These instructions are for Debian 8 Jessie, but should apply similarly to Stretch(9) and Buster(10), which use the Exim split configuration.
Edit the config template file: /etc/exim4/exim4.conf.template
We are using the DATA access list (ACL) so scroll down to the section:
### acl/40_exim4-config_check_dataThere may be a number of existing rules in this section, we'll insert our rules after this entry:
#################################
# require that there is a verifiable sender address in at leastInsert the following text:
# one of the "Sender:", "Reply-To:", or "From:" header lines.
.ifdef CHECK_DATA_VERIFY_HEADER_SENDER
deny
message = No verifiable sender address in message headers
!acl = acl_local_deny_exceptions
!verify = header_sender
.endif
# Deny keywords using regex before using Spamassassin:
# Ref: https://www.exim.org/exim-html-current/doc/html/spec_html/ch-content_scanning_at_acl_time.html
deny
message = Message rejected as spam or Unroutable address
regex = Keyword1|Keyword2|Keyword3|...
Change keywords to match words you would like to block. Note this is a case sensitive, regex expression - customise the regex line as required. The message is logged and also sent back to the offending sender.
Update the Exim configution:
update-exim4.confRestart the Exim service:
service exim4 restartSend a test email containing one of the keywords to test.