I manage a small VPS and have noticed in the last few days that email usage has blown way out of the norm. What usually is only a few dozen has instantly shot up to our relay-limit of 1,000/day. The OS is CentOS and I'm running Simple Control Panel to assist me in setting up email addresses and domains.
How can I determine which account, on which domain, is sending/receiving all of these emails?
Resolving the issue:
As suggested in the accepted answer below, I ran the mailq command and was immediately flooded with a seemingly never-ending list of email addresses. Finally forcing the load to abort with CTRL+Z, I was able to discern which account all of the email addresses were coming from:
004F1C3D5B0* 22534 Fri Feb 11 12:27:48 [email protected] [email protected] [email protected] [email protected] [email protected] ...
This is an extremely small sample of what filled my screen. From this, I was able to determine that the lowercase email on the first line must be the address sending/receiving all of these emails.
I hope I'm not mistaken.
Check you email log. For Exim it may be /var/log/exim4/mainlog. For other mailers it may be /var/log/mail. There should be a couple of entries for each email showing who sent it and who it was sent to. If it was sent to multiple recipients there may be multiple entries per user. The
mailqcommand may show what is queued which may help.If you're running Exim, the
eximstatsprogram will take an eximmainlogfile and spit out all manner of stats on sending hosts, destination hosts, sending users, destination mailboxes etc.I assume similar programs exist for other MTAs, but I've been fortunate enough to always have the choice, and always chosen Exim.