I came to work yesterday and was told by a member of staff that, over the long weekend, one of our office email addresses have received around 17,000 "delivery failed" messages.
I deleted them from the server, keeping a few for analysis.
After looking at the headers at the headers is was pretty sure that the none of the offending emails had been sent from the two or three machines in the office which used that account.
I changed the password on the account and scanned the machines for malware just to be safe.
Later, I received an email from the email provider, saying that due to the large number of emails being sent from the account, all sending from it had been temporarily suspended. I emailed the support center with my suspicions and asked them to investigate whether the emails had actually originated from our IPs or not.
They got back to me saying that I could check myself from the logs on the admin screen. (never knew you could)
Anyway, I have been looking through the SMTP logs and, sure enough, there are thousand of entries for the account in question.
Here are a few:
Look at the fromhost, all IPs from spammy countries.
Anyway, I was hoping that some of you mail experts could confirm that our provider's mail server is being used as a relay by spammers, and that it is their negligence that has caused us considerable inconvenience.
Thanks in advance.
The emails are still coming, though at a much slower rate. I expect it will die out by the end of the week.