Email header showing two IPs, primary and custom domain.

Hello,

I hope someone can help me out.

I followed the instructions on: https://docs.cpanel.net/knowledge-base/email/how-to-configure-the-exim-outgoing-ip-address/#the-mailhelo-file

The emails go out fine, I have reverse PTR setup properly but when I send emails the header contains two IPs, the custom one as it should, and after that the main IP of the server that is used for shared accounts.

The xx.xx.xx.xx is the right ip that should be shown, but you'll see that in the header it is followed by yy.yy.yy.yy and main server name (originalservername) instead of that specified in mail_reverse_dns/mailips

Hope someone can help me out with this :)

eg:

Return-Path: <marketing@domain.com>
Delivered-To: me@me.com
Received: from mi3-ts5.a2hosting.com
    by mi3-ts5.a2hosting.com with LMTP
    id oK4uKAwOrGX6BgAAQh1OlA
    (envelope-from <marketing@domain.com>)
    for <me@me.com>; Sat, 20 Jan 2024 13:16:44 -0500
Return-path: <me@me.com>
Envelope-to: me@me.com
Delivery-date: Sat, 20 Jan 2024 13:16:44 -0500
Received: from mail.server.com ([xx.xx.xx.xx]:52127)
    by mi3-ts5.a2hosting.com with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    (Exim 4.96.2)
    (envelope-from <marketing@domain.com>)
    id 1rRFtb-000CMu-0F
    for me@me.com;
    Sat, 20 Jan 2024 13:16:44 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
    d=domain.com; s=default; h=Content-Transfer-Encoding:Content-Type:
    MIME-Version:Message-ID:Subject:Reply-To:From:To:Date:Sender:Cc:Content-ID:
    Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
    :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
    List-Subscribe:List-Post:List-Owner:List-Archive;
    bh=Mu8WZ0EkUH/cX7pXAQPYmndkp4Tc+AKskX9d5+uDCYw=; b=j/YVPhChnJ5B6IQN/jmGXR/g5+
    anZpoCe5dHGgmGpbB8H4YO61CbrGI0RxQegR8FLv2R2H53NfQPKOj7ZtvPLIHrtI/PSc3szTLY3Db
    ljSGmN9iS+AMsfooTW140kCfeeiDDmhQVeUvXkRbaj18NloWbRCERpfr55dRnkZGtZypMSpMyf43v
    SDUIniEu9g9MtkOC2xsFSsnZGiuGvucQhZrjDcen3KRJXElyb2Ddgr8xRTkpVgwf8NyyTdREjhT1k
    yWFS69dSuT9GNIA7SOyqJIsUtaa7q4lbous4fkNmPpgxkhftmd++kKiWBrQFts5Uxkx1iryrTsBKu
    d9nRgk8w==;
Received: from [yy.yy.yy.yy] (port=53418 helo=domain.com)
    by originalservername with esmtpsa  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    (Exim 4.96.2)
    (envelope-from <marketing@domain.com>)
    id 1rRFta-00020K-26
    for me@me.com;
    Sat, 20 Jan 2024 13:16:42 -0500
Date: Sat, 20 Jan 2024 13:16:42 -0500
To: name <me@me.com>
From: marketing <marketing@domain.com>
Reply-To: Marketing <marketing@domain.com>
Subject: Confirm your subscription
Message-ID: <4934a94fe95216cc553a84940f239f1c@domain.com>
X-Mailer: Sendy (https://sendy.co)
MIME-Version: 1.0
Content-Type: multipart/alternative;
    boundary="b1_4934a94fe95216cc553a84940f239f1c"
Content-Transfer-Encoding: 8bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - originalservername
X-AntiAbuse: Original Domain - me.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - domain.com
X-Get-Message-Sender-Via: originalservername: authenticated_id: marketing@domain.com
X-Authenticated-Sender: originalservername: marketing@domain.com
X-Source: 
X-Source-Args: 
X-Source-Dir: 
X-From-Rewrite: unmodified, already matched
X-Spam-Status: No, score=2.8
X-Spam-Score: 28
X-Spam-Bar: ++
X-Ham-Report: Spam detection software, running on the system "mi3-ts5.a2hosting.com",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 root\@localhost for details.
 Content preview:  Â You're almost there!Please confirm your subscription by
   clicking the link below Confirm: https://domain.com/sendy/confirm?e=dM763BrwiY6R3iNBKjDatINg&l=EH76oBiASBUlc13jeywUMAConfirm
    your subscr [...] 
 Content analysis details:   (2.8 points, 3.0 required)
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  3.0 BAYES_95               BODY: Bayes spam probability is 95 to 99%
                             [score: 0.9854]
  0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was
                             blocked.  See
                             http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                              for more information.
                             [URIs: boeriuacademy.com]
 -0.0 SPF_PASS               SPF: sender matches SPF record
  0.0 HTML_MESSAGE           BODY: HTML included in message
  0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily
                             valid
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
                             envelope-from domain
 -0.1 DKIM_VALID             Message has at least one valid DKIM or DK signature
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
                             author's domain
 -0.0 T_SCC_BODY_TEXT_LINE   No description available.
 -0.0 AWL                    AWL: Adjusted score from AWL reputation of From: address
X-Spam-Flag: NO