Is that a problem with the host

Is that a problem with my host provider? This is the second time I receive this type of email from hostforweb saying that my site is sending a lot of spam email" when the
Queue status: There are no emails in queue.

Am I missing something here? Help please! I removed the links because all of the link on the email were link to download the virus. """
The invoice must be paid before next week.

Details can be found on the website  htt://medsAthost""

ReferenceId: 37661-51493
Main account: 205.234.132.11
Reported account: server2.bl.com
Response Deadline: 24 hours

The following complaint was sent to HostForWeb. Please review the following report(s) and let us know of any actions you take. If we do not hear from you within 24 hours, we will take further action outlined below.

Reoccurrence or no response
-------------------------------------
1. Shutting down the reported domain or your server from public access.
2. Account will remain blocked while we discuss the report.




[---START REPORT---]
TROJAN SPAM - 205.234.132.11 (email source) - 88.198.4.251 (TROJAN SITEhtt://medsAthost
Received: from server2.bl.com (205.234.132.11) by PUHI.sandag
(192.82.118.132) with Microsoft SMTP Server id 8.3.298.1; Tue, 30 Jul 2013
20:59:45 -0700
Received: from [205.234.132.11] by server2.bl.com id ZHPUHYNn3ukW
with SMTP; Tue, 30 Jul 2013 22:59:32 -0500
Date: Tue, 30 Jul 2013 22:59:32 -0500
From: OrdersCo <f.greppi@petazzi.it>
X-Mailer: The Bat! (v4.7.48.7) Home
X-Priority: 3 (Normal)
Message-ID: <46306100.33396849376464@server2.bouchesocial.com>
To: <kkr@sandag>
Subject: Re: Re: Inchiesta
MIME-Version: 1.0
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit
Return-Path: f.greppi@petazzi.it
X-MS-Exchange-Organization-

PRD: petazzi.it
Received-SPF: None (PUHI.sandag.org: f.greppi@petazzi.it does not designate
permitted sender hosts)
X-MS-Exchange-Organization-PCL: 2
X-MS-Exchange-Organization-Antispam-Report: DV:3.3.12716.470;SV:3.3.4604.600;SID:SenderIDStatus
None;OrigIP:205.234.132.11
X-MS-Exchange-Organization-SCL: 5
X-MS-Exchange-Organization-SenderIdResult: NONE

-----Original Message-----
From: OrdersCo [mailto:f.greppi@petazzi.it]
Sent: Tuesday, July 30, 2013 9:00 PM
To:
Subject: Re: Re: Inchiesta [Investigation]

Ciao, kkr@sandag.org.

La fattura deve essere pagato prima della prossima settimana.

Dettagli possono essere trovati sul sitohtt://medsAthost

==
Tel.:  39 (2) 656-79-18.

[ENGLISH TRANSLATION]
Hello, kkr@sandag.

The invoice must be paid before next week.

Details can be found on the website  htt://medsAthost

==
Tel:  39 (2) 656-79-18.
[---END REPORT---]

Abuse Department
HostForWeb Inc
==============================
web: http://www.hostforweb.com
email: abuse-reply@hostforweb.com
phone: 1-888-7-MYHOST


ReferenceId: 37661-51493

I guess the first question would be: Are you sending emails using the Mass Mail function within Dolphin to your members?

Its also possible that a member of your site is doing this. (Meaning sending mass emails)

I would not say it's a problem with the host until you can resolve/answer the 2 questions above. BE CAREFUL: A host has the right to shut down your account for spamming, regardless of the reason.

No I never sent any  mass emails to members And  there are no members on my site sending mass emails either. Members not even allow to send more than 5 Greeting daily.  the first time that happen. I contacted hostforweb at 7Am that person login to the server at 6.15 Am then that same Ip address login again at 9Am then I called hostforweb to tell them that person was still login on the server. then at 11 Am a different Ip address login to the server again. then at 3Pm these two ip address was still login on the server while I was block from access the server. Then at 5 or 6PM hostforweb was successful change the ssh and the port password. that was the first time something like that happned. but this time I did not receive any email if someone Hack the server again.

Plus what invoice that I have to pay "

Tel.:  39 (2) 656-79-18.

[ENGLISH TRANSLATION]
Hello, kkr@sandag.

The invoice must be paid before next week.

Details can be found on the website  htt://medsAthost

==
Tel:  39 (2) 656-79-18.
[---END REPORT---]

There were no message on Dolphin admin panel on mass emails but hostforweb told me there were 2000 emails on the server. Is that mean someone is using my server to send email?

Then I receive another warming again today..

ReferenceId: 37670-51504

Kroninger, Kurt Posted on: Jul 31 2013 03:32 PM
================================================================
abuse@hetzner.de Posted on: Jul 31 2013 03:33 PM
================================================================




Brian Mead
Datacenter Operations
 1 (312) 895-3005


Ticket Details
===================
Ticket ID: OAP-481036
Department: Abuse
Priority: Medium
Status: On Hold

Just turn off exim until you figure it out. or what ever email service is running.  

They should have told you the same thing by now. 

 Do I have to restart "Mail Server (Exim) to turn it off?

1. Check or Uncheck the service you wish to enable or disable.
2. Click Save.

If you uncheck Exim and click save WHM should shut it down.

Those emails look like some sort of scam to generate fake traffic for that meds website. Tricking everyone who gets the email into going there only to find out its selling viagra or god knows what.

I would guess one of two things is happening:

1. They are using your server as a mail relay so it looks like it's coming from you and not them.

2. They have planted a script on your server that allows them to send mail.

Regardless of which of the two it is HFW should be able to look at the logs and tell you EXACTLY what's happening. If it's #2 they should be able to give you the path and file name of the script that's sending mail.