By simply adding the following 2 lines into your php.ini then you can track down pretty much any outgoing spam using PHP
mail.add_x_header = On
mail.log = /var/log/phpmail.log
The first one adds a header to all outgoing email. You may or may not want this one as it will give out information about your setup and config (eg uids, script locations), you also are probably not receiving the spam so its not much help too you.
The second line logs the entire lot to a log file. It's important to make sure that log file is owner and writeable by the webserver, and that it is being rotated by logrotate also.
With these in place your emails will have the following headers
X-PHP-Originating-Script: 519:rcfpyezf.php(1189) : runtime-created function(1) : eval()'d code(1) : eval()'d code
The 519 is the UID, the rcfpyezf.php was the script sending the spam
You can also check phpmail.log for more information.
