I have one user account on a server with about 400 accounts that is filling up automatically. The dead.letter file in the users home directory automatically grows until the account is full (about 10 – 40 Mb per day). The user is using Microsoft Outlook to send and receive mail.
What can be causing this and how can I avoid it from happening?
Right now I have an emergency cron-job to delete the file but I would like "real" solution.
Edit: The server version is Red Hat Enterprise Linux ES release 4 (Nahant Update 4)
Edit 2: It seems mainly spam and I see different mailer headings (from php to Outlook Express) and a frequent appearing header is USER_NAME@vsap.no.loop
Update: I have asked the hosting provider where I use that dedicated server to look into the problem as well, as it's their Control Panel that could be a cause of the problem.
Best Answer
Does that user have a web content tree being served by a web server of this system?
Check their content tree for a CGI or something that handles GET/POST submissions. My guess is they have some standard web software installed -- a page layout tool, or something like WordPress. Some 3rd party/ies is using some security hole in that web software to try to send mail out from this system. Their exploit isn't working correctly, or at least not always, and so some/all of the outgoing mail is failing; the local mail transport agent is putting the mail in the user's dead.letter.
I'm out on limb here... but that's where I would look first.