Managing Active Directory does not always have to be complicated. If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why
If you don't - please block TCP port 25 for ALL IP Addresses internally on your firewall apart from your Exchange Server IP Address. That should stop the problem, but not resolve an internal infection on your LAN.