f you have lowered the required score for a message to be flagged as spam, you must also update the SPAM_SCORE variable in /etc/exim4/exim4.conf.template. Note that the score must be multiplied by ten. So, if you’re using 2.9, the variable should look like this:
SPAM_SCORE = 29
Remember to restart exim4:
systemctl restart exim4
I recommend adding an IPSet blacklist and creating a firewall rule to drop all traffic from the IPs in that IPSet for all ports.
Hestia includes a script located at /usr/local/hestia/install/common/firewall/ipset/blacklist.sh, which gathers malicious IPs from several blocklists. You can use this script to populate the IPSet.