Somehow, rogue spam emails are being sent through my domain from test@mydomain.com. I'm using google apps to manage email, and I see no test user account, so I'm not sure what could possibly be happening.
Where should I start to debug this?
SnapOverflow
You might want to look at the email headers and determine if the email is actually being sent from your server at all. It's easy to make the email appear as if it were coming from any address, even a non-existent one.
Anyone can send emails that appear to come from any other source domain! This is just how smtp works, which is why there is loads of spam floating around :/ Now, your best chance of fighting this, is to create a SPF record from your domain. The SPF record declares authoritative email servers, that can send email in the name of your domain. Thus, any other spam servers would not be able to send masquerading as you. Well they still could, but the receiving end should verify SPF, find out they're scammers, and then reject that email
Learn more about SPF and implementing it at http://www.google.com/support/a/bin/answer.py?hl=en&answer=33786