Setting up email filtering for externally hosted domains?

[meeven]

I posted this on webhostingtalk.com (didn't get a response), but I should have probably posted here first as I am using cPanel/WHM.

I have a VPS with MailScanner (from configserver.com) set up for anti-virus/anti-spam. Now, every now and then, I get enquiries from people who only want spam/virus filtering without physically moving their hosting accounts to me.

It would seem that this is easy enough to accomplish by changing the MX records for those externally hosted domains to point to my MX servers. I myself use such a service from LuxSci.com.

However, I am unable to accomplish this on my VPS which runs cPanel/WHM. I changed the MX record for that domain to point to my mailserver, added the domain in question to /etc/localdomains on the VPS, but whenever I send an email from that domain to accounts on my VPS, they are rejected with the message:

550-Verification failed for
<testaccount@domain.com>
550-Unrouteable address
550 Sender verify failed

Interestingly, the same email sent to my gmail account has been delivered on every occasion. I checked that external domain on dnsstuff.com and it reports perfect records for all the MX tests.

Does anyone have an idea what I am doing wrong?

Thanks,
Meeven

[chirpy]

Looks like you're missing the last component of the link. If you have the MX record pointing to your server then you either have to park that domain against an account (or create an account) and then create mailboxes for the domain. Or, you need to forward the email on after scanning to the recipients mail server using an exim smart router:
http://forums.cpanel.net/showthread.php?t=18201

The latter is the usual way to achieve this.

[meeven]

Thanks!

My host did it for me by turning off sender verification in Exim configuration and it worked. I didn't have to physically create an account for that domain on the server running MailScanner or create the mailboxes. They said

Basically 'Sender Verification' is an Exim option to not accept mail from remote hosts that do not have port 25 open. For example, if you get mail from jim@yahoo.com, and yahoo.com does not have a mailserver running on it, Exim will discard it.

Now, I am not sure if this means my server is open to mail relay attacks or whether I am opening up my server to more spam because it seems this is a global configuration affecting all domains on the server and not just the one that MailScanner is filtering.

By the way, MailScanner scanned emails from that external domain like a charm and properly delivered them:-)

[meeven]

Or, you need to forward the email on after scanning to the recipients mail server using an exim smart router:
http://forums.cpanel.net/showthread.php?t=18201

The latter is the usual way to achieve this.

This seems more sensible that turning off sender verification in exim for all the domains on the server. If I used the exim smart router, I would't have to turn off sender verification in the MTA, right?

Thanks.