I use ISPConfig on Debian. In the last 24 hours, I've been receiving a flood of returned mail as a spammer is faking one of our legitimate e-mail addresses as his FROM address. I've looked at /var/log/mail.log and it looks like Yahoo and other servers now think the originating address (and therefore my server!) is a spammer. I've looked at the tutorials on securing your mail server, but they mostly deal with spam and so far that's not been (too) much of a problem. What can I do to stop the flood and exclude the spammers from going through the server?
Did you setup a 'correct; SPF record with in it that only your server (with the MX IP) is allowed to send email?
Are you really sure that they sent the mail trogh your servers? In most caeses, the use just your address as sender address on other hacked mail servers. If this is the case, there is nothing that you can do against it.
except for spf records but the receiving mailserver would have to check that also - which a lot of servers dont.
