This morning I had over 7000 emails in my Linux server's outbound queue which I deleted. My firewall log shows over 20,000 emails went out with a SunTrust bank announce saying to login and enter your username and password. I do not see the emails coming in like I would in a relay. How can I stop this or how are they doing this?
Sounds like some kind of abuse of an onboard http proxy, script, installation of a backdoor, or some other such thing that's letting them queue mail directly from the local host.
Clearly it's not a direct SMTP open relay (I checked, trying to send myself mail, didn't work which is good)
I'd suggest running a good battery of tests: http://www.abuse.net/relay.html
If that doesn't show anything obvious like HTTP proxies, look for a trojan or backdoor on your system. chkrootkit is a good tool to do a first-pass check.
