I have someone using my mail server to send spam. Since my smtp relays aren't open, it is apparently coming through some program I've installed. WordPress is one possibility, although I don't know exactly how its possible.
Does anyone have any experience with this?
WordPress doesn't seem to add an X-Mailer header - something that identifies the message as being sent by wordpress. If WordPress identified its messages in this way, it would be easier to exclude it as the source of the messages.
Is this a bug? Shouldn't there be an X-Mailer header?