Our mail server seems to have been compromised. We had only 100 email relays on Godaddy for a day. So when the spammer maxed it out we could not send or receive email. We have done scans and also Godaddy researched and found no files compromised. But after blocking the IP address the problem remains. The account password was changed and also all email address passwords have been changed. They are logging in with courier. They said it could be a key capture program on a user's computer since this happened after passwords were changed. Is there anything else I can check? All computers have been scanned that check email for this account.