ok, so i banned the "problematic" ip, and the spam attack stopped until now (ca. 7 hours without spam).
I'm guessing if i unblock the IP, the spam attacks will begin again. The fact that the spam only apparently only get sent over this one IP (fingers crossed) - does that mean there is no harmful script on the server, and the problem is for example a compromised PC from the company with said IP?
It would already help if i can assume that there is no harmful script on my server, as it makes finding the problem much easier...
Also, i tried to set up this: http://neunzehn83.de/blog/2012/01/29...-username.html
it should block emails where the sender isn't the same as the sasl login - so it should block most of the spam being sent. But as soon as i put this line " check_policy_service unix
rivate/policy," in my main.cf, i get an error from my mail client: "451 4.3.5 Server configuration problem"'.