566491 Secure osCommerce from spammers

Someone is sending spam thru our hosting account and I think it's thru osc. They send it from one of the mail accounts. So our hosting company disabled the possibility to send mail thru the contact forms on the website, but I manage to enable it by adding –f and info at [login to view URL] in the mail() function. But if the spammers change so they spam from info at [login to view URL] instead, our hosting company will block that address as well. Therefore I need to fix this security issue asap. Our osc is heavaly modifyed. We will not give out any FTP detials. So you will have to work with our files that I mail you, send them back and we upload them. If you place a bid, let me know in which direction you will go to solve this.