You need to find out how hacker is sending mails. This can be found with mail server log. csf can also alert server admin with script that is sending spam. With out knowing which script sending spam, it is not easy do prevent the spam mails. Checking web site access log can give some idea.