You may want to look back at your mailbox.log for connections to this account from IP in the ranges:
184.108.40.206 - 220.127.116.11 (proxy/anon site that attacks start from - anchorfree.com)
18.104.22.168 - 22.214.171.124 (Nigerian IPs that spam is sent from)
126.96.36.199 - 188.8.131.52 " "
If this is anything like our experience in the last few days, they are using direct SOAP calls to place the spam message in account signatures, then sending massive amounts of spam as a blank message using a script.
Our solution was to identify all accounts affected & reset passwords, but also block all of the IP ranges at our firewall. I have not had any reply to my abuse reports to owners of the address blocks...
Release 7.1.4_GA_2555.UBUNTU8_64 UBUNTU8_64 NETWORK edition, Patch 7.1.4_P1