We got a call from our ISP that we were spamming again. It appears that an account password was hacked and being used to send out spam. One question I have is were they using the webclient to send it out. Here is something from the header of one of the spam messages that went out.
Thanks.X-Mailer: Zimbra 5.0.8_GA_2462.F7 (zclient/5.0.8_GA_2462.F7)