Excessive bandwidth consumption by email

R

roblin

Verified User
Joined
Oct 22, 2009
Messages
20
Hello,

One user have consumed excessive bandwidth for two days:

DATE Apache Email Ftp Pop Imap DirectAdmin Other Total Email Deliveries (Sent)
2015 02 22 11.5 MB 2.53 GB 0 B 0 B 0 B 0 B 0 B 2.54 GB 178 (1)
2015 02 23 23.5 MB 7.73 GB 0 B 0 B 0 B 0 B 0 B 7.75 GB 382 (9)

Checking bandwith.tally of this user, I see more than 350 lines like these:

...
30407547=type=email&email=augustosar@**************&method=incoming&log_time=1424735283&id=&path=/var/log/exim
30407547=type=email&email=augustosar@**************&method=incoming&log_time=1424735567&id=&path=/var/log/exim
30407547=type=email&email=augustosar@**************&method=incoming&log_time=1424735859&id=&path=/var/log/exim
30407547=type=email&email=augustosar@**************&method=incoming&log_time=1424736146&id=&path=/var/log/exim
30407547=type=email&email=augustosar@**************&method=incoming&log_time=1424736431&id=&path=/var/log/exim
...

You can see that size of each incoming mail is 30M. I have searched them in all logs stored in /var/log/exim, but I haven't found any log about these incoming mails.

Any idea?

Thank you in advance.

Kind regards,
 
Hello,

Just a raw idea. Probably they were rejected due its size. Did you check rejectlog? Probably exim logs do not contain full information about them as they were rejected. Did you try to search by date/time and email address in exim logs?

The first line with 1424735283 can be transformed to 23 Feb 2015 23:48:03 GMT. Use this http://www.onlineconversion.com/unix_time.htm
 
Anyone know what error code is returned when messages are rejected because of size? If a temporary error is returned, then the same message will be retried many times by the sending server, exacerbating the problem.

Jeff
 
Hello,

I have checked all logs, but I haven't found any evidence. "message_size = 50M" in exim.conf, so the email shouldn't be rejected.

Kind regards,
 
Did you try to match time of messages with lines in logs? Probably since there is no id= of a message those lines denote tries to connect to SMTP server made by one of your users. Check lines with "SMTP connection from" in logs.
 
You must log in or register to reply here.
Back
Top