Take a look at the message headers on the spam messages. A website that can assist with this task is <a href=”http://headertool.apelord.com/”>here</a>. You will be looking for the ip address of the first device in the chain. This will give you the host IP address (provided DHCP is not in use and the address has been released).
You could also scan your network for devices sending traffic on port 25.