How to block user from sending

[Homer Dokes]

Hello all,

Recently we discovered that one of our Kolab server accounts has been 
compromised.  Thus far we have not been able to determine how this is 
happening however here are the particulars we have gathered and what we 
have done so far:

The spammer has figured out how to blast spam to predominately AOL 
accounts via an email account on the server.  Our initial alert to this 
was a large amount of reject email coming back to that account from 
AOL's servers.  AOL has now black listed our server. I have changed the 
password on the account and that didn't prevent the spam from sending.  
The server also is Relay 'safe' so they are not getting through in that 
means either.  Ultimately, the only thing I could do to stop it for now 
is remove the account. Unfortunately this is not desirable as this 
specific account is advertised ALL over for quotes from perspective 
customers to our business.  We MUST be able to receive these quotes as 
they come to us from our Web Server which is hosted on a 3rd parties 
network. It should also be noted that the Kolab server is behind a 
separate spam server which is behind a firewall.  I have considered an 
exploit on the users workstation who monitors this particular account 
and responds to it figuring their Windows system was compromised however 
I can not find any evidence of that on their system and the Kolab 
postfix log files reflect 'localhost' as the origin and not the IP of 
the workstation.

Is there a way I can disable outbound email for this particular account 
within the current kolab 3.4 environment and still receive for that 
account while we try to figure out how this exploit is working?

Thank you,

hdokes