You'll need to look at the details for the message to ascertain how it was submitted to the mail server (script, user auth, whatever). You should be able to see this either from the details link (the magnifing glass) or by examining the exim logs themselves in /var/log/exim_mainlog. Paste us the details here if you aren't sure what you're looking at.
I'd imagine you've already been through
How to: Prevent Email Abuse but there are some good basic things to configure in there if not, depending on how you already have things configured on your system.