Am i under some form of attack

for the last two hours, i've been seeing these failed emails every two minues to various none existant email accounts.

Code:

Event: rejected rejected
User: -remote-
Domain:
Sender: fxC4480@spamdomain.com
Sent Time: Feb 10, 2015 9:46:21 PM
Sender Host: 216-197-229-xxx.sktn.static.domain.sk.ca
Sender IP: 216.197.229.xxx
Authentication: unauthorized
Spam Score:
Recipient: sales@xxx.co..uk
Delivered To:
Delivery User: user
Delivery Domain: domain.co.uk
Router: reject
Transport: **rejected**
Out Time: Feb 10, 2015 9:46:21 PM
ID: 1YLIdi-000Ct2-Dg
Delivery Host: 216-197-229-205.sktn.static.sasknet.sk.ca
Delivery IP: 216.197.229.xxx
Size: 0 bytes

Result: Sender verify failed

 

I've had hundreds of them and they still keep coming

 

I'm assuming that it's some form of virus ? as looking at the sending IP's, they appear to be originating from all over the globe.
Worryingly, they are still persisting this morning.
The fact that they are being rejected, at least gives me some relief, however, i'm concerned that it might put un-necessary load on the server.

If i send: "No Such User Here", i'm assuming won't kerb them ,due to where they are coming from?
"No such user here" to one server, isn't going to stop them from the other 1000 servers is it ?

 

One of the first things i did last night when i started seeing such a large number was to google it, however, i guess with it being so new, not a great deal was listed on google.
However googling it this morning and there are a lot more results.

This morning, I implemented an exim blacklist tweak, which seems to have killed these off, however, i'm wondering if this thing is morphing, because, no sooner do I block one, a different one is hitting us just as hard.

Edit:

Looking at http://support.clean-mx.de/clean-mx/publog.php?country=us, it looks like AomericanExpress has gone quiet and another one is coming up the ranks.
Blimey, how do you keep up.

 

I encountered about 6 different ones today, no sooner did i block one, another one started hitting me.
adppi.com was another.

It would appear that it's zombies.
Possibly Infected end user PC's around the globe, all being triggered to start spamming.
This is why blocking is fruitless.

Do you have "Sender Verification Callouts" enabled by any chance ?
Today, I sent a single spoofed test email to my server from home.
My server had at least 8 hits already, so I'm assuming my server doesn't reply back, hence the private mail server is retrying.
Maybe this could partly explain the 1200 or so failures i received with AmoricanExpress.
I've temporarily disabled this, this evening.


I followed your links and installed the exim_blacklist.
I assume this is working.

Today, I've started watching http://support.clean-mx.de/clean-mx/publog.php?country=us and added a few suspect zombies to that list before they have a chance to hit me again.

 

Sorry InfoPro.
Yes I agree that i'm blocking, but i can already see that my mail server suffered last night. (probably the extra workload)
The boss had a number of timeouts trying to send emails.
What I really meant was blocking the 1200 rejects.

 

Until i get bored, i've now taken to watching Clean MX and adding the latest Zombie to my blacklist.
Another admin task, i could do without, but it's new and still a little exciting.