> My log is flooded with those spam attemps and I wonder if there is a
> ACL can stop those attemps.
If these are compromised accounts that are leading to you being used
to send/relay spam to other people, you should look at submission
ratelimits. A typical acl_smtp_rcpt ACL stanza might be:
defer
ratelimit = 200 / 60m / per_addr / $authenticated_id
delay = 10s
message = Sending too fast, try again later.
Then you have to watch your logs to determine compromised accounts and
fix them. It might be possible to automatically lock out accounts that
trigger ratelimiting, but you'd probably have to build this yourself
as I suspect no one has a canned recipe for it.
(It's definitely possible; Exim is very powerful and flexible. Expect
to have to read the Exim documentation carefully, and understand that
you're basically writing a little program.)
- cks