These Exim logs give me a headache, but it looks like your server acts as either an open relay or as a smarthost for another compromised server in your network. Your server is trying to deliver mail to some bad addresses on behalf of other addresses that do not appear to be yours, and when that fails, it tries to deliver bounces to those bad addresses, causing a plethora of delivery attempts, bounces, etc.
One quick example:
Code:
2009-01-18 15:39:33 [12484] 1LOYoH-0003F6-BQ ** kiw1@school.edu.ru F=<marisha@unitelco.com> R=fail_remote_domains: The mail server could not deliver mail to kiw1@school.edu.ru. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries.
Your server is sending mail on behalf of
marisha@unitelco.com (I'm assuming that's not one of your users) to
kiw1@school.edu.ru (not one of your users either). Since that doesn't succeed, your mailserver tries to inform
marisha@unitelco.com (which doesn't succeed), etc. This spammer appears to have a preference for 'marisha'.
Anyway: find out whether your mailserver or any other server in your network acts as an open relay or an injection point for spam.