P0wned by Russian malware spam?

I was going through my Centos 7 vps maillog (vps1) and saw this entry coming from(???) another of my vps (vps1) (:

Sep 2 22:02:35 server postfix/smtpd[6362]: connect from server.myvps2.com[valid.ip_of.my.vps2] Sep 2 22:02:35 server postgrey[187]: action=pass, reason=client AWL, client_name=server.myvps2.com, client_address=valid.ip_of.my.vps2, sender=existing_user@server.myvps2.com, recipient=valid_email@one_of_the_domains_on_this_vps1.com Sep 2 22:02:35 server postfix/smtpd[6362]: 4A9A33B00230: client=server.myvps2.com[valid.ip_of.my.vps2] Sep 2 22:02:35 server postfix/cleanup[7734]: 4A9A33B00230: message-id= Sep 2 22:02:35 server opendkim[742]: 4A9A33B00230: server.myvps2.com[valid.ip_of.my.vps2] not internal Sep 2 22:02:35 server opendkim[742]: 4A9A33B00230: not authenticated Sep 2 22:02:35 server opendkim[742]: 4A9A33B00230: no signing domain match for 'rambler.ru' Sep 2 22:02:35 server opendkim[742]: 4A9A33B00230: no signing subdomain match for 'rambler.ru' Sep 2 22:02:37 server opendkim[742]: 4A9A33B00230: key retrieval failed (s=2017, d=rambler.ru): '2017._domainkey.rambler.ru' record not found Sep 2 22:02:37 server postfix/smtpd[6362]: disconnect from server.myvps2.com[valid.ip_of.my.vps2] Sep 2 22:02:37 server postfix/qmgr[936]: 4A9A33B00230: from=, size=35439, nrcpt=1 (queue active) So then I checked the maillog on vps2 and found this entry: Sep 2 22:02:40 server postfix/pickup[1322]: 810B120728: uid=501 from= Sep 2 22:02:40 server postfix/cleanup[3057]: 810B120728: message-id= Sep 2 22:02:40 server opendkim[570]: 810B120728: DKIM-Signature field added (s=2017, d=rambler.ru) Sep 2 22:02:40 server postfix/qmgr[4422]: 810B120728: from=, size=34615, nrcpt=1 (queue active) Sep 2 22:02:41 server postfix/smtpd[1265]: warning: unknown[141.98.9.5]: SASL LOGIN authentication failed: authentication failure Sep 2 22:02:42 server postfix/smtpd[1158]: warning: unknown[141.98.9.205]: SASL LOGIN authentication failed: authentication failure Sep 2 22:02:42 server postfix/smtpd[1265]: disconnect from unknown[141.98.9.5] Sep 2 22:02:43 server postfix/smtpd[1158]: disconnect from unknown[141.98.9.205] Sep 2 22:02:43 server postfix/smtp[3060]: 810B120728: to=, orig_to=, relay=mail.one_of_the_domains_on_that_vps1.com [valid.ip_of.my.vps1]:25, delay=2.7, delays=0.07/0.01/0.42/2.2, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 4A9A33B00230) Sep 2 22:02:43 server postfix/qmgr[4422]: 810B120728: removed   Has some Russian email spammer gotten hold of the valid ip and hostname of my other vps and even found out one of the domains on that vps and is now sending out spam on my other vps?

Have I been p0wned and do I need to re-create my vps2?

Or did a Russian spammer crack the password to <valid_user2@one_of_the_domains_on_this_vps2> and sent out a test email using an email address (which happened to be one of my email addresses on vps1) that were in the mailbox? In which case, I can delete that email account and recreate it / or change the password.