Please go through this link, if you get an error like email spoofing or associated issues. You can use the below given link to verify the validity of the rule that you have created.
http://www.kitterman.com/spf/validate.html
You can check the below link to create the SPF record of your wish.
http://www.openspf.org/
Also most acceptable condition is with the '~' but not with '-'. The latter is Fail condition while the former is softfail. Latter will act like a neutral condition, ie, neither accept nor reject.
Also if you notice spamming in the server please try to grep the home directory in the exim error logs/applicable logs.
tail -f /var/log/exim_mainlog | grep "cwd=/home"
If the mail was generated from the home, then it will give hints to the spammer directory.
Also make sure to disable the php - nobody. Try to configure the same from the backend of the server.
http://www.webhostgear.com/232.html
Use following two script to catch the spammer.
1. exim -bpr | grep "<*@*>" | awk '{print $4}'|grep -v "<>" | sort | uniq -c | sort -n
That will show you the maximum no of email currently in the mail queue have from or to the email address in the mail queue with exact figure.
2. exim -bpr | grep "<*@*>" | awk '{print $4}'|grep -v "<>" |awk -F "@" '{ print $2}' | sort | uniq -c | sort -n
That will show you the maximum number of emails currently in the mail queue have for the domain or from the domain with number.