Ensure Delivery to Destination Servers

Microsoft Exchange

For more information, see the Microsoft documentation for Antispam protection in Exchange Server.

Ensure configuration as per:

• Exchange 2016-2019 Configuration

When a message is delivered to a SpamExperts Filtering server it will check for SPF.

If the delivering server is allowed to deliver, we will accept it (given that other parts of the spam filtering process also indicate it is not spam).

When SpamExperts delivers the scanned messages to your destination server, your server will most likely reject, block or delete the messages because your server sees our servers as the delivering servers which are not listed in the SPF records as valid delivery system. To stop this behaviour from happening we highly recommend you to disable SPF checking. In most cases this needs to be done on server level and cannot be done on domain-level.

See Configure Incoming Filtering with Exchange Online (Microsoft 365) for full details.

Please ensure that the steps below are done, for correct delivery to WHM/cPanel based environments:

1. Make sure your Email Routing is set to Local Mail Exchanger and not at Auto Mail Exchanger (assuming email is handled locally)

If cPanel detects non-local hostnames it will consider the domain remote and will stop accept email for it

2. Ensure that the "catch-all" option is disabled for domains, this can be done by setting the following option:

   "Default Address" > "Discard the email while your server processes it by SMTP time with an error message

3. Accept delivery servers. This allows us to bypass sender/recipient/spam and relaying checks and ensure proper delivery, and can be done by adding the delivery IPs to the "Only-Verify-Recipient" option in:

   Exim Configuration Manager > Basic Editor > Access Lists

It's also possible to add the IPs directly in the following file:

/etc/trustedmailhosts

Please make sure that the IPs are not present in /etc/skipsmtpcheckhosts , but only in /etc/trustedmailhosts as otherwise the status of the domain can appear to be catch-all.

4. If you are using ConfigServer Firewall (CSF) within WHM/Cpanel, it is advised to accept delivery IPs there too. The delivery IPs can be added directly in the following location:

   /etc/csf/csf.ignore

5. Once added, restart CSF
6. Ensure that smtp_accept_max is set to cPanel default (100)

If you are using Postfix with Amavis, there is an easy solution to allow our servers to bypass any filtering on your destination server.

1. In your Postfix configuration you need to add this line (or append it to your already existing smtpd_client_restrictions):

   smtpd_client_restrictions = check_client_access hash:/etc/postfix/amavis_bypass

2. Then create a new file /etc/postfix/amavis_bypass with content:

   # Bypass amavis entirely for emails originating from # SpamExperts' delivery cloud by immediately re-inserting # into Postfix # delivery.antispamcloud.com FILTER smtp:[127.0.0.1]:10025

3. Save the file and postmap it by entering:

   postmap /etc/postfix/amavis_bypass

4. Restart Postfix and all of the deliveries originating from our platform will bypass any virus-, spam- and spf checks initiated by Amavis

This will not affect any of your other domains on this destination server, only connections originating from delivery.antispamcloud.com.

Follow the below steps to ensure uninterrupted deliveries from SpamExperts to SmarterMail.

• Allow list delivery servers
• Turn off SPF and DKIM spam checks

Allow list delivery servers

To avoid subjecting SpamExperts deliveries to SMTP IDS rules, greylisting and standard spam checks, allow the SpamExperts IP addresses on the SmarterMail server:

1. Log into SmarterMail as the Administrator and click the Settings icon in the top toolbar
2. In the navigation pane, go to Security. Then click on the Allow list tab
3. To add a Allow list entry click the New button then complete the following information
4. In the IP Address (single, range or CIDR block) textbox, enter the delivery.antispamcloud.com IP range 185.201.16.0/22
5. For identification, enter "SpamExperts Incoming Filter" in the Description field
6. Enable the SMTP and SMTP Spam Bypass options
7. Click Save once complete

We also cover the above steps (with images) in the SmarterMail Integration Incoming Filter section.

Turn off SPF and DKIM spam checks

Where enabled, SmarterMail runs SPF and DKIM spam on ALL emails, including those from trusted senders and Allow listed IP addresses. To ensure SmarterMail does not subject SpamExperts deliveries to these identity checks, turn off the SPF and DKIM spam checks:

1. Log into SmarterMail as the Administrator and click the Settings icon in the top toolbar
2. In the navigation pane, go to Antispam
3. Click on the Spam Checks tab
4. Click on the DKIM spam check
5. Untick Enable Spool Filtering and click Save
6. Click on the SPF spam check
7. Untick Enable Spool Filtering and click Save

For integration information, visit the SmarterTools SmarterMail SpamExpertsIntegration section.

A multi-purpose PHP script can be found here for KerioConnect which creates/updates an IP Address Group with our delivery IP's.

View the readme.txt file within the .zip folder for usage information before running the PHP script.

This script is provided as-is. We are unable to provide support for this. No warranty is given on proper operation, use at your own risk.

This list can be used to disable various limits/filters such as spam filtering, SPF checking and the Spam Repellant.

To prevent your DirectAdmin system from rejecting deliveries you can add the delivery IPs or hostname to the following file:

/etc/virtual/allowlist_hosts

For Hosted Cloud users Please add "delivery.antispamcloud.com" to the above mentioned file.