Atomicorp

We are running plesk 10 on our server.
In the past 1.5 days statistics on our plesk control panel have suddenly show a huge spike in traffic on one of our domains, when looking at this it is all pop3/imap traffic. Now somehow this has racked up a whopping 320GB of traffic. We are desperate to work out what could be causing this.
Is there a way to check that this is definitely happening and not being misreported?
Are there any logs that could show this?
We have just changed passwords in case this is a security breach.

the maillog would have the events of who is logging into pop/imap so thats one place to look. The other might be to look at disk utilization in /var/qmail/mailnames (this is where the mailboxes are located)

We have seen the same thing occasionally in the past 12 months in Plesk 8.6. Don't panic.

We have not seen any associated spikes in actual traffic - we'd easily notice the extra 10s of GB used.

The only thing we've noticed is that the customers who have these odd stats are authorised to use SMTP on the server. We think Plesk, or the component it uses to get the stats, is misreporting something.

At this stage it is all just guesswork though.

Faris.