Exim – Address Re-Write (Flattening Sub-Domain)

by

We had an interesting issue where our EXIM configuration was flattening a subdomain’s “From” address, i.e. it was re-writing an email’s From (HFrom) and MailFrom (return-path/envelope-from) headers to @domain.com addresses, i.e. to catch emails such as root@mymachine.domain.comand re-write the From (HFrom) and MailFrom (return-path/envelope-from) to root@domain.com instead.

Problem was, this configuration wasn’t documented, so needed a bit of investigation; but is also a good learning point for email, how it works, and how it can be manipulated.

Remember that within an email message the From address you see in your email client isn’t the same as the MailFrom (return-path/envelope-from) – although it could be!

RFC5322 From (HFrom) – This is the header field in the email message that specifies the sender’s address and name as displayed in the email client. It’s used for display purposes and is often the address the recipient sees when they reply to the email.
RFC5321 MailFrom (return-path/envelope-from) – This is the address used in the SMTP envelope, which is not directly visible to the recipient. It’s used for the initial handshake and delivery of the email, and it’s related to the bounce address.

Rewrite Example Rules

Here is an example re-write configuration, if we explore some of the lines.

You can specify that an address (or pattern of an address) never to be rewritten, which means once the address is picked up by a rule it is never passed on to the next rule. Or you can specify an address (or pattern of an address) is to be rewritten, which means once the address is picked up by a rule it is acted upon, and never passed to the next rule.

####### Begin Address Re-Write ############

begin rewrite

# Excluded Subdomains
*@*.subdomain.domain.com * Ff

# Subdomains
*@*\.domain.com  $1@domain.com Ff

We’ll explore a couple of the lines, to explain what is going on, for a more well rounded set of documentation see the “Additional Information” section below for some more in-depth links.

Excluded Subdomain

If you want to exclude a subdomain from being processed, then 1. you need to ensure it is not matched by any rule above it, 2. then add a rule in the format: <match> <action> <flags>

So for example to exclude any emails which have the the From (HFrom) and MailFrom (return-path/envelope-from) from any further processing (and possible re-write) you would use the following:

*@*.subdomain.domain.com * Ff

Matches any email address from @subdomain.domain.com (or a sub-domain thereof), then “*” means do nothing, and the Ff means only evaluate the From (HFrom) and MailFrom (return-path/envelope-from).

It also means go no further and stop evaluating any more rules and move the email to delivery.

Included (Rewritten Subdomain)

If you want to re-write a subdomain of domain.com for example you would use something like:

*@*\.domain.com  $1@domain.com Ff

Which means match anything @domain.com (which might include say root@mymachine.domain.com) and then “flatten” it with $1@domain.com to become root@domain.com acting only on the From (HFrom) and MailFrom (return-path/envelope-from) attributes. 

In plain terms match any email which has a From (HFrom) and/or MailFrom (return-path/envelope-from) sub-domain of sanger.ac.uk and then re-write the From (HFrom) and/or MailFrom (return-path/envelope-from) to $1@domain.com instead, so root@mymachine.domain.com would become root@domain.com.

Flags

The flags can be set to act upon different parts of the email attributes, for example:

E       rewrite all envelope fields
F       rewrite the envelope From field
T       rewrite the envelope To field
b       rewrite the Bcc: header
c       rewrite the Cc: header
f       rewrite the From: header
h       rewrite all headers
r       rewrite the Reply-To: header
s       rewrite the Sender: header
t       rewrite the To: header

Check Configuration File Syntax

You can check the syntax of the configuration file with the following to check for any errors:

exim -C exim.conf -bV

Testing

To verify your change has been successful, or to see what the current configuration is doing in terms of re-writing, you can use the following command.

Before

As you can see the address support@dev.domain.com is being rewritten to: support@domain.com. 

# exim -brw support@dev.domain.com
  sender: support@dev.domain.com
    from: support@domain.com
      to: support@dev.domain.com
      cc: support@dev.domain.com
     bcc: support@dev.domain.com
reply-to: support@dev.domain.com
env-from: support@domain.com
  env-to: support@dev.domain.com

After

After a change was made to the configuration to explicitly exclude this sub-domain from being re-written, we can see that the address is not being re-written.

[root@mail-relay-01 ~]# exim -brw support@dev.domain.com
  sender: support@dev.domain.com
    from: support@dev.domain.com
      to: support@dev.domain.com
      cc: support@dev.domain.com
     bcc: support@dev.domain.com
reply-to: support@dev.domain.com
env-from: support@dev.domain.com
  env-to: support@dev.domain.com

Obviously you should also check the addresses you do want to be re-written are still indeed being rewritten!

Test Submission

If you want to test a real submission, you can create an email file and drop it into the submission with the following procedure.

# cat > exim-rewrite-test.eml <<'EOF'
> From: support@dev.domain.com
> To: adminuser@domain.com
> Subject: Rewrite Test
>
> test
> EOF
[root@mail-relay-01 ~]# cat exim-rewrite-test.eml
From: support@dev.domain.com
To: adminuser@domain.com
Subject: Rewrite Test

test

# exim -odq -i -f support@dev.domain.com adminuser@domain.com < exim-rewrite-test.eml

# exim -bp
 0m   379 1vrz0d-000000003gC-3jth <support@domain.com>
          adminuser@domain.com

# exim -Mvh 1vrz0d-000000003gC-3jth
1vrz0d-000000003gC-3jth-H
root 0 0
<support@domain.com>
1771249891 0
-received_time_usec .891414
-received_time_complete 1771249891.892573
-ident root
-received_protocol local
-body_linecount 1
-max_received_linelength 46
-allow_unqualified_recipient
-allow_unqualified_sender
-deliver_firsttime
-tls_resumption A
XX
1
adminuser@domain.com

199P Received: from root by mail-relay-01.domain.com with local (Exim 4.97.1)
	(envelope-from <support@domain.com>)
	id 1vrz0d-000000003gC-3jth
	for adminuser@domain.com;
	Mon, 16 Feb 2026 13:51:31 +0000
047* From: support@dev.domain.com
027F From: support@domain.com
021T To: adminuser@domain.com
022  Subject: Rewrite Test
066I Message-Id: <E1vrz0d-000000003gC-3jth@mail-relay-01.domain.com>
059* X-rewrote-sender: support@dev.domain.com
038  Date: Mon, 16 Feb 2026 13:51:31 +0000

# exim -Mrm 1vrz0d-000000003gC-3jth
Message 1vrz0d-000000003gC-3jth has been removed

# rm exim-rewrite-test.eml
rm: remove regular file 'exim-rewrite-test.eml'? y

Additional Information

Leave a comment