Around May 22nd, I became aware that our server was sending out spams via Comcast automatic notification and MX-Toolbox notifications but was unable to determine the sending account owing to the fact that I had not received a single complaint from an end user receiving said spam nor hard either of these automated tools given me enough information to determine it. Comcast in their extremely finite wisdom expunges this information from the headers to protect the privacy of their customers. How the hell they expect us to identify the sender without this information is beyond me.
At any rate on the 28th, I finally saw our outgoing mail server had been clogged by one customer, and further examining some of the queued mail found that it was a phishing scam. This particular customer is a long time customer that I know would not do something like this so it was evident his account had been compromised. I changed the password, contacted the customer with the location of the phishing scam on his website, and applied for delisting of the three RBLs we were on a result.
Two of those three removed us from the RBL but SORBS still has not. I’m still going back and forth with them trying to get this taken care of. I’ve purged all the spam queued on our mail servers and all the bounces attempting to return from spammed addresses.
The mail server is now caught up. The only location I am aware of that is still blocking us is Starbucks. Earlier Yahoo and others were throttling incoming mail from our server resulting in legitimate mail being bounced. But mailq is now clear save for starbucks.