postfix

Is the server sending spam?

Is the server spamming?
Not so long ago, our server was blocked for spam.
Unfortunately, the hoster does not provide detailed information about spam (headers, etc.).
That is, according to them, IDs snort detected spam and blocked the server.
We do not use the mail server at all, by default postfix was installed in the system (already disabled).
We have disabled this service for now.
What are the possible sources of spam?
so far we see the following:
1. problems with the postfix config, and someone could send letters through us.
2. vulnerability in the server, there is access to the server and someone sends letters via sendmail.
3. Maybe spoofing in the host network? Someone is pretending to be someone else's server.
4. false postive on tor hidden service, do we drive https traffic through it?
OS proxmox, also installed rabbitmq, tor as hidden service.