If you are the administrator you can do everything.
- Locate the script and check how and who is abusing it.
- Disable features for this site if your customer doesn't need them. (cgi, python, perl, ssi, ruby)
- Check for malware, php shell ... with clamav and rkhunter.
- Force smtp auth
- Disable mail() function
Please note that I don't know nothing about your customer or your server.