In many corporate environments, internal applications generate emails with local domain addresses (e.g., myapp@myserver.mydomain.local). When these emails need to be delivered to external recipients, SMTP servers often reject them due to:
- Unverifiable sender domains
- Potential spam flagging
- Reverse DNS mismatch
The solution requires rewriting sender addresses when both these conditions are met:
# In exim.conf
sender_domains = +local_domains
recipient_domains = !+local_domains
Here's a complete rewrite rule for your exim configuration:
begin rewrite
*@myserver.mydomain.local ${lookup{$1}lsearch{/etc/email/rewrite.map}{$value}fail} Ffrst
*@*.mydomain.local support@mydomain.com Ffrst
end rewrite
Create a rewrite map file (/etc/email/rewrite.map):
# Format: local_username: external_address
myapp: alerts@mydomain.com
nagios: monitoring@mydomain.com
root: admin@mydomain.com
After modifying your exim.conf:
# Verify configuration
exim -bV
# Test address rewriting
exim -brw myapp@myserver.mydomain.local
For more complex scenarios, you might need ACL (Access Control List) rules:
begin acl
check_sender:
deny message = Internal addresses not allowed for external delivery
senders = @myserver.mydomain.local
domains = !+local_domains
control = submission/rewrite_sender
end acl
- Check /var/log/exim/mainlog for rewrite operations
- Enable debug mode: exim -d+rewrite
- Verify DNS records for your external domain
When dealing with Exim mail servers in mixed network environments, a common challenge arises when internal applications send emails to external recipients. The default behavior often results in email headers showing internal domain addresses (e.g., myapp@myserver.mydomain), which external SMTP servers typically reject due to SPF/DKIM validation failures or anti-spam policies.
We need to implement sender address rewriting when:
1. The sender's domain belongs to the local network
2. The recipient's domain is external
3. The mail is being relayed through the ISP's SMTP server
Here's the essential configuration to add to your exim.conf file. This example assumes your external domain is "yourcompany.com" and your internal domain is "mydomain":
begin rewrite
*@myserver.mydomain ${lookup{$1}lsearch{/etc/exim/rewrite_users}{$value}{noreply@yourcompany.com}} noreply@yourcompany.com F
end
First, create a rewrite file for specific user mappings (optional but recommended):
# /etc/exim/rewrite_users root: admin@yourcompany.com myapp: monitoring@yourcompany.com backup: backup-alerts@yourcompany.com
Then enhance your router configuration for external delivery:
remote_smtp:
driver = smtp
transport = remote_smtp
route_list = * smtp.yourisp.com
headers_remove = sender
headers_add = "Sender: noreply@yourcompany.com"
headers_add = "X-Originating-IP: ${if exists{interface_address}{${lookup{$interface_address}lsearch*{/etc/exim/ip_rewrites}{$value}{$interface_address}}}{$sender_host_address}}"
After making these changes, test the configuration with:
exim -bt myapp@myserver.mydomain exim -v external@example.com
Verify the headers in received test messages to confirm proper rewriting. Key headers to check:
- From: should show your external domain
- Return-Path: should match your sending domain
- X-Original-Sender: (if configured) should show internal address
If messages still show internal addresses:
- Check exim rewrite debugging with:
exim -drewrite - Verify no conflicting rewrite rules exist earlier in your config
- Ensure the rewrite rules are in the correct section (before transports)