Configuring Exim with cPanel and WHM for Spam Experts mail routing

Hosted Cloud

For private label MX users, the default Spam Experts records in Step 8, should be replaced with the custom MX records which are used for your customers

e.g. instead of: {mx.spamexperts.com:fallbackmx.spamexperts.eu:lastmx.spamexperts.net}, use {mx1.mycusomrecord.invalid:mx2.mycustomrecord.invalid:mx3.mycustomrecord.invalid}

To restrict deliveries to your WHM server from our filtering nodes only when domains use the Spam Experts MX records:

  1. SSH to the WHM server
  2. Create a new file /opt/setest with the following content:

    3. #!/bin/bash
    host -t MX $1 | sort -n -k1 | cut -d ' ' -f 7 | sed -e 's/\.$//' | xargs | sed -e 's/ /:/g' | tr -d '\n'

  3. Save the file
  4. Create a new file /opt/setestptr with the following content:

    5. #!/bin/bash
    host -t PTR $1 | cut -d ' ' -f5 | sed 's/\.$//g' | tr -d '\n'

  5. Save the file
  6. Chmod the file using the following command:

    7. chmod +x /opt/setest  && chmod +x /opt/setestptr

  7. Open the Exim Configuration Editor and enable the Advanced Mode and search for 'custom_begin_recp_verify'
  8. Paste the following into the box provided:

    9. ######################################################################################
    ## Start SpamExperts verification
    defer
    !condition = ${if match_domain{${run {/opt/setestptr $sender_host_address}}}{*.antispamcloud.com}}
    set acl_m_mx_records = ${run {/opt/setest $domain}}
    condition = ${if eq{$acl_m_mx_records}{mx.spamexperts.com:fallbackmx.spamexperts.eu:lastmx.spamexperts.net}}
    message = Please deliver mail to the address specified in the MX records for this domain.
    ## End SpamExperts verification
    ######################################################################################

  9. Save the configuration

This configuration does the following:

  • If the MX records of the domain are exactly set to those in the condition:
    1. Accept mails if they originate from the hosts with the PTR *.antispamcloud.com or localhost
    2. Reject direct deliveries not originating from the 'safe' hosts
  • If the domain does not have their MX records configured as in the Exim configuration, it is assumed that they are not behind the filter and direct deliveries are accepted (given it passes the default ACL settings)

Local Cloud

To restrict deliveries to your WHM server from your filtering nodes only when domains use the SpamExperts MX records please do the following:

  1. Create a delivery hostname in your DNS using A records that point to each of your primary IPs

    2. delivery.demo-domain.invalid > A > Primary IP node 1
    delivery.demo-domain.invalid > A > Primary IP node 2
    delivery.demo-domain.invalid > A > Primary IP node 2

    Please note in this article uses 'demo-domain.invalid' as the root hostname for your nodes.

  2. SSH to the WHM server
  3. Create a new file /opt/setest with the following content:

    4. #!/bin/bash
    host -t MX $1 | sort -n -k1 | cut -d ' ' -f 7 | sed -e 's/\.$//' | xargs | sed -e 's/ /:/g' | tr -d '\n'

  4. Save the file
  5. Create a new file /opt/setestptr with the following content:

    6. #!/bin/bash
    host -t PTR $1 | cut -d ' ' -f5 | sed 's/\.$//g' | tr -d '\n'

  6. Save the file
  7. Chmod the file using the following command:

    8. chmod +x /opt/setest && chmod +x /opt/setestptr

  8. Open the Exim Configuration Editor and enable the Advanced Mode and search for 'custom_begin_recp_verify'
  9. Paste the following into the box provided:

    10. ######################################################################################
    ## Start SpamExperts verification
    defer
    !condition = ${if match_domain{${run {/opt/setestptr $sender_host_address}}}{*.demo-domain.invalid}}
    set acl_m_mx_records = ${run {/opt/setest $domain}}
    condition = ${if eq{$acl_m_mx_records}{mx1.example.invalid:mx2.example.invalid:mx3.example.invalid}}
    message = Please deliver mail to the address specified in the MX records for this domain.
    ## End SpamExperts verification
    ######################################################################################

  10. Save the configuration

This configuration does the following:

  • If the MX records of the domain are exactly set to those in the condition:
    1. Accept mails if they originate from the hosts with the PTR *.demo-domain.invalid or localhost
    2. Reject direct deliveries not originating from the 'safe' hosts
  • If the domain does not have their MX records configured as in the Exim configuration, it is assumed that they are not behind the filter and direct deliveries are accepted (given it passes the default ACL settings)