Today, we started getting massive amounts of outgoing spam through 3 valid postboxes.
This means we have an outgoing queue that has hundreds of failed messages and we are in danger of getting blacklisted unless we resolve this quickly.
Clicking on any of the messages shows the account being used, but there is no client IP Address shown, neither is the Authentication Status shown. Both are blank (see attachment).
I have checked all of the SMTP properties and everything appears to be set up as recommended.
I have tried disabling the 3 accounts in question, but the SMTP-OU messages still keep going out. I have also tried resetting the passwords of these accounts, but again, this doesn't stop the spam.
I have also tried adding all of the IP Addresses being used to the block list. Again, this doesn't stop them.
Here is a sample of some of the log records:
I have blurred the account name as this is a valid, authenticated account.
Can someone please help with this?
Thanks and regards,
Steve