Ok guys, I found this solution after a while googleing and I hope you don't mind me sharing it here in case someone else face same problem.
The problem is not on the server side as apache or postfix issue, but the spam been sent using a WP spambots/malware that have been installed on my websites from a theme or plugin and from there been spreading to other WP files and using the domain names to send the spam.
You can scan your websites folders with Linux Malware Detect that is currently found here
The result that I found is:
malware detect scan report for hostname:
SCAN ID: 021513-2017.31607
TIME: Feb 15 20:18:28 +0100
TOTAL FILES: 10784
TOTAL HITS: 7
FILE HIT LIST:
Hope this will be helpful..