Debian

Exim sending spam, how to overcome?

Good afternoon. Exim question. I got it by inheritance. The problem is that [email protected] started receiving non-delivery reports. Letters are spam. Moreover, these letters are not in the Exim logs, only non-delivery reports. But there are other sent letters from the [email protected] mailbox, which does not exist at all.
piece of log

2016-12-18 12:15:35 no host name found for IP address 192.168.61.21
2016-12-18 12:15:35 1cITot-0001eu-77 spam acl condition: warning - spamd connection to 127.0.0.1, port 783 failed: Connection refused
2016-12-18 12:15:35 1cITot-0001eu-77 spam acl condition: all spamd servers failed
2016-12-18 12:15:35 1cITot-0001eu-77 H=(mydomain.ru) [192.168.61.21] I=[82....]:25 Warning: ACL "warn" statement skipped: condition test deferred
2016-12-18 12:15:35 1cITot-0001eu-77 <= [email protected] H=(mydomain.ru) [192.168.61.21] I=[82...]:25 P=esmtp S=1336 [email protected] from <[email protected]> for [email protected]
2016-12-18 12:15:37 1cITot-0001eu-77 SMTP error from remote mail server after MAIL FROM:<[email protected]> SIZE=2399: host mta7.am0.yahoodns.net [66.196.118.37]: 421 4.7.0 [GL01] Message from (82...) temporarily deferred - 4.16.50. Please refer to http://postmaster.yahoo.com/errors/postmaster-21.html

2016-12-18 12:15:38 no host name found for IP address 192.168.61.21
2016-12-18 12:15:38 H=(mydomain.ru) [192.168.61.21] I=[82...]:25 sender verify fail for <[email protected]>: Unrouteable address
2016-12-18 12:15:38 H=(mydomain.ru) [192.168.61.21] I=[82...]:25 F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2016-12-18 12:15:38 unexpected disconnection while reading SMTP command from (mydomain.ru) [192.168.61.21] I=[82...]:25
2016-12-18 12:15:42 1cITot-0001eu-77 => [email protected] R=dnslookup T=remote_smtp H=mta7.am0.yahoodns.net [98.138.112.37] X=TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128 C="250 ok dirdel"
2016-12-18 12:15:42 1cITot-0001eu-77 Completed

Moreover, the site is located at the address 192.168.61.21. Initially, I thought about the vulnerability of the site. But the letters are sent via SMTP and there are no links in the headers of the letters to the php script that would send them. At the same time, when the site is disabled, the non-delivery letter stops coming. And in the log it confuses H=(domain.ru) [192.168.61.21] I=[82......]:25 , because when I send emails within the network, this piece in the logs looks like this H=([ 192.168.200.6]) [192.168.200.6] I=[192.168.60.1]:25 , so there is no link to our external address.
I get the feeling that someone outside is trying to send letters from our mail????