I suspect this had local help... but it is NOT FUD.
If you want on or off the Mac Ping List, Freepmail me.
It sounds like it either had local help, or someone used their login and password on an unsecured terminal.
If the sysadmin was running mail accounts for (local) users on the system, and someone logged in in the clear on an unsecured network or on an unsecured terminal, then that is all that is needed for a hacker to have access.
The best thing for the sysadmin to do would be to do a clean install, reimport user home folders from a backup, and then configure all user access to use:
1) different passwords than their user account password for accessing mail
2) mail over SSL
Just my thoughts.