Many spammers send IP addresses in the mail header and the Exim function
Deny message = Your IP address was added to the blacklist log_message = IP address in manual blacklist hosts = + block_ip_address
get IP from that.
How will the look ACL be with the search condition? host list But for the real IP address of the email server?