I had a similar issue where one of my user's password had been compromised, and some spammer was using the account to blast messages through my server. See what's in the queue with:
There is a great Perl script called pfdel that I used to clear out the queue:
Save that script somewhere, and then add execute permissions:
#chmod +x /some/path/pfdel
Execution of the script is really simple. Usage: pfdel <email_address>:
If you are running Postfix with SASL, run:
#cat /var/log/mail.log | grep sasl
to see if you have any user that is authenticating at a higher rate than normal. That is how I was able to identify the hijacked account. Hope that helps!