Is my server sending spam?

I have a FreeBSD server and according to Yahoo, it's sending spam:

Can someone help me look into this?  I have root access but not sure what to look for.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

That IP is hosting multiple domains, I assume you manage the whole server?
Could be any of those domains that have been hacked, if any of them are running Wordpress, Drupal etc

You are only listed on one DB so it could be just Yahoo having a hissy fit
And the offending website seems to be
hrolsonsAuthor Commented:
Yes, I manage the whole server. just completed a transition to Wordpress from a paid web developer.  How can I look deeper into the problem and hopefully eradicate it.
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Check the index pages for any base64 code.
hrolsonsAuthor Commented:
due to .htaccess none of the index pages are available.  Everything forwards to, which is the WordPress site that Dex made.
     What Gary is trying to explain is to look at your index.php files and find a string that looks like the following:

<?php eval(base64 decode('ZXJyb3JfcmVwb3J0aW5nKDApOw0KJGJvdCPC9pZnJhbWU+PC9kaXY+JzsNCn0='));
the real code will be much longer.

in a nutshell your index.php files were modified by a virus or someone being malicious

-= Richard
hrolsonsAuthor Commented:
I don't have any index.php file in the base directory.
There must be an index.php file in the WP root directory - if there wasn't it wouldn't work
hrolsonsAuthor Commented:
That file must be on the server that is redirected to, which I don't have access to.  I control but in the .htaccess:

RewriteCond %{REQUEST_URI} !^/Intranet
RewriteCond %{REQUEST_FILENAME} .*\.html$
RewriteRule . [L]

Open in new window

It sends users on to, which I don't control.
It may not be that site, it was just an educated guess.

Check through your mail logs, see if you can identify any spam.
It could be that you have an open relay, if so you need to clamp down on your security and require authorisation for all email.
You can test for open relay's here

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
hrolsonsAuthor Commented:
I ran and through the open relay check on the site you suggested and it was clean.

I can't figure out why Yahoo is rejecting mail from the server.
Check the other sites on the server as well
It' possible that you didn't spam and yahoo filters went overboard.

Yahoo will sometimes block you even if you're not sending spam.  If you have a legitimate mailing list and it got sent out a little too quickly, yahoo will block you.  Even if you've done the throttling to not trigger yahoo right now, yahoo may someday just decide that you're still spamming, even after you've called them before and verified with them about the mailman mailing lists that people must manually sign up for and verify.  They're the only large company that causes problems for legitimate mailers.
Dirk MareSystems Engineer (Acting IT Manager)Commented:
Another site to test if your mail server is an open relay.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Servers

From novice to tech pro — start learning today.