[exim] SMTP Abused

I had situation in past when one of my domain POP3/SMTP user/pass
compromised.
And someone connect to our server (SMTP) with that user account to send
bulk of emails.
I need to eliminate this sort of spam mechanism like in case if account
compromised no one can send emails to others by using that user email
address.
I have quite some users on my domain which acts as POP3 and SMTP also. I
can't block SMTP port on server because it's block outside world also to
send emails to us.
I thought another idea, to use openrelay like i need to add another server
configured as open relay and on primary mail server i need to configure
manualrouter e.g. if emails send from @example.com than relay to
another.host.com which is finally responsible to send emails from that
server and another.host.com i.e. on relay server i will allow only local
users @example.com ip addresses only to connect via firewall.

So, outside world can send from primary mail server and within domain user
can send emails from relay server.
Please let me know if this approach is handy or is there any other better
way of doing this.