Email - Webmail Attack

[bhstudios]

Hi, i've been having this problem since about 3 weeks now, and can't figure out what's going on.
Random domains from different customers and random email accounts from that domains have been sending out spam random as well.
Mail headers going out looks like this:

1MlXPY-0000TM-7F-H
mailnull 47 12
<xxx@xxxxxxxxx.com>
1252542076 0
-helo_name webmail.xxxxxxxxxxx.com
-host_address 127.0.0.1.45815
-host_name localhost
-host_auth fixed_login
-interface_address 127.0.0.1.25
-received_protocol esmtpa
-body_linecount 37
-max_received_linelength 83
-auth_id xxxxx@xxxxxxxxxxx.com

Even it looks like its been authorized by the user it's not, and we know that because we even had that trouble with a domain of our own, we even changed the password of the email account and problem continued.

What could be happening? Thanks,

[cPanelMattCurry]

Hello,

I am sorry to hear that. You may want to go ahead and submit a ticket so we can look at this as soon as possible. This may be some malicious code, and it is not going to be something we could troubleshoot from the forums. Please let me know if you have any other problems.

Thank you,
Matthew Curry

[krisdv]

Im having the exact same problem, what was the root cause for you?

Regards,
Kris

[ElrondBCN]

I too am having this exact same problem where mailnull is sending out spam.