Hi!
Please, write proper ACL to FAQ:
https://github.com/Exim/exim/wiki/AclHeloTricks
HELO contain a IP part
drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid
condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}}
condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}}{$sender_helo_name}{no}{yes}}
delay = 45s
HELO contain my domains, subdomains or my interface by dns lookup
drop message = No you are not ME or OURS (HELO was $sender_helo_name and equal my interface hostname)
condition = ${if !def:interface_address {no}{yes}}
condition = ${if match_ip{$interface_address}{${lookup dnsdb{>: defer_never,a=$sender_helo_name}}}{yes}{no}}
delay = 45s
HELO not contain a full host (ex: host.domain.com)
drop message = Invalid domain or IP given in HELO/EHLO (HELO was $sender_helo_name)
condition = ${if match{$sender_helo_name}{.+\\\..+\\\..+}{no}{yes}}
!authenticated = *
!senders = wildlsearch;/etc/exim4/lst/skp_helodot
!hosts = +ignore_defer : +ignore_unknown : +relay_from_hosts : net-iplsearch;/etc/exim4/lst/skp_heloadsl
condition = ${if match_ip{$sender_host_address}{${lookup dnsdb{>: defer_lax,a=${lookup dnsdb{>: defer_lax,mxh=$sender_address_domain}}}}}{no}{yes}}
delay = 45s
https://github.com/Exim/exim/wiki/Verification
Contain ADSL in reverse, checked or unchecked
drop message = Helo is ADSL or DIAL (HELO was $sender_helo_name) and your ip $sender_host_address not is a MX/SPF of domain <$sender_address_domain>
!senders = :
condition = ${if match {$sender_helo_name}{\N\d+\.\d+\.\d+\.\d+|\d+-\d+-\d+-\d+|host|dsl|dial|broad|band|user|dhcp|pool|client|cable|pppoe|hsd|dyn|static|ppp|speedy|customer\N}{yes}{no}}
!hosts = +ignore_defer : +ignore_unknown : net-iplsearch;/etc/exim4/lst/skp_heloadsl
condition = ${if match_ip{$sender_host_address}{${lookup dnsdb{>: defer_lax,a=${lookup dnsdb{>: defer_lax,mxh=$sender_address_domain}}}}}{no}{yes}}
!spf = pass
delay = 45s
drop message = Reverse verified ($sender_host_name) is ADSL or DIAL, Helo $sender_helo_name not is $sender_host_address and your ip $sender_host_address not is a MX/SPF of domain <$sender_address_domain>
!senders = :
condition = ${if def:sender_host_name {true}{false}}
condition = ${if match {$sender_host_name}{\N\d+\.\d+\.\d+\.\d+|\d+-\d+-\d+-\d+|host|dsl|dial|broad|band|user|dhcp|pool|client|cable|pppoe|hsd|dyn|static|ppp|speedy|customer\N}{yes}{no}}
!hosts = +ignore_defer : +ignore_unknown : net-iplsearch;/etc/exim4/lst/skp_heloadsl
condition = ${if match_ip{$sender_host_address}{${lookup dnsdb{>: defer_lax,a=${lookup dnsdb{>: defer_lax,mxh=$sender_address_domain}}}}}{no}{yes}}
condition = ${if match_ip{$sender_host_address}{${lookup dnsdb{>: defer_never,a=$sender_helo_name}}}{no}{yes}}
!spf = pass
delay = 45s
drop message = Reverse unchecked (${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}) is ADSL or DIAL, Helo $sender_helo_name not is $sender_host_address and your ip $sender_host_address not is a MX/SPF of domain <$sender_address_domain>
!senders = :
condition = ${if def:sender_host_name {false}{true}}
condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}}{\N\d+\.\d+\.\d+\.\d+|\d+-\d+-\d+-\d+|host|dsl|dial|broad|band|user|dhcp|pool|client|cable|pppoe|hsd|dyn|static|ppp|speedy|customer\N}{yes}{no}}
!hosts = +ignore_defer : +ignore_unknown : net-iplsearch;/etc/exim4/lst/skp_heloadsl
condition = ${if match_ip{$sender_host_address}{${lookup dnsdb{>: defer_lax,a=${lookup dnsdb{>: defer_lax,mxh=$sender_address_domain}}}}}{no}{yes}}
condition = ${if match_ip{$sender_host_address}{${lookup dnsdb{>: defer_never,a=$sender_helo_name}}}{no}{yes}}
!spf = pass
delay = 45s
https://github.com/Exim/exim/wiki/AclSmtpData
Fake my message ID domain or subdomain
drop message = No you are not ME or OURS (Message-ID was ${domain:$h_Message-ID:} and equal my interface hostname)
!hosts = +relay_from_hosts : +relay_mx_hosts
condition = ${if !def:interface_address {no}{yes}}
condition = ${if !def:h_message-id: {no}{yes}}
condition = ${if match_ip{$interface_address}{${lookup dnsdb{>: defer_never,a=${domain:$h_Message-ID:}}}}{yes}{no}}
delay = 45s