I recently had an account that was compromised from an outside hack somewhere.
A lot of servers started authenticating successfully and would send out a lot of messages.
Than another IP would login and do the same.
This happened over the 4th when I like most people were not near my office.
THe server stayed up and tried to process all 3 million messages.
I turned off the account on the morning of the 5th, and removed all the messages from the spool.
But now I have had to deal with removing the server's IP address from all the RBL's.
I seem to be only having a problem with one company, Senderbase.
It show my IP as having a poor reputation for the one day.
Citrix is not allowing mail to be received from my server because of said reputation.
Also, How could I have prevented this from happening? I have the message limit set. But hundreds of IP's were
accessing this account to send out mail.