1.) Do NOT put your domain(s) in the white list.
It is a very popular way for spammers to get mail through to users, by spoofing the from address to be the same address or domain name they are sending spam to. A lot of mail servers have their domain(s) white listed, so this is a common problem.
2.) Ensure you do not have any users with extremely weak passwords
Spammers will connect to your mail server and try to crack user accounts and passwords. If a user has a simple password (examples: password, abc123, password being the same as the username, etc) the spammer then has full access to relay mail through your server to the anyone, spoofing whoever they want.
IMail 11.5 now offers Password Strength settings at the domain level. If running IMail 11.5, open the IMail Administrator and browse to the Domain Properties page. Under "User Login Attempts" set the password strength to the desired setting and click Apply. In IMail 11.5, this will force a change of password the next time a user logs into webmail. Please note that in IMail versions 10.0 through version 11.03, this option will not apply to existing email accounts and will not prompt your users to change their password. After changing the password strength requirement, it is recommended that you email all users instructing them how to log into web messaging and change their password. You can easily send email to everyone on the server using MailAll.exe
In IMail 11.5, you can enable Harvesting Prevention in POP3 and IMAP4. This new feature will add the spammer's IP address into the Control Access List after the configured number of failed logins when they are attempting to crack user accounts and passwords. POP3 and IMAP4 share the same registry settings for all Harvesting Prevention configurations. For more information, please see: Pop3 Settings
NOTE: The Harvest Prevention feature is not available in previous versions of IMail.
3.) Make sure your 'Relay Mail For' setting is appropriate for your network
This setting is very powerful. If this is set to 'Relay For Anyone', you are basically a mail relay for anyone. Spammers will find and take advantage of this very quickly. Recommended setting is 'No Mail Relay' as it is the most secure. Please see: IMail Relay Options
