I don’t know how to stop a spammer from sending mails through one of our accounts. The user is the main user of the account(the mailbox that is automatically created when the user is created: DAusername@domain.com). So if I go to admin level/change password for that user the password should change and I assume that the spammer can’t send mails anymore. The strange thing is that he still can. I’ve limited the mails for that account to 1 per day, but the mailbox is getting filled with undeliverable messages, so I really need to stop the mails from being sent.
In the exim/mainlog I can see that the mail is send from DAusername@HOSTNAME.com => so not the domainname. And the other information on this line is "R=localuser T=local_delivery". I checked the site of that user and it has no php mail() method. The site is plain html. How is it possible that the spammer still sends mail from that user? How can I stop this?