I got a server that went rogue this morning and is hammering away with sending spam. Here is a line from the mail log 80591B418B0* 115619 Mon Aug 5 16:25:10 [email protected] [email protected] By looking at this it tells me that the website at ID121 in ispconfig is sending php mail. That is not possible because I have disable_functions = mail in the custom php.ini for that website. After that didnt stop it i removed the website completely from the server. It's still saying its sending email as that website. I've restarted postfix and apache as well as amvis. I'm kinda at a loss here, Normally when this happens its a client computer and I can tell from postcat who is sending or by watching the mail log. I'm at a loss and its hammering away and I keep removeing the mail from the Q but I can't do this all night.