In a perfect world there would be no spam and no bounce mails generated by spam. However, in the real world there is spam and there are badly configured mail servers, which generate bounce mails for invalid addresses.
Fighting spam is a complex task and there are many different approaches but no real solution. However, there are two simple and effective measures to fight bounce mails generated by spam:
First, you should take care to adjust your Exim configuration in order to minimize the number of bounce mails generated by your mail server. This will not reduce the amount of unsolicited bounce mails you receive, but it will dramatically reduce the number of bounce mails your mail server sends to the poor guy, whose address is abused by spammers for the "return path" (aka "envelope sender").
The solution is very simple: Just tell your mailserver to verify a recipient's address before accepting mail for it. The mailserver usually does this for local mail addresses, but you have to tell the server to do it for remote addresses, too. You do this by adding the line
require verify = recipient/callout=10s,defer_ok
to your Exim configuration. This way the mailserver will connect to the destination mail server and check the address before accepting a mail. If the destination mail server does not accept the local part, Exim will decide that the address is invalid and reject the mail without generating a bounce mail. If the destination mail server is down, Exim will still accept any local part. In fact this will cause bounce mails for invalid addresses again, however this will happen much more infrequently, because the destination mail server is up most of the time.
Now this article is longer than I expected, so I will describe the second measure (which will dramatically reduce the number of bounce mails you receive) in a second article.
1. It opens up your server for mounting distributed denial of service attacks on third parties.
2. Some legitimate mail servers blacklist you as a spammer if you use sender callout, as they feel you waste their resources.
3. You will refuse legitimate mail from any server that uses itself sender callout. Simply because your callout will be answered with a callout from them which you will again answer with a callout -- ergo you get a loop and the mail bounces. This is a fundamental flaw of callout verification!
In short: Don't use callout verification!
However, in my article I was talking about recipient callout verification.
The latter one is very useful to limit the number of bounce mails produced. Doing callout verification on recipient addresses will enable you to report errors on wrong adresses during the SMTP dialog. If it is not enabled, the secondary MX will accept e-mails for all localparts of a valid domain and generate bounce mails when it tries to deliver this e-mails to the primary MX and detects that some of these localparts are invalid in fact.
So, in a short summary: Sender callout verification bad, recipient callout verification good