I rent a VPS from OVH. It runs Ubuntu 16.04.

My provider has emailed me, via its automatic reporting system, and claims that my server is sending spam. An example snippet from this report:

Our anti-spam protection layer has detected that your IP [my IP] is sending spam.

Destination IP: 152.163.0.100 - Message-ID: 20161230121402.19587.qmail@vpsXXXXX.ovh.net - Spam score: 300

They have blocked port 25 access at a network level. I can opt to unblock it, but I've done this once already and this is now the second report.

My problem is that I can't find any trace of these supposed emails.

Things I've tried:

• Used online tools and my own manual test to verify that the server is not an open relay: it is not
• Checked /var/log/mail.log and /var/log/procmail.log - nothing related to this
• Checked the various Apache logs for evidence of unusual web traffic
• Added mail logging to PHP5 & PHP7, tested it, waited several days - only my tests are recorded
• postqueue -p shows only my unsent tests
• searched the server for QMail: I don't even have an install. I use Postfix and Procmail.
• checked last for any suspicious activity
• upgraded everything I can as a 'hail mary'

All I can think of, false reporting aside, is that perhaps some other process outside of the mail infrastructure is compromised?

What more can I do?