Overnight we were alerted to some serious spamming on server 30 by our monitoring system and we were also contacted by the data centre to inform us the spamming was so severe they had banned us from sending emails out. There were up to 80000 emails in the mail queue each with 50 mail recipients.
We immediately worked to determine the cause of spamming and logs showed one user on the server’s email account password had been compromised and was being used from Nigeria to send these emails. This password was either too simple to guess, was provided by the user on a phishing site or was obtained from a local computer infected with Malware. We changed the password and the spamming stopped.
We then cleared the mail queue and worked with our provider to have that ban lifted.
We want to assure all clients on server 30 that no emails were lost and all genuine email was successfully delivered once we had cleared the spam. Email delivery was delayed by a few hours but all messages were sent. Email is now working normally.
This issue is now closed. Do open a helpdesk ticket if you have any questions or concerns.
