Cisco and restricting SMTP access

Dear all,
I am not a Cisco expert and that is why I would like to have your help in order to try to solve a very serious issue I am facing right now.
In one of the companies I support there is a DSL connection using one static IP in order to allow incoming and outgoing access for users and servers to the Internet.
During last week I got a call for some users reporting that they have trouble sending emails to the Internet. During the troubleshooting for this issue I discovered that the specific IP was banned by CBL because it was reported as a SPAM address.
The reason for the ban was a Trojan of which unfortunately I cannot remember its name!
The email server (Windows 2003 Enterprise R2 SP2, Exchange Server 2003) is properly protected with antivirus (MS Forefront) and after a scan I did with SpyBot, Malwarebytes and Microsoft Malicious Software Removal Tools it was clean of any malware or Trojan.
The next step was to scan users workstations and most of them were clear and all malware found was removed.
What I would like to do is to block all internal IPs sending email to the Internet except the one from the email server.
Using SDM and NAT, I blocked or at least I think that I blocked all internal IPs from using port 25 except the one of the email server.    
The DSL connection is made using a Cisco 876 with IOS Version: 12.4(11)T1.
I have attached ciscos configuration in order to have a more clear idea on the configuration of my router.
Is there any other way in order to see which computer is trying to send email?
Thank you very much in advance.
Nikos

Current configuration : 6802 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!
hostname xxx.xxxxxxx.gr
!
boot-start-marker
boot system flash:c870-advipservicesk9-mz.124-11.T1.bin
boot-end-marker
!
logging buffered 51200 informational
enable secret 5 $1$7uVj$9hzVed/KrvtkMRRAsBXfG.
!
no aaa new-model
clock timezone GMT+2 2
clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 4:00
ip cef
!
!
!
!
ip domain name xxxxxxxxx.gr
ip name-server 10.X.X.248
ip name-server 10.X.X.254
 
!
multilink bundle-name authenticated
!
crypto pki trustpoint TP-self-signed-3225088414
 subject-name cn=IOS-Self-Signed-Certificate-3225088414
 revocation-check none
 rsakeypair TP-self-signed-3225088414
!
crypto pki trustpoint TP-self-signed-1226696483
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1226696483
 revocation-check none
 rsakeypair TP-self-signed-1226696483
!
crypto pki trustpoint test_trustpoint_config_created_for_sdm
 subject-name e=sdmtest@sdmtest.com
 revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-3225088414
crypto pki certificate chain TP-self-signed-1226696483
 certificate self-signed 01
  30820255 308201BE A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 31323236 36393634 3833301E 170D3037 30373034 31343436 
  34355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
 
  quit
crypto pki certificate chain test_trustpoint_config_created_for_sdm
!
!
username xxx privilege 15 password 7 xxxxxxxxxxx
username xxx privilege 15 secret 5 xxxxxxxxxxxxxxx
!
! 
!
crypto isakmp policy 2
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key xxxxxxxx address xxx.xxx.xxx.xxx
!
!
crypto ipsec transform-set 5POINT-VPN esp-3des esp-md5-hmac 
!
crypto map SDM_CMAP_1 1 ipsec-isakmp 
 description Tunnel
 set peer xxx.xxx.xxx.xxx
 set transform-set 5POINT-VPN 
 match address 100
!
!
!
!
interface Tunnel0
 description connection to xxx
 ip address 172.X.X.X 255.255.255.0
 ip mtu 1500
 tunnel source 62.X.XX.XX
 tunnel destination 213.XX.XXX.XX
 crypto map SDM_CMAP_1
!
interface BRI0
 description ISDN Backup Interface
 no ip address
 encapsulation hdlc
 shutdown
 no cdp enable
!
interface ATM0
 no ip address
 ip route-cache flow
 no atm ilmi-keepalive
 dsl operating-mode auto 
!
interface ATM0.1 point-to-point
 description ATM Virtual Interface
 no snmp trap link-status
 pvc 8/35 
  encapsulation aal5snap
  protocol ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet0
 description Ethernet Port 1
 no cdp enable
!
interface FastEthernet1
 description Ethernet Port 2
 no cdp enable
!
interface FastEthernet2
 description Ethernet Port 3
 no cdp enable
!
interface FastEthernet3
 description Ethernet Port 4
 no cdp enable
!
interface Vlan1
 description Connected To LAN$FW_INSIDE$
 ip address 10.X.X.1 255.XXX.XXX.0
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
!
interface Dialer0
 description Connected To Internet$FW_OUTSIDE$
 ip address 62.X.XX.XX 255.255.255.0
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname XXXX@XXXX.GR
 ppp chap password 7 XXXXXXX
 ppp pap sent-username XXXX@XXXX.GR password 7 XXXXXXXXX
!
router rip
 passive-interface Dialer0
 network 10.X.0.X
 no auto-summary
!
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 10.X.0.X 255.255.255.0 Tunnel0 permanent
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source list 150 interface Dialer0 overload
ip nat inside source static tcp 10.X.X.254 4777 interface Dialer0 4777
ip nat inside source static tcp 10.X.X.254 110 interface Dialer0 110
ip nat inside source static tcp 10.X.X.254 25 interface Dialer0 25
ip nat inside source static tcp 10.X.X.254 4899 interface Dialer0 4899
ip nat inside source static tcp 10.X.X.254 53 interface Dialer0 53
ip nat inside source static tcp 10.X.X.252 80 interface Dialer0 80
ip nat inside source static tcp 10.X.X.252 8080 interface Dialer0 8080
ip nat inside source static tcp 10.X.X.252 443 interface Dialer0 443
ip nat inside source static tcp 10.X.X.252 8888 interface Dialer0 8888
ip nat inside source static tcp 10.X.X.252 990 interface Dialer0 990
ip nat inside source static tcp 10.X.X.252 989 interface Dialer0 989
!
access-list 100 remark SDM_ACL Category=20
access-list 100 permit gre host 172.X.X.X host 213.XX.XXX.XX
access-list 150 remark LOCAL LAN
access-list 150 remark SDM_ACL Category=2
access-list 150 remark Permit Server_XXXX SMTP
access-list 150 permit ip host 10.X.X.254 any
access-list 150 remark SMTP Block
access-list 150 deny   tcp any eq smtp any eq smtp log
access-list 150 permit ip 10.X.X.0 0.0.0.255 any
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
control-plane
!
banner login ^CC
-----------------------------------------------------------------------
Unauthorised Access Strictly Prohibited
This Appliance Logs All Incoming And Outgoing Traffic
If You Are An Unauthorised User Disconnect Immediately!! 
-----------------------------------------------------------------------
 
^C
!
line con 0
 no modem enable
 transport output telnet
line aux 0
 transport output all
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
 transport output telnet ssh
!
scheduler max-task-time 5000
ntp server 207.XX.XXX.XXX source Dialer0 prefer
end

Select allOpen in new window