My vps is hacked and is being used to send spam!

So my host suspended my vps cause it detected it was sending spam. How can I clean the vps and stop sending spam? I don’t see my theme files being modified. I don’t even know how they even get access to the mail server when I don’t use any mail tools

If your provider unsuspended you:

  1. Change your SSH password
  2. Disable SSH password, use private key instead
  3. Remove postfix or exim4 from your vps
  4. Make sure no any program listen on port 25 by typing sudo netstat --tupln

or if you’re paranoid, better reinstall your OS and rebuild EasyEngine from the beginning

Does easyengine install postfix or exim4 on default? if I removed both of those will wordpress still able to send emails?