One of our Linux Plesk 11.0 servers is being used to send out spam via horde/webmail. Unfortunately, there are no identifiers like username etc in the email headers to identify what is being compromised to send out this emails. All I have been able to do is block the IP listed in the header but...