Forward certain domain emails to Smart Host

kissmathis

Registered
Mar 2, 2012
2
0
51
cPanel Access Level
Root Administrator
THis is my first post. I got an SMTP.COM account and I want all my mails to route through them as a smarthost. However they require smtp authentication, so far I know how to relay mail to their server but not how to authenticate it.
 

William894

Registered
Aug 30, 2012
2
1
1
Bloemfontein, Free State, South Africa
cPanel Access Level
Root Administrator
Good Day,

I am trying to setup routing for only outbound emails for a single domain on a shared hosting environment using exim for emails (obviously).

The emails are to be filtered through a service called/with mimecast and I have managed to have the inbound emails filtered to their servers and then sent to the hosting server without any problems however I have tried the configuration I quoted below which created an infinite loop between mimecast and the hosting server causing the emails to be rejected and the outbound emails still was not sent via the mimecast service.

You could do the following. First, you would need to create a file /etc/staticroutes and then input the domains with the IPs they would be routing to off the server:

Code:
domain.com1: mail.location1.com (the MX record pointing to the off site server)
domain.com2: mail.location2.com (the MX record pointing to the off site server)
Code:
static_route:
   driver = manualroute
   transport = remote_smtp
   route_data = ${lookup{$domain}lsearch{/etc/staticroutes}}
I have also tried the following 2 pieces of code that have failed to have the outbound mail sent to the mimecast server to be sent out:

Code:
smart_route:
    driver = manualroute
    domains = !+local_domains
    transport = remote_smtp
    route_data = ${lookup{$domain}lsearch{/etc/staticroutes}}
and

Code:
 smart_route:
  driver = manualroute
  domains = domain.tld //obviously removed the domain address
  transport = remote_smtp
  route_list = * mail74.example.co.za
The remote server with example has been setup to accept connections from the server via port 25 which I have tested through telnet.

If anyone has had to setup the same thing and could let me know where I am going wrong and/or point me in the right direction that would be great.

Thank you
 
Last edited:
  • Like
Reactions: HHaaland

sneader

Well-Known Member
Aug 21, 2003
1,178
57
178
La Crosse, WI
cPanel Access Level
Root Administrator
I'd love to help, but I really have no idea what you are trying to do. Perhaps if you were more detailed on how you expect a message to be routed, like so:

1) Person at AOL sends mail to [email protected].
2) MX record for domain.tld points to mail74.mimecast.co.za so message is send to that server.
3) mail74.mimecast.co.za filters the message, then sends the message to our hosting server.
4) Our server then has a static route to route the message to ????

If you spell it out like this, it should be more clear, and I, or someone, can help.

- Scott
 

William894

Registered
Aug 30, 2012
2
1
1
Bloemfontein, Free State, South Africa
cPanel Access Level
Root Administrator
Good Day,

I thought there might be a bit of confusion so here is the simple explanation.

- Emails/Email addresses for domain.tld are hosted on on "shared server x"
- The mx records for domain.tld is set to point to mail74.example.com so all emails are sent there and their server then hands the emails off to "shared server x" so that the users can download the emails from the server
(So far this is working without any problems by keeping the domain in the local domains list so that the "shared server x" doesn't send the emails to the mx records)

- Outbound emails for domain.tld are sent to "shared server x" which then needs to hand off the emails to mail74.example.co.za to send out to the world.

I sent an email on the exim mailing list and got the following suggestion back:
Code:
smarthost:
  driver = manualroute
  domains = !+local_domains
  route_data = mail74.example.co.za
  transport = remote_smtp
  no_more
This did route the outbound emails to mail74.example.co.za however it routed the emails for all domains on the server and not just the emails for domain.tld

In short it should be working like this:
INBOUND
World -> mail74.example.co.za -> "Shared Server X" -> Email User (This works)

OUTBOUND
Email User -> "Shared Server X" -> mail74.example.co.za -> World (This is currently not working)
 
Last edited:

lockefaltaba

Member
Oct 24, 2012
11
0
1
cPanel Access Level
Root Administrator
You could do the following. First, you would need to create a file /etc/staticroutes and then input the domains with the IPs they would be routing to off the server:

Code:
domain.com1: IP#1
domain.com2: IP#2
Replace the domain name and the IP with the correct domain name and IP for each one.

Alternatively, you could put into that file:

Code:
domain.com1: mail.location1.com (the MX record pointing to the off site server)
domain.com2: mail.location2.com (the MX record pointing to the off site server)
Again, replace the domain name and the mail server's name with the correct domain name and mail server name for each one.

Next, you would need to go to WHM > Exim Configuration Editor > Advanced Editor and locate the routers area there, then put this into that routers box:

Code:
static_route:
   driver = manualroute
   transport = remote_smtp
   route_data = ${lookup{$domain}lsearch{/etc/staticroutes}}
Thanks.
Hi tristan, I have a recent post asking for this same thing .... I think (http://forums.cpanel.net/f43/smarthost-all-but-dedicated-ips-315991.html#post1297251)

But in my case, the domains which should not be routed through the SmartHost are lots of them, and the ones to be routed through the dedicated IP they have are much less. So what would be the way to set this kinda "exclude this ones from routing thru the SmartHost" ??
 

jsilvestre

Member
Jul 7, 2005
24
0
151
Hello Guys,

regarding this topic... We are testing a Comodo Antispam Gateway in a bunch of servers. The configuration that we are using is from their kb <http://help.comodo.com/topic-157-1-288-4545-configuring-exim---cpanel-to-use-a-smarthost.html>.

This servers have a few IPs and 200 domains (some of them with dedicated IP for web and mail). However i just want give this service "as trial" for some customers. How can i make a condition to just relay if based on mailips, match with one or more IPs (xxx.xxx.xxx.6) or based on interface (eth0 , eth0:1, etc)

E.g (/etc/mailips)

domain1:xxx.xxx.xxx.1
domain2:xxx.xxx.xxx.2
domain3:xxx.xxx.xxx.3
domain4:xxx.xxx.xxx.4
domain5:xxx.xxx.xxx.5
*:xxx.xxx.xxx.6

Looking for your feedback.
 

gatorregesdahl

Registered
Apr 27, 2012
2
0
51
cPanel Access Level
Root Administrator
I know this is a rather old thread, but I wanted to let everyone know I have managed to come up with an Exim router configuration that works to forward only mail from certain configured domains to a smarthost, just in case anyone needed it or if the Powers That Be wanted to use it for something. Here it is:

First, put this in the @[email protected] section of /etc/exim.conf.local:
Code:
hostlist smart_hosts = lsearch;/etc/smarthosts
Then, put this in @[email protected]:
Code:
smarthost_dkim:
  driver = manualroute
  domains = !"+local_domains +smart_hosts"
  condition = "${if eq{${lookup{$sender_address_domain}partial-lsearch{/etc/staticroutes}{$value}}}{}{false}{true}}"
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 64.94.110.0/24
  headers_add = "${perl{mailtrapheaders}}"
  require_files = "+/var/cpanel/domain_keys/private/${sender_address_domain}"
  transport = remote_smtp_smart_dkim
  route_list = !+local_domains "${lookup{$sender_address_domain}partial-lsearch{/etc/staticroutes}}"


smarthost_regular:
  driver = manualroute
  domains = !"+local_domains +smart_hosts"
  condition = "${if eq{${lookup{$sender_address_domain}partial-lsearch{/etc/staticroutes}{$value}}}{}{false}{true}}"
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 64.94.110.0/24
  headers_add = "${perl{mailtrapheaders}}"
  transport = remote_smtp_smart_regular
  route_list = !+local_domains "${lookup{$sender_address_domain}partial-lsearch{/etc/staticroutes}}"
Then, this in @[email protected]:
Code:
remote_smtp_smart_dkim:
  driver = smtp
  hosts_require_tls = *
  interface = ${if exists {/etc/mailips}{${lookup{$sender_address_domain}lsearch*{/etc/mailips}{$value}{}}}{}}
  helo_data = ${if exists {/etc/mailhelo}{${lookup{$sender_address_domain}lsearch*{/etc/mailhelo}{$value}{$primary_hostname}}}{$primary_hostname}}
dkim_domain = $sender_address_domain
dkim_selector = default
dkim_private_key = "/var/cpanel/domain_keys/private/${dkim_domain}"
dkim_canon = relaxed

remote_smtp_smart_regular:
  driver = smtp
  hosts_require_tls = *
  interface = ${if exists {/etc/mailips}{${lookup{$sender_address_domain}lsearch*{/etc/mailips}{$value}{}}}{}}
  helo_data = ${if exists {/etc/mailhelo}{${lookup{$sender_address_domain}lsearch*{/etc/mailhelo}{$value}{$primary_hostname}}}{$primary_hostname}}
Make sure /etc/staticroutes and /etc/smarthosts exists and run /scripts/buildeximconf to regenerate the configuration. To actually use it, add the smarthost domain name to /etc/smarthosts and a line like this (per domain) to /etc/staticroutes:
Code:
domain.com: smarthost.com
The domains can do partial matching, so something like this will also work:
Code:
*.sub.domain.com: smarthost.com
This does not do authentication yet, so be forewarned that you will need more modifications if you need that. I hope this helps someone out there!
 

bobster

Registered
Mar 4, 2014
3
0
1
cPanel Access Level
Root Administrator
Just want to thank Gatorregesdahl, your post worked perfectly!!

for those that also need this. I had to make to obvious modifications:

Modification1
change:
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 64.94.110.0/24
to:
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : your.server.ip

Modification 2:
if TLS is not setup simply remove this line in @[email protected]:
hosts_require_tls = *

obviously TLS is recommented!
 

cliper

Registered
May 2, 2014
4
0
76
cPanel Access Level
Root Administrator
Just want to make sure. Did gatorregesdahl solution solves this example?

outbound1-certain-domains.com => Amazon SES
outbound2-common.com => from host (local server)


What I'd like to accomplish is to be able to send e-mails from

outboud1.com using Amazon SES through SMTP. There would be specific domains of this.

and also, for those domains that are not listed should use the default outbound route which is the server itself.

can someone confirm this? thanks!
 

hlastimosa

Member
Aug 6, 2014
8
0
1
cPanel Access Level
Root Administrator
Does this work even if you do not have a dedicated IP from your smarthost (e.g. MailChimp)

I have tried gatorregesdahl's steps above with the following configuration

1. /etc/smarthosts

domain1.tld: smtp.mandrillapp.com

2. /etc/staticroutes
domain1.tld: smtp.mandrillapp.com

and Getting the rest of the configuration to the specific routers indicated.
After restarting Exim , it would error out and say "unroutable address"

Do I need to add and MX record for the domain in the /etc/smarthosts and point it to mandrilla?

Thank you!
 

feanorknd

Member
Sep 28, 2005
21
1
153
Helo:

I will share my easy way to use mandrill smarthost only for one domain at cpanels server.


Section: AUTH

mandrilldomain1:
driver = plaintext
public_name = LOGIN
hide client_send = : <MANDRILL_SMTP_LOGIN> : <MANDRILL_SMTP_API_KEY>


Section: PREROUTERS (attention to <my_domain>, is just mydomain.tld)

mandrilldomain1router:
driver = manualroute
domains = ! +local_domains
condition = "${if eq {$sender_address_domain}{<my_domain>}{true}{false}}"
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 64.94.110.0/24
headers_add = "${perl{mailtrapheaders}}"
transport = mandrilldomain1transport
route_list = * smtp.mandrillapp.com


Section: TRANSPORTSTART

mandrilldomain1transport:
driver = smtp
port = 587
hosts_require_auth = $host_address
hosts_require_tls = $host_address


And that is all..... the router will route outgoing mails from only my_domain (mydomain.tld), using AUTH, to mandrill transport.


Regards!
 

Azim

Well-Known Member
Oct 16, 2015
67
0
6
India
cPanel Access Level
Website Owner
Hello,
Thanks for your link and it seems it is quit difficult. Could you please help me how can I add multiple senders in below route,
#smarthost_App:
#driver = manualroute
# domains = !+local_domains
# senders = !*@domain1.com
# # Exclude null sender messages from relaying via the smarthost
# condition = ${if or {{!eq{$sender_address}{}} {!eq{$sender_host_address}{}}}}
# transport = remote_smtp_smart_gapp
# route_list = * smtp-relay.gmail.com

Can I use senders = !*@domain1.com;!*@domain2.com

Will multiple sender works ? Should I separate them using semi colon.

It would be really helpful if you could help me to modify the smarthost as per my requirement.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,202
363
Thanks for your link and it seems it is quit difficult. Could you please help me how can I add multiple senders in below route,
Could you review Post 27 and Post 28 of this thread and let us know if those steps work on your system? If not, could you let us know which step you are stuck with? Note you may find the following document helpful for background knowledge on editing the Exim configuration:

How to Edit the /etc/exim.conf File

Thank you.
 

lukekenny

Member
Jan 24, 2018
17
3
3
Melbourne, Australia
cPanel Access Level
Root Administrator
We have a client who would like to shield their Exchange server from the general Internet, so they would like to use our WHM / cPanel as the MX record for their domain, and have us relay all messages to them. It seems the configuration from gatorregesdahl above should work, and the following post. However, no matter what I do, inbound emails get rejected. For example, the bounce I get sending from an Office 365 server:

Code:
550 5.7.368 Remote server returned authentication required to relay -> 550 Please turn on SMTP Authentication in your mail client. ;mail-eopbgr1370075.outbound.protection.outlook.com;(AUS01-SY3-obe.outbound.protection.outlook.com) [40.107.137.75]:24719 is;not permitted to relay through this server without authentication.
It is definitely our server doing the rejecting. I can see in the maillog:

Code:
2020-06-09 00:18:27 H=mail-eopbgr1370075.outbound.protection.outlook.com (AUS01-SY3-obe.outbound.protection.outlook.com) [40.107.137.75]:24719 X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no F=<[email protected]> rejected RCPT <[email protected]>: Rejected relay attempt: '40.107.137.75' From: '[email protected]' To: '[email protected]'
The domain is hosted on this server, as we also host the customers website. The Email Routing is set to Remote Mail Exchanger (setting to Local causes different problems.)

I've tried many variants and fiddled but the response is always the same.

What do I need to add to the Exim config to allow SMTP Relay (or not require authentication) for emails addressed to the customers domain, as I do not believe they are even getting to the process in the exim.config.local above where they can be matched to the smart host configuration?
 

BinaryCrash

Registered
Jun 8, 2020
1
0
1
Brazil
cPanel Access Level
DataCenter Provider
I recently moved a cpanel server to another data center with different IPs and hotmail didn't want to receive emails from that new ips yet (never used ips), it wait for a few weeks before making the reputation.
So i used smart host feature to send the emails back to the old server to relay emails until the problem is fixed.
It was working until yesterday.
Today all my emails from the new server when reaching the old to relay return an error:

Code:
SMTP error from remote mail server after RCPT TO: <[email protected]>:
    550-Please turn on SMTP Authentication in your mail client.
    550-domain.removed.tld [xxx.xxx.xxx.xxx]: 58390 is not permitted to relay
    550 through this server without authentication.
I have two questions:

1 - How can we configure the server to let that IP server relay without authentication?
2 - How can i configure the server to use smarthost only for hotmail destination domains? Was hopping for something more simplier in the basic section of whm exim, in smarthosts. Using:
Code:
* otherserver.tld
Worked until yesterday.

On the relay i configured the IP block of the new server as trusted.