The problem: authenticated user can supply any "FROM".
The mail server is used as a smarthost. The server cluster.xx send a letter via mail.xx, authorizing as email@example.com - this is correct. Next, I remove all Received, that would not be seen, that the letter formed cluster.xx , but the sender's address firstname.lastname@example.org and that's what goes on the external server, respectively, is not applied spf, dkim and visible is very ugly email@example.com. Where it is necessary to make overwriting of headers and it should look like that exim was sending MAIL FROM firstname.lastname@example.org (this is only going to check a tcpdump-Ohm) and the header was From: email@example.com
As a note, if the server mail.xx is mail forwarding (already arbitrary senders), then, logically, he must save from and to headers. I.e. if the letter comes ...@Yandex firstname.lastname@example.org making shipment on @google, it needs to keep from ...@yandex (Checked, letters with @Yandex @mail.xx headings From: original sender To: ...@yandex; no mention of @mail.xx which makes Yandex shipment no)