A mailbox with a poor password was hacked and used as a relay. The 'from' addresses were not the name of any user in the domain and the "Require Auth Match" is set to 'email' and we do require authentication on all domains.

 

Wondering how this could happen. We are going to implement password requirements and we are going to get some of the larger domains on their own ip. Is there anything else we should be doing?