> we have a Linux-IP-Tables Firewall. Yes. > > Isn't it possible, that an internal (hidden) process > sends/receives data on unpreveliged ports not bound to IMail ?
Not if the firwall before the Imail-box deny in- AND outgoing traffic for this unpreveliged ports. But before some other questions: Any noticeable change regarding Imail logfile size together with the traffic step? What does say a command line "netstat -n" Can you install TCPView from sysinternals.com? +2,5 GB of traffic should be found somewhere on the disk if it's not tipical smtp-delivered and pop3-retrieved email traffic. What about disk space usage? Can you search for certain error messages in the SMTP-logfile. For example delivery errors if the remote mailserver has tried to send a message larger then the allowed max message size. Theoreticaly if another MTA has set his queue to retry delivery aech 10 minutes and this for let's say 7 days and you've set a max incomming message size of 20 MB this would create around 2,8 GB of additional incomming SMTP-traffic that wouldn't be visible or noticeable anywhere else then in your SMTP-logfile and your providers traffic report. Has this server installed all updates? Or: Is there any reason to believe this server is compromised? Can you set up MRTG to watch your servers traffic. (sidenote: with Darrels tools you can watch also your Imail-usage like SMTP/POP3-connections, traffic and so on: http://www.invariantsystems.com) Markus To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
