Setting up email filtering for externally hosted domains?

meeven

Well-Known Member
May 8, 2007
132
2
168
I posted this on webhostingtalk.com (didn't get a response), but I should have probably posted here first as I am using cPanel/WHM.

I have a VPS with MailScanner (from configserver.com) set up for anti-virus/anti-spam. Now, every now and then, I get enquiries from people who only want spam/virus filtering without physically moving their hosting accounts to me.

It would seem that this is easy enough to accomplish by changing the MX records for those externally hosted domains to point to my MX servers. I myself use such a service from LuxSci.com.

However, I am unable to accomplish this on my VPS which runs cPanel/WHM. I changed the MX record for that domain to point to my mailserver, added the domain in question to /etc/localdomains on the VPS, but whenever I send an email from that domain to accounts on my VPS, they are rejected with the message:

550-Verification failed for
<[email protected]>
550-Unrouteable address
550 Sender verify failed
Interestingly, the same email sent to my gmail account has been delivered on every occasion. I checked that external domain on dnsstuff.com and it reports perfect records for all the MX tests.

Does anyone have an idea what I am doing wrong?

Thanks,
Meeven
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
33
473
Go on, have a guess
Looks like you're missing the last component of the link. If you have the MX record pointing to your server then you either have to park that domain against an account (or create an account) and then create mailboxes for the domain. Or, you need to forward the email on after scanning to the recipients mail server using an exim smart router:
http://forums.cpanel.net/showthread.php?t=18201

The latter is the usual way to achieve this.
 

meeven

Well-Known Member
May 8, 2007
132
2
168
Thanks!

My host did it for me by turning off sender verification in Exim configuration and it worked. I didn't have to physically create an account for that domain on the server running MailScanner or create the mailboxes. They said
Basically 'Sender Verification' is an Exim option to not accept mail from remote hosts that do not have port 25 open. For example, if you get mail from [email protected], and yahoo.com does not have a mailserver running on it, Exim will discard it.
Now, I am not sure if this means my server is open to mail relay attacks or whether I am opening up my server to more spam because it seems this is a global configuration affecting all domains on the server and not just the one that MailScanner is filtering.

By the way, MailScanner scanned emails from that external domain like a charm and properly delivered them:)
 
Last edited:

meeven

Well-Known Member
May 8, 2007
132
2
168
Or, you need to forward the email on after scanning to the recipients mail server using an exim smart router:
http://forums.cpanel.net/showthread.php?t=18201

The latter is the usual way to achieve this.
This seems more sensible that turning off sender verification in exim for all the domains on the server. If I used the exim smart router, I would't have to turn off sender verification in the MTA, right?

Thanks.