I have a large (wireless) network with about 200 clients. On some of the sites, we installed hotspot software with UPNP that also redirect port 25 traffic to our server to prevent a lot of support calls. Now the problem is that a temporary, virus infected user might connect and start to send 100's of mails and all is redirected/coming from 'our server' what the outside world is concerned.
To avoid implementing authentication on internal (MyNetworks) users, how can I at least limit this?
If I can at least block mail that is coming from false addresses in my domain, that would already kill a lot, but some users send via addresses in other domains, so I cannot simply block any unknown sender address.
I have a setting on my router to block SMTP if there is more than 10 connections per second, but that still miss a lot and some other 'valid' bulk mailers get dropped as well.

Any suggestions?