Score:0

Server

My SMTP server transferring out Terabytes of data in a day

Khalil

11/27/22, 7:06 AM

We are having an issue with one of our SMTP servers. Problem arises since 3 weeks and is transferring out terabytes of data in a day. Any Idea why is this happening, or suggestion to dig out & resolve this issue.

Thanks Khalil

1 + 4

bandwidth

smtp

centos

linux-networking

djdomi

11/27/22, 8:19 AM

Does this answer your question? [How do I deal with a compromised server?](https://serverfault.com/questions/218005/how-do-i-deal-with-a-compromised-server)

djdomi

11/27/22, 8:23 AM

moreover, check logs or `iptraf` "terrabytes" of traffic means at least some megabytes per second, calucate 3 TB due 30days is round about 1,21mb/s

Khalil

11/27/22, 8:53 AM

djdomi

11/27/22, 9:07 AM

Update the Question and format it, show us LOGS, use iptraf, netstat -tup, ntop, tcpdump, dstat --net --top-io-adv --there are a LOT of tools to monitor

Score:2

Server

Bob

11/27/22, 7:36 AM

The most likely reason is that the server is compromised.

In the most simple case: the server is not configured correctly and it can be used as an open relay, allowing anyone to use your mailserver to send spam.

You can diagnose that (and other issues) by checking the log files on the server.

Potentially the mail server itself is fine, as such abuse can also occur when the server is configured correctly, but the credentials of valid user are getting abused, or the source the abuse is a trusted system/sender elsewhere in your network and you've only started to noticed the effects of that compromise on the mail server. Again: check you log files.

In more serious cases your server is fully compromised. Then you may not even have log files anymore or when you do, they may not show any obvious abuse and can't be trusted...
Then read: How do I deal with a compromised server?

0 + 2

Khalil

11/27/22, 7:56 AM

Hey Bob, thanks for reply, I have all security checks in place, system is not open relay, log system is working perfectly. only issue I have is unusual outbound traffic.

Tero Kilkanen

11/28/22, 5:45 PM

There cannot be security checks for everything. The most likely reason is compromised server, and most reliable way to clean it up is to restore from known good backups.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: My SMTP server transferring out Terabytes of data in a day

TH: เซิร์ฟเวอร์ SMTP ของฉันถ่ายโอนข้อมูลหลายเทราไบต์ในหนึ่งวัน

RO: Serverul meu SMTP transferă Terabytes de date într-o zi

RU: Мой SMTP-сервер передает терабайты данных за день

VI: My SMTP server transferring out Terabytes of data in a day

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.