So I have been getting a lot of spam notifications from AOL over the last couple of days referring to emails being sent from the IP of my server. Something similiar happened about a year ago but i contributed it to a forgotton php formmail file on one of my sites which has been removed. I went in to the mail statistics of my WHM and found a lot of emails being sent to AOL members from one specific address on a domain on my server. I talked to the user and was able to log in to her email account and saw a bunch of bounced back emails (with the same subject field as the SPAM notifications being sent to me.... Dr Oz Diet) I immediately changed her email password but did not notice any of the mails in her outbox showing them as being sent. How exactly do you guys think these were sent out and do you think a change of password will work for now?
It could be in a bunch of ways, for example: 1. Spam was sent though a php or cgi script on the server and just signed with her email address 2. Spam was sent by a virus/trojan from her computer, in which case she should scan computer for viruses/backdoors. Even if you change the password and provide it to her, such problems could happen again if she didn't clean up her computer. 3. Her user/pass combination got somehow hacked and spam is being sent from a third party computer/network. 4. She maybe has an email forwarding configured for her email account to forward to some AOL address, and each spam sent to HER is being forwarded by your server to AOL, therefore exposing your server to AOL as spam originator. Just a few ideas... it could be something else. Cheers.