Unfortunately, when I tried this I got the following message in my log, and nothing on the SMTP output:
Jul 30 14:53:50 fire exim: warning: /etc/hosts.allow, line 28: twist_option: dup: Bad file descriptor
So I did some poking around the net, and around the exim and TCP Wrappers source code, and found that there is no useful info on the Web, but that there is a little in the source code.
The reason this is happening in my case, is that I'm running exim as a stand alone daemon (and not from inetd), using the built in TCP Wrappers support (i.e. it's compiled with USE_TCP_WRAPPERS). It turns out that the hosts_ctl() function does not include the file descriptor and is only capable of telling the caller yes or no, but not returning anything to the client. Since the file descriptor is not passed in, when TCP Wrappers tries to redirect the output from your shell script, it is unable to, and hence the warning.
It turns out that hosts_ctl() is just a simple wrapper for the hosts_access() function, which is substantially more complex. I thought it might be sufficient modify smtp_in.c so that the file descriptor is passed along to the TCP Wrappers function, however that does not seem to work for whatever reason.
So for now, it appears that if you want to use the twist functionality with exim, that you need to run exim from inetd. Joy.