How can I change the MAIL FROM address that is used for callouts?

It depends on which type of callout you are using.

1. For envelope sender verification callouts, you cannot make any change. My view is that an envelope sender verification is testing whether Exim could send a bounce to that address. Therefore, it must use MAIL FROM:<> because that is what it would do if it were sending a bounce message. If MAIL FROM:<> is rejected, it means Exim could not send a bounce. Therefore the callout fails.

2. For verifying addresses in the From:, Sender:, or Reply-to: header lines (the verify = header_sender condition), it is possible to make a change, on the grounds that these addresses are not necessarily ones that must accept bounce messages. You can do this by adding a mailfrom option, like this:

require  verify = header_sender/[email protected]

1. It is also possible to make a change for the postmaster verification option, also on the grounds that a postmaster address need not accept bounces if it is never used as an envelope sender. Instead of just postmaster, postmaster_mailfrom is used, like this:

require  verify = sender/[email protected]

1. For recipient verification, there are three possibilities. The default is to use MAIL FROM:<>. If the use_postmaster option is given, for example:

require  verify = recipient/callout=use_postmaster

then the address for MAIL FROM is made up from the local part postmaster and the contents of $qualify_domain. Alternatively, if the use_sender option is given, the sender address of the incoming message is used. You should use this option only when you know that the receiving host makes use of the sender address when verifying. The reason is that the callout cache is much less effective in this case, causing many more callouts to be performed. In all cases when you configure Exim to use a non-empty address in MAIL FROM during callout processing, you should think carefully about what might happen if this causes the called host to make its own callout back to your host. Make sure that callout loops cannot happen.