Configure Exim / cPanel to use a Smarthost
Routing all mails to a smarthost :
Go to the "Exim Configuration Editor" in WHM. Choose "Advanced Editor". Add in the routers section (after begin routers, and after the democheck: router block):
smarthost_dkim: driver = manualroute domains = !+local_domains require_files = "+/var/cpanel/domain_keys/private/${sender_address_domain}" transport = remote_smtp_smart_dkim route_list = $domain mxpool1.spamgateway.comodo.com::587 (for EU based CSEG server)
or
$domain mxpool1.us. spamgateway.comodo.com::587 (for US based CSEG server)smarthost_regular: driver = manualroute domains = !+local_domains transport = remote_smtp_smart_regular route_list = $domain mxpool1.spamgateway.comodo.com::587(for EU based CSEG server)
or
$domain mxpool1.us. spamgateway.comodo.com::587(for US based CSEG server)
Then add in the transports section (after begin transports):
remote_smtp_smart_dkim: driver = smtp hosts_require_tls = * interface = ${if exists {/etc/mailips}{${lookup{$sender_address_domain}
lsearch*{/etc/mailips}{$value}{}}}{}}
helo_data = ${if exists {/etc/mailhelo}{${lookup{$sender_address_domain}
lsearch*{/etc/mailhelo}{$value}{$primary_hostname}}}{$primary_hostname}} dkim_domain = $sender_address_domain dkim_selector = default dkim_private_key = "/var/cpanel/domain_keys/private/${dkim_domain}" dkim_canon = relaxed remote_smtp_smart_regular: driver = smtp hosts_require_tls = * interface = ${if exists {/etc/mailips}{${lookup{$sender_address_domain}
lsearch*{/etc/mailips}{$value}{}}}{}} helo_data = ${if exists {/etc/mailhelo}{${lookup{$sender_address_domain}
lsearch*{/etc/mailhelo}{$value}{$primary_hostname}}}{$primary_hostname}}
Save the configuration. All the outgoing mail will be relayed trough the filter server and accept original and DKIM signed emails.
Routing all mails to a smarthost with SMTP Authentication:
- Go to the "Exim Configuration Editor" in WHM
- Choose "Advanced Editor". do not include "begin authenticators"
- Otherwise, simply append our 4 lines and leave out our "begin authenticators"
begin authenticators spamgateway_login: driver = plaintext public_name = LOGIN client_send = : username@example.com : yourUserPassword
Add a Router in the Router Configuration Box.
send_via_spamgateway: driver = manualroute domains = ! +local_domains transport = spamgateway_smtp route_list = "* mxpool1.spamgateway.comodo.com::587 byname" (for EU based CSEG server)
or
"* mxpool1.us.spamgateway.comodo.com::587 byname" (for US based server) host_find_failed = defer no_more
Add a Transport to the Transport Configuration Box.
(for EU based DAS server)
spamgateway_smtp: driver = smtp hosts = mxpool1.spamgateway.comodo.com hosts_require_auth = mxpool1.spamgateway.comodo.com hosts_require_tls = mxpool1.spamgateway.comodo.com
(for US based server)
spamgateway_smtp:
driver = smtp
hosts = mxpool1.us.spamgateway.comodo.com
hosts_require_auth = mxpool1.us.spamgateway.comodo.com
hosts_require_tls = mxpool1.us.spamgateway.comodo.com
Restart Exim.
Extra: Routing all mails for a specific domain to a smarthost with individual outgoing accounts:
To be able to set custom settings/limits for outgoing users, use the information above (Routing with SMTP Authentication) with a small change. Use this:
client_send = : ${extract{user}{${lookup{$sender_address_domain}lsearch{/etc/exim_spamgateway}}}} :
${extract{pass}{${lookup{$sender_address_domain}lsearch{/etc/exim_spamgateway}}}}
instead of the client_send in the previous example.
To create a file called /etc/exim_spamgateway with the following structure, use this :
domain1.com: user=user@domain1.com pass=abc domain2.com: user=user@domain2.com pass=xyz
Extra: Limiting Outgoing for certain domains
This option can be combined with the individual accounts configuration to restrict outgoing only to specific domains. You can add the following entry (underneath domains) in the router :
senders = ^.*@domain1.com : ^.*@domain2.com