I'm unable to upload 2.3GB & 2.7 GB of the mail log file.
https://i.snag.gy/Cm9j3M.jpg
You really don't need to download that files, although you could rotate them (urgently recommended) and compact them.
You could use live tools in root ssh shell.
You cannot defend your server simply using the panel.
There are innumerable task tools you must run daily, and check results.
All of them run through ssh shell.
For example, you must check the virtual harassment level your server has, checking how much attempts to hack your server, and react them, blocking some addresses, or implementing new blockings in csf firewall to stop hacking attempts.
Ssh shell is indispensable.
May be you thinking one user was hacked, but not, maybe was another.
Just one user in your server could send mail identified as any other user in your server.
And block one user cannot deter the attack, if was another.
I'm wondering how did they know such email exist, test (at) peakpoint.my
No one else would know that my website wasn't indexed and the SMTP were freshly created at the end of March, this account was created by the freelancer alone.
This is not difficult.
Maybe you published that mail in SOA register of your DNS domain name. (yes, all of SOA records have a mail address, maybe your user)
Maybe you have suffered a sniff in your (or the user) local network.
Maybe you had mentioned to another mail.
Mailbe you mentioned it in this forum.
There are too many innumerable other possibilities.
I tried sending an email and I got blacklisted, I think I should change a new set of IP that probably would get me out from that.
Yes, be prepared, this is common to 400K level of mail sent.
You must need check WHEN these mails begin, and check WHO logged in your server to stop the attack.
You have no other alternative, to be sure.
And never let your users use a simple password: this is a
real serious problem.