Find the spammer

I’m using MIAB into business context so i got many differnt users from many different offices.
We got endemic infection of spam malware wich infect Outlook via not MIAB account and use contact list to replicate themself.
And this is what happened today, one or more of my MIAB users sent tons of spam and virus and now we are blacklisted by microsoft due to spam.
So now i got to find the weak link in the chain and enter into the painful tunnel of being de-listed from blacklist

This is basically the life problem of a mail server administrator.

Hmm, you just made up my mind about allowing sign-ups for accounts…NOPE. That sounds absolutely terrible.

Is there a way to ensure users can’t abuse MiaB? Or at least, prevent them from sending to many emails in a certain time period?

Not sure how far you have gotten with this issue but the easy thing to do right now is to ssh into your box and set a tail on your mail.log

sudo tail -f /var/log/mail.log

If the volume is too much then pipe the above thru a grep filter.

Once you have some idea of the sender address you can then do an audit using bcc: