This is occuring because the Exchange server does not have the correct security configuration and is not protected correctly by a security device on the gateway level. Spammers have found existing email addresses in your domain and are targeting these email addresses.
It is not possible to stop spoofed spam email using Symantec Mail Security for Microsoft Exchange. However there are a number of things to consider regarding how to stop these on your Exchange server and in your environment.
Symantec Mail Security:
Ensure your own domain has not been added to the Sender White List:
Go to Policies > Antispam > Whitelist in the SMSMSE console.
Ensure all reputation services are enabled
Ensure your Exchange server is not an SMTP open relay:
Implement Sender ID filtering on the Exchange: