Premises (fictional names)
eleifend is an external domain, of which the MTA is out of my control;
eleifend has SPF setup correctly so lorem servers cannot send email as @eleifend;
aliquam is another external domain, of which the MTA is also out of my control;
aliquam does SPF checking on incoming mails to reject explicit fails (RFC recommendation and common practice);
lorem is a local domain, of which MTA is the exim I'm configuring, it's been working for several years, but only now we noticed a misbehaviour;
Lame <lame@lorem> is a mailing list of which Bob <bob@eleifend> is a member (note: effectively this could also be a "forwarding address", but it's simpler to think of it with lists);
lame@lorem members are stored on a mysql database;
Alice <alice@aliquam> wants to send an email to Lame <lame@lorem>;
What I need
Short version
How to configure (without recompiling) exim so Alice can send an email to Lame which would be redirected to Bob.
Long version
This configuration has been working for several years for the cases where either the sender was @lorem or all the receivers were @lorem. With a configuration like this:
What doesn't work: the case where both sender and receiver are externals.
Why: for some reason (this is the misbehaviour I was talking about) exim preserves the original envelope sender (aka MAIL FROM per the RFC), which aliquam rejects due to an SPF fail.
I'm aware of SRS and its experimental implementation on exim.
However besides being experimental it requires recompilation to be enabled. It wouldn't be terrible if there was an updated ubuntu ppa with compiled packages ready.
I'm also aware of exim's rewriting which has a flag F to change the envelope sender (From), but that flag can't be used with headers_rewrite. It's only available on the rewrite section.
Basically I'm looking for a way to fix the envelope sender which is expected to be lame@lorem in this case, be it through rewriting or SRS, it must only be maintainable.