Hi, we have one client who saw a giant increase in bandwidth last week, and it is all showing as traffic from POP3. It's averaging 7+GB/day, where previously it was 40MB/day! Everything else is normal (which is very low).
I found out that the day the traffic spiked the client had setup a new account at Outlook.com and set it to check her domain email using POP3. Previously, she had used an Outlook desktop client on her computer using IMAP. She does have a lot of stored emails with some sizable attachments.
So wondering if the account on Outlook.com could be stuck in some sort of a 'download loop?!?' She still has her email on the server when she checks via desktop Outlook.
She tried to disable the account in Outlook.com, but was not able to login using the email and password she setup. She eventually was able to get support staff to help her, but they just setup a new account using the same info and said that IT WOULD OVERRIDE THE PREVIOUS account (think they were only able to find it using her phone number). So there's some weirdness trying to get to that account she setup.
- Is there anything I can do from the WHM/cPanel side of things to stop this one particular run-away POP3 account without disabling email altogether??
Obviously, would be important not to lose her email in the process.
- Could this be some sort of malicious behavior that would cause such a huge spike in POP3 traffic?
Thanks!
I found out that the day the traffic spiked the client had setup a new account at Outlook.com and set it to check her domain email using POP3. Previously, she had used an Outlook desktop client on her computer using IMAP. She does have a lot of stored emails with some sizable attachments.
So wondering if the account on Outlook.com could be stuck in some sort of a 'download loop?!?' She still has her email on the server when she checks via desktop Outlook.
She tried to disable the account in Outlook.com, but was not able to login using the email and password she setup. She eventually was able to get support staff to help her, but they just setup a new account using the same info and said that IT WOULD OVERRIDE THE PREVIOUS account (think they were only able to find it using her phone number). So there's some weirdness trying to get to that account she setup.
- Is there anything I can do from the WHM/cPanel side of things to stop this one particular run-away POP3 account without disabling email altogether??
Obviously, would be important not to lose her email in the process.
- Could this be some sort of malicious behavior that would cause such a huge spike in POP3 traffic?
Thanks!