If you are concerned of what Exim writes to the world, check out these
(in addition to what people say):
*_advertise_*:
http://www.exim.org/exim-html-4.40/doc/html/spec_14.html#IX1057
http://www.exim.org/exim-html-4.40/doc/html/spec_14.html#IX1263
http://www.exim.org/exim-html-4.40/doc/html/spec_33.html#IX2275
http://www.exim.org/exim-html-4.40/doc/html/spec_14.html#IX1467
smtp_banner:
http://www.exim.org/exim-html-4.40/doc/html/spec_14.html#IX1381
headers_remove (generic transport option, could be used on external
SMTP)
http://www.exim.org/exim-html-4.40/doc/html/spec_24.html#IX1861
Take _extreme_ caution with `headers_remove = Received' because of
possible mail loops (use a special technique with ${hmac} and custom
headers.)
When removing things from received_header_text, some older versions of
Exim did panic with $tls_cipher when TLS is not compiled in. I don't
know the current situation, it could be fixed.
Additional stuff is done with non-{RCPT|MAIL} ACLs an so on.
Take care.
