• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Unreal POP3 Stats

S

StvnT

New Pleskian
[Solved] Unreal POP3 Stats

A domain has recently started reporting extremely high POP3 Out statistics. Plesk is reporting between 8 and 10 gigabytes of data for our POP3 Out per night! I don't really know how to read the logs but I believe the inflated reporting is caused by a single account on the affected domain. The suspect account - from the logs:

May 11 11:21:18 web1 pop3d: IMAP connect from @ [xxx.xxx.xxx.xxx]INFO: LOGIN, [email protected], ip=[xxx.xxx.xxx.xxx]
May 11 11:21:52 web1 pop3d: 1336753312.107644 DISCONNECTED, [email protected], ip=[xxx.xxx.xxx.xxx], top=0, retr=22795503, time=34, rcvd=50, sent=23092177, maildir=/var/qmail/mailnames/domain.com/user1/Maildir
Click to expand...

For comparison, this is another user on the domain:

May 11 11:30:34 web1 pop3d: IMAP connect from @ [xxx.xxx.xxx.xxx]INFO: LOGIN, [email protected], ip=[xxx.xxx.xxx.xxx]
May 11 11:30:34 web1 pop3d: 1336753834.615746 LOGOUT, [email protected], ip=[xxx.xxx.xxx.xxx], top=0, retr=0, time=0, rcvd=12, sent=39, maildir=/var/qmail/mailnames/domain.com/user2/Maildir
Click to expand...

If I understand correctly, the user1 account performs a login, transfers 23MB of data and is disconnected after 30 seconds. Whereas the user2 account performs a login, sees no new mail and logs out.

What could be the problem? Could it be compromised? Could the client have changed settings and we're seeing IMAP traffic instead of POP3 (sorry, I'm not real familiar with these logs)?
 
Last edited:
Hi,

We have seen something similar to this twice, and in both times (one is still ongoing) its been caused by Kayako.

Kayako gets itself all in a tizz with emails larger than its limits, I think it downloads the email, realises its bigger than its allowed then gives up. Then on the next cycle it downloads the email, realises its bigger than its allowed then gives up (etc etc etc).

Not saying its the case you have here, but it could be something else with equally poor logic (or just a truly massive email thats somehow ended up in the inbox and times out on download every time),

Paul
 
Thanks for the help Igor and Paulie!

This only affected the one account so I was thinking either it was something on the clients end (Outlook error/bug/misconfiguration), email backscatter or a compromised account. We've had some problems with large emails before but nothing quite like this.

I wasn't able to figure out exactly what the problem was but we were able to get it fixed by resetting the password in Plesk and by having the client delete their account in Outlook. Not insightful into the cause of the problem but it worked for us.
 
You must log in or register to reply here.

Similar threads

Dork
Question Watchdog problem
Replies
3
Views
878
mow
M
S
Resolved Dovecot Broken After Latest Update
Replies
4
Views
2K
scpcomp
S
J
Issue DEBIAN 12 OPENSSL 3.0 DOVECOT does not allow login
Replies
1
Views
1K
Yaroslav_T
Yaroslav_T
S
Resolved How to obtain the IP of a webmail login
Replies
2
Views
1K
SalvadorS
S
EnriqueR
Question Incoming mail is stored in Junk folder
Replies
6
Views
931
EnriqueR
EnriqueR
Back
Top