You can enable the extended logs or log selector in exim on your cPanel server using below steps.
1. Log into you WHM panel using root login
2. Under Service Configuration in the left side of the panel go to Exim Configuration Manager.
3. Click on Advanced Editor
4. Search for log_selector and add below code in the box and save.
+address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_recipients +received_sender +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn
Once you save this code, the log selector is enabled on the server.
Once the log selector is enabled, you can get the logs for the emails and can find the scripts or email account which is spamming on the server.