Sorry to drag up an older thread. Has there been any further discoveries on this front? Based on our message store interface bps records I'd say this behavior looks to have started April 17 or 18 2016.
Kirk MacDonald System Administrator Internet Eastlink -----Original Message----- From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Michael Wise Sent: Thursday, May 05, 2016 3:13 PM To: mailop@mailop.org Subject: Re: [mailop] Microsoft POP3 Troubles Well, I got an answer, but am no further ahead as such. I'd suggest treating them as a malfunctioning POP3 client and suggest ... that they upgrade to IMAP4 instead? :) It doesn't seem to be coming from an area that would suggest it's a rogue tenant, but that cannot be completely ruled out. Please let me know if it turns out to be in any way actually malicious instead of a misconfigure or timeout. Aloha, Michael. -- Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been Processed." | Got the Junk Mail Reporting Tool ? -----Original Message----- From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Michael Peddemors Sent: Thursday, May 5, 2016 7:15 AM To: mailop@mailop.org Subject: Re: [mailop] Microsoft POP3 Troubles Generally an increase in POP is only related to two things: * Email Client has short time out's and long query times. Seems some* email clients will attempt to download messages, but if the re-query time comes around, it will terminate the first connection and then restart from the beginning. * Unique identifier related to the message keeps changing. The email client trusts that the server ID for the message is correct, so if it changes, the email client will consider this as new. This occurs usually when migrating data stores. On 16-05-05 06:40 AM, Joseph B wrote: >> I was reviewing my flow records and I can see in the last 24h we have >> started doing a much larger amount of POP3 traffic to Microsoft than >> usual. As an example, some of the IP's that are making the POP3 >> connections are: > > Yes, we started seeing these logins from around April 18th. > > Some users have gone from 5MB a day of POP traffic to 25GB per day :-\ > > May 5 17:31:52 server dovecot: pop3-login: Login: > user=<u...@domain.com>, method=PLAIN, rip=40.100.16.125, > lip=45.xx.xx.xx, mpid=294947, session=<7VRKwRMytG4oZBB9> May 5 > 17:31:52 server dovecot: pop3(u...@domain.com): Disconnected: > Logged out top=0/0, retr=0/0, del=0/512, size=223773360, > bytes=24/12306 > > May 5 17:32:17 server dovecot: pop3-login: Login: > user=<u...@domain.com>, method=PLAIN, rip=40.100.16.125, > lip=45.xx.xx.xx, mpid=295053, session=<gaDKwhMypNUoZBB9> May 5 > 17:40:34 server dovecot: pop3(u...@domain.com): Disconnected: > Logged out top=2/3772, retr=1024/447566492, del=0/512, size=223773360, > bytes=10074/447591247 > > Cheers, > > Joseph > > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fchill > i.nosignal.org%2fcgi-bin%2fmailman%2flistinfo%2fmailop&data=01%7c01%7c > michael.wise%40microsoft.com%7cb8771e2db31442887cdd08d374f07f6c%7c72f9 > 88bf86f141af91ab2d7cd011db47%7c1&sdata=LTE1QXSHvsPRtTKNfvqsS0NtUJkhU2Y > qqSVZM8ElvIk%3d > -- "Catch the Magic of Linux..." ------------------------------------------------------------------------ Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fwww.linuxmagic.com&data=01%7c01%7cmichael.wise%40microsoft.com%7cb8771e2db31442887cdd08d374f07f6c%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=nTfW3m0aLAfxTgz%2f0H%2b4%2bKMGODnzJNIvgYvnPoRyGM0%3d @linuxmagic ------------------------------------------------------------------------ A Wizard IT Company - For More Info https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fwww.wizard.ca&data=01%7c01%7cmichael.wise%40microsoft.com%7cb8771e2db31442887cdd08d374f07f6c%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=GlkrrAzdD4c907vxI9X3D64L14KVJA01biWodvE1Tdw%3d "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. ------------------------------------------------------------------------ 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. _______________________________________________ mailop mailing list mailop@mailop.org https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fchilli.nosignal.org%2fcgi-bin%2fmailman%2flistinfo%2fmailop&data=01%7c01%7cmichael.wise%40microsoft.com%7cb8771e2db31442887cdd08d374f07f6c%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=LTE1QXSHvsPRtTKNfvqsS0NtUJkhU2YqqSVZM8ElvIk%3d _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
