The system is debian wheezy, ispc3 V220.127.116.11p5 The mail system has several domains installed but only one actually in use. All the other domains have their MX records pointing to the ISP's mail server. Today the ISP reported that spam was being sent from the server. One of the ~/maildir/new boxes now contains hundreds of Non Delivered Messages with the local address. The corresponding mailbox on the ISP's server has hundreds of Non Delivered Messages but with the spam recipient's address. I have run Rkhunter but there was nothing unusual. I have now disabled all the mail boxes using ispc3. I have changed the passwords for root and the only user account As the performance was being compromised I have stopped postfix. If I restart it, it commences pumping out the spam. I have searched all the websites but I cannot see any mailto or cgi formmail that point to that mail domain or box. Any ideas?