- shutdown exim
- restart apache so the php file isn't looping
- backup the account
- disable the account (you may want to remove it)
- startup exim
- contact your legal advisor to take legal steps agains your client
- keep a average horuly limit for sending mails
- enable phpsuexec, disable nobody from sending mails and extended logging for exim (helps tracking the exact script)