diff --git a/network/detection/exim-detect.yaml b/network/detection/exim-detect.yaml
new file mode 100644
index 00000000000..d9f5e2ab298
--- /dev/null
+++ b/network/detection/exim-detect.yaml
@@ -0,0 +1,37 @@
+id: exim-detect
+
+info:
+  name: Exim - Detect
+  author: ricardomaia
+  severity: info
+  description: |
+    Exim can accept messages from remote hosts using SMTP over TCP/IP, and as well as from local processes. It handles local deliveries to mailbox files or to pipes attached to commands, as well as remote SMTP deliveries to other hosts.
+  reference:
+    - https://www.exim.org/docs.html
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cwe-id: CWE-200
+  metadata:
+    verified: true
+    shodan-query: product:"Exim smtpd"
+  tags: network,detect,smtp,mail,exim
+
+tcp:
+  - inputs:
+      - data: "\n"
+
+    host:
+      - "{{Hostname}}"
+    port: 587
+
+    matchers:
+      - type: word
+        words:
+          - "ESMTP Exim"
+
+    extractors:
+      - type: regex
+        group: 1
+        name: version
+        regex:
+          - '(?i)SMTP.Exim\s?([\w.]+)'