Currently I’m offering some webhosting to a few advertising agencies for their premium customers. But currently I have a great problem with the E-Mail Service. In the last week, the E-Mail Accounts of about 7 companies were stolen and used to send Spam using my Mail-Server.
Well, I was able to disable the accounts, because the sender was hitting the ratio policies of my server and a lot of mails were in the mail queue. Well, about 40 Mails were actually delivered. But it was enough to get blacklisted and even one user wrote a personal mail to the abuse of the datacenter.
Currently I have no clue, what I can do to prevent Spamming from a stolen mail account. I send every outgoing mail through SA and AV, but it’s not enough. Before the user account don’t hit the ratio of 40 Mails a day or does not flood the message queue, I can’t detect the attack.
How can I detect such problems earlier?