Originally Posted by falko
If spammers are using your domain in the sender address, then there's nothing you can do about it. Thery can send their spam from other servers, but the bounces go to your server.
Yes but I'm not certain that's all they are doing. Are you? It appeared from the logs that they attained one of the ISPconfig account names (ie: web2_bob) and were sending with that. That is not something that would typically be visible to someone that just tried spoofing an email address (ie: firstname.lastname@example.org