External mail server and SPF

[optize]

I'm considering creating a dedicated mail server that all of my cPanel servers send outbound mail to. The only problem I have is SPF. When someone sets up SPF in cPanel it generates it with the main system IP (afaik) which would obviously be wrong.

Is there a way to force cPanel to use my external mail server IP for any SPF setup requests instead?

 

[cPanelTristan]

There are two options for how to handle this. The first method would only set the main domain to use the external IP on account creation in the DNS Zone template, while the second method will work to set the IP for cPanel > Email Authentication area.

Method One - DNS zone template

First, you could remove the option to set it in cPanel for these accounts by removing "Email Authentication" area in WHM > Packages > Feature Manager for the set package the plan(s) is/are using, then hard-code in the WHM > DNS Functions > Edit Zone Templates area for each zone template to use the right IP for the SPF TXT record:

%domain%. IN TXT "v=spf1 a mx ip4:externalIP# ?all"

The above would have a hard-coded entry for the SPF record for the main domain. Please replace externalIP# with the IP number for the external machine. This zone template record would be used for new accounts during creation.

Please note that the zone templates are not used for addon, subdomain and parked domain name creations.

Method Two - Revising SPF.pm file

The /usr/local/cpanel/Cpanel/SPF.pm file handles the SPF installation script that runs "/usr/local/cpanel/bin/spf_installer username" and is also used in cPanel > Email Authentication area for setting the IP for the SPF record. First, make a backup of the file:

cp /usr/local/cpanel/Cpanel/SPF.pm /usr/local/cpanel/Cpanel/SPF.pm.bak

Next, if you revise the lines that have this:

my $mainip     = Cpanel::DIp::getmainserverip();

To have this instead:

my $mainip     = 'externalIP#';

By replacing externalIP# with the IP such as let's say it is 192.12.12.12, you'd get the following:

my $mainip     = '192.12.12.12';

This will then use the hard-coded IP when installing the SPF records. This will occur for all parked, addon, and subdomains on the account for the SPF installation. Whenever the user in cPanel > Email Authentication area enables SPF records, the hard-coded IP will be used.

Please note that the code entry occurs twice in the file (on lines 25 and 75 for my copy of /usr/local/cpanel/Cpanel/SPF.pm), so you would need to revise both entries. If you only revise the initial entry, only the main domain will be changed to that new hard-coded IP, while parked, addon, and subdomains will not be.

You may also want to put that file into the exclude list for cPanel so it does not get overwritten on cPanel updates:

echo "/usr/local/cpanel/Cpanel/SPF.pm" >> /etc/cpanelsync.exclude

 

[optize]

Wow, that was extremely helpful.

Thank you!

 

[MironJ]

Hello,

Does is possible to add another field under WHM >> Main >> Server Configuration >> Tweak Settings >> Mail, where we can enter (one or more) IP's that will be automatically added to SPF dns record when spf is enabled?

 

[cPanelTristan]

This sounds like a good feature request, which I would suggest posting this feature request over on that forum for the option you are seeking:

https://forums.cpanel.net/pages/cpfeatures/