> My question is, if I am right, how can I find out which account has been > compromised?
You can add this to main.cf: smtpd_sasl_authenticated_header=trueThis will add the SASL authenticated user to the received headers which allows you to see who's account was used.
Kind regards, Martijn Brinkers -- Djigzo open source email encryption
