The free hosting business has its caveats. Dealing with server abuse and spamming are among the highest of them. Free hosting costs nothing, is easy to sign up for, and is anonymous (no credit card or bank account required, in most cases just an email address), which draws in illegitimate users that would otherwise not sign up.
The first precaution should be a proactive plan for keeping these people out in the first place. A service like MaxMind, combined with an manual order approval procedure can do quite a bit to prevent these issues from occurring at all. Most spammers, in order to avoid detection, will sign up using proxies, fake email addresses, and fake names and contact information among other things. Fraud detection systems like MaxMind can identify high risk cases, and with a manual order review you can filter out most of the problem clients.
But even with careful screening, some may occasionally slip through the cracks. Once a user gets onto your system and starts spamming, it can be very hard to trace back to their account. This is a major problem especially when you run large servers with hundreds or thousands of clients.
Assuming you are running PHP, there are a couple things you can do to increase your ability to trace spam email back to the user account that it originated from. The first and probably the easiest would be to enable phpsu, which runs PHP scripts not under the apache user, but under the user that owns the script. From there, a simple look at your mail logs will be all you need to find the username of the spammer. The only problem with this is performance, to use phpsu you must use CGI for Apache to execute your scripts, which incurs a performance penalty.
Your second option, also requiring the least modification to your system, is to replace the sendmail binary with one that performs extra logging and then delegates to the original sendmail. By doing this, you can create a log file that tracks every outgoing email sent through PHP, and when the spamming starts, the log file will indicate the directory that holds the script. There is a pre-written script for this you can access here which has worked for us very well.
Another option, although less desirable, is to patch the PHP source code with the PHP Mail Header Patch. This patch adds a header to each outgoing email indicating the script that sent it. This however does require a recompile of PHP, and you will still have to dig up one of the outgoing spam messages and look at the headers in order to find the information you need.
Very Good and Informative post,
Carry on.