If you create a request, u are asked to fill in required informations.
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):
- Deployed with iRedMail Easy or the downloadable installer?
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
You just ignored everything, maybe if you provide some more information, then maybe someone is willing to help you
If you dont use iredadmin, its up to you to ensure strong password generation.
You have the possibility to throttle outbound messages, or to block outgoing spam mails, or even combine both.
But 3rd time a compromised account doenst seem to be a good configuration at all.
Was the spam sent trough an authenticated account, or via sendmail? forged senders?
which kind of spam got sent?