I am running ISPCONFIG3 on a Debian Wheezy server and we had a Joomla website hacked which has resulted in spam going out from a user firstname.lastname@example.org
(maggie.backed-up.net is the mail server) I have blacklisted this user and disabled it in main.cf
authorized_submit_users = !web53, static:anyone
I cannot find out how the spam is being sent and we are being blacklisted by more and more servers. I have checked for open relay and it OK
Telnet on port 25 gives
root@millhouse:/home/dave# telnet 220.127.116.11 25
Connected to 18.104.22.168.
Escape character is '^]'.
220 maggie.backed-up.net ESMTP Postfix (Debian/GNU)
250-AUTH LOGIN PLAIN
Any ideas where I go from here, we have a load of users now not getting emails.