Logo

  • Register
  • | Login
  • Facebook
  • Twitter
  • Gplus
  • Linkedin

Our forum Area

Page 1 of 3 12 ... LastLast
Results 1 to 15 of 35

This is a discussion on Exim customization in the Dedicated Servers forum
One of the biggest problems for servers with multiple domains is that exim doesn't "know" about them and instead acts as the main server for ...

  1. #1
    Loyal Client thisisit3's Avatar
    Join Date
    Mar 2007
    Posts
    730

    Lightbulb Exim customization

    One of the biggest problems for servers with multiple domains is that exim doesn't "know" about them and instead acts as the main server for all of them.

    As a result, when you connect to the mail server of "resolddomain.com" (port 25) you'll see
    something like:

    220-maindomain.com ESMTP Exim 4.63 #1 Sat, 26 May 2007 10:09:20 +0000

    instead, that should have been:

    220-resolddomain.com ESMTP Exim 4.63 #1 Sat, 26 May 2007 10:09:20 +0000

    The above is for incoming connections. Unfortunately outgoing connections are more important and what happens there is that exim doesn't use the dedicated IP address of the sender, instead it uses the reseller/main IP address of the server. Which means that ALL the domains on your server will be sending out emails from the SAME IP address.

    If a single domain is blocked by a RBL like SpamCop then that will affect your entire system and all your domains.

    So here is the best method to solve this problem:



    STEP 1 - Requirements

    We require two files, one has the association "dedicated IP address -> domain" and the other has the reverse "domain -> dedicated IP address". The first file already exists if you are using cPanel/WHM, its automatically created and maintained. In these files you have to list ALL your dedicated IP addresses and their corresponding domain names, only those will be detected by exim.

    Create the first file (IP -> domain): /etc/domainips
    Format is:
    IP: domain

    (remember, if you are using cPanel/WHM this file already exists and its maintained automatically!!)

    Code:
    192.168.1.1: resolddomain.com
    192.168.2.2: anotherdomain.com
    etc...
    Create the second file (domain -> IP): /etc/domainips_reverse
    Format is:
    domain: IP

    Code:
    resolddomain.com: 192.168.1.1
    anotherdomain.com: 192.168.2.2
    etc...
    You may also use the following script to generate the domainips_reverse file automatically (thanks to Ron for coding it):

    Code:
    /bin/sed 's/\(.*\)\(: \)\(.*\)/\3: \1/' </etc/domainips | /bin/sort >/etc/domainips_reverse

    STEP 2 - Exim configuration - Incoming connections

    Unfortunately there is no "future proof" way of doing this. Any changes we make now may be overwritten by a future update via RPM or similar (cPanel/WHM automatically install updates). The best way is to make your changes, keep them in a separate file and when an exim update overwrites your exim.conf then you should manually re-enter them.

    First change is for incoming connections, it modifies the hello message seen by clients and confirms they are connected to the correct server/domain.

    Edit your /etc/exim.conf, search for the string "perl_startup" and below it, enter the following line (the second line correctly generates the message-id header):

    Code:
    smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/domainips}{$value}{$primary_hostname}}
    message_id_header_domain = $smtp_active_hostname
    Search for the string "smtp_banner" and replace that line with:

    Code:
    smtp_banner = "${smtp_active_hostname} ESMTP Exim ${version_number} \

    STEP 3 - Exim configuration - Outgoing connections

    Again edit your /etc/exim.conf, now search for the string "remote_smtp:" (note the semi-colon at the end of the string).

    You should find something like:

    Code:
    remote_smtp:
      driver = smtp
    change it to:

    Code:
    remote_smtp:
      driver = smtp
      interface = ${lookup{$sender_address_domain}lsearch{/etc/domainips_reverse}{$value}{$interface_address}}
      helo_data = ${lookup{$interface_address}lsearch{/etc/domainips}{$value}{$primary_hostname}}
    Since cPanel version 11, you need to do this once more (since v11 adds DomainKeys):

    Find "dk_remote_smtp", it should be a few lines below the above remote_smtp line:

    Code:
    dk_remote_smtp:
      driver = smtp
      dk_private_key = "/var/cpanel/domain_keys/private/${dk_domain}"
      dk_canon = nofws
      dk_selector = default
    change it to:

    Code:
    dk_remote_smtp:
      driver = smtp
      interface = ${lookup{$sender_address_domain}lsearch{/etc/domainips_reverse}{$value}{$interface_address}}
      helo_data = ${lookup{$interface_address}lsearch{/etc/domainips}{$value}{$primary_hostname}}
      dk_private_key = "/var/cpanel/domain_keys/private/${dk_domain}"
      dk_canon = nofws
      dk_selector = default

    STEP 4 - Received lines

    One last thing remaining, the Received: lines also contain the primary hostname. The following code should use the virtual domain like the above lines and will fall back to the primary hostname if the virtual domain isn't using a dedicated IP and/or not listed in the domainips files.

    Seach for the "smtp_banner" string and below it add the following (as of Exim 4.68):

    Code:
    received_header_text = Received: \
      ${if def:sender_rcvhost {from $sender_rcvhost\n\t}\
      {${if def:sender_ident \
      {from ${quote_local_part:$sender_ident} }}\
      ${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}\
      by $smtp_active_hostname \
      ${if def:received_protocol {with $received_protocol}} \
      ${if def:tls_cipher {($tls_cipher)\n\t}}\
      (Exim $version_number)\n\t\
      ${if def:sender_address \
      {(envelope-from <$sender_address>)\n\t}}\
      id $message_exim_id\
      ${if def:received_for {\n\tfor $received_for}}

    STEP 5 - Misc notes & Warnings

    What we've done here, is make exim look for dedicated IP address and their corresponding domain names in two text files.

    If a match is found then exim will behave like all incoming and outgoing connections are from that dedicated IP address and domain.

    Two things are of great importance:

    1. You must manually maintain the two text files (in case of cPanel/WHM its one file), otherwise any new domains won't be found by exim.

    2. A future Exim update will delete all your changes, so keep a copy of the modified file or the modifications you've made.

    I believe its obvious that the whole thing only works with DEDICATED IP ADDRESSES. Any domain using the shared IP address of the server will just keep on using that. As it should really.


    Version changes of this document:
    1.5 - Added minor spelling correction and extra DK lines
    1.4 - Added received line
    1.3 - Added header_id update to show correct domain
    1.2 - Added Ron's script to generate domainips_reverse
    1.1 - Added cPanel v11 specific changes
    1.0 - Initial version

  2. #2
    Old Hillbilly Connie's Avatar
    Join Date
    Sep 2001
    Location
    Hills of Missouri
    Posts
    2,489
    Any hope for us poor blokes on a shared server that have to use port 465 to send e-mail, because our ISP blocks port 25. Yes I do have dedicated IPs.

    Forum Moderators - Jag Staff

    Spam Whackers Blog - Dedicated to fighting Spam and providing General SEO Tips
    Organize your Kitchen or purchase Kitchen Accessories at Condells
    Ihelpyou Forum - Dedicated to "Best Practices" SEO

  3. #3

  4. #4
    the Windlord Gwaihir's Avatar
    Join Date
    Jun 2002
    Posts
    2,560
    Hope for what exactly, Connie? Your ISP blocks port 25, there's nothing whatsoever that can be done server side to change that.
    Regards,

    Wim Heemskerk
    ---
    Visit MeCCG.net - Cardgaming in J.R.R. Tolkien's Middle-earth
    And Gwaihir.net - The Middle-earth CCG store

  5. #5
    Old Hillbilly Connie's Avatar
    Join Date
    Sep 2001
    Location
    Hills of Missouri
    Posts
    2,489
    Nearly all ISPs block port 25 in the US. At least on the dialup up level. You have to send email through them. Supposedly a Spam control thing. I can bi pass that block buy using port 465.

    I was just wondering if the tutorial thisisit3 wrote could be utilized on a shared server.

    Forum Moderators - Jag Staff

    Spam Whackers Blog - Dedicated to fighting Spam and providing General SEO Tips
    Organize your Kitchen or purchase Kitchen Accessories at Condells
    Ihelpyou Forum - Dedicated to "Best Practices" SEO

  6. #6
    the Windlord Gwaihir's Avatar
    Join Date
    Jun 2002
    Posts
    2,560
    Quote Originally Posted by Connie View Post
    I was just wondering if the tutorial thisisit3 wrote could be utilized on a shared server.
    I sure hope so.

    I hope Masood will show up in here sooner or later telling us whether he feels it's worth the extra trouble of re-applying this modification after each WHM/cPanel update.

    Nearly all ISPs block port 25 in the US. At least on the dialup up level. You have to send email through them. Supposedly a Spam control thing. I can bi pass that block buy using port 465.
    Yes, I'm aware of that. So does my ISP. But the question remains: why do you feel that's related to the topic of this thread?
    Regards,

    Wim Heemskerk
    ---
    Visit MeCCG.net - Cardgaming in J.R.R. Tolkien's Middle-earth
    And Gwaihir.net - The Middle-earth CCG store

  7. #7
    Ron
    Ron is offline
    Loyal Client
    Join Date
    Aug 2002
    Posts
    7,479
    This is wonderful. Assuming it can be fully tested and proves to be stable and all that, I'd bet this could be a HUGE selling point for JAG. I hope they have an adequate supply of IPs.

    Just a couple of questions: I assume this will work just fine for add-on (multi-hosted) accounts. So if I have an account on a dedicated IP and it multi-hosts another domain, the multi-hosted domain will also use the main accounts dedicated IP. I think that's how WHM sets it up, but being jailshelled....

    Also, how is exim determining "$sender_address_domain" ? I ask because I'm curious about the different methods of sending mail through the box (eg php mail(), CLI mail, connecting through port 25, port 465, etc., etc.)

    Do the files domain_ips and domain_ips_reverse have to be lexicographically correct (i.e. do they have to be in sorted order)? if not, a REAL quick device for maintaining domain_ips_reverse would be the following line:
    Code:
    /bin/sed 's/\(.*\)\(:\)\( \)\(.*\)/\4\2\3\1/' </etc/domain_ips > /etc/domain_ips_reverse
    If it needs to be sorted:
    Code:
    /bin/sed 's/\(.*\)\(:\)\( \)\(.*\)/\4\2\3\1/' </etc/domain_ips|/bin/sort > /etc/domain_ips_reverse
    Last edited by Ron; 05-26-2007 at 12:00 PM.
    Good luck

  8. #8
    Ron
    Ron is offline
    Loyal Client
    Join Date
    Aug 2002
    Posts
    7,479
    I just realized I left some unnecessary complexities in the sed statement from testing.

    I think it can be shortened to
    Code:
    's/\(.*\)\(: \)\(.*\)/\3: \1/'
    in both cases

    This also has the benefit of working even if port numbers are included in /etc/domain_ips.
    Good luck

  9. #9
    Loyal Client thisisit3's Avatar
    Join Date
    Mar 2007
    Posts
    730
    Connie, i'm not sure you understand what this thread is about, it has nothing to do with your problem.

    Ron, as far as i know, its not required to be shorted but judging from the existing cPanel/WHM /etc/domainips which is sorted then it wouldn't be bad to sort the reverse file as well.

    My solution is foolproof, if the domain or IP isn't found then it falls back to the default hostname, which is what we've been using so far anyway so there is no harm done.

    Now, about local connections like those done by accessing 127.0.0.1, localhost or a local socket then all those will use the default hostname. If you want to make a PHP, CGI or other local application to use its own user interface and dedicated IP then just change all "127.0.0.1" and "localhost" entries to use the fully qualified domain like "mail.mydomain.com". I've done this change for all my PHP applications running on my servers.

  10. #10
    Ron
    Ron is offline
    Loyal Client
    Join Date
    Aug 2002
    Posts
    7,479
    Quote Originally Posted by thisisit3 View Post
    If you want to make a PHP, CGI or other local application to use its own user interface and dedicated IP then just change all "127.0.0.1" and "localhost" entries to use the fully qualified domain like "mail.mydomain.com". I've done this change for all my PHP applications running on my servers.
    Where did you make this change? I beleive phpBB is using "mail" and the only option I see for this is "windows only".

    Thanks.
    Good luck

  11. #11
    Loyal Client thisisit3's Avatar
    Join Date
    Mar 2007
    Posts
    730
    phpbb is easy, just go to: General Admin -> Configuration -> Email settings (bottom of the page)

    Change "SMTP Server Address" to "mail.mydomain.com" instead of localhost.

  12. #12
    Ron
    Ron is offline
    Loyal Client
    Join Date
    Aug 2002
    Posts
    7,479
    Ahhha!!!

    Well, I'm not using SMTP becasue it wasn't working (at all) when I fired up my first board here.

    I think I'll go play with that now, see if it's working (on one of my minor domains)

    Still, just in case, any idea how to change mail() in php? If not, that's cool.

    Thanks.
    Good luck

  13. #13
    Ron
    Ron is offline
    Loyal Client
    Join Date
    Aug 2002
    Posts
    7,479
    Hey! phpBB's SMTP option is working now! Cooool. Wonder when it started working? After the change to php/cgi? I dunnoooooo.

    So the headers still show the main server's info -- apparently when using exim it looks like the email is being sent from "my" smtp to my main server's smtp, or so the headers would have me believe. So it added an extra hop, I guess.

    Interestingly, the first SMTP is showing my dedicated IP and proper HELO in the log before it passes it along to the shared server.

    It took about an hour and a half just to verify all of this.
    Good luck

  14. #14
    Loyal Client
    Join Date
    Sep 2007
    Posts
    8

    Tried this - some errors

    Attempted to to this.

    The smtp_banner shows up correctly when I telnet to it - ie, the banner mirrors whatever domain I telnet to, rather than the default hostname.

    BUT,

    headers still indicate EXIM is sending it out as the default hostname and primary IP

    :-(

    Anyone else get this to work or is there another trick? Cpanel 11, Exim 4.68 (with configserver mailscanner install)

    UHEweb

  15. #15
    Loyal Client thisisit3's Avatar
    Join Date
    Mar 2007
    Posts
    730
    Did you create the needed files in /etc which have the relationship domain<->ip?

    Are you sure you are using dedicated IP addresses? it won't work with shared IP.

Page 1 of 3 12 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •