System was originally configured as dual homed, explicit proxy. One network connection in the DMZ (with a valid public IP address.) The 2nd network connection was on the private LAN behind the firewall. Mail for the domain was forwarded to our exchange server.
Recently I reconfigured the system to use a single network connection in the LAN. The firewall has a NAT entry that has the public IP address for mail.mydomain.com point to the internal IP address. Address masquerading is no longer working. For example, firstname.lastname@example.org should redirect to email@example.com. The "test" option under address masquerading shows mail to "firstname.lastname@example.org" should rewrite to "email@example.com") However mail is just being delivered to our exchange server (with out any rewriting.) Since our exchange server does not actually have an account called "firstname.lastname@example.org" the mail gets lost. All spam-projection and virus-protection is working. As far as I can tell, masquerading should apply to e-mail regardless of whether it appears to heading from the Internet or two the Internet.