simplify fields-group a bit (everything up to 4 chars long but H), so it'll be faster (no multiple branches) as well as would theoretically accept future enhancements of logged fields.

config/filter.d/exim-common.conf

@@ -9,8 +9,8 @@ after = exim-common.local
 
 [Definition]
 
-cleaner = (?: (?:C|Ci|CV|D|DKIM|DN|DS|DT|F|I|K|L|M8S|P|PRDR|PRX|Q|QT|R|RT|S|SNI|ST|T|TFO|U|X)(?:=\S+)?)*
-host_info = %(cleaner)s (?:H=)?(?:[\w.-]+)? ?(?:\(\S+\))? ?\[<ADDR>\](?::\d+)?%(cleaner)s
+_fields_grp = (?: (?!H=)[A-Za-z]{1,4}(?:=\S+)?)*
+host_info = %(_fields_grp)s (?:H=)?(?:[\w.-]+)? ?(?:\(\S+\))? ?\[<ADDR>\](?::\d+)?%(_fields_grp)s
 pid = (?: \[\d+\]| \w+ exim\[\d+\]:)?
 
 
@@ -27,50 +27,15 @@ pid = (?: \[\d+\]| \w+ exim\[\d+\]:)?
 #   src/src/host.c:host_and_ident()
 #   src/receive.c:add_host_info_for_log()
 
-# Cleaner removing all flags but H
+# Substitution of `_fields_grp` bypasses all flags but H
 # Summary of Fields in Log Lines depending on log_selector
 # https://www.exim.org/exim-html-current/doc/html/spec_html/ch-log_files.html
 # at version exim-4.97.1
 # ---
-# A           authenticator name (and optional id and sender)
-# C           SMTP confirmation on delivery
-# Ci          connection identifier
-#             command list for “no mail in SMTP session”
-# CV          certificate verification status
-# D           duration of “no mail in SMTP session”
-# DKIM        domain verified in incoming message
-# DN          distinguished name from peer certificate
-# DS          DNSSEC secured lookups
-# DT          on =>, == and ** lines: time taken for, or to attempt, a delivery
-# F           sender address (on delivery lines)
-# H           host name and IP address
-# I           local interface used
-# id          message id (from header) for incoming message
-# K           CHUNKING extension used
-# L           on <= and => lines: PIPELINING extension used
-# M8S         8BITMIME status for incoming message
-# P           on <= lines: protocol used
-#             on => and ** lines: return path
-# PRDR        PRDR extension used
-# PRX         on <= and => lines: proxy address
-# Q           alternate queue name
-# QT          on => lines: time spent on queue so far
-#             on “Completed” lines: time spent on queue
-# R           on <= lines: reference for local bounce
-#             on =>  >> ** and == lines: router name
-# RT          on <= lines: time taken for reception
-# S           size of message in bytes
-# SNI         server name indication from TLS client hello
-# ST          shadow transport name
-# T           on <= lines: message subject (topic)
-# TFO         connection took advantage of TCP Fast Open
-#             on => ** and == lines: transport name
-# U           local user or RFC 1413 identity
-# X           TLS cipher suite
-# ---
 
 # Authors:
 #   Cyril Jaquier
 #   Daniel Black (rewrote with strong regexs)
+#   Sergey G. Brester aka sebres (optimization, rewrite to prefregex, reviews)
 #   Martin O'Neal (added additional regexs to detect authentication failures, protocol errors, and drops)
 #   Varlamov Vladimir (host line definition)