The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Relay all mail through spam filtering appliance

Discussion in 'E-mail Discussions' started by park6469, Apr 30, 2010.

  1. park6469

    park6469 Registered
    PartnerNOC

    Joined:
    Aug 17, 2009
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    I need to configure my cPanel servers to relay messages sent through exim to a spam filtering appliance that resides on our network.

    How can I go about doing this through the exim.conf?

    We were going to try and use iptables, but this is not going to be a valid option since the iptables modules are unavailable for these particular servers. We do use several control panel software packages and on one of these, we edited the "lookuphost:" portion of the exim.conf file, but this does not seem to work for cPanel.

    Thanks
     
  2. WiredTree Joe

    WiredTree Joe Well-Known Member
    PartnerNOC

    Joined:
    Dec 13, 2006
    Messages:
    68
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Chicago, IL
    Why not directly point your MX records for the domains that are going to use the spam appliance to the IPs on spam appliance itself? Most spam appliances can then send filtered mail to where ever you need from there. It just seems like unneeded work to try to have Exim send the email off server when you can just bypass it with your MX records to get the same results. Maybe your set up is different than what I normally see.

    On a side note, the default RBLs and Spam Assassin provided by cPanel do pretty darn well out of the box for spam filtering. Anything that gets through the server level spam filtering on my personal domain is then handled by my mail client.
     
  3. park6469

    park6469 Registered
    PartnerNOC

    Joined:
    Aug 17, 2009
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Changing the MX records is not an option because this applies to OUTGOING mail not incoming. The spam appliance prevents hosting accounts on our server from sending out spam by filtering out the junk mail once it hits the spam appliance.

    Configuring through exim is the most desired option.
     
  4. Grimster

    Grimster Registered

    Joined:
    Feb 16, 2010
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    RBL's don't do much good for OUTGOING spam. And I don't believe spamassassin filters email sent FROM the system either, though it'd almost be kinda nice if it did!

    I've also tried to get cpanel to RELAY through an external smtp server with no luck, I'm sure I'm missing a very simple setting.

    In Directadmin, which also uses Exim/Dovecot I simply replace the default lookuphost: section with this:

    Code:
    lookuphost:
      driver = manualroute
      domains = ! +local_domains
      ignore_target_hosts = 127.0.0.0/8
      condition = "${perl{check_limits}}"
      transport = remote_smtp
      route_list = * RELAYIP byname
      no_more
    Doing the same in Cpanel's exim setup breaks it, horribly!

    So back to the real question, HOW do you get Cpanel/Exim to RELAY ALL OUTGOING EMAIL through another server?
     
  5. cesarlwh

    cesarlwh Well-Known Member

    Joined:
    Sep 23, 2008
    Messages:
    61
    Likes Received:
    0
    Trophy Points:
    6
    HOW do you get Cpanel/Exim to RELAY ALL OUTGOING EMAIL through another server?
     
  6. hodfords

    hodfords Active Member

    Joined:
    Feb 22, 2002
    Messages:
    43
    Likes Received:
    1
    Trophy Points:
    6
    We want to know how too!
    In fact, there are many people who want to know....
     
  7. mopar93

    mopar93 Registered

    Joined:
    Jan 3, 2011
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    The fix is very simple. It can't be done from the WHM panel, at least not as of Version 11.28, but you can do it manually with a text editor and very little editing.

    Log into your server through SSH to a command shell as the root user. Using the text editor "pico" or "nano", we'll edit the exim config file. Issue the following command:

    pico /etc/exim.conf

    This loads exim.conf into the editor.

    Scroll down until you find the "lookuphost" router. This will be a series of lines that look like the following:

    lookuphost:
    driver = dnslookup
    domains = ! +local_domains
    #ignore verisign to prevent waste of bandwidth
    ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 64.94.110.0/24
    headers_add = "${perl{mailtrapheaders}}"
    transport = remote_smtp

    Change the "driver = dnslookup" line to the following:

    driver = manualroute

    Then below the last line that says "transport = remote_smtp", add the following lines:

    route_list = * xx.xx.xx.xx
    host_find_failed = defer
    no_more

    The "xx.xx.xx.xx" should be replaced with the IP address of the remote email server. Use the actual IP address rather than the domain name so that exim doesn't have to repeatedly look up the IP address on every outgoing email. Make sure there is a space between the asterisk and the IP address. The asterisk indicates that ALL outgoing mail will go to the remote email server.

    The "host_find_failed = defer" line will tell exim to hold the mail in its mail queue if the remote host is down for any reason. It will send the mail out once the remote host is available.

    Now, press CTRL-x to save the file and exit pico. Your changes will go into effect once you restart exim. You can do that from the WHM panel or from CentOS while you are still in the shell, the following command works:

    /etc/init.d/exim restart

    Of course, it's beyond the scope of this message, but the remote email server will also have to be configured to relay email from your server.

    One thing to remember is if you do an update to exim, your changes will most likely be overwritten and you'll have to manually edit the file again. Maybe this feature can be added to a future WHM release. It would be very easy to implement.

    -Maurice
     
  8. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Actually, you can setup a smarthost in WHM > Exim Configuration Editor > Advanced Editor section, which would handle this using these steps:

    1. Log into WHM
    2. Click on Exim Configuration Editor > Advanced Editor
    3. Find this section:

    Directly below it in the box there, put the following:

    Code:
    send_to_smart_host:
    driver = manualroute
    route_list = !+local_domains mailfilterserver.domain.com
    transport = remote_smtp
    Change mailfilterserver.domain.com to the name of the filtering server. Save the area.
     
  9. mopar93

    mopar93 Registered

    Joined:
    Jan 3, 2011
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanelTristan's method is better because you don't have to worry about exim.conf getting replaced periodically. I've run into that problem twice now in the past week. So, I decided to use cPanelTristan's suggestion.

    However, in my case, I changed it around a little because I use two smarthosts. This way, if one email server is down for any reason, the other one will still get the mail delivered. Plus I added the defer line in case both are down. Here's the code I put in the box where cPanelTristan described:

    send_to_smart_host:
    driver = manualroute
    domains = !+local_domains
    route_list = * "xx.xx.xx.xx : yy.yy.yy.yy" randomize
    host_find_failed = defer
    transport = remote_smtp

    xx.xx.xx.xx and yy.yy.yy.yy are my two outgoing mail servers. Replace those with the IP addresses of your two mail servers. If you have 3 outgoing servers, just add another one separated by a colon. The "randomize" command will tell exim to pick an outgoing server randomly. Without that, I think it will always choose the first one. You can put the domain names there instead of the IP addresses, but I like to use the actual IP addresses to save a DNS lookup on every outgoing email. The IP's don't change anyway.

    Hopefully this will hold up between updates and overwrites.

    Thanks Tristan, for the hint on where to put this code.

    -Maurice
     
  10. SoftDux

    SoftDux Well-Known Member

    Joined:
    May 27, 2006
    Messages:
    983
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Johannesburg, South Africa
    cPanel Access Level:
    Root Administrator
    If I want to make use of a SmartHost to relay all email from one of our cPanel servers, do I need todo anything specific on the Smarthost as well?
     
  11. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    We would need to know what MTA and filtering appliance you will be using for the machine that will be handling email relayed from the cPanel one. It isn't possible currently to answer that question. I would presume the smart host machine must accept email relayed through it, though, so that it filters the email, then sends it on its merry way.
     
  12. SoftDux

    SoftDux Well-Known Member

    Joined:
    May 27, 2006
    Messages:
    983
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Johannesburg, South Africa
    cPanel Access Level:
    Root Administrator

    Tristan,

    How do I tell Exim inside WHM (i.e. following these steps) to use SMTP authentication?
     
Loading...

Share This Page