How to set up keyword block in Exim on Debian

Exim can be configured to block emails containing key words, as a method to fight spam. Obviously this is not a comprehensive solution, but can assist in stopping persistent spammers and decreasing the load on SpamAssassin processing when running in parallel.

These instructions are for Debian 8 Jessie, but should apply similarly to Stretch(9) and Buster(10), which use the Exim split configuration.

Edit the config template file: /etc/exim4/exim4.conf.template

We are using the DATA access list (ACL) so scroll down to the section:

### acl/40_exim4-config_check_data
#################################

There may be a number of existing rules in this section, we'll insert our rules after this entry:

# require that there is a verifiable sender address in at least
# one of the "Sender:", "Reply-To:", or "From:" header lines.
.ifdef CHECK_DATA_VERIFY_HEADER_SENDER
deny
  message = No verifiable sender address in message headers
  !acl = acl_local_deny_exceptions
  !verify = header_sender
.endif

 Insert the following text:

# Deny keywords using regex before using Spamassassin:
# Ref: https://www.exim.org/exim-html-current/doc/html/spec_html/ch-content_scanning_at_acl_time.html
  deny
    message = Message rejected as spam or Unroutable address
    regex = Keyword1|Keyword2|Keyword3|...

Change keywords to match words you would like to block. Note this is a case sensitive, regex expression - customise the regex line as required. The message is logged and also sent back to the offending sender.

Update the Exim configution:

update-exim4.conf

Restart the Exim service:

service exim4 restart

Send a test email containing one of the keywords to test.