Possible? (Exchange smart host/relay with spam filter)


Jul 26, 2009

Please forgive me if this has been asked already, but I did look around first and couldn't find what I was looking for.

-cPanel server (current build as of today, CentOS)
-default exim configuration
-several dozen domains being hosted locally

1-want to configure cPanel/Exim to relay outgoing mail for specific clients running internal Exchange 2003 and/or 2007 servers

2-accept incomming mail for same set of clients (in addition to my existing domains) and provide sanitation (via spamassassin, rbl's, etc) and forward the result to the client exchange servers for final delivery

3-(optional) if possible, add some form of basic authentication between the client exchange server and my cPanel server (to prevent domain or account spoofing), at least for outgoing messages. Just checking if the users account exists would be sufficient.

4-these clients may or may not have their web site hosted on my server (I don't want it be a requirement)

I will have full access to both the exchange servers and (most) DNS zone records so making those changes won't be too hard.

Has anyone attempted this and is there any documentation for doing this?

Basically I'm trying to resolve some common client problems in one shot:
-mail santiation service (filter out spam) for exchange users
-limited mail relay service (solve problems with reverse lookups on dynamic IP's or poorly constructed networks, missing PTR records, etc), where the ISP's relay servers don't work well
-limited mail redundancy (buffer mail delivery for server maintenance)


Dec 7, 2007
I am looking for the same config

I would like the same type of setup.

Does anyone have an idea how to set this up?


Well-Known Member
Jan 28, 2005
I set up a similar configuration for my employer

You need:

  • MailScanner (Configserver do this cheaply and well)
  • Exim configuration changes - nickpack.com - Using Exim as a smarthost
  • Either a mail account for each exchange server or global allow their IP (For outbound relay)
  • Some extra exim ACL's for verifying the existance of the exchange users (to prevent backscatter)

You basically configure mailscanner to scan inbound and outbound mail, set up the staticroute driver for exim, then add your relay to hosts for each domain to the config file for the staticroute driver.

Add your own acl's to exim to verify the exchange recipients and reject messages at SMTP time if the recipient doesnt exist, but with defer=ok in the acl conditions to allow for the exchange servers being down (this means that all mail for the domain in question will queue if the exchange server is down - this leads to a tiny bit of backscatter in some instances, but I havent found a more reliable way of doing it yet). - there is an example of remote recipient verification in the exim faq somewhere - dont have it to hand
Last edited:


Well-Known Member
Oct 27, 2005
I do this same thing for several clients, but a bit differently than it seems others do it.

What I want is for cpanel to be a spam scanner for a domain, but for the client to be fully Exchange, with no settings on the cpanel server.

Here is how to do it. It doesn't matter if the domain is hosting web on the cpanel server or not, basically it works either way.

Setup a static route for the domain

For accounts that have remote DNS:
domain.com: mailad.domain.com

For accounts that are using a static IP:

Add the domain to /etc/secondarymx

Reinit mailscanner to add spam scanning (or wait over night)
/usr/mscpanel/mscpanel.pl -i

It is best to add the Exchange server to the whitelists in the Exim configuration so that no mail is blocked.

If you are having problems with mail being spam scanned when it is totally internal, then add a whitelist entry to your spam rules like this:

whitelist_from_rcvd *@domain.com 00-00-00-00.where.fdn.com

where "00-00-00-00.where.fdn.com" is the fdn that shows up in mailscanner when the mail is sent.

Once everything is setup, just point the mail to the cPanel server and it will forward it to Exchange.

You can setup OWA by using a subdomain, such as exchange.domain.com and forward it that to the address you would access OWA by.
Last edited: