Spam sent through server using authid=apache or mysql

I'm new to this mailing list - but I am hoping that someone out there
may bring light to a problem I am having recently with spammers. I do
not allow relaying through the server and external tests have
confirmed that there are no open relays. I have also run a test for
open ports with pxytest - and none were found. Email can only be
relayed by users logged on through SASL etc. I have checked all the
user directories for old formmail programs and disabled any that I
found - but the apache logs do not show the spammer using PST or
formmail. The record of the spam only appears in the maillog. Here
is an example (I have changed the server name and the spammers
ipaddress):

May 21 08:12:32 thismachine sendmail[16842]: AUTH=server,
[68.92.154.163],
authid=apache, mech=LGIN, bits=0

spammers have also used authid=mysql

Y'awl probably think I am an idiot for not figuring this out - but I
would really appreciate your help - or direction to the right place.

Thanks,

SCP