Do you mean sent with a 'from' header of xyz.com, or by an authenticated 
user ofHIDDEN@z.com or with a return path of xyz.com, or something else ?

     ChrisP.



On 11/07/2016 1:13 p.m., surgemailHIDDEN@etwinsite.com wrote:
> I have a wordpress site that has been hacked.  The hackers apparently 
> uploaded multiple copies of basically the same script that allows them 
> to send email from that website.  I think I have found the infected 
> files and the security issue that they exploited to upload their 
> scripts, but ...
>
> In Surgemail, I want to block any email being sent from domain 
> xyz.com.  The emails are being sent via smtp auth from the webserver 
> with <various namesHIDDEN@om.  I want to block emails from xyz.com 
> from being sent out.  Either drop them or pass them to a special 
> mailbox folder somewhere.  (the domain is not being actively used for 
> anything usefull at the moment, so dropping any/all from emails is 
> acceptable).
>
> Thanks,
> Lyle
>