Hmm. how do you know? Only way I can think of is if they configured your server to send copies or blind copies to their seperate email account. If so, it may be possible to trace who carried out that action.
Yes, as Nellie2 says. Change your passwords. The company I worked for insisted that we changed our passwords every month, and the new one should not contain any more than 2 characters from the old one. Anyone who didn't change their password within a week of the deadline was denied access to their emails and the Systems Department had to be contacted to regain access.
BTW if this ex employee is a member of this Forum the chances are he/she now know your intentions.
This thread is now locked and can not be replied to.