Exim headers_rewrite - Relay

Operating System & Version
CENTOS 7.8
cPanel & WHM Version
86.0.18

andersondeda

Member
Apr 29, 2020
6
1
3
Brasil
cPanel Access Level
Root Administrator
Hello good afternoon.
We are currently integrating our cPanel servers with an external relay.
This relay will perform the cleaning of emails, in addition to speeding up delivery.

One of the points of this external relay is that it allows transmitting e-mails only from correctly configured domains, that is, SPF and DKIM, so the e-mails that are retransmitted are not taxed as spam.

So far no problem, everything working very well.

The problem happens when I create a forwarder in cpanel, as follows:

[email protected] - Original Sender
[email protected] - Original Recipient
[email protected] - Forward Recipient
(These are just examples, original sender and forward container can be from any domain)

We currently use customizations in the following items from exim to allow the relay of emails from the server.

Section: AUTH
Section: ROUTERSTART
Section: POSTMAILCOUNT
Section: TRANSPORTSTART


I would like your help to know what exactly I have to do to allow emails to be forwarded through the original recipient.
Remembering that we have already activated SRS on cpanel without success for this specific case.

In contact with cpanel support, we were informed that we would have to adjust
headers_rewrite
But due to our low familiarity with exim, we are not able to make such adjustments.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston
Thanks for that. Their explanation was a lot more detailed than just change headers_rewrite and they provided resources for you:

This is not working because our SRS feature is not designed for the task that you are attempting to use it for.

The SRS feature only does very minimal rewriting for the purpose of allowing PTR checks to pass.

Here is an example of how it works:

[email protected] - Original Sender
[email protected] - Original Recipient
[email protected] - Forward Recipient

The message is received by cPanel from [email protected].
During the forward, cPanel rewrites the email address from [email protected] to something like the following:

srs0=vzcsgv=wz=gmail.com=[email protected]

Notice that the SRS feature intentionally retains all of the original information in the from address to ensure that it is possible to track down abuse, but it does so in a way that allows for the PTR check to pass.

It is my understanding that in order for your remote relay server to accept the message, you would need for Exim to rewrite the sender information entirely so that messages from [email protected] would be rewritten to appear to come from [email protected] .
This isn't something that the SRS feature does and it isn't a functionality that is performed by cPanel.

They also suggested you use the headers_rewrite option as noted in the exim documentation:
The Exim documentation goes into depth about how to setup this kind of configuration here:
https://www.exim.org/exim-html-current/doc/html/spec_html/ch-address_rewriting.html

After reviewing the documentation, I believe this portion is of particular interest for you:

At transport time, additional rewriting of addresses in header lines can be specified by setting the generic headers_rewrite option on a transport. This option contains rules that are identical in form to those in the rewrite section of the configuration file. They are applied to the original message header lines and any that were added by ACLs or a system filter. They are not applied to header lines that are added by routers or the transport.


It seems likely that using the headers_rewrite option in the sender25_smtp transport may work for you, but this would need to be verified and tested by an email administrator that has the specialized expertise required to properly determine this for you.
Now, I don't see that you've noted what service you're using to relay in the ticket, or is this a relay that you've set up on your own? In a lot of cases providers that do this will have options for forwarded mails, otherwise, the technician is correct and if you're unfamiliar with exim and uncomfortable with making the modifications in the exim documentation you would need to contact a system administrator.
 

andersondeda

Member
Apr 29, 2020
6
1
3
Brasil
cPanel Access Level
Root Administrator
Hello.
I apologize if at any time I have implied that the support was not efficient or did not answer me, it really was not what I meant.

My intention in coming here on the forum was precisely to try to find a solution to this issue, once I understood that I will have to change some settings in exim.

I understand that here there must be people with great exim knowledge and this may not be something out of this world, since we are not inventing something new.
What we are looking for is to relay emails through a relay.
Our intention is to unify dozens of cPanel servers by sending emails through a single location with hundreds of ips.
This makes delivery more efficient, and of course the entire administration.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston
Not at all I just wanted to make it clear that there was a lot more to that response which was really informative and knowing the whole story/as much information as possible is always helpful to find resolutions to issues like this.

Now, I don't see that you've noted what service you're using to relay in the ticket, or is this a relay that you've set up on your own? In a lot of cases providers that do this will have options for forwarded mails, otherwise, the technician is correct and if you're unfamiliar with exim and uncomfortable with making the modifications in the exim documentation you would need to contact a system administrator.
This was also a really important question because it could help save you a lot of time (potentially)
 

andersondeda

Member
Apr 29, 2020
6
1
3
Brasil
cPanel Access Level
Root Administrator
This is a relay that I set up on my own.
We only accept domains that have been previously configured (SPF and DKIM), so emails are sent without further problems.

The problem is when message forwarding happens, we are unable to relay, since this message comes from gmail.com and not from the domain hosted with cpanel.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston
Ok, so there won't be any easy solutions for this as is sometimes the case with services who develop their own relays. Your only option would be to use the exim documentation to come up with a solution our SRS which does perform a rewrite does not do an exact match but that is a requirement of your relay. With the configuration you have, I don't see another way around this than using headers_rewrite.

Some further resources on how to accomplish this:

This is an example of a system filter a user added:


I can show you in the right direction but we can't do this for you. If you don't know how to do this and reading the documentation doesn't help you will need a system administrator familiar with custom exim configurations to assist you. If you don't have one you might find one here: System Administration Services
 

andersondeda

Member
Apr 29, 2020
6
1
3
Brasil
cPanel Access Level
Root Administrator
Hello good day.
I will look for someone with exim experience to assist us in this project.
While I can't find this professional, I've been thinking about a temporary way to solve the problem.
One of the ways to do this is by identifying messages that are forwarded, so we would make adjustments to the relay.

For that reason I ask if I can add something like:
forwarder: yes

If I can add this in the header, I can identify this message as forwarded, after that I can try to make adjustments to the email header in the relay

How could I add this information to cpanel? Considering all emails that are automatically forwarded.