Hello. Which version of SmarterMail are you using? Also, you may want to check your server IP reputation here: https://talosintelligence.com/reputation_center. and you may want to check to see if your server IP is on any widely used RBLs here: http://multirbl.valli.org/. I have a suspicion that you have a compromised account on your server. If that is the case, I can help you. I will just need to know the version of SM that you are using. If you are using version 17x, did you upgrade to it from a prior version? I'm asking because depending on your answer, I may be able to provide you with a free program to find out what account is compromised. Thanks!

We use SmarterMail version 16.x. During further troubleshooting, I have found something else. In different logs and also in the virus quarantine, there is an email address that keeps popping up. It is the sender in almost all scenarios. Similar to this: 3vrgfqblaepzfoieznbfntmrpqyix@ourdomain.com, but with "Our domain" being our actual domain. This account is not a user or an alias on our server. If this is the source of the problem, how do we stop it? Thanks!

North, I agree with Kyle on the resolution. Now that you provided further details, it looks like you may have an open relay, not a compromised account.

However, if you would like to protect your server in the event of a compromised account, SM's throttling and internal spammer notification features work well for that along with the free program that I was telling you about. The program is called Declude and the feature within it that you would use is Declude Hijack. If you would like to learn more about how it works, Please check out the following KB articles and user's manual...

Also, if you would like to download and try Declude, you can do so from the following link:http://mailsbestfriend.com/downloads/

Please let me know if you have any questions. Thanks!