Find email that generated massive POP3 traffic

[stronciy]

Hi All,

I have a huge traffic within last 48 hours more than 580GB generated through POP3

On this forum I find this command:

grep *****co.com /var/log/maillog* | grep retr= | grep -v retr=0 | awk {'print $11'} | cut -d, -f1 | cut -d / -f2 | awk '{t += $1} END { print "total: ", t, " bytes transferred over POP3"}'

so this is a result:

total: 574669361274 bytes transferred over POP3

So my question, how I can find a user (email) which generate this traffic ?!

Thanks

 

[keat63]

I don't know the definitive answer, but until someone who does knows the correct method, maybe the following may help.

In Tweak Settings >> Mail
Find the setting for "Number of unique recipients per hour to trigger potential spammer notification." and reduce this from 500 to say 100.
Whenever any email account sends more than 100 emails, you'll be notified, and it will show you which account.

 

[stronciy]

Nope, problem not in qty of sent email, problem that one of users have a bug in Outlook, and every time when check email try to download all Inbox from server.

So, just need to calc which user have the biggest traffic to stop related account.

P.S.
Unfortunately Cpanel can show you traffic POP3 or IMAP by email

 

[cPanelLauren]

You'd have to modify that one liner (IMO) and stop listing total for all accounts on that domain:

[[email protected] ~]# grep domain.tld /var/log/maillog* | grep retr= | grep -v retr=0 |sort -n

This will list per email account all transactions but not totals