Configuring Exim with cPanel and WHM for SpamExperts mail routing

Hosted Cloud

For private label MX users, the default SpamExperts records in Step 8, should be replaced with the custom MX records which are used for your customers

e.g. instead of: {mx.spamexperts.com:fallbackmx.spamexperts.eu:lastmx.spamexperts.net}, use {mx1.mycusomrecord.invalid:mx2.mycustomrecord.invalid:mx3.mycustomrecord.invalid}

To restrict deliveries to your WHM server from our filtering nodes only when domains use the SpamExperts MX records:

  1. SSH to the WHM server
  2. Create a new file /opt/setest with the following content:
  3. #!/bin/bash
    host -t MX $1 | sort -n -k1 | cut -d ' ' -f 7 | sed -e 's/\.$//' | xargs | sed -e 's/ /:/g' | tr -d '\n'

  4. Save the file
  5. Create a new file /opt/setestptr with the following content:
  6. #!/bin/bash
    host -t PTR $1 | cut -d ' ' -f5 | sed 's/\.$//g' | tr -d '\n'

  7. Save the file
  8. Chmod the file using the following command:
  9. chmod +x /opt/setest  && chmod +x /opt/setestptr

  10. Open the Exim Configuration Editor and enable the Advanced Mode and search for 'custom_begin_recp_verify'
  11. Paste the following into the box provided:
  12. ######################################################################################
    ## Start SpamExperts verification
    defer
    !condition = ${if match_domain{${run {/opt/setestptr $sender_host_address}}}{*.antispamcloud.com}}
    set acl_m_mx_records = ${run {/opt/setest $domain}}
    condition = ${if eq{$acl_m_mx_records}{mx.spamexperts.com:fallbackmx.spamexperts.eu:lastmx.spamexperts.net}}
    message = Please deliver mail to the address specified in the MX records for this domain.
    ## End SpamExperts verification
    ######################################################################################

  13. Save the configuration

This configuration does the following:

  • If the MX records of the domain are exactly set to those in the condition:
    1. Accept mails if they originate from the hosts with the PTR *.antispamcloud.com or localhost
    2. Reject direct deliveries not originating from the 'safe' hosts
  • If the domain does not have their MX records configured as in the Exim configuration, it is assumed that they are not behind the filter and direct deliveries are accepted (given it passes the default ACL settings)

Local Cloud

To restrict deliveries to your WHM server from your filtering nodes only when domains use the SpamExperts MX records please do the following:

  1. Create a delivery hostname in your DNS using A records that point to each of your primary IPs
  2. delivery.demo-domain.invalid > A > Primary IP node 1
    delivery.demo-domain.invalid > A > Primary IP node 2
    delivery.demo-domain.invalid > A > Primary IP node 2

    Please note in this article uses 'demo-domain.invalid' as the root hostname for your nodes.

  3. SSH to the WHM server
  4. Create a new file /opt/setest with the following content:
  5. #!/bin/bash
    host -t MX $1 | sort -n -k1 | cut -d ' ' -f 7 | sed -e 's/\.$//' | xargs | sed -e 's/ /:/g' | tr -d '\n'

  6. Save the file
  7. Create a new file /opt/setestptr with the following content:
  8. #!/bin/bash
    host -t PTR $1 | cut -d ' ' -f5 | sed 's/\.$//g' | tr -d '\n'

  9. Save the file
  10. Chmod the file using the following command:
  11. chmod +x /opt/setest && chmod +x /opt/setestptr

  12. Open the Exim Configuration Editor and enable the Advanced Mode and search for 'custom_begin_recp_verify'
  13. Paste the following into the box provided:
  14. ######################################################################################
    ## Start SpamExperts verification
    defer
    !condition = ${if match_domain{${run {/opt/setestptr $sender_host_address}}}{*.demo-domain.invalid}}
    set acl_m_mx_records = ${run {/opt/setest $domain}}
    condition = ${if eq{$acl_m_mx_records}{mx1.example.invalid:mx2.example.invalid:mx3.example.invalid}}
    message = Please deliver mail to the address specified in the MX records for this domain.
    ## End SpamExperts verification
    ######################################################################################

  15. Save the configuration

This configuration does the following:

  • If the MX records of the domain are exactly set to those in the condition:
    1. Accept mails if they originate from the hosts with the PTR *.demo-domain.invalid or localhost
    2. Reject direct deliveries not originating from the 'safe' hosts
  • If the domain does not have their MX records configured as in the Exim configuration, it is assumed that they are not behind the filter and direct deliveries are accepted (given it passes the default ACL settings)

Disclaimer: This documentation may contain references to third party software or websites. N-able has no control over third party software or content and is not responsible for the availability, security, or operation, of any third-party software. If you decide to utilize a release involving third-party software, you do so entirely at your own risk and subject to the applicable third party’s terms and conditions of the use of such software. No information obtained by you from N-able or this documentation shall create any warranty for such software.