Exim customization

[thisisit3]

One of the biggest problems for servers with multiple domains is that exim doesn't "know" about them and instead acts as the main server for all of them.

As a result, when you connect to the mail server of "resolddomain.com" (port 25) you'll see
something like:

220-maindomain.com ESMTP Exim 4.63 #1 Sat, 26 May 2007 10:09:20 +0000

instead, that should have been:

220-resolddomain.com ESMTP Exim 4.63 #1 Sat, 26 May 2007 10:09:20 +0000

The above is for incoming connections. Unfortunately outgoing connections are more important and what happens there is that exim doesn't use the dedicated IP address of the sender, instead it uses the reseller/main IP address of the server. Which means that ALL the domains on your server will be sending out emails from the SAME IP address.

If a single domain is blocked by a RBL like SpamCop then that will affect your entire system and all your domains.

So here is the best method to solve this problem:



STEP 1 - Requirements

We require two files, one has the association "dedicated IP address -> domain" and the other has the reverse "domain -> dedicated IP address". The first file already exists if you are using cPanel/WHM, its automatically created and maintained. In these files you have to list ALL your dedicated IP addresses and their corresponding domain names, only those will be detected by exim.

Create the first file (IP -> domain): /etc/domainips
Format is:
IP: domain

(remember, if you are using cPanel/WHM this file already exists and its maintained automatically!!)

Code:

192.168.1.1: resolddomain.com
192.168.2.2: anotherdomain.com
etc...

Create the second file (domain -> IP): /etc/domainips_reverse
Format is:
domain: IP

Code:

resolddomain.com: 192.168.1.1
anotherdomain.com: 192.168.2.2
etc...

You may also use the following script to generate the domainips_reverse file automatically (thanks to Ron for coding it):

Code:

/bin/sed 's/\(.*\)\(: \)\(.*\)/\3: \1/' </etc/domainips | /bin/sort >/etc/domainips_reverse

STEP 2 - Exim configuration - Incoming connections

Unfortunately there is no "future proof" way of doing this. Any changes we make now may be overwritten by a future update via RPM or similar (cPanel/WHM automatically install updates). The best way is to make your changes, keep them in a separate file and when an exim update overwrites your exim.conf then you should manually re-enter them.

First change is for incoming connections, it modifies the hello message seen by clients and confirms they are connected to the correct server/domain.

Edit your /etc/exim.conf, search for the string "perl_startup" and below it, enter the following line (the second line correctly generates the message-id header):

Code:

smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/domainips}{$value}{$primary_hostname}}
message_id_header_domain = $smtp_active_hostname

Search for the string "smtp_banner" and replace that line with:

Code:

smtp_banner = "${smtp_active_hostname} ESMTP Exim ${version_number} \

STEP 3 - Exim configuration - Outgoing connections

Again edit your /etc/exim.conf, now search for the string "remote_smtp:" (note the semi-colon at the end of the string).

You should find something like:

Code:

remote_smtp:
  driver = smtp

change it to:

Code:

remote_smtp:
  driver = smtp
  interface = ${lookup{$sender_address_domain}lsearch{/etc/domainips_reverse}{$value}{$interface_address}}
  helo_data = ${lookup{$interface_address}lsearch{/etc/domainips}{$value}{$primary_hostname}}

Since cPanel version 11, you need to do this once more (since v11 adds DomainKeys):

Find "dk_remote_smtp", it should be a few lines below the above remote_smtp line:

Code:

dk_remote_smtp:
  driver = smtp
  dk_private_key = "/var/cpanel/domain_keys/private/${dk_domain}"
  dk_canon = nofws
  dk_selector = default

change it to:

Code:

dk_remote_smtp:
  driver = smtp
  interface = ${lookup{$sender_address_domain}lsearch{/etc/domainips_reverse}{$value}{$interface_address}}
  helo_data = ${lookup{$interface_address}lsearch{/etc/domainips}{$value}{$primary_hostname}}
  dk_private_key = "/var/cpanel/domain_keys/private/${dk_domain}"
  dk_canon = nofws
  dk_selector = default

STEP 4 - Received lines

One last thing remaining, the Received: lines also contain the primary hostname. The following code should use the virtual domain like the above lines and will fall back to the primary hostname if the virtual domain isn't using a dedicated IP and/or not listed in the domainips files.

Seach for the "smtp_banner" string and below it add the following (as of Exim 4.68):

Code:

received_header_text = Received: \
  ${if def:sender_rcvhost {from $sender_rcvhost\n\t}\
  {${if def:sender_ident \
  {from ${quote_local_part:$sender_ident} }}\
  ${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}\
  by $smtp_active_hostname \
  ${if def:received_protocol {with $received_protocol}} \
  ${if def:tls_cipher {($tls_cipher)\n\t}}\
  (Exim $version_number)\n\t\
  ${if def:sender_address \
  {(envelope-from <$sender_address>)\n\t}}\
  id $message_exim_id\
  ${if def:received_for {\n\tfor $received_for}}

STEP 5 - Misc notes & Warnings

What we've done here, is make exim look for dedicated IP address and their corresponding domain names in two text files.

If a match is found then exim will behave like all incoming and outgoing connections are from that dedicated IP address and domain.

Two things are of great importance:

1. You must manually maintain the two text files (in case of cPanel/WHM its one file), otherwise any new domains won't be found by exim.

2. A future Exim update will delete all your changes, so keep a copy of the modified file or the modifications you've made.

I believe its obvious that the whole thing only works with DEDICATED IP ADDRESSES. Any domain using the shared IP address of the server will just keep on using that. As it should really.


Version changes of this document:
1.5 - Added minor spelling correction and extra DK lines
1.4 - Added received line
1.3 - Added header_id update to show correct domain
1.2 - Added Ron's script to generate domainips_reverse
1.1 - Added cPanel v11 specific changes
1.0 - Initial version

[Connie]

Any hope for us poor blokes on a shared server that have to use port 465 to send e-mail, because our ISP blocks port 25. Yes I do have dedicated IPs.

[thisisit3]

if your server offers an alternative port then what is the problem?

[Gwaihir]

Hope for what exactly, Connie? Your ISP blocks port 25, there's nothing whatsoever that can be done server side to change that.

[Connie]

Nearly all ISPs block port 25 in the US. At least on the dialup up level. You have to send email through them. Supposedly a Spam control thing. I can bi pass that block buy using port 465.

I was just wondering if the tutorial thisisit3 wrote could be utilized on a shared server.

[Gwaihir]

I was just wondering if the tutorial thisisit3 wrote could be utilized on a shared server.

I sure hope so.

I hope Masood will show up in here sooner or later telling us whether he feels it's worth the extra trouble of re-applying this modification after each WHM/cPanel update.

Nearly all ISPs block port 25 in the US. At least on the dialup up level. You have to send email through them. Supposedly a Spam control thing. I can bi pass that block buy using port 465.

Yes, I'm aware of that. So does my ISP. But the question remains: why do you feel that's related to the topic of this thread?

[Ron]

This is wonderful. Assuming it can be fully tested and proves to be stable and all that, I'd bet this could be a HUGE selling point for JAG. I hope they have an adequate supply of IPs.

Just a couple of questions: I assume this will work just fine for add-on (multi-hosted) accounts. So if I have an account on a dedicated IP and it multi-hosts another domain, the multi-hosted domain will also use the main accounts dedicated IP. I think that's how WHM sets it up, but being jailshelled....

Also, how is exim determining "$sender_address_domain" ? I ask because I'm curious about the different methods of sending mail through the box (eg php mail(), CLI mail, connecting through port 25, port 465, etc., etc.)

Do the files domain_ips and domain_ips_reverse have to be lexicographically correct (i.e. do they have to be in sorted order)? if not, a REAL quick device for maintaining domain_ips_reverse would be the following line:

Code:

/bin/sed 's/\(.*\)\(:\)\( \)\(.*\)/\4\2\3\1/' </etc/domain_ips > /etc/domain_ips_reverse

If it needs to be sorted:

Code:

/bin/sed 's/\(.*\)\(:\)\( \)\(.*\)/\4\2\3\1/' </etc/domain_ips|/bin/sort > /etc/domain_ips_reverse

[Ron]

I just realized I left some unnecessary complexities in the sed statement from testing.

I think it can be shortened to

Code:

's/\(.*\)\(: \)\(.*\)/\3: \1/'

in both cases

This also has the benefit of working even if port numbers are included in /etc/domain_ips.

[thisisit3]

Connie, i'm not sure you understand what this thread is about, it has nothing to do with your problem.

Ron, as far as i know, its not required to be shorted but judging from the existing cPanel/WHM /etc/domainips which is sorted then it wouldn't be bad to sort the reverse file as well.

My solution is foolproof, if the domain or IP isn't found then it falls back to the default hostname, which is what we've been using so far anyway so there is no harm done.

Now, about local connections like those done by accessing 127.0.0.1, localhost or a local socket then all those will use the default hostname. If you want to make a PHP, CGI or other local application to use its own user interface and dedicated IP then just change all "127.0.0.1" and "localhost" entries to use the fully qualified domain like "mail.mydomain.com". I've done this change for all my PHP applications running on my servers.

[Ron]

If you want to make a PHP, CGI or other local application to use its own user interface and dedicated IP then just change all "127.0.0.1" and "localhost" entries to use the fully qualified domain like "mail.mydomain.com". I've done this change for all my PHP applications running on my servers.

Where did you make this change? I beleive phpBB is using "mail" and the only option I see for this is "windows only".

Thanks.

[thisisit3]

phpbb is easy, just go to: General Admin -> Configuration -> Email settings (bottom of the page)

Change "SMTP Server Address" to "mail.mydomain.com" instead of localhost.

[Ron]

Ahhha!!!

Well, I'm not using SMTP becasue it wasn't working (at all) when I fired up my first board here.

I think I'll go play with that now, see if it's working (on one of my minor domains)

Still, just in case, any idea how to change mail() in php? If not, that's cool.

Thanks.

[Ron]

Hey! phpBB's SMTP option is working now! Cooool. Wonder when it started working? After the change to php/cgi? I dunnoooooo.

So the headers still show the main server's info -- apparently when using exim it looks like the email is being sent from "my" smtp to my main server's smtp, or so the headers would have me believe. So it added an extra hop, I guess.

Interestingly, the first SMTP is showing my dedicated IP and proper HELO in the log before it passes it along to the shared server.

It took about an hour and a half just to verify all of this.

[uheweb]

Attempted to to this.

The smtp_banner shows up correctly when I telnet to it - ie, the banner mirrors whatever domain I telnet to, rather than the default hostname.

BUT,

headers still indicate EXIM is sending it out as the default hostname and primary IP

:-(

Anyone else get this to work or is there another trick? Cpanel 11, Exim 4.68 (with configserver mailscanner install)

UHEweb

[thisisit3]

Did you create the needed files in /etc which have the relationship domain<->ip?

Are you sure you are using dedicated IP addresses? it won't work with shared IP.