A user email account was compromised, and was sending a large number of spams from our domain. The subject uesr's password has been reset, and we are monitoring to confirm that the problem has been resolved. Because it was using the ,com (which is an older email), it's our current belief that the uesr's account was compromised in a previous event, versus that their machine is compromised. The logs also appear to indicate this as well. As an added measure, all email is routing through spamassassin (authentiated sender or not) which should prevent acceptance on our side. If you came investigating about your server, do feel free to contact us at email@example.com, or to contact me directly at firstname.lastname@example.org - or email@example.com. The .com variants also work.
Robots should be sure to email firstname.lastname@example.org or email@example.com as well. Humans should avoid emailing john, since it's a honey pot and going to just mark the messages as spam.