This is called Phishing attack aka email spoofing. Basically attacker forging id of your company's email address to get users to trust and open a message.
Personally, we use domainkeys for our email servers. Other major service providers such as Gmail, Yahoo and others use same technique.
To stop this fraud/phishing attacks, I recommend configuring domainkeys. See more information @ Yahoo domainkeys page:
http://antispam.yahoo.com/domainkeys
Domainkeys is an excellent solution but it requires some expertise to configure it properly.
It seems that you don’t have proper mail relay control configured. Only computers/hosts in /etc/mail/access should allowed to send an email via your server. Open this file and add IP address or subnet of your companies computes.
Next configure spam black list
Open /etc/sendmail.mc and add following lines:
Code:
FEATURE(`dnsbl', `ipwhois.rfc-ignorant.org',`"550 Mail from " $&{client_addr} " refused. Rejected for bad WHOIS info on IP of your SMTP server - see http://www.rfc-ignorant.org/"')
FEATURE(`dnsbl', `proxies.blackholes.easynet.nl', `"550 5.7.1 ACCESS DENIED to OPEN PROXY SERVER "$&{client_name}" by easynet.nl DNSBL (http://proxies.blackholes.easynet.nl/errors.html)"', `')dnl
FEATURE(`dnsbl', `relays.ordb.org', `"550 Email rejected due to sending server misconfiguration - see http://www.ordb.org/faq/\#why_rejected"')dnl
FEATURE(`dnsbl', `bl.spamcop.net', `"450 Mail from " $`'&{client_addr} " refused - see http://spamcop.net/bl.shtml"')
FEATURE(`dnsbl',`sbl.spamhaus.org',`Rejected - see http://spamhaus.org/')dnl
Save the file and restart sendmail. Also use spamassassin
http://spamassassin.apache.org/
Hope this helps