Hello!
Unfortunatly someone hijacked the login and pass for one of the mailboxes in my server, and somehow made it automatically try to send spam messages to different domains. I checked rspamd and it’s shown that he used different ip addresses and they were all blocked. but no matter what i do, it’s still sending spam for few days now! and the server is blocking this messages and sends back a “undelivered mail” to this mailbox.
What i tried:
-I checked the “Force password update at next login” in the mailcow UI.
-I changed the mailbox pass.
-I turned on the “Disallow login” option.
Please give me some advices, what should i do to stop this.