Change X Headers to allow for the host name to be set based on how exim is being connected to
As an administrator, I would like the X headers (X-AntiAbuse, X-Get-Message-Sender-Via, X-Authenticated-Sender) to use a variable that allows for the host name to be set based on how exim is being connected to, so that when accounts have a dedicated IP the X-headers reflect the account host that was being used and don't 'leak' information about the underlying server.
==========
On a server is setup to host multiple accounts / domains when the domains have a dedicated IP, the headers from the email are showing still showing the server name associated with the main host name because they are using the primary_hostname variable.
Headers look like this presently even when a dedicated IP / hostname for domain B was used to send the email:
X-AntiAbuse: Primary Hostname - base.domainA.com
X-Get-Message-Sender-Via: base.domainA.com: authenticated_id: susan@domainB.com
X-Authenticated-Sender: base.domainA.com: susan@domainB.com
Headers should depend on values like smtp_active_hostname or sender_host_authenticated that allow for the host name to be set based on how exim is being connected to. The current code seems to defeat/ignore the multi-tenant / dedicated IP functionality.
At present even it this feature were to be completed: https://features.cpanel.net/topic/an-option-to-use-actual-reverse-dns-resolution-as-helo-for-outbound-email
The headers in the email still would not be correct since the smtp_active_hostname is not being used to formulate these headers.
Internally you can refer to ticket 11731935 for more detail on the origin of this feature request.
I like this idea 
cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.
This feature is a must and we request its implementation asap. Without it, there is no real isolation of the dedicated IP accounts, in terms of mail server reputation.
We can confirm that even if "Use the reverse DNS entry for the mail HELO/EHLO if available" is enabled in WHM » Exim Configuration Manager, the server's hostname is still present in the mail headers. In addition to the X-headers, we're seeing it in the Received field too, as show below (server's hostname is specified as serverdomain.tld).
Received: from user-main-domain.tld (user-main-domain.tld. [X.X.X.X]) by mx.google.com with ESMTPS id l9si3408394wrp.563.2020.05.27.12.19.45 for <xxxx@gmail.com> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 27 May 2020 12:19:46 -0700 (PDT) ... ... Received: from mail-qk1-f180.google.com ([209.85.222.180]:43665) by serverdomain.tld with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.93) (envelope-from <sender@user-addon-domain.tld>) id 1je1aY-000INm-Mz for xxxx@gmail.com; Wed, 27 May 2020 21:19:43 +0200 Received: by mail-qk1-f180.google.com with SMTP id v79so642924qkb.10 for <xxxx@gmail.com>; Wed, 27 May 2020 12:19:43 -0700 (PDT) ... ... X-AntiAbuse: Primary Hostname - serverdomain.tld X-AntiAbuse: Original Domain - gmail.com X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - user-addon-domain.tld X-Get-Message-Sender-Via: serverdomain.tld: authenticated_id: sender@user-addon-domain.tld X-Authenticated-Sender: serverdomain.tld: sender@user-addon-domain.tld ...This feature is a must and we request its implementation asap. Without it, there is no real isolation of the dedicated IP accounts, in terms of mail server reputation.
We can confirm that even if "Use the reverse DNS entry for the mail HELO/EHLO if available" is enabled in WHM » Exim Configuration Manager, the server's hostname is still present in the mail headers. In addition to the X-headers, we're seeing it in the Received field too, as show below (server's hostname is specified as serverdomain.tld).
Received: from user-main-domain.tld (user-main-domain.tld. [X.X.X.X]) by mx.google.com with ESMTPS id l9si3408394wrp.563.2020.05.27.12.19.45 for <xxxx@gmail.com> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 27 May 2020 12:19:46 -0700 (PDT) ... ... Received: from mail-qk1-f180.google.com ([209.85.222.180]:43665) by serverdomain.tld with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.93) (envelope-from <sender@user-addon-domain.tld>) id 1je1aY-000INm-Mz for xxxx@gmail.com; Wed, 27 May 2020 21:19:43 +0200 Received: by mail-qk1-f180.google.com with SMTP id v79so642924qkb.10 for <xxxx@gmail.com>; Wed, 27 May 2020 12:19:43 -0700 (PDT) ... ... X-AntiAbuse: Primary Hostname - serverdomain.tld X-AntiAbuse: Original Domain - gmail.com X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - user-addon-domain.tld X-Get-Message-Sender-Via: serverdomain.tld: authenticated_id: sender@user-addon-domain.tld X-Authenticated-Sender: serverdomain.tld: sender@user-addon-domain.tld ...Replies have been locked on this page!