Recently a customers computer was compromised and gmail password stolen , to be used to send all contacts an email with the body
“Please find enclosed document referred to the mail subject.”
Which had virus attached.
The user’s computer was cleaned , and passwords changed , however incoming email was not working only outgoing.
Check through the MX records seemed fine, telneting to Google Servers proved the same.
In the end I spotted it , the attacker had created a filter to delete all incoming messages ( so when he spammed the contact list with the virus , the user would not know about all the NDR’s and emails back from users ).
Clever I guess but did take a while to find!