I have a VPS (example.ru) with multiple sites. To send mail I use an exim 4.76. All domains configured in bind9. Emails delivers by another server (pdd.yandex.ru) for several domains. For example:
onesite.ru has mx record as mx.yandex.net
And another site has mx record to my IP here is bind config.
Here is exim4.conf. The problem is that for anothersite.ru no mail users. Nor in /etc/exim4/passwd nor in /etc/exim4/aliases but from this domain in exim queue appears spam emails. Here is example of mainlog and email headers.
So I would like to know how this emails appear in queue if for this domain is no email users (I'm hacked?) and how to prevent this? Thanks in advance!
