[exim] Some acl "how-to" help needed

All email from my host domains originates in the host, or arrives on the loopback interface. (All valid external senders must log in to the system via SSH, and tunnel to 127.0.0.1:25)

I want to take advantage of this in the acl sections to accomplish at least the following:

(1) Eliminate spam that has a forged sender that purports being from one of the host domains, but actually arrives via the public IP. (Preferably in the RCPT acl, but at least before any data scanning)

(2) Bypass malware scanning of all verified in-house originated emails. (But obviously not the forged ones)

I feel fairly certain exim has the ability to do this easily, but I can't seem to come up with a scheme. My latest attempt resulted in rejecting my own emails. :(

It seems like something that is common enough that one would only have to uncomment it in the default exim.conf, or at least shown as an example in spec.pdf. I guess it must not be that usual a case.

I would also like an acl that would run spamassassin only on the headers of emails that are too big to scan the data.