My problem is this, I'm getting tons of bounces for spam that weren't legitimately sent from any account on my Ispconfig3 installation. The contents of the bounce messages contain the spam the bouncing server received. The first received header of the attached spam contains a source from an apparent zombie-bot but it also says (Authenticated Sender : [VALID_ACCOUNT]) The subsequent received headers list my server. The spam all contain an email with multiple CC addresses, which I am getting the bounces from. Is my server receiving the spam and through normal authentication somehow and then sending it to all the CC'd addresses? The password on the account has been changed numerous times but to no affect. How can I figure out what is going on?
[UPDATE] It does seem like the account is actually being used to CC the spam because when the email account is turned off, the bounce-flood stops. Also, I've changed passwords on multiple types of systems on multiple computers so it is unlikely there is a back-door key logger involved. And, this is just a normal Ispconfig3 installation so I can't figure out what I might have done wrong. Any ideas?
D'Oh! That was stupid of me. It seems the spamming has stopped because I stopped getting bounce messages in Squirrelmail but since the account I am using is the account I turned off, OF COURSE I'm not going to see anything. So ignore that part of the update and original post, the rest still stands though.
