The last time my email server got hacked, I caught it a few hours later and it already had 600K emails in the outbound queue.
When I shut down the mail server and took some time to investigate, looking for clue, the first thing that caught my eye is it wasn't sending spam to just any old email address. The spams being sent were sequential phone numbers addressed to the SMS mail gateways.
Luckily I shut it down quick with 600K emails queued up and then I waited for the hammer to drop with the DNSBLs blacklisting my IP and it never happened.
Apparently the cell phone companies don't report it to the DNSBLs, not even sure customers are reporting the spam to them when they should as they get charged for spam text messages. Strange.
Perhaps I stopped it before enough damage was caused by continued spamming and that spared me the DNSBL blacklisting.
I was wondering if this has happened to anyone else without getting red flagged as this is a serious gap in spam reporting if in fact this is the case.