To stop that you'll want to enable the SMTP authentication requirement for local deliveries under Settings>Protocols>SMTP IN. This will require users authenticate before sending from your domain.
Kyle Kerst
System/Network Administrator
SmarterTools Inc.
(877) 357-6278
www.smartertools.com