The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Possible? (Exchange smart host/relay with spam filter)

Discussion in 'E-mail Discussions' started by sdixon2006, Jul 26, 2009.

  1. sdixon2006

    sdixon2006 Registered

    Jul 26, 2009
    Likes Received:
    Trophy Points:

    Please forgive me if this has been asked already, but I did look around first and couldn't find what I was looking for.

    -cPanel server (current build as of today, CentOS)
    -default exim configuration
    -several dozen domains being hosted locally

    1-want to configure cPanel/Exim to relay outgoing mail for specific clients running internal Exchange 2003 and/or 2007 servers

    2-accept incomming mail for same set of clients (in addition to my existing domains) and provide sanitation (via spamassassin, rbl's, etc) and forward the result to the client exchange servers for final delivery

    3-(optional) if possible, add some form of basic authentication between the client exchange server and my cPanel server (to prevent domain or account spoofing), at least for outgoing messages. Just checking if the users account exists would be sufficient.

    4-these clients may or may not have their web site hosted on my server (I don't want it be a requirement)

    I will have full access to both the exchange servers and (most) DNS zone records so making those changes won't be too hard.

    Has anyone attempted this and is there any documentation for doing this?

    Basically I'm trying to resolve some common client problems in one shot:
    -mail santiation service (filter out spam) for exchange users
    -limited mail relay service (solve problems with reverse lookups on dynamic IP's or poorly constructed networks, missing PTR records, etc), where the ISP's relay servers don't work well
    -limited mail redundancy (buffer mail delivery for server maintenance)
  2. amaltemara

    amaltemara Member

    Dec 7, 2007
    Likes Received:
    Trophy Points:
    I am looking for the same config

    I would like the same type of setup.

    Does anyone have an idea how to set this up?
  3. nickp666

    nickp666 Well-Known Member

    Jan 28, 2005
    Likes Received:
    Trophy Points:
    I set up a similar configuration for my employer

    You need:

    • MailScanner (Configserver do this cheaply and well)
    • Exim configuration changes - - Using Exim as a smarthost
    • Either a mail account for each exchange server or global allow their IP (For outbound relay)
    • Some extra exim ACL's for verifying the existance of the exchange users (to prevent backscatter)

    You basically configure mailscanner to scan inbound and outbound mail, set up the staticroute driver for exim, then add your relay to hosts for each domain to the config file for the staticroute driver.

    Add your own acl's to exim to verify the exchange recipients and reject messages at SMTP time if the recipient doesnt exist, but with defer=ok in the acl conditions to allow for the exchange servers being down (this means that all mail for the domain in question will queue if the exchange server is down - this leads to a tiny bit of backscatter in some instances, but I havent found a more reliable way of doing it yet). - there is an example of remote recipient verification in the exim faq somewhere - dont have it to hand
    #3 nickp666, Aug 26, 2009
    Last edited: Aug 26, 2009
  4. Serra

    Serra Well-Known Member

    Oct 27, 2005
    Likes Received:
    Trophy Points:
    I do this same thing for several clients, but a bit differently than it seems others do it.

    What I want is for cpanel to be a spam scanner for a domain, but for the client to be fully Exchange, with no settings on the cpanel server.

    Here is how to do it. It doesn't matter if the domain is hosting web on the cpanel server or not, basically it works either way.

    Setup a static route for the domain

    For accounts that have remote DNS:

    For accounts that are using a static IP:

    Add the domain to /etc/secondarymx

    Reinit mailscanner to add spam scanning (or wait over night)
    /usr/mscpanel/ -i

    It is best to add the Exchange server to the whitelists in the Exim configuration so that no mail is blocked.

    If you are having problems with mail being spam scanned when it is totally internal, then add a whitelist entry to your spam rules like this:

    whitelist_from_rcvd *

    where "" is the fdn that shows up in mailscanner when the mail is sent.

    Once everything is setup, just point the mail to the cPanel server and it will forward it to Exchange.

    You can setup OWA by using a subdomain, such as and forward it that to the address you would access OWA by.
    #4 Serra, Aug 31, 2009
    Last edited: Aug 31, 2009
  5. hostmedic

    hostmedic Well-Known Member

    Apr 30, 2003
    Likes Received:
    Trophy Points:
    Washington Court House, Ohio, United States
    cPanel Access Level:
    DataCenter Provider

Share This Page