Is my server sending phishing mail?

[PaulMD]

How can I check if my server with directadmin 1.5 en Centos 6 is sending phishing mail? All software is uptodate according to yum and custombuild.

It's a small VPS which I use for some small websites without special scripts like wordpress or phpbb. 6 users use it to forward mail to their gmail. Now I got a message from my host that I send phishing mail but the forwarded message doesn't make sense to me. There is no IP or domain in the header or message that belongs to my VPS.

What can I check? And how do I do it?

 

[Richard G]

It's hard to help without any information except that probably your vps is sending phishing mails and the only thing we can say is check your logs and compare them with the time/date info on the mails.

Next to that, if no ip in the header is from your VPS, contact your host and ask why he thinks that it's initiated from your VPS as it does not containt any IP of your VPS.

You can also post the full header here, so we can have a look if we can make something out of it.