Thank you for your instant reply.
The server is running the latest version:
Our server is indeed not an open relay.
Release 8.0.6_GA_5922.RHEL6_64_20131203103705 RHEL6_64 FOSS edition.
Spammers where using port 25 to relay spam with authentication,
I've only noticed it after some time, which is not good.
Complex passwords wont be helping.
after a user's PC is compromised, the password would be still leaked out,..
That user might have been targeted by a password grabber,
searching for configuration settings of most used e-mail clients.
and forwarding these to big spam botnets.
And I am afraid this is not an one time event.
If I can only allow port 25 to deliver mail locally only, and not allowing mail to be relayed, it would help a lot I think.