Our email server used by others for spamming

You can't attach screenshots here… You're going to have to provide more information…

1. Are the spammers able to login to your server using fake accounts?
2. Are the spammers able to use your server as an open relay?

-- sw

@allworldtrade Something to check,

I had the same situation recently but managed to catch it early. An instance of WordPress on the same machine became compromised and the attacker was using a custom uploaded PHP script to send a bunch of email messages.

thank you for the response Sir stevewi.

1.) Not sure if they are able to login to my server, because they only using my email to send a spam message but not actually my email sent the spam message. Sent tab is complete empty an indicator that sending spam message is not happened inside our email server.

2.) Yes. Based on the reports and logs, they use our server as an open relay.

2.) Yes. Based on the reports and logs, they use our server as an open relay.

If you use postfix, this will be helpful (this is from my main postfix config file, *main.cf):

# sw - my networks (localhost) definition
# 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

# The relay_domains parameter restricts what destinations this system will
# relay mail to.  See the smtpd_recipient_restrictions description in
# postconf(5) for detailed information.
# 
# By default, Postfix relays mail
# - from "trusted" clients (IP address matches $mynetworks) to any destination,
# - from "untrusted" clients to destinations that match $relay_domains or
#   subdomains thereof, except addresses with sender-specified routing.
# The default relay_domains value is $mydestination.
# 
# In addition to the above, the Postfix SMTP server by default accepts mail
# that Postfix is final destination for:
# - destinations that match $inet_interfaces or $proxy_interfaces,
# - destinations that match $mydestination
# - destinations that match $virtual_alias_domains,
# - destinations that match $virtual_mailbox_domains.
# These destinations do not need to be listed in $relay_domains.
#
# Specify a list of hosts or domains, /file/name patterns or type:name
# lookup tables, separated by commas and/or whitespace.  Continue
# long lines by starting the next line with whitespace. A file name
# is replaced by its contents; a type:name table is matched when a
# (parent) domain appears as lookup key.
#
# NOTE: Postfix will not automatically forward mail for domains that
# list this system as their primary or backup MX host. See the
# permit_mx_backup restriction description in postconf(5).
#
#relay_domains = $mydestination

# sw - this host does not relay mail
#
relay_domains =

# INTERNET OR INTRANET

# The relayhost parameter specifies the default host to send mail to
# when no entry is matched in the optional transport(5) table. When
# no relayhost is given, mail is routed directly to the destination.
#
# On an intranet, specify the organizational domain name. If your
# internal DNS uses no MX records, specify the name of the intranet
# gateway host instead.
#
# In the case of SMTP, specify a domain, host, host:port, [host]:port,
# [address] or [address]:port; the form [host] turns off MX lookups.
#
# If you're connected via UUCP, see also the default_transport parameter.
#
#relayhost = $mydomain
#relayhost = [gateway.my.domain]
#relayhost = [mailserver.isp.tld]
#relayhost = uucphost
#relayhost = [an.ip.add.ress]

# sw - this host does not relay mail
#
relayhost =

So… what you need to do is set mynetworks appropriately and specifically unset (don't let them default) relayhost and relaydomain.

You may want to put additional restrictions on incoming mail and senders:

https://www.postfix.org/SMTPD_ACCESS_README.html

— sw