Recipient MX-based dnslookup routing for cPanel’s Exim

I host a few websites and emails for my friends and relatives on my cPanel server.  I need to ensure that their emails don’t end up in Spam/Junk folder when they send to email addresses hosted on Google/Yahoo/Hotmail (common problem with small webhosting companies).  I can easily forward/relay every single remote delivery via an ESP’s smarthost, but that would be too costly for me since ESPs charge by the amount of emails relayed.  Getting certified by ReturnPath is also expensive and takes some time.  I just need at least the major ones to be relayed, so I needed a recipient MX-based routing for my Exim.  It doesn’t look proper, but it works great!  I’m sure many small cPanel hosts will face this similar problem.

authenticators:

esp_relay_login:
driver = plaintext
public_name = LOGIN
client_send = : ${extract{user}{${lookup{${lookup{$sender_address_domain}lsearch*{/etc/mail_relay_mapping}{$value}}}lsearch{/etc/mail_relay_secret}{$value}}}} : ${extract{pass}{${lookup{${lookup{$sender_address_domain}lsearch*{/etc/mail_relay_mapping}{$value}}}lsearch{/etc/mail_relay_secret}{$value}}}}

routers:

smarthost_dkim:
driver = dnslookup
domains = !+local_domains : ! /etc/mail_domain_excluded_from_using_relay
require_files = “+/var/cpanel/domain_keys/private/${sender_address_domain}”
transport = remote_smtp_smart_dkim
ignore_target_hosts = ! /etc/mail_ips_of_domains_to_be_relayed
senders = ! /etc/mail_exclude_from_relay

smarthost_regular:
driver = dnslookup
domains = !+local_domains : ! /etc/mail_domain_excluded_from_using_relay
transport = remote_smtp_smart_regular
ignore_target_hosts = ! /etc/mail_ips_of_domains_to_be_relayed
senders = ! /etc/mail_exclude_from_relay

transports:

remote_smtp_smart_dkim:
driver = smtp
hosts_require_tls = *
interface = ${if exists {/etc/mailips}{${lookup{$original_domain}lsearch{/etc/mailips}{$value}{${lookup{$sender_address_domain}lsearch{/etc/mailips}{$value}{${lookup{${perl{get_sender_from_uid}}}lsearch*{/etc/mailips}{$value}{}}}}}}}}
helo_data = ${if exists {/etc/mailhelo}{${lookup{$original_domain}lsearch{/etc/mailhelo}{$value}{${lookup{$sender_address_domain}lsearch{/etc/mailhelo}{$value}{${lookup{${perl{get_sender_from_uid}}}lsearch*{/etc/mailhelo}{$value}{$primary_hostname}}}}}}}{$primary_hostname}}
dkim_domain = $sender_address_domain
dkim_selector = default
dkim_private_key = “/var/cpanel/domain_keys/private/${dkim_domain}”
dkim_canon = relaxed
hosts_require_auth = *
hosts = ${lookup{$sender_address_domain}lsearch*{/etc/mail_relay_mapping}{$value}}::587
hosts_override = yes

remote_smtp_smart_regular:
driver = smtp
hosts_require_tls = *
interface = ${if exists {/etc/mailips}{${lookup{$original_domain}lsearch{/etc/mailips}{$value}{${lookup{$sender_address_domain}lsearch*{/etc/mailips}{$value}{${lookup{${perl{get_sender_from_uid}}}lsearch*{/etc/mailips}{$value}{}}}}}}}}
helo_data = ${if exists {/etc/mailhelo}{${lookup{$original_domain}lsearch{/etc/mailhelo}{$value}{${lookup{$sender_address_domain}lsearch{/etc/mailhelo}{$value}{${lookup{${perl{get_sender_from_uid}}}lsearch*{/etc/mailhelo}{$value}{$primary_hostname}}}}}}}{$primary_hostname}}
hosts_require_auth = *
hosts = ${lookup{$sender_address_domain}lsearch*{/etc/mail_relay_mapping}{$value}}::587
hosts_override = yes

 

Files needed:

/etc/mail_domain_excluded_from_using_relay: (exclude emails sent to these domains from being relayed to smarthost)
abc.com
cde.com

/etc/mail_exclude_from_relay: (exclude emails sent from these domains from being relayed to smarthost, this should be your customers’ domains hosted on your server)
def.com
ghi.com
jkl.com
mno.com

/etc/mail_ips_of_domains_to_be_relayed: (MX IPs of domains which Exim will relay via smarthost)
#Google
74.125.0.0/16
173.194.0.0/16
#Hotmail
65.52.0.0/14
#Yahoo APAC
106.10.128.0/18
#Yahoo EU
188.125.64.0/21
#Yahoo US
68.180.128.0/17
98.136.0.0/14
66.196.64.0/18
63.250.192.0/19

/etc/mail_relay_secret: (list of credentials for smarthosts, list down all smarthosts that you will use in /etc/mail_relay_mapping below)
smtp.example.com: user=postusername pass=password
smtp.example.net: user=postuser pass=pass123
smtp.example.org: user=boo pass=hoo

/etc/mail_relay_mapping: (list of domains to explicitly map to certain smarthost, last entry is default smarthost)
ghi.com: smtp.example.org
def.com: smtp.example.net
jkl: smtp.example.org
*: smtp.example.com

Thus if mno.com sends an email to Gmail/Hotmail/Yahoo, it will be relayed via smtp.example.com.

How do you check if it works?  Test by sending an email to certain domain like Yahoo and watch Exim’s log.  For domains that should be relayed, it should say remote_smtp_smart_regular or remote_smtp_smart_dkim transport (T) in the logs:

1VFjpE-0002oA-Tb => xxxxx@yahoo.com R=smarthost_regular T=remote_smtp_smart_regular H=smtp.example.com [123.123.123.123] X=TLSv1:DHE-RSA-AES256-SHA:256
1VFjFr-0007hX-QJ => xxxxx@gmail.com R=smarthost_dkim T=remote_smtp_smart_dkim H=smtp.example.org [124.124.124.124] X=TLSv1:DHE-RSA-AES256-SHA:256

Normal route would be remote_smtp or dkim_remote_smtp:

1VDN3n-00088z-46 => yyyyy@gmail.com R=lookuphost T=remote_smtp H=gmail-smtp-in.l.google.com [173.194.79.26] X=TLSv1:RC4-SHA:128
1VDWNC-0002Zo-OB => zzzzzz@hotmail.com R=dkim_lookuphost T=dkim_remote_smtp H=mx2.hotmail.com [65.55.92.152]

Thanks to Chris Siebenmann!

References:
http://www.gossamer-threads.com/lists/exim/users/97299
http://www.tgunkel.de/docs/exim_smarthosts.en

Noteworthy links:
http://serverfault.com/questions/347285/exim-redirect-to-smart-host-based-on-mx-record
http://www.gossamer-threads.com/lists/exim/users/97056

Leave a Reply

Your email address will not be published. Required fields are marked *

Anti-Spam by WP-SpamShield