Email bandwidth issues

W

WebbedIT

Verified User
Joined
Jun 10, 2012
Messages
15
Hi,

I'm starting to have regular occurrences of an issue where some email users are consuming huge amounts of bandwidth. Here are some grep'd example lines from /var/log/maillog:

Code: 
Jan 13 18:44:42 ns6 dovecot[1481]: pop3([email protected]): Disconnected: Logged out top=0/0, retr=3/156041, del=0/798, size=157131860, bytes=54/182108
Jan 13 19:03:44 ns6 dovecot[1481]: pop3([email protected]): Disconnected: Logged out top=0/0, retr=4/230894, del=0/799, size=157206682, bytes=72/257021
Jan 13 19:15:44 ns6 dovecot[1481]: pop3([email protected]): Disconnected: Logged out top=0/0, retr=1/74853, del=0/799, size=157206682, bytes=34/100947

Every time this user checks their email it's logging 18MB of bandwidth, yet it's not delivering any emails, just interrogating the headers. This user does have 150MB of emails in her imap/cur folder and has consumed over 12GB of bandwidth this month already according to Directadmin.

Another user I have been having problems with has certain emails (malformed SPAM type emails?) getting stuck in his account and consuming bandwidth on every POP3() check whilst the restof his emails download without issue.

Code: 
Jan 13 19:53:15 ns6 dovecot[1481]: pop3([email protected]): Disconnected: Logged out top=0/0, retr=1/3752, del=0/1, size=3735, bytes=26/3829
Jan 13 20:03:15 ns6 dovecot[1481]: pop3([email protected]): Disconnected: Logged out top=0/0, retr=1/3752, del=0/1, size=3735, bytes=26/3829
Jan 13 20:13:21 ns6 dovecot[1481]: pop3([email protected]): Disconnected: Logged out top=0/0, retr=1/3752, del=0/1, size=3735, bytes=26/3829

Can anyone give me pointers on what may be causing these issues?

Thanks, Paul.
 
Is your user (forst example) using IMAP? If so, then every time he logs in to check email the index information for all the emails on the server are downloaded to his email client.

Jeff
 
I believe they are using IMAP or they've ticked the box to leave a copy of messages on the server. However, Directadmin is reporting the traffic as POP3, not IMAP.

Screen Shot 2014-01-16 at 14.30.22.png

If the client is downloading the index info each time, should that not be smaller than the total size of all emails including attachments?

In this example it is logging bandwidth for over 160MB with every pop3() connection, this seems wrong unless it actually is downloading all emails every time it connects. But that would surely be wrong too as the client should only download those it hasn't downloaded during previous connections?

nobaloney said:
Is your user (forst example) using IMAP? If so, then every time he logs in to check email the index information for all the emails on the server are downloaded to his email client.

Jeff
Click to expand...
 
Last edited:
WebbedIT said:
I believe they are using IMAP or they've ticked the box to leave a copy of messages on the server. However, Directadmin is reporting the traffic as POP3, not IMAP.
Click to expand...
If DirectAdmin is reporting POP3 traffic, then it's POP3 traffic. Perhaps they're downloading all the messages over and over again. If they've set their client to leave all messages on the server, then delete them locally, then some email clients will reload all emails from the server the next time they're started.

I agree with you that the numbers in your attachment show some confusing results. Perhaps for one or more of several reasons.

Perhaps there are more than one virtual email account, and they get checked on different days. Perhaps POP3 connections are being interrupted in which case they'll start over with all the emails on the next time they're started (this occurs because emails are not deleted one at a time, but rather all, at the end, when all have been downloaded). Perhaps for some other reason i haven't thoght of.

Want to do a forensic study? Then you'll have to synchronize shell checks of mailbox contents before and after several series of POP3 retrievals. Talk to your client and set a time or times when you can do this.

Jeff
 
You must log in or register to reply here.
Back
Top