if people/you are using port 25 for submission, stop that. since you are using qmail, why dont you just create an login auth only smtpd service on port 587 for submission and let people hit it to login to relay emails
make sure that the server does not check and score those emails coming in auth'd on port 587 with qmail-scanner-queue.pl just hand those emails directly to qmail-queue and send them on their way... you can find some of the info you need at http://qmail.jms1.net, or among several other qmail sites. - rh