Find out with command 'cat /var/log/maillog|grep PWD|tail -10' (change 10 to 100 if want more) and you will see like:
> cat /var/log/maillog|grep PWD|tail -10
Apr 14 12:54:49 oln3 root: sendmail: CALLER="php-fpm: pool devel" PWD="/home/devel/forum.mratwork.com" BAN="no"
Apr 14 13:05:37 oln3 root: sendmail: CALLER="php-fpm: pool devel" PWD="/home/devel/forum.mratwork.com" BAN="no"
Apr 14 13:10:01 oln3 root: sendmail: CALLER="php-fpm: pool devel" PWD="/home/devel/forum.mratwork.com" BAN="no"
Apr 14 13:11:25 oln3 root: sendmail: CALLER="php-fpm: pool devel" PWD="/home/devel/forum.mratwork.com" BAN="no"
Apr 14 13:20:08 oln3 root: sendmail: CALLER="php-fpm: pool devel" PWD="/home/devel/forum.mratwork.com" BAN="no"
Apr 14 14:00:49 oln3 root: sendmail: CALLER="php-fpm: pool devel" PWD="/home/devel/forum.mratwork.com" BAN="no"
Apr 14 14:07:37 oln3 root: sendmail: CALLER="php-fpm: pool devel" PWD="/home/devel/forum.mratwork.com" BAN="no"
Apr 14 14:46:10 oln3 root: sendmail: CALLER="php-fpm: pool devel" PWD="/home/devel/forum.mratwork.com" BAN="no"
Apr 14 15:59:23 oln3 root: sendmail: CALLER="php-fpm: pool devel" PWD="/home/devel/forum.mratwork.com" BAN="no"
Apr 14 18:14:57 oln3 root: sendmail: CALLER="php-fpm: pool devel" PWD="/home/devel/mratwork.com/wp-admin" BAN="no"
With this example, if you think website with '/home/devel/forum.mratwork.com' as spammer, and then add '/home/devel/forum.mratwork.com' in '/var/qmail/control/badsendmailfrom' file.
NOTE: PWD = 'print working directory' and this context is where sendmail came from.