AT&T blacklisted emails from us and I have successfully gotten them to unblock us. However, their message to me stated, "ADMINISTRATORS: Please thoroughly check your IP logs before requesting removal. You must determine that all traffic from the blocked IP is actually from your mail servers to ensure your network is not compromised." I have WHM access on my Bluehost site. I looked for IP logs, but could not find them. The only thing I really did was to delete the email account of one user who had an extremely high number of email messages.
I will greatly appreciate any help determining if our server has been compromised.
I will greatly appreciate any help determining if our server has been compromised.