Find email that generated massive POP3 traffic

stronciy

• July 04, 2019 09:14

Hi All, I have a huge traffic within last 48 hours more than 580GB generated through POP3 On this forum I find this command: grep *****co.com /var/log/maillog* | grep retr= | grep -v retr=0 | awk {'print $11'} | cut -d, -f1 | cut -d / -f2 | awk '{t += $1} END { print "total: ", t, " bytes transferred over POP3"}'
so this is a result: total: 574669361274 bytes transferred over POP3
So my question, how I can find a user (email) which generate this traffic ?! Thanks

• 

  keat63

  • July 05, 2019 10:00

  I don't know the definitive answer, but until someone who does knows the correct method, maybe the following may help. In Tweak Settings >> Mail Find the setting for "Number of unique recipients per hour to trigger potential spammer notification." and reduce this from 500 to say 100. Whenever any email account sends more than 100 emails, you'll be notified, and it will show you which account.

  0
• 

  stronciy

  • July 05, 2019 14:31

  Nope, problem not in qty of sent email, problem that one of users have a bug in Outlook, and every time when check email try to download all Inbox from server. So, just need to calc which user have the biggest traffic to stop related account. P.S. Unfortunately Cpanel can show you traffic POP3 or IMAP by email

  0
• 

  cPanelLauren

  • July 05, 2019 21:04

  You'd have to modify that one liner (IMO) and stop listing total for all accounts on that domain: [root@server ~]# grep domain.tld /var/log/maillog* | grep retr= | grep -v retr=0 |sort -n
  This will list per email account all transactions but not totals

  0

Please sign in to leave a comment.