There's nothing you can do if your client's domain or address was misappropriated for spam.
What you need to do to protect yourself is make sure that your server wasn't used to send the spam; you'll be able to tell that by looking through your exim logs (/var/log/exim/mainlog) to ascertain how many emails from his/her return address appear. You can get a rough idea of that by grepping for his/her domain name.
You can also look up both your main IP# and your client's site IP# (if different) at:
http://openrbl.org/
to see if either is being blocked.
If it appears your server has been used to send the spam then you must immediately start searching her/his webspace to see what insecure software s/he may be using. It may be necessary to shut down the client's account until you can determine exactly what is causing the problem. If the client is using insecure software that is sending the spam then you should notify the client by some means other than their email address at the domain on your server, and leave the domain shut down until the client removes the offending software.
If the client has been intentionally sending spam you need to do terminate the client as quickly as possible.
If no spam has been moving through your server, then only the client's domain name has been hijacked.
Generally there's not much the client can do to stop that except see if your local laws allow for a criminal or civil complaint. A good place to start would be a competent attorney with Internet law experience. However this is really not your responsibility as long as it has nothing to do with your server.
The client can take any steps s/he sees fit, but generally there's not much anyone can do.
Note that depending on your city/state/country laws, actions you take vis a vis your client may be regulated by law or by agreement.
Jeff
