Почтовый сервер Exim рассылает спам, причем в поле отправителя подставляет разные домены. Из поля relay_from_hosts удалял все записи, после этого проверял, через командную строку не дает отправлять почту не из внешней, не из внутренней сети и даже локально если в поле From указан левый домен, но буквально пол минуты и в очереди появляются новая куча сообщений.
Подскажите куда капать?

primary_hostname = test.ru
domainlist local_domains = ${lookup mysql{select domain from domains where domain='${domain}' and (type='LOCAL' OR type='VIRTUAL')}}
domainlist relay_to_domains = ${lookup mysql{select domain from domains where domain='${domain}' and type='RELAY'}}

hostlist   relay_from_hosts = 127.0.0.1 : 192.168.0.0/24

auth_advertise_hosts = *

acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
daemon_smtp_ports = 25 : 465 : 587     
#tls_on_connect_ports = 465        
#qualify_domain = test.ru
log_selector = \
        +all_parents \
        +lost_incoming_connection \
        +received_sender \
        +received_recipients \
        +smtp_confirmation \
        +smtp_syntax_error \
        +smtp_protocol_error \
        -queue_run

never_users = root:daemon:bin

#host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 0s

ignore_bounce_errors_after = 30m
timeout_frozen_after = 2d

smtp_accept_max=50
smtp_accept_max_per_connection=50
smtp_connect_backlog=30
smtp_accept_max_per_host=25
remote_max_parallel=15

split_spool_directory = true

hide mysql_servers = localhost/mail/sqlmail/sqlmail

begin acl
acl_check_rcpt:
  accept  hosts = :
        deny    message = Restricted characters in address1
        local_parts     = ^.*[@%!/|]

  require verify        = sender
        deny    condition       = ${if eq{$sender_address}{$local_part@$domain}{yes}{no}}
                message         = "Block forging attempt from outside world"

        deny    message         = "Sorry, the user was not found. Try again."
                domains         = +local_domains
                condition       = ${if eq{$sender_address_domain}{$domain}{no}{yes}}
                condition       = ${if eq{${lookup mysql{SELECT local_part FROM aliases WHERE local_part='${local_part}' AND no_local=true}}}{$local_part}{yes}{no}}

        deny    message         = Restricted characters in address2
                domains         = +local_domains
                local_parts     = ^[.] : ^.*[@%!/|]

        deny    message         = Restricted characters in address3
                domains         = !+local_domains
                local_parts     = ^[./|] : ^.*[@%!] : ^.*/\\.\\./

  deny    message       = HELO/EHLO required by SMTP RFC
          condition     = ${if eq{$sender_helo_name}{}{yes}{no}}

  deny    message       = Go Away! You are spammer.
          condition     = ${if match{$sender_host_name}{bezeqint\\.net|net\\.il|dialup|pool|peer|dhcp}{yes}{no}}

        warn    set     acl_m0  = $local_part

  accept  authenticated = *

  accept  domains       = +local_domains
          endpass
          message       = unknown user
          verify        = recipient

  accept  domains       = +relay_to_domains
          endpass
          message       = unrouteable address
          verify        = recipient

  accept  hosts         = +relay_from_hosts

  deny    message       = RELAY NOT PERMITTED

acl_check_data:

    deny        message         = Go Away! Eat Your Spam Self!
                condition       = ${if match{$message_body} \
                               {105[-_]*51[-_]*86|778[-_]*98[-_]*94} \
                               {yes}{no}}

        deny    message         = Message have hidden copy and it will be blocked acl_m0 = ($acl_m0)
                condition       = ${if eq{$acl_m0}{info}{yes}{no}}
                hosts           = !+relay_from_hosts:*
                !verify         = not_blind

  accept

begin routers

domain_literal:
   driver = ipliteral
#   domains = ! +local_domains
   transport = remote_smtp

dnslookup:
  driver = dnslookup
  domains = ! +local_domains
  transport = remote_smtp
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.160.0.0/24
  no_more

system_aliases:
  driver = redirect
  allow_fail
  allow_defer
  data = ${lookup mysql{SELECT recipients FROM aliases WHERE local_part='${local_part}' AND domain='${domain}'}}
# user = exim
  file_transport = address_file
  pipe_transport = address_pipe

virtual_localuser:
  driver = accept
  domains = ${lookup mysql{SELECT domain from domains WHERE domain='${domain}'}}
  local_parts = ${lookup mysql{SELECT login from users WHERE login='${local_part}' AND domain='${domain}'}}
  transport = local_delivery

begin transports

remote_smtp:
  driver = smtp

local_delivery:
  driver = appendfile
#  file = /var/mail/$local_part
  check_string = ""
  create_directory
  delivery_date_add
  directory = /var/mail/$domain/$local_part
  directory_mode = 770
  envelope_to_add
  return_path_add
  user = Exim
  group = mail
  maildir_format
  maildir_tag = ,S=$message_size
  message_prefix = ""
  message_suffix = ""
  mode = 0660

address_pipe:
  driver = pipe
  return_output

address_file:
  driver = appendfile
  delivery_date_add
  envelope_to_add
  return_path_add

address_reply:
  driver = autoreply

begin retry

# Address or Domain    Error       Retries
# -----------------    -----       -------

*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h

begin rewrite

begin authenticators

  fixed_plain:
  driver = plaintext
  public_name = LOGIN
  server_prompts = Username:: : Password::
  server_condition = ${lookup mysql{SELECT login FROM users WHERE login = '${quote_mysql:${local_part:$1}}' AND passwd = '${quote_mysql:$2}'}{yes}{no}}
server_set_id = $1