I had this problem many years ago, when a hosted client had a computer with a virus. They were sending 20,000+ emails an hour, and had no idea.
If you're using WHM/cPanel, you can look at your Mail Relayers to see if spam is coming from your server, and from what account. This is a good way to see if you're really the source. If you are, disable the email account immediately until it can be fixed.
I assume this can be done in other systems, too, but I use WHM so that's where my experience is. If you're not using WHM, post your system, and maybe someone else will know how to do that.
You can also update the DNS records to include an SPF record for each domain. This can help prevent others from spoofing you.
Here's a wizard to create the SPF record. Make it as strict as you can get away with: