Some of the newer trojans are infecting private PC's, using them as relays and in turn using corporate mail server relays.
"Four-fifths of spam now emanates from computers contaminated with Trojan horse infections, according to a study by network management firm Sandvine out this week. Trojans and worms with backdoor components such as Migmaf and SoBig have turned infected Windows PCs into drones in vast networks of compromised zombie PCs.
Sandvine reckons junk mails created and routed by "spam Trojans" are clogging ISP mail servers, forcing unplanned network upgrades and stoking antagonism between large and small ISPs.
Using its own technology, Sandvine was able to identify subscribers bypassing their home mail servers and contacting many mail servers within a short period of time - a sure sign of spam Trojan activity - over sustained periods. It also looked at SMTP error messages returned, which helps to clarify the total volume of spam within the service provider network. "After comparing those data points with the total volume of legitimate messages passing through the service provider's mail system, we are able to arrive at our percentage of 80 per cent," explained Sandvine spokesman Mark De Wolf." . . . .
http://www.bankinfosecurity.com/?q=node/view/1286I would double and triple check your firewall and server to make absolutely certain that no open relay exists.