Hi We are having spam generated in our server . The mechanism is as follow: someone send mail to our server using a true account (sasl login OK ) and send mail to other servers with a domain of some of our clients , but with generated usernames. We couldn't find any way to stop this, one way should be useful is to disable temporarily the user who is used to produce the attack thanks in advance for your help !
Have you tried to change the password of the user to prevent the attackers to use it to login with smtp?
yes till , of course. In these cases in general , the attack start again few hours later with another user. I think that it is originated in infected windows machines with some malware software which stole user and password. but well, thanks again till , I wondering if someone has another approach to the problem
