The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

bandwidth exeeded

Discussion in 'General Discussion' started by Rooney, Jan 7, 2009.

  1. Rooney

    Rooney Member

    Joined:
    Feb 27, 2006
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    An account shows very high bandwidth usage at WHM.

    cPanel's webalizer/awstats do not show any traces of this at all. On checking detailed bandwidth usage through cpanel of the domain, i found more then 90% bandwidth taken by POP3.

    How can I know what exactly has caused the high bandwidth usage ?
     
  2. JawadArshad

    JawadArshad Well-Known Member
    PartnerNOC

    Joined:
    Apr 8, 2008
    Messages:
    447
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    PK
    cPanel Access Level:
    DataCenter Provider
    Why don't you configure that account in imap rather than pop, and make sure default, catch-all account is disabled and even if it is there, not configured via pop.
     
  3. Rooney

    Rooney Member

    Joined:
    Feb 27, 2006
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    My bad ! forgot to mention, catch-all is already disabled. And the client need pop3 access itself. Thanks Howard.

    Can you tell me which log file on the server I should look for the POP3 access to this domain ?
     
  4. JawadArshad

    JawadArshad Well-Known Member
    PartnerNOC

    Joined:
    Apr 8, 2008
    Messages:
    447
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    PK
    cPanel Access Level:
    DataCenter Provider
    It is /var/log/maillog.
     
  5. Rooney

    Rooney Member

    Joined:
    Feb 27, 2006
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    No valid information about high traffic there, not even failed login attempts for the domain in question, strange !!!! should I request ticket support with cpanel ?
     
  6. JawadArshad

    JawadArshad Well-Known Member
    PartnerNOC

    Joined:
    Apr 8, 2008
    Messages:
    447
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    PK
    cPanel Access Level:
    DataCenter Provider
    /var/log/maillog in no way is meant to show amount of bandwidth or size of mails downloaded, it will just record the time of pop sessions created and disconnected. You can just check the IP logging into the email address of that account and tell your client your pop traffic has contributed to your bandwidth.
     
  7. Rooney

    Rooney Member

    Joined:
    Feb 27, 2006
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    hmmm... there are only very few, maybe less then 10 pop sessions about the problem domain there :confused:
     
  8. JawadArshad

    JawadArshad Well-Known Member
    PartnerNOC

    Joined:
    Apr 8, 2008
    Messages:
    447
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    PK
    cPanel Access Level:
    DataCenter Provider
    No matter how many sessions are there, if POP is the reason for the traffic, then client must have downloaded large amount of emails in these 10 sessions. You have all the logs and evidence to show to your client and if you still want to investigate further, you may check it with the concerned parties, client or maybe cPanel. Best of luck.
     
  9. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    765
    Likes Received:
    1
    Trophy Points:
    18
    Same problem here...

    Account has used 17GB of bandwidth. AWstats shows general usage, nothing unusual. If I look at the graphs in the bandwidth section in cpanel I see all of it taken up by POP.

    If I check the mail log I see only the usual login and logout entries - the customer is logging in every few minutes.

    Noticed a few of these that look unusual...

    Mar 12 11:29:15 SERVER pop3d: LOGOUT, user=lp@domain.com, ip=[::ffff:ip.ip.ip.ip], port=[61516], top=0, retr=50881623, rcvd=4486, sent=51671844, time=167
    Mar 12 11:34:15 HS100 pop3d: LOGOUT, user=lp@domain.com, ip=[::ffff:ip.ip.ip.ip], port=[61524], top=0, retr=50926514, rcvd=4496, sent=51717413, time=167

    ..But not hundreds, just a few.

    retr=50881623
    sent=51671844

    Is that in bytes? So its about 6MB?
     
  10. darren.nolan

    darren.nolan Well-Known Member

    Joined:
    Oct 4, 2007
    Messages:
    259
    Likes Received:
    0
    Trophy Points:
    16
    Hate to drag up a semi-old thread. But this seems to be an issue somewhere (I have 1 account in particular that shows 300mb a day in emails).

    Other threads indicate ensuring that /etc/syslog.conf does not contain the maillog entry twice etc. to which I have checked and rechecked.

    The rest of the information is as above. Did a solution ever present itself for this issue?

    Seems excessive that we have 300mb a day in plain text logs for server output.
     
  11. ckh

    ckh Well-Known Member

    Joined:
    Dec 6, 2003
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Phoenix, AZ
    cPanel Access Level:
    DataCenter Provider
    Had that problem a few years ago. A user was downloading all the email each time they checked it and never deleted it off the server. As time passed the bandwidth would increase as there would be more emails to download.
     
  12. Kurieuo

    Kurieuo Well-Known Member

    Joined:
    Dec 13, 2002
    Messages:
    98
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Australia
    I also have experienced this issue with one mail account (at least only one mail account was reported).

    Checked the bandwidth, then the maillog... and lots of entries every 5 mins as follows:

    <date time removed> philo pop3d: LOGIN, user=<emailadd removed>, ip=[::ffff:<ip removed>], port=[1715]
    <date time removed> philo pop3d: DISCONNECTED, user=<emailadd removed>, ip=[::ffff:<ip removed>], port=[1715], top=0, retr=1536404, rcvd=26, sent=1532224, time=20

    20 seconds each connection.The retr was the same every time, as well the the sent. This went on for half a day that I can see.

    I assume this is the is issue as it aligns with the day the bandwidth was consume in the bandwidth stats. Any reason this would happen...?
     
  13. aarondwyer

    aarondwyer Well-Known Member

    Joined:
    Mar 26, 2005
    Messages:
    73
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Brisbane
    cPanel Access Level:
    Root Administrator
    @Kurieuo and others this is the exact issue that I'm facing right now.

    I have a client that is getting repeated lines like this every 10 minutes or so.

    Mar 3 22:10:55 mercury pop3d: LOGOUT, user=email, ip=[::ffff:IP], port=[18321], top=45934, retr=20551653, rcvd=624, sent=20870708, time=70

    What does the RETR mean, is that retrieved.

    And can someone confirm that that reads 20.5MB

    Thanks
    Aaron
     
  14. mohit

    mohit Well-Known Member

    Joined:
    Jul 12, 2005
    Messages:
    553
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Sticky On Internet
    20 870 708 bytes = 19.9038582 megabytes
    source
     
  15. aarondwyer

    aarondwyer Well-Known Member

    Joined:
    Mar 26, 2005
    Messages:
    73
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Brisbane
    cPanel Access Level:
    Root Administrator
    @Mohit Thanks for that.

    Just for closure on large POP3 bandwidth issue I was facing.

    As it turns it was someone else was downloading emails from the same account.

    Checking IP address in /var/log/maillog confirmed that it was different to the account holders IP that they were using to check mail.

    Changing all POP3 passwords and main hosting account passwords has fixed this issue.

    Thanks
    Aaron
     
Loading...

Share This Page