It isn't that easy in linux to say only allow exim to connect to outgoing port 25, which is pretty much what you are looking for. You don't want to block it or all of your email will stop working. Best bet is to harden your system to prevent others from being able to do this at all. Also zEitEr does have a good point about making sure your server was the one that sent the spam, look at the headers and match the IP address to your server. It is possible that anyone could have just changed the "From:" header to match an email address that is hosted on your server. I see it all the time, and the first thing I do is look at the header to make sure that it didn't come from my server.
Do a search here to find the tips for hardening your server, like mounting /tmp with noexec, and perhaps disabling certain functions in php that could be used to create these connections. Of course disabling some of those functions in php (like the socket functions) could potentially break a customers script.