A user who never updated their Joomla 1.7 install was recently compromised and mysql basically shut down from the amount of spam trying to be sent from that domain. The server Ip has been blacklisted. The page at http://www.abuseat.org/ after doing a lookup for the ip gives some indications. I stopped Postfix I installed Linux Malware Detect and found 2 files that were quarantined by LMD from the Joomla install. I then used postsuper -d ALL which deleted 9000+ messages, but mailq was already accumulating 100s of messages seconds later. Any other suggestion about how to find the malware? Is it in the database for the domain? Anyway to block postfix for that domain so I can turn postfix back on?