My bandwidth usage is too high!
I've been notified by the excellent Linode warning service (thank you very much for it!) that my bandwith on one of my Linodes is really high, in the last hours specially.
In this linode I got just an email server, behind a firewall (Shorewall). I got 5 Mb/sec, which is way too much for this service.
I cannot see any service listening to a strange port. I can't see any log file growing more than usual. The disk space usage is normal.
Any idea of how can I know what is happening with my traffic? Is it possible that it is just spam? At this rate, I will have to stop it before I reach the monthly limit.
Thank you very much for any help you can provide.
Note: all the traffic is incoming.
tcpdump -i eth0 -n not port 22
The computer is now shutdown, and I opened a support ticket. Hopefully I will get an answer soon.
sure you're not running an open relay, and spammers are relaying through you? sure you're not just seeing a large volume of incoming email?
Looking at the mail logs, I can see a "normal" amount of spam attempts. That means, I got a logged SMTP connection every 5 seconds, or even longer.
[email protected]:/var/spool/postfix# postqueue -p
Mail queue is empty
But now I don't know if it is running against SMTP anymore. I'm seeing strange things. For example, from tcpdump:
10:53:09.072144 IP 192.168.134.122.mysql > 192.168.133.68.39696: . 43239758:43304918(65160) ack 1697 win 61
I had my server off for more than 16 hours, and as soon as I boot it, the traffic is there.
On the IRC, it seems I am not the only one suffering from this, and it might be a problem in the datacenter.
They've said we won't be charged for bandwidth over-use this month as its a technical fault.
I only went and installed shorewall as soon as I saw my stats! -ah well, been meaning to do it for a while anyway!
I already had shorewall installed, so I felt pretty confident. And my spam rate, although it is high to my taste, it was not so high to justify that incoming bandwidth.
Anyway, I feel more relaxed now. Hope they can fix it completely soon.