Sendmail 8.11 configuration/security issue

[oobs3c02 () attbi com]

I'm running sendmail 8.11 on a Solaris server.  The server has a single 
interface and sits in my DMZ. I'm trying to find a way to block inbound mail 
with my domain spoofed as the sender.  The scenario turned up when a person I 
know received spam with the sender being spoofed showing amber () mydomain com and 
recipient being myfriend () mydomain com.  After inspecting the mail headers, we 
discovered that the source IP was definitely external.  We've scoured 
sendmail.org, arachnoid.com, cauce.org and all the books we have and could not 
find this scenario speifically mentioned.  

Problems/Questions
1. If we block spammers by domain as recommended at 
http://www.arachnoid.com/lutusp/antispam.html#filter_forwarding, how do we get 
around our internal users being blocked from sending mail out?  
2. Does anyone know of a way to check the network that a specific domain is 
sending from?  This way we could look at mydomain.com and compare it to a 
specific subnet that we allow. 

Thanks in advance for your help.

Jim