Replies
4
Views
1K
scpcomp
S
J
Question Dovecot Error: auth-master: userdb list: User listing returned failure
Replies
2
Views
2K
Jadek
J
Bitpalast
Issue gmx.* (web.de etc.) POP3 collector service fails to access Plesk based mail server
Replies
2
Views
2K
Bitpalast
Bitpalast
G
Question Unable to send emails via phpmailler (codeigniter) smtp to hotmail.
Replies
2
Views
3K
Grepher76
G
I
Issue Emails can not receive
Replies
2
Views
1K
cientiros
C
Back
Top