Massive POP3 Bandwidth - Stuck in a Loop

Hi, we have one client who saw a giant increase in bandwidth last week, and it is all showing as traffic from POP3. It's averaging 7+GB/day, where previously it was 40MB/day! Everything else is normal (which is very low).

I found out that the day the traffic spiked the client had setup a new account at Outlook.com and set it to check her domain email using POP3. Previously, she had used an Outlook desktop client on her computer using IMAP. She does have a lot of stored emails with some sizable attachments.

So wondering if the account on Outlook.com could be stuck in some sort of a 'download loop?!?' She still has her email on the server when she checks via desktop Outlook.

She tried to disable the account in Outlook.com, but was not able to login using the email and password she setup. She eventually was able to get support staff to help her, but they just setup a new account using the same info and said that IT WOULD OVERRIDE THE PREVIOUS account (think they were only able to find it using her phone number). So there's some weirdness trying to get to that account she setup.

- Is there anything I can do from the WHM/cPanel side of things to stop this one particular run-away POP3 account without disabling email altogether??

Obviously, would be important not to lose her email in the process.

- Could this be some sort of malicious behavior that would cause such a huge spike in POP3 traffic?

Thanks!

 

Hi Michael,
Thanks for the response. I read through the other thread and ran the command that was given (sorry, I'm not very experienced with SSH/Command Line). Here's the results that were given:

Code:

total:  63699761019  bytes transferred over POP3

I'm not sure what time-frame this is indicating, but it does show 63GB for this domain over POP3. Typical monthly bandwidth for this account (including POP3, IMAP, HTTP, etc) is 1-2GB. And as the traffic spike coincided with the change that the main user I spoke with made regarding checking email, I would have to assume it's her email that is the issue.

As mentioned, she had setup Outlook.com (not a desktop Outlook client) to check her email via POP3. Her mailbox storage is showing at almost 500MB in cPanel, so there's got to be a fair amount of sizable attachments. So should we assume that the Outlook.com app is just repeatedly downloading all of her email?!?

I can have her try to contact MS support again, but as mentioned, they had just setup a new account using her same phone number and a different email account (the one that is causing issues), as they said this SHOULD overwrite anything that had been setup before and stop the account checking. Obviously, this didn't work, which makes me worried that there's a rogue app stuck in a loop that nobody can actually find...

- Is there nothing I can do from WHM/cPanel to break this loop???

Thanks!

 

Hi, just wanted to check-in here to see if anyone has any 'creative' ideas on how to block this run-away POP3 account without disrupting the email system altogether?

I don't think the client is getting very far with MS Support, and the bandwidth is now growing exponentially every day (it was up to 15.5GB yesterday!!).

Thanks.

 

Hi, thanks for the reply. It didn't matter what email client she was using, as she was actually using 2 alternate desktop version of Outlook (on 2 laptops). It was just the rogue Outlook.com account, which could not be located, which was causing the issue. MS Support was not able to help, but stated they've seen this happen before and were thinking that after 30 days or so of inactivity, the account would be disabled.

HOWEVER, we found that sometimes the most obvious idea is the hardest to see - we had her change her email account password. The rogue account could no longer access her email, and thus stopped the run-away download loop!

Thanks for the help here, though! Hopefully this odd anomaly won't happen to anyone else, and if it does, they'll think about changing password sooner than we did ; )