i've experienced a bad situation with scalix 220.127.116.1107/Centos32.
We get many attempts of open relay but nothing happens for a while.
These attempts have grown so much at the level that ldapmapper crashes after 3/4 minutes of flood.
Without ldapmapper running the scalix smtpd services became an open relay so we get blacklisted with 1,5 million of queued spam mails.
Now i've secured everything putting sendmail before scalix smtpd and setting some tricks like delayed greetings, connection limit/ip, etc...
I think that sendmail before scalix smtpd needs to be the default