Turn on TLS transaction encryption and also turn on SMTP authentication in your SMTP proxy. This password secures the proxy so that unauthorized attempts to send mail through it will fail. Create a user (mail) with a long password in Webadmin that has the right to use the SMTP proxy. Give this user ID and password to your legitimate mail users.
Limit your outgoing mail allowed networks to Internal_Network and PPTP-Pool. Make sure there is no Any listed there.
That should be sufficient to secure the SMTP proxy. Port 25 will still be seen from the outside, but the outside world will not be able to relay mail through the proxy.
