How can I create a blacklist to deny specific hosts / ip addresses?
The access lists that come with Debian’s exim4 configuration have some infrastructure for that and are extensively documented. Their function can be controlled with files placed in /etc/exim4. See also the manual page for exim4_files (available from exim4 4.62-2 on and linked to by PkgExim4) for explanation of these files.