Our client has been suspended by Xnet for all ISP services for a second time after we had the assumption the "spam" issue was resolved.  In the first instance, Xnet suspended the account with no warning due to spam being sent from the clients mailserver within World Exchange's network.  Having installed a software package to work in with the Mail Server, which brought their current anti-spam measures online on the assumption that the mail server was the issue.   (http://www.eset.com/business/products/mail-kerio/ ).  Log files show no outgoing spam, all computers have run in-depth analysis with no issues with virus or malware.  Of course the server does not have an Open Relay so we will require as much information such as log files/emails you have received to give us a better idea to find a solution.

Could it be IP Spoofing, since they are on a fixed IP?  Could time stamps be matched incorrectly? Is the ISP able to log their outgoing port 25 as from our side we see nothing on the log files? Is it possible their account username and password has been compromised / known to spammers and they are using that to relay through Xnets servers, which would explain why we are not finding any log files through our local mail server?  Although spammers are unlikely to compromise accounts is anyone familiar with spammers use of botnets?
Have you seen other cases of this, should they be sending through authenticated SMTP on a different server such as smtp.clientdomain.co.nz instead of smtp.xnet.co.nz:25 (which is unsecured)?

Effectively this company has been shut down and unable to operate, I have advised the client to move the Mail Server to another location, which will isolate the server from any client that could be potentially sending spam.
The Mail server will be moved to a residential connection and will monitor this connection for any spam being sent - if this is the case and it is still sending spam while in isolation, we will simply rebuild/reinstall a new server as scans are unable to detect any issues.

Scratching my head as to where this "spam" is being sent from. Also SenderBase is neutral with Hostname: ip-58-28-1xx-xx.static-xdsl.xnet.co.nz, they simply have no suspicious outgoing activity (That I can identify)

An example of the "spam" being sent that Xnet picked up on their end is as follows:
NOTE: CFNMAIN is the name of the mail server running Kerio.

08 Sep 2011 08:24:18 cneilson customer sending SPAM: Received: from CFNMAIN (ip-58-28-1xx-xx.static-xdsl.xnet.co.nz [58.28.1xx.xx])
>         by atlas.wxnz.net (Postfix) with ESMTP id 1ED312D95B2
>         for <megmarsep@whorleeshop.com>; Sun, 28 Aug 2011 17:14:36 +1200 (NZST)
> Received: from localhost
>         by CFNMAIN (Kerio Connect 7.1.3); Sun, 28 Aug 2011 17:15:11 +1200
> Date: Sun, 28 Aug 2011 17:15:11 +1200
> Message-ID: <2097524796-3980@CFNMAIN>
> MIME-Version: 1.0
> From: Mail Delivery Subsystem <postmaster@CFNMAIN>
> To: <megmarsep@whorleeshop.com>
> Subject: Message detected as spam: Limewire has Shutdown - See What Everyone
>  Else is Using
> Content-Type: text/plain; charset="utf-8"
> Content-Transfer-Encoding: 8bit
>
>
> This is an informative message sent by Kerio Connect 7.1.3
> at CFNMAIN.
>
> Your email message:
>
>   From: <megmarsep@whorleeshop.com>
>   To: <Gordon@localhost>
>   Subject: Limewire has Shutdown - See What Everyone Else is Using
>   Date: Sun, 28 Aug 2011 01:10:29 EDT
>
>
>
> was considered as an unsolicited message (spam) by the receiving mail
> server and was not therefore delivered. If this is a mistake, you may
> need to rephrase the email and send it again or contact the recipient
> by other means. Lee MacdonaldTechnical Response WxC P (0800) 14 9638

Any help would be appreciated