External Antispam for Domains hosted on cPanel


Feb 19, 2012
cPanel Access Level
Root Administrator
we have a WHM 11.30.6 (build 3) cPanel , with multiple domains hosted on it, the DNS for these domains is the same as the cPanel server, And we have an External dedicated AntiSPAM appliance which is configured to accept mails from this domain, scan them and forward them to the domain's server.

what we want to achieve is to use the external AntiSPAM to scan all incoming mails for a specific domain hosted on the cpanel, lets say mydomain.com,this should be done by changing the MX Records priority to point to the AntiSPAM box, and the secondary on the cpanel box, so the DNS should be something like this

mydomain.com IN MX 10 MyAntiSPAM <-- This is the Antispam box record
mydomain.com IN MX 20 mail.mydomain.com <-- This is the cPanel server

I've tried the different e-mail routing options, but they all failed, below is the error on each option:
- when setting the Email Routing option to automatically detect, it selects the "Backup" option by default,
but with this error [The mail keep looping between the 2 boxes] :

554 5.4.6 Too many hops 26 (25 max): from <mym[email protected]> via MyAntiSPAM, to <[email protected]>

Final-Recipient: RFC822; [email protected]
Action: failed
Status: 5.4.6
Diagnostic-Code: SMTP; 554 5.4.6 Too many hops
Last-Attempt-Date: Sun, 19 Feb 2012 10:55:08 +0200

- Changing it to Local Mail Exchanger , mails are delivered direct to the cpanel and not through the antispam box [seems it overrides the DNS MX priorities ] .

- Changing it to Remote Mail Exchanger, is not working as well , with the below error :

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550-mail-tul01m020-f170.google.com [] is currently not permitted
550-to relay through this server. Perhaps you have not logged into the pop/imap
550-server in the last 30 minutes or do not have SMTP Authentication turned on
550 in your email client. (state 14).

tried checking /etc/localdomains /etc/remotedomains /etc/secondarymx , and the domain is there according to the scenario from above ....

Please help what is the optimum configuration for this ?