David Gamero

Member
Apr 20, 2016
8
0
1
Ecija, (Sevilla)
cPanel Access Level
Root Administrator
Hello excuse my English I'm from Spain and I'm using an online translator, I made a consultation, I have a domain that generates high traffic imap, I have root access to vps, as I know that domain accounts are generating traffic imap?

A greeting.
 

ssfred

Well-Known Member
Jan 6, 2012
65
4
58
India
cPanel Access Level
Root Administrator
Twitter
Hello David,

If you are looking to identify the volume of IMAP traffic for each domains, you can use the option "Bandwisth" available in cPanel. If you wish to track the IMAP activities on the server, you can get details from the log file /var/log/maillog
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,218
463
Hello :)

Could you provide some more details about what in-particular you would like to determine? For instance, are you attempting to determine which account is using IMAP bandwidth? Feel free to attach some images to this thread to show us an example.

Thank you.
 

David Gamero

Member
Apr 20, 2016
8
0
1
Ecija, (Sevilla)
cPanel Access Level
Root Administrator
Hello account that generates a lot of traffic imap is located, I need to know is where IMAP mail is sent, I made an analysis of virus in cpanel and found many viruses and eliminated, changed passwords cpanel, mysql and email, but continues to generate a lot of traffic imap, I send you a picture for you to check consumption.

I looked at the log / var / log / maillog but no meeting since imap mail traffic is sent.

Any ideas?

Thank you very much and greetings.
 

Attachments

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,218
463
I looked at the log / var / log / maillog but no meeting since imap mail traffic is sent.
Are there no entries in /var/log/maillog at all, or do you see nothing that shows where the IMAP traffic is coming from?

Thank you.
 

David Gamero

Member
Apr 20, 2016
8
0
1
Ecija, (Sevilla)
cPanel Access Level
Root Administrator
Hello sorry for the delay in answering, I can not find in the log the problem, use tail maillog -100 | grep "domain name" but I see little traffic imap, it is possible that can be sent from a joomla and does not appear in the logs?

A greeting.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,218
463
Hello,

You can search /var/log/maillog with the "grep" command to see all matching results from that log file. Here's an example:

Code:
grep domain.com /var/log/maillog
Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,218
463
Could you elaborate on the question? The logs you are referring to show IMAP usage, indicating the email user from that IP address checked their email via IMAP.

Thank you.
 

David Gamero

Member
Apr 20, 2016
8
0
1
Ecija, (Sevilla)
cPanel Access Level
Root Administrator
Hello I send the second line where you see the ip client and my server, but as I know the mail client from which you send and receive emails?

Jul 2 00:36:40 cp01 dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=83.XX.XX.XX, lip=185.XX.XX.XX, mpid=12296, TLS, session=<mTjEnpo2etRTM0In>

A greeting
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,218
463
New Hello I send the second line where you see the ip client and my server, but as I know the mail client from which you send and receive emails?
Hello,

It's not possible to see the name of the email client (e.g. Outlook, Thunderbird) in /var/log/maillog.

Thank you.
 

David Gamero

Member
Apr 20, 2016
8
0
1
Ecija, (Sevilla)
cPanel Access Level
Root Administrator
Hello there any way to find whm this email? or you know any software that you can install in whm showing me more information about mail traffic?

I do not know where the source of excessive traffic on July 2 the day is, there was traffic 146gb imap

A greeting.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,218
463
I do not know where the source of excessive traffic on July 2 the day is, there was traffic 146gb imap
You could browse through all of the "Jul 2" activity in /var/log/maillog with a command such as:

Code:
grep "Jul 12" /var/log/maillog
You can use ""WHM Home » Email » Mail Delivery Reports" to review email deliveries. However, note that it's possible for POP3/IMAP traffic to come logging in and downloading messages as opposed to sending/receiving messages. You may also find this thread helpful, but note you may need to change the commands to check for IMAP usage:

Tracking Down Excessive POP3 Usage

Thank you.