My WHM mail server was compromised and I am trying to figure out how could possibly be sent through and account’s default mail account . It was not being sent through any of the created mail accounts that I could see. All the mail was being relayed through the server using the hosted account’s name i.e.
There were thousands of emails being relayed and the mail queue manager was filled.
Needless to say my ip has now been blacklist by every server provider know to man and I have to null the account.
A still see an occasional email sitting on deck when I click ‘View Relayers’, however I do not see any emails sitting in ‘mail queue manager’
Any help would be greatly appreciated.