My problem is this, I'm getting tons of bounces for spam that weren't legitimately sent from any account on my Ispconfig3 installation. The contents of the bounce messages contain the spam the bouncing server received. The first received header of the attached spam contains a source from an apparent zombie-bot but it also says (Authenticated Sender : [VALID_ACCOUNT]) The subsequent received headers list my server. The spam all contain an email with multiple CC addresses, which I am getting the bounces from. Is my server receiving the spam and through normal authentication somehow and then sending it to all the CC'd addresses? The password on the account has been changed numerous times but to no affect. How can I figure out what is going on?