hmm..then you have machine internal to your network relaying.
post the output of zimbraMtaMyNetworks
if you see your firewalls ip connecting that means your firewall is a GATEWAY of your network and when any internal machine uses your mailservers public hostname its routed internaly from firewall, apearing to come from your firewall.su - zimbra
zmprov gs `zmhostname` | grep zimbraMtaMyNetworks
so looks like one of your internal server which is in your "zimbraMtaMyNetworks" is openly relaying mail that is why you dont see any "sasl_username"