First, stop postfix.
sudo service postfix stop
Then check all your webs for malware using e. g. maldetect (search the forum, there are some posts about that).
Check the mail queue
To view suspect emails get the ID (first column of the entries) and type
sudo postcat /var/spool/postfix/deferred/X/XXXX
where XXXX is the id and X the first char of the id.
If you found suspect emails, check the headers for sender.
E. g. X-PHP-Script or "authenticated sender" etc.
Find the web causing it and shut it down.
Check crontabs (/var/spool/cron/crontabs and /etc/cron.d) for malicious code.