[Exim] Running programs from ACLs

Is there a non-hackish solution for running programs if ACL checks
fail or succeed?

For example, I might want to disable an account if some SMTP AUTH
users user uses a spoofed source address or sends some funky
attachment.

--
Current mail filters: many dial-up/DSL/cable modem hosts, and the
following domains: bigpond.com, di-ve.com, hotmail.com, jumpy.it,
libero.it, netscape.net, postino.it, simplesnet.pt, spymac.com,
tatanova.com, tiscali.co.uk, tiscali.cz, tiscali.it, voila.fr, yahoo.com.