Exploit maybe in vbulletin.Problem is spam being send out from Apache sendmail.

Spam is being send out from sendmail and my hosting company believes it is originating from vbulletin forum. Had older version of vbulletin and upgraded to latest 4.2.1 version to stop the spamming. It dident stop it. I implemented various security features like: Explain what you see on random custom made picture. Rename of [login to view URL] to derail spam-bots that are hard coded to search for default vbulletin installs. Spam-O-matic that will check on [login to view URL] before letting user register. Delay mod that jail bot that fills out forum under 25 sec. The above mods dident stop the Apache sendmail spamming. Have had a Tier3 Engineer from the hosting company to help and they concluded from hours of monitoring the server apache logs that the spam is originating from vbulletin but not sure how to plug the hole. All possible measures is done in vbulletin admin with usergroups ,no email features allowed and, no email link to friend etc Have been reading numerous posts on [login to view URL] and [login to view URL] about security in general in vbulletin and this is as tight as it can be but the hole to let bots/spammers access sendmail on the server is still open and i need to plug that hole so no more spam is possible to send out from the server. Server is a Linux OSCentos. Server does not have open relay. Obvious things are already checked by hosting company Engineers. Server was scanned clean with Securi Malware scan done by hosting and came back clean Requirements: You are familiar with ways spammers abuse servers sendmail and know how to easily plug those holes. You have experience with vbulletin and how spammers are abusing sendmail. You can start immediately.