It's been reported that our web server has been sending out spam. On checking the logs i can see that a considerable amount of emails have been sent using the mailenable smtp service.
On looking at the logs the emails being sent are coming from 127.0.0.1 which is an allowed relay address so that our websites can send out mail.
Is there anyway that I can trace or detect what is sending out the email. I've run a couple of virus scanners and Malwarebytes and so far nothing has detected anything that shouldn't be there.
So far I've not seen a pattern in when the emails so any suggestions of how i could possibly detect when there is sudden increase of outgoing messages.