I just setup my new mail server running ZCS OSE 8.0.3. I was running v7 from my home server and now I setup a new server to run from a proper datacenter. I was careful with the settings this time before launching and have activated DKIM signatures. I ran the tests from the allaboutspam.com website and everything came back GREEN except for BATV which is yellow because it is not setup.
I migrated my accounts on the weekend over to my new server and everything went perfectly. All data was transferred without a hitch. I sent out emails right away testing it and it worked both sending and receiving (including aol.com addresses). Today I sent an email to an aol.com email address again but it was almost instantly bounced back to me with a CON:B1 message. Previously when this happened to me it was because one account was using an insecure password and I forced all accounts to change to randomly generated passwords with upper, lower and numbers.
This led me to believe that an account had been compromised which I can't believe because I personally set the passwords and they are random and decently complex (but last time 100k emails were sent in a couple of days so I looked into it). After logging into the admin panel on the new ZCS 8.0.3 and looking at the graphs, I noticed 2500 emails were sent at 5pm on the 18th and 9500 emails sent on the 19th @ 1am. However, looking in the log files it doesn't show anything near that many. Even the report sent to the administrator account doesn't show anything near that many.
Here is the graph. Screenshot-1.jpg
What is the best method of tracking this down?