Luckily I was at my desk when I found 140 emails stating that messages couldn't be received - I quickly logged into my server to check out exim to find 600,000 emails awaiting delivery. I quickly found the compromised email - changed the password - found the interface ip (user who was doing all the sending) and banned him from the server - then deleted all the mail in the queue. I did the best I could to stop it - but about 600 emails made it through before I caught it. Should I be worried about what those emails might do considering they came from my server? (I also added a restriction that only allows 200 emails to be sent at a time now.) Anyone have any suggestions on what I should do?
I had faced a similar problem a few days back. In my case, the issue was with the script that one of my sites was using....it wasn't secure enough. how exactly were these mails sent?