[exim] Some messages not scanned for spam.

Hi,

I have strange situation. Some of incoming messages, aren't scanned for spam. I'll attach 2 files which have info about that. One is with scan info, other is without scan info. How to find where is the problem?
Return-path: <jaione@???>

Envelope-to: Return-path: <jaione@???>
Envelope-to: mydomain.com
Delivery-date: Wed, 23 Mar 2016 02:46:33 +0200
Received: from [50.31.162.152] (helo=vps.zimbravixko.eu)
        by mydomain.com with esmtp (Exim 4.68)
        (envelope-from <jaione@???>)
        id 1aiWwR-00064B-Mz
        for mydomain.com; Wed, 23 Mar 2016 02:46:33 +0200
Received: from [167.88.14.117] (port=55252 helo=User)
        by vps.zimbravixko.eu with esmtpa (Exim 4.86_1)
        (envelope-from <jaione@???>)
        id 1agNAc-0007bB-1A; Wed, 16 Mar 2016 20:56:16 -0500
Reply-To: <Ultimateemp@???>
From: "Mary Russell"<jaione@???>
Subject: PAYMENT AGENT REQUIRED
Date: Wed, 16 Mar 2016 18:56:08 -0700
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="----=_NextPart_000_00B8_01C2A9A6.30C11DCC"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - vps.zimbravixko.eu
X-AntiAbuse: Original Domain - mydomain.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - parlkex.com
X-Get-Message-Sender-Via: vps.zimbravixko.eu: authenticated_id: elboramziw/only user confirmed/virtual account not confirmed
X-Authenticated-Sender: vps.zimbravixko.eu: elboramziw

This is a multi-part message in MIME format.
Delivery-date: Wed, 23 Mar 2016 02:46:33 +0200
Received: from [50.31.162.152] (helo=vps.zimbravixko.eu)
        by mydomain.com with esmtp (Exim 4.68)
        (envelope-from <jaione@???>)
        id 1aiWwR-00064B-Mz
        for user@???; Wed, 23 Mar 2016 02:46:33 +0200
Received: from [167.88.14.117] (port=55252 helo=User)
        by vps.zimbravixko.eu with esmtpa (Exim 4.86_1)
        (envelope-from <jaione@???>)
        id 1agNAc-0007bB-1A; Wed, 16 Mar 2016 20:56:16 -0500
Reply-To: <Ultimateemp@???>
From: "Mary Russell"<jaione@???>
Subject: PAYMENT AGENT REQUIRED
Date: Wed, 16 Mar 2016 18:56:08 -0700
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="----=_NextPart_000_00B8_01C2A9A6.30C11DCC"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - vps.zimbravixko.eu
X-AntiAbuse: Original Domain - mydomain.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - parlkex.com
X-Get-Message-Sender-Via: vps.zimbravixko.eu: authenticated_id: elboramziw/only user confirmed/virtual account not confirmed
X-Authenticated-Sender: vps.zimbravixko.eu: elboramziw

This is a multi-part message in MIME format.

Return-path: <spam.com>

Envelope-to: mydomain.com
Delivery-date: Tue, 22 Mar 2016 14:37:54 +0200
Received: from [194.153.145.70] (helo=smtp-spam.com)
        by mydomain.com with esmtp (Exim 4.68)
        (envelope-from <spam.com>)
        id 1aiLZJ-00013G-EV
        for mydomain.com; Tue, 22 Mar 2016 14:37:54 +0200
Received: from spam.com (......)
        by spam.com (Postfix) with ESMTP id 0CBE350DC3C
        for <mydomain.com>; Tue, 22 Mar 2016 14:37:53 +0200 (EET)
Received: from spam.com (localhost [127.0.0.1])
        by spam.com (Postfix) with ESMTP id F40351FBDB
        for <mydomain.com>; Tue, 22 Mar 2016 14:37:52 +0200 (EET)
Date: Tue, 22 Mar 2016 14:37:52 +0200 (EET)
From: spammer <spam.com>
To: mydomain.com
Message-ID: <548892256.824582.1458650272997.JavaMail.apache@???>
Subject: =?UTF-8?B?0JrQm9CY0JXQndCi0KHQmtCY0JUg0JHQkNCX0Ksh?=
MIME-Version: 1.0
Content-Type: multipart/alternative;
        boundary="----=_Part_824581_207071265.1458650272993"
X-Mailer: spamMail 3.0
X-Originating-IP: 1.2.3.4
X-Spam_score: 3.5
X-ACL-Warn: = X-Spam_score_int: 35
X-ACL-Warn: = X-Spam_bar: +++
X-ACL-Warn: = X-Spam_report: Spam detection software, running on the system "mydomain.com", has
        identified this incoming email as possible spam.  The original message
        has been attached to this so you can view it (if it isn't spam) or label
        similar future email.  If you have any questions, see
        the administrator of that system for details.
        Content preview:  -~Z-~[-~X-~U-~]ÒÑ-~Z-~X-~U -~Q-~P-~WÛ! Ñîáå-~@--
-ì äë-~O -~Rà-~Aå-~@
        ïî èí-~Bå-~@íå-~B áàç-~C äàíí-~K-~E ïî-~Båí-~Fèàë-~~
Lí-~K-~E êëèåí-~Bîâ~Håãî -~
        äë-~O -~Rà-~Håãî -~Qèçíå-~Aà! -~Z-~[-~X-~U-~]ÒÑ-~Z-~X-~U -~~
Q-~P-~WÛ! [...] a
        Content analysis details:   (3.5 points, 4.0 required)
        pts rule name              description
        ---- ---------------------- --------------------------------------------------
        0.0 HTML_MESSAGE           BODY: HTML included in message
        0.0 BAYES_50               BODY: Bayesian spam probability is 40 to 60%
        [score: 0.5000]
        1.5 TVD_SPACE_RATIO        BODY: TVD_SPACE_RATIO
        2.2 DCC_CHECK              Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
        0.1 RDNS_NONE              Delivered to trusted network by a host with no rDNS
        -0.2 AWL                    AWL: From: address is in the auto white-list