Spam using a script's backdoor and pop server goes down

My site on a VPS server (Linux/Cpanel/Php/MySQL). Today POP3 server has failed and I restarted. And again and again. After 4 times of reset I suspend my account on cpanel.
There were some days I got high cpu usage last month.
I think someone making mail spam or something like that using my pop server.
My friend said that they can be use one of my scripts' mail function.
How can I find how they do that or which script?
Is there a way to block mail function using?
Can I authenticate outgoing mail server (SMTP) from cpanel?
Is there log file about pop server using?

 

 

 

 

Top