I have a user that has a couple of email accounts for a domain I host. The domain is nothing more than a htaccess redirect to another domain, so there's no database or files in the public_html (apart from htaccess).
Now this user is reporting spam (about 100 daily) and just recently noticed a spam email sent in his domain email address as if he had sent it.
the user is running anti virus and I'm running Spamassasin, clamav, AMaViS and SpamHause.
Could this be a server infection or a missconfiguation that allows email to be sent with the users account details?