How to protect HP from cunning spam from MAILER-DAEMON@

Hello!
Last days i see strange activity and vps provider said about abuse from my ip
I guess that scripts do so:
Send many letters to emails from vps or alliases of domains, and as result letters maeler daemon goes to other emails
If i look in logs of exim4, there is many letters == (frozen)

2023-10-06 17:32:47 1qojZm-002z6a-QN Message is frozen
2023-10-06 17:32:47 1qoiiX-002ug1-An Message is frozen
2023-10-06 17:32:47 1qnRgV-00CxLA-MD == a[email protected] routing defer (-51): retry time not reached
2023-10-06 17:32:47 1qnVJQ-00E7a7-1d == [email protected] R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host for ‘algofutures.com
2023-10-06 17:32:47 1qnNzQ-00Bfhw-BI == [email protected] R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host for ‘gouverneur-morris.dream
host.com
2023-10-06 17:32:47 1qnZcq-00F4sU-DU == [email protected] routing defer (-51): retry time not reached
2023-10-06 17:32:47 1qnXxP-00Ek76-QI == [email protected] R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host for ‘eden6.ncsrv.de
2023-10-06 17:32:47 1qnL4l-00AEpA-Pb == [email protected] routing defer (-51): retry time not reached
2023-10-06 17:32:47 1qnPT5-00C7RZ-JO == [email protected] routing defer (-51): retry time not reached
2023-10-06 17:32:47 1qnYMK-00EpSF-Ry == [email protected] [email protected] routing defer (-51): retry time not reached
2023-10-06 17:32:47 1qnK9C-009sG8-Au == [email protected] routing defer (-51): retry time not reached
2023-10-06 17:32:47 1qnNXn-00BL4M-D1 == [email protected] routing defer (-51): retry time not reached
2023-10-06 17:32:47 1qndKd-00FXRH-S6 == [email protected] routing defer (-51): retry time not reached
2023-10-06 17:32:47 1qo8yP-000jXY-Hu Message is frozen
2023-10-06 17:32:47 1qoFbi-001F7I-4a Message is frozen
and ect…

I guess it is HESTIA vulnarability, because 2-3 servers in different vps have same logs

Could you look into yours logs to:
/var/log/exim4/mainlog

Also, i guess if you set hostname as one of domains which parked, this type of vulnerability works( If set hostname as simple word, brute forces will be unsuccess