Configuring Exim with cPanel and WHM for Spam Experts mail routing
Hosted Cloud
For private label MX users, the default Spam Experts records in Step 8, should be replaced with the custom MX records which are used for your customers
e.g. instead of: {mx.spamexperts.com:fallbackmx.spamexperts.eu:lastmx.spamexperts.net}
, use {mx1.mycusomrecord.invalid:mx2.mycustomrecord.invalid:mx3.mycustomrecord.invalid}
To restrict deliveries to your WHM server from our filtering nodes only when domains use the Spam Experts MX records:
- SSH to the WHM server
- Create a new file
/opt/setest
with the following content: - Save the file
- Create a new file
/opt/setestptr
with the following content: - Save the file
- Chmod the file using the following command:
- Open the Exim Configuration Editor and enable the Advanced Mode and search for 'custom_begin_recp_verify'
- Paste the following into the box provided:
- Save the configuration
#!/bin/bash
host -t MX $1 | sort -n -k1 | cut -d ' ' -f 7 | sed -e 's/\.$//' | xargs | sed -e 's/ /:/g' | tr -d '\n'
#!/bin/bash
host -t PTR $1 | cut -d ' ' -f5 | sed 's/\.$//g' | tr -d '\n'
chmod +x /opt/setest && chmod +x /opt/setestptr
######################################################################################
## Start SpamExperts verification
defer
!condition = ${if match_domain{${run {/opt/setestptr $sender_host_address}}}{*.antispamcloud.com}}
set acl_m_mx_records = ${run {/opt/setest $domain}}
condition = ${if eq{$acl_m_mx_records}{mx.spamexperts.com:fallbackmx.spamexperts.eu:lastmx.spamexperts.net}}
message = Please deliver mail to the address specified in the MX records for this domain.
## End SpamExperts verification
######################################################################################
This configuration does the following:
- If the MX records of the domain are exactly set to those in the condition:
- Accept mails if they originate from the hosts with the PTR *.antispamcloud.com or localhost
- Reject direct deliveries not originating from the 'safe' hosts
- If the domain does not have their MX records configured as in the Exim configuration, it is assumed that they are not behind the filter and direct deliveries are accepted (given it passes the default ACL settings)
Local Cloud
To restrict deliveries to your WHM server from your filtering nodes only when domains use the SpamExperts MX records please do the following:
- Create a delivery hostname in your DNS using A records that point to each of your primary IPs
- SSH to the WHM server
- Create a new file
/opt/setest
with the following content: - Save the file
- Create a new file
/opt/setestptr
with the following content: - Save the file
- Chmod the file using the following command:
- Open the Exim Configuration Editor and enable the Advanced Mode and search for 'custom_begin_recp_verify'
- Paste the following into the box provided:
- Save the configuration
delivery.demo-domain.invalid > A > Primary IP node 1
delivery.demo-domain.invalid > A > Primary IP node 2
delivery.demo-domain.invalid > A > Primary IP node 2
Please note in this article uses 'demo-domain.invalid' as the root hostname for your nodes.
#!/bin/bash
host -t MX $1 | sort -n -k1 | cut -d ' ' -f 7 | sed -e 's/\.$//' | xargs | sed -e 's/ /:/g' | tr -d '\n'
#!/bin/bash
host -t PTR $1 | cut -d ' ' -f5 | sed 's/\.$//g' | tr -d '\n'
chmod +x /opt/setest && chmod +x /opt/setestptr
######################################################################################
## Start SpamExperts verification
defer
!condition = ${if match_domain{${run {/opt/setestptr $sender_host_address}}}{*.demo-domain.invalid}}
set acl_m_mx_records = ${run {/opt/setest $domain}}
condition = ${if eq{$acl_m_mx_records}{mx1.example.invalid:mx2.example.invalid:mx3.example.invalid}}
message = Please deliver mail to the address specified in the MX records for this domain.
## End SpamExperts verification
######################################################################################
This configuration does the following:
- If the MX records of the domain are exactly set to those in the condition:
- Accept mails if they originate from the hosts with the PTR *.demo-domain.invalid or localhost
- Reject direct deliveries not originating from the 'safe' hosts
- If the domain does not have their MX records configured as in the Exim configuration, it is assumed that they are not behind the filter and direct deliveries are accepted (given it passes the default ACL settings)