Is someone using my server to spam

2025-04-10

I am running cpanel, rh9.
I have thousands of messages in my mail queue daily, thay are all spam. The queue log shows that it was sent from my server. or at least I think that is what it says.
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

hazmat1@bayserve.net
SMTP error from remote mailer after RCPT TO:<hazmat1@bayserve.net>:
host hermes.toad.net [66.159.80.161]: 550 <hazmat1@bayserve.net>:
Recipient address rejected: User unknown in virtual alias table

------ This is a copy of the message, including all the headers. ------

Return-path: <auschwitzmaterials@webtv.net>
Received: from [201.135.146.85] (helo=idles)
by myserver.com with asmtp (Exim 4.34)
id 1Bop3z-0006IR-6Q
for hazmat1@bayserve.net; Sun, 25 Jul 2004 15:53:43 -0400
From: "Patrick Mirza"<auschwitzmaterials@webtv.net>
To: hazmat1@bayserve.net
Subject: ENl1lARGE Y0UR PEN 1S AND lMPROVE Y0UR SEX 1l1FE!
Mime-Version: 1.0
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<html><body >
C'1ALIS & L'EV1TRA is taken about half an hour before any sexua1l activ it y begins! 
 doctor ap<a href=http://sawtimber.biz></a>proved natura1 pil1<a href=http://scribe.us></a>s wil1 enlarge your p~e~n~i~s in 1 week! 

<a href=http://sandpaper.albania.oi8090lk.com/as>P.l.a.c.e YOur 0.r.d.e.r H.e.r.e TOday</a>

</BODY></HTML>

I have noticed this in my log watch:
User mailman:
/usr/bin/python2 -S /usr/local/cpanel/3rdparty/mailman/cron/checkdbs: 2 Time(s)
/usr/bin/python2 -S /usr/local/cpanel/3rdparty/mailman/cron/disabled: 2 Time(s)
/usr/bin/python2 -S /usr/local/cpanel/3rdparty/mailman/cron/nightly_gzip: 2

None of my customers use mailman mailing lists that I know of.
What can I do to prevent this?

Thanks, Kevin