Find email that generated massive POP3 traffic

stronciy

Member
Mar 12, 2014
5
0
1
cPanel Access Level
Root Administrator
Hi All,

I have a huge traffic within last 48 hours more than 580GB generated through POP3

On this forum I find this command:

Code:
grep *****co.com /var/log/maillog* | grep retr= | grep -v retr=0 | awk {'print $11'} | cut -d, -f1 | cut -d / -f2 | awk '{t += $1} END { print "total: ", t, " bytes transferred over POP3"}'
so this is a result:

Code:
total: 574669361274 bytes transferred over POP3
So my question, how I can find a user (email) which generate this traffic ?!

Thanks
 

keat63

Well-Known Member
Nov 20, 2014
1,312
92
28
cPanel Access Level
Root Administrator
I don't know the definitive answer, but until someone who does knows the correct method, maybe the following may help.

In Tweak Settings >> Mail
Find the setting for "Number of unique recipients per hour to trigger potential spammer notification." and reduce this from 500 to say 100.
Whenever any email account sends more than 100 emails, you'll be notified, and it will show you which account.
 

stronciy

Member
Mar 12, 2014
5
0
1
cPanel Access Level
Root Administrator
Nope, problem not in qty of sent email, problem that one of users have a bug in Outlook, and every time when check email try to download all Inbox from server.

So, just need to calc which user have the biggest traffic to stop related account.

P.S.
Unfortunately Cpanel can show you traffic POP3 or IMAP by email
 

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
6,816
541
263
Houston
cPanel Access Level
DataCenter Provider
You'd have to modify that one liner (IMO) and stop listing total for all accounts on that domain:

Code:
[[email protected] ~]# grep domain.tld /var/log/maillog* | grep retr= | grep -v retr=0 |sort -n
This will list per email account all transactions but not totals