Someone got into my mail server and is sending all sorts of crap from domain’s SMTP server. If you’ve gotten mail coming from this domain looking like a phishing attack (from PayPal), it wasn’t me. :(

Update: The attacker got into my machine through the awstats.pl statistics script that I used. There was a vulnerability that allowed attackers to run any command from the shell, and from there the fun began. They installed a set of scripts that attempted to send an email to about 35000 email addresses contained in a source text file. I think I stopped them at around the 3000 mark.