Over the past 6 days there has been higher server loads than normal. Between the 1.xx and the 6.xx mark on one of our servers. We have been looking into the issue and cannot seem to find the problem thus far. After restarting exim and cpop services, the server laod would drop which gives me an indication it's the mail server causing the high load. It also was reported that spamcop has added the server ip to their database listing. I have a strong feeling someone is sending out mass spam from our server. The hard part is trying to track and find the abuser. Is there any way I can find out through ssh or within cpanel who is sending out the spam?