Your outgoing mail system should have a per-sender stop switch
Here is something important we have come around to realize as one result from recent events. Put simply, every system that handles outgoing user-generated email should have some method to immediately stall and stop all email from a specific user. You want this for the obvious reason; when you discover you have a compromised user account that's being used to send spam, you can immediately stop just their email instead of having to take down your entire outgoing email system.
When you implement this, don't just implement the obvious step of refusing email being submitted by blocked user(s). Go the extra distance so that blocking a user also (immediately) stops further processing of any email from them that you have in the mailer's queues. Generally, by the time you detect that a user's been compromised and their account is being used to spam, you're going to have a bunch of email from them queued up in your system trying to get delivered to various places. You really don't want to have to hunt all of this email down by hand to stop it from being sent out; instead, it's much more better if you put a login name or whatever in a control file and all the queued email from them stops dead, with no fuss or muss.
(I wouldn't automatically remove such email from the queue, partly because you may want to inspect sample messages. It's enough that the messages stop trying to be delivered without you having to stop the entire mail system in a panic.)
Usually you'll want to do this based on the authenticated user
(generally from SMTP AUTH). In some environments people don't have
to authenticate to your outgoing mail server; here the best you can
do is base things on, eg, the
MAIL FROM. If you're dealing with
this situation, you may want to support wildcards (so you can say
'all email with a Hotmail sender address gets stopped'). Spammers
often but not always use revolving
MAIL FROM addresses where they
think they can get away with it, so you need to be prepared for
(You may also want to support a per-IP or per-subnet stop switch, especially if you don't have SMTP AUTH to attach reliable identities to submitted email. But things are starting to get intricate here and at some point you're better off just stopping the entire mail system and doing general searches through the queued email.)