Edwin and Alistair. Thanks for the response but the problem is that the email password that was in the bounced mail was the real one. I have checked to see if the email and password is listed on
HPI Identity Leak Checker and
https://haveibeenpwned.com/.I am familiar with spoofed email addresses but I am not sure whether or not they actually used our server to send the mail but without a doubt the contents of the mail would have given the receiver access to the email account.
The system has been scanned for viruses and I am waiting for a second scan to complete. The first scan with Dr. Antivirus (Mac) came up with what was probably a couple of false positives for a Windows Trojan.
The next step will be to see if any sites have been accessed with the same password. We have changed it for the email account.
![[Linked Image]](http://bradley.it/public_images/drive.jpg)
