Hi Professional Guys,
I am newly installed Virtualmin on my vps, its was working very smoothly, but from last 15 days, i have noticed in my mail queue more than 15000 emails are stuck. when I opened these queued emails then I have noticed that these emails senders are unknown (means using any of the user from my server but from UNKNOWN sender) that using through my vps, and when I checked my IP reputation have been lost in many websites using these spamming, I delete all these emails from my queue, and then on Friday 22 Nov 2019 I received an email from my service provider that ur ip is used in spamming, and after checking I again noticed that more than 10000 emails stuck in queue and all like previous, so I activate the Configserver Firewall (Process Tracking etc) and meanwhile disabled my root user and activate ssh based login and changed my password for control panel. Now Configserver sent me alert about "Suspicious file/directory alert", whats the mean of this alert.
Is any one facing the same problem in which sender account is unknown and using your server ip, thats mean someone using your server but through hacking etc or what else I am not able to understand. Can anyone help me in this regard. I have the pics of the spamming emails and emails headers etc. in which clearly shown my server ip but sender account is unknown and constantly shows 2 ips, so for security reason I have permanently block these 2 ips in my firewall.
Need experts help.