Removing old mailboxes

[standuncan_net]

Hey all, new here. I tried searching the forum and Wiki, but can't find an answer to my question. I assumed an old server with old client web sites & email via Roundcube on it in an as-is state and I do not have much server-side experience. It's hosted on a Rackspace cloud server. Since I've acquired this server, Rackspace has now been suspending my account almost daily due to an offending mailbox account which is old and inactive. The problem is I cannot access the front-end (nor know how), the client cannot reset the password to this mailbox, and it continues to email thousands of spam emails daily. I opened up terminal and cd'd into the directory with this mailbox and recursively deleted that mailbox directory ("luke"). Everything is good as soon as I do that, but within 5-15 minutes the "luke" directory will reappear (I'm guessing due to receiving an email to that mailbox?) and then it continues to send spam. Anyway I can permanently remove this?
Directory structure looks like this:

• var
• vmail
• [domain]
• luke
• mailbox2
• mailbox3

Thank you for any help!

[SKaero]

You need to figure out how the mail server manages users and remove the user there. Roundcube is only a mail client and doesn't have any control over the actual accounts on the server.

[rm13]

Determine the OS, see if it looks like it uses a package manager, look at log files (typically in /var/log). Run things like "netstat -tupan" or "sudo lsof -i" Doesn't hurt to look in /root (typical home of the root user) a good previous sysadmin may have left notes). Basic sysadmin stuff to figure out what software is running on that box.

If you see a luke login coming from a particular IP or range of IPs you could block that at the firewall level until you find the email user database.