Exim MTA shows dmz address and local domain name in outgoing message headers

The content of the Received: header is defined in Exim by the configuration option received_header_text. The default setting, from which you can see how your example is constructed, is:

received_header_text = Received: \
  ${if def:sender_rcvhost {from $sender_rcvhost\n\t}\
  {${if def:sender_ident \
  {from ${quote_local_part:$sender_ident} }}\
  ${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}\
  by $primary_hostname \
  ${if def:received_protocol {with $received_protocol}} \
  ${if def:tls_cipher {($tls_cipher)\n\t}}\
  (Exim $version_number)\n\t\
  ${if def:sender_address \
  {(envelope-from <$sender_address>)\n\t}}\
  id $message_exim_id\
  ${if def:received_for {\n\tfor $received_for}}

As for changing or remove the header. Beware some best practice advice lies ahead..

• Are you sure that you want to remove this information? It's presence allows you to track abuse reports much more easily. The exposure of your internal IP addresses is actually of fairly limited risk.

• Technically you can remove this first received header by using headers_remove but it's certainly not RFC friendly and there is a chance of creating mail loops.

• If you must mask the information then you would be best to do so by modifying received_header_text. For maintainability and the principle of least surprise, even if the MTA isn't performing any other functions, you probably want to make your changes as specific as possible. This would involve putting some additional conditions in those if statements for facts that you know will always be true, such as whether the sender has authenticated themselves.