Compromised Mail Script

It seems I have a compromised mail script somewhere on my server as it is sending out tonnes of spam.

I checked the mail queue and this (below line) is what I find, all very similar to different emails of course.

Is there anyway from the supplied information to try and track down which domain the script could be under?

My server techs said the following when I asked about the uid 48.



Any help someone might be able to provide would really help me out.

Thanks



=================
Received: (qmail 7560 invoked by uid 48); 6 Jun 2009 18:03:02 +1000
Date: 6 Jun 2009 18:03:02 +1000
Message-ID:
To: jong@utahrealtors.com, cindyturley1979@yahoo.com,
nancy.knoxe@wachovia.com, manahabi@usa.net
Subject: No experiments. Stop smoking through nicotine Zero. (LICENSED TABS 682)
From: zizo710@yahoo.com
To: jong@utahrealtors.com, cindyturley1979@yahoo.com,
nancy.knoxe@wachovia.com, manahabi@usa.net
Subject: No experiments. Stop smoking through nicotine Zero. (LICENSED TABS 611)
Reply-To: zizo710@yahoo.com
Content-type: text/html; charset=iso-8859-5

or

Received: (qmail 22352 invoked by uid 48); 6 Jun 2009 17:46:12 +1000
Date: 6 Jun 2009 17:46:12 +1000
Message-ID:
To: drwolfrf@webtv.net, jaws10@prodigy.net, fuggna@yahoo.com,
schnepeter_2001johnston_jr@usmma.edu
Subject: BEHIND THE PERFECT LOVE LIFE. (PACK AGAINST IMPOTENCE 957)
From: t_lynnwilliams@yahoo.com
To: drwolfrf@webtv.net, jaws10@prodigy.net, fuggna@yahoo.com,
schnepeter_2001johnston_jr@usmma.edu
Subject: BEHIND THE PERFECT LOVE LIFE. (PACK AGAINST IMPOTENCE 451)
Reply-To: t_lynnwilliams@yahoo.com
Content-type: text/html; charset=iso-8859-5
=========================

The server admins are correct. Can't tell which website/script from the mail or mail server logs. You need to look at web server logs and see what is being hit in time/quantity corresponding to sent mail.