Hi,

When you say that you are having a problem with outgoing spam, do you mean that you believe your server has been compromised? Spamassassin will only help catching spam that is sent to your mail server. If the spam is originating from your server, then you might have a bigger problem.

You might want to install something like rkhunter to check for compromised files:

https://www.digitalocean.com/community/articles/how-to-use-rkhunter-to-guard-against-rootkits-on-an-ubuntu-vps

You should also look at /var/log/auth.log for ssh logins from unknown IP addresses.

Thank you, I've followed the tut. Here's what I got:
Warning: The command '/usr/sbin/adduser' has been replaced by a script: /usr/sbin/adduser: a /usr/bin/perl script, ASCII text executable
Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne-Again shell script, ASCII text executable
Warning: The command '/usr/bin/lwp-request' has been replaced by a script: /usr/bin/lwp-request: a /usr/bin/perl -w script, ASCII text executable
Warning: The command '/bin/which' has been replaced by a script: /bin/which: POSIX shell script, ASCII text executable
Warning: The following processes are using deleted files:
Process: /usr/sbin/mysqld PID: 682 File: /tmp/ibah5HJE
Warning: Suspicious file types found in /dev:
/dev/.udev/rules.d/root.rules: ASCII text
Warning: Hidden directory found: /dev/.udev
Warning: Hidden file found: /dev/.initramfs: symbolic link to `/run/initramfs'


Looks like nothing is extremely wrong. Am I right?

@Arkady: Have you run apt-get upgrade recently?