dovecot POP3 log shows too many identical RETR entries

21 Mar 2017


      Hello,
Dovecot log is showing too many POP3 RETR entries which are identical
lines. I also suspect that it is causing high pop traffic eating most of
the network bandwidth. Here are some of the lines out of 11009 in a
day.  Such pattern is observed only for few users. dovecot version is
2.1.17.
==============
Mar 20 00:00:07 pi3 dovecot: pop3(user@example.com): Disconnected:
Logged out top=0/0, retr=1/64014, del=0/1429, size=478762716
Mar 20 00:00:07 pi3 dovecot: pop3-login: Login: user=user@example.com,
method=PLAIN, rip=43.243.173.97, lip=192.168.1.18, mpid=26645, secured,
session=<5CGrmRlLyAAr861h>
Mar 20 00:00:10 pi3 dovecot: pop3(user@example.com): Disconnected:
Logged out top=0/0, retr=1/64014, del=0/1429, size=478762716
Mar 20 00:00:11 pi3 dovecot: pop3-login: Login: user=user@example.com,
method=PLAIN, rip=43.243.173.97, lip=192.168.1.18, mpid=29932, secured,
session=
Mar 20 00:00:12 pi3 dovecot: pop3(user@example.com): Disconnected:
Logged out top=0/0, retr=1/64014, del=0/1429, size=478762716
Mar 20 00:00:13 pi3 dovecot: pop3-login: Login: user=user@example.com,
method=PLAIN, rip=43.243.173.97, lip=192.168.1.18, mpid=26819, secured,
session=<3DX6mRlLUQAr861h>
Mar 20 00:00:14 pi3 dovecot: pop3(user@example.com): Disconnected:
Logged out top=0/0, retr=1/64014, del=0/1429, size=478762716
Mar 20 00:00:15 pi3 dovecot: pop3-login: Login: user=user@example.com,
method=PLAIN, rip=43.243.173.97, lip=192.168.1.18, mpid=9636, secured,
session=<x5ghmhlLjwAr861h>
Mar 20 00:00:16 pi3 dovecot: pop3(user@example.com): Disconnected:
Logged out top=0/0, retr=1/64014, del=0/1429, size=478762716
Mar 20 00:00:17 pi3 dovecot: pop3-login: Login: user=user@example.com,
method=PLAIN, rip=43.243.173.97, lip=192.168.1.18, mpid=4585, secured,
session=<8Yw+mhlL0AAr861h>
Mar 20 00:00:18 pi3 dovecot: pop3(user@example.com): Disconnected:
Logged out top=0/0, retr=1/64014, del=0/1429, size=478762716
Mar 20 00:00:18 pi3 dovecot: pop3-login: Login: user=user@example.com,
method=PLAIN, rip=43.243.173.97, lip=192.168.1.18, mpid=30049, secured,
session=<UsJOmhlLmAAr861h>
Mar 20 00:00:19 pi3 dovecot: pop3(user@example.com): Disconnected:
Logged out top=0/0, retr=1/64014, del=0/1429, size=478762716
Mar 20 00:00:20 pi3 dovecot: pop3-login: Login: user=user@example.com,
method=PLAIN, rip=43.243.173.97, lip=192.168.1.18, mpid=9636, secured,
session=<B6VimhlLNgAr861h>
Mar 20 00:00:20 pi3 dovecot: pop3(user@example.com): Disconnected:
Logged out top=0/0, retr=1/64014, del=0/1429, size=478762716
Mar 20 00:00:20 pi3 dovecot: pop3-login: Login: user=user@example.com,
method=PLAIN, rip=43.243.173.97, lip=192.168.1.18, mpid=4584, secured,
session=<pVpxmhlLPwAr861h>
Mar 20 00:00:21 pi3 dovecot: pop3(user@example.com): Disconnected:
Logged out top=0/0, retr=1/64014, del=0/1429, size=478762716
Mar 20 00:00:23 pi3 dovecot: pop3-login: Login: user=user@example.com,
method=PLAIN, rip=43.243.173.97, lip=192.168.1.18, mpid=4585, secured,
session=
What could be the possible reason?
Thanks,
Bappasaheb

Bappasaheb Nirmal

Steffen Kaiser

Steffen Kaiser

tags

participants (2)