Did you check the email header to see if the maill really originated from your server?
Did you check if your server is blacklisted? http://www.mxtoolbox.com/blacklists.aspx
It is possible that spammers abuse a vulnerable web application, so I'd make sure these are all up to date.
This link might also be of interest: http://www.howtoforge.com/how-to-log...tect-form-spam