[exim] Understanding flow of exim log files

Below is a snippet of a log file which has raised my suspicion. The
names and identities of the innocent (and not so innocent) have been
obscured. I am trying to understand the *flow* of the traffic and what
actually happened.

Any help on the flow and what messages were delivered, where, would be
greatly appreciated.

Thank you.


2012-06-08 12:51:36 SMTP connection from [77.248.xx.xxx]:63305 (TCP/IP
connection count = 1)
2012-06-08 12:51:37 H=(wzhfmiaqb) [77.248.xx.xxx]:63305 rejected MAIL
<lakenxxxxxx@???>: Access denied - Invalid HELO name (See
RFC2821 4.1.1.1)
2012-06-08 12:51:37 SMTP connection from (wzhfmiaqb)
[77.248.xx.xxx]:63305 closed by DROP in ACL
2012-06-08 12:51:42 SMTP connection from [124.12.xx.xxx]:60909 (TCP/IP
connection count = 1)
2012-06-08 12:51:48 1Sd2Pb-0007mS-He <= dawnxxx@???
H=124-12-xx-xxx.dynamic.xxx.xxx.tw (pa91lxxx.com) [124.12.xx.xxx]:60909
P=smtp S=982 id=30v18f98p29-09887224-926q7p37@lkcttldr T="This is It & "
for bluey@???
2012-06-08 12:51:48 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc
1Sd2Pb-0007mS-He
2012-06-08 12:51:48 1Sd2Pb-0007mS-He check_mail_permissions could not
determine the sender domain [message_exim_id=1Sd2Pb-0007mS-He
sender_host_address=124.12.xxx.xxx recipients_count=1]
2012-06-08 12:51:48 1Sd2Pb-0007mS-He => bluey <bluey@???>
P=<dawnxxx@???> R=virtual_user T=virtual_userdelivery
2012-06-08 12:51:49 1Sd2Pb-0007mS-He => jeffxxx@???
<bluey@???> P=<dawnxxx@???> R=lookuphost
T=remote_smtp H=gmail-smtp-in.l.google.com [173.194.77.27]
X=TLSv1:RC4-SHA:128
2012-06-08 12:51:49 1Sd2Pb-0007mS-He Completed
2012-06-08 12:51:50 SMTP connection from 124.12.xx.xxx (pa91lxxx.com)
[124.12.xx.xxx]:60909 closed by QUIT