Original reference: https://help.comodo.com/topic-157-1-288-4545-.html - modified for brevity and ModernOne environment
Rerouting recipient domains: Configuring Exim / cPanel to use a Smarthost
Routing all mails to a smarthost :
Make sure smarthost allows relay for the mail server which is doing the rerouting. SSH to smarthost (in this example, resolver2.nocser.net):-
- Edit /etc/exim/exim.conf ( or equivalent )
- Add mail server IP in 'hostlist' setting, e.g.:-
hostlist relay_from_hosts = 127.0.0.1 : 42.0.28.70 : 42.0.28.164 : 42.0.28.116
- Restart exim: /etc/init.d/exim restart
In the mail server which will perform the rerouting: Go to the "Exim Configuration Editor" in WHM. Choose "Advanced Editor". Choose only one out of the 2 OPTIONS below, and add in the routers section (field marked as ROUTERSTART : after begin routers, and after the democheck: router block):
BEGIN OPTIONS
OPTION 1: REROUTE ALL RECIPIENT DOMAINS:-
smarthost_dkim:
driver = manualroute
domains = !+local_domains
require_files = "+/var/cpanel/domain_keys/private/${sender_address_domain}"
transport = remote_smtp_smart_dkim
route_list = $domain resolver2.nocser.net::587
smarthost_regular:
driver = manualroute
domains = !+local_domains
transport = remote_smtp_smart_regular
route_list = $domain resolver2.nocser.net::587
OPTION 2: REROUTE CERTAIN RECIPIENT DOMAINS ONLY (Example here is for rerouting gmail.com, hotmail.com, and yahoo.com recipients):-
smarthost_dkim:
driver = manualroute
domains = gmail.com : hotmail.com : yahoo.com
require_files = "+/var/cpanel/domain_keys/private/${sender_address_domain}"
transport = remote_smtp_smart_dkim
route_list = $domain resolver2.nocser.net::587
smarthost_regular:
driver = manualroute
domains = gmail.com : hotmail.com : yahoo.com
transport = remote_smtp_smart_regular
route_list = $domain resolver2.nocser.net::587
END OPTIONS
Then add in the transports section (field marked as TRANSPORTSTART, after begin transports):
remote_smtp_smart_dkim:
driver = smtp
hosts_require_tls = *
interface = ${if exists{/etc/mailips}{${lookup{$sender_address_domain}lsearch*{/etc/mailips}{$value}{}}}{}}
helo_data = ${if exists{/etc/mailhelo}{${lookup{$sender_address_domain}lsearch*{/etc/mailhelo}{$value}{$primary_hostname}}}{$primary_hostname}}
dkim_domain = $sender_address_domain
dkim_selector = default
dkim_private_key = "/var/cpanel/domain_keys/private/${dkim_domain}"
dkim_canon = relaxed
remote_smtp_smart_regular:
driver = smtp
hosts_require_tls = *
interface = ${if exists {/etc/mailips}{${lookup{$sender_address_domain}lsearch*{/etc/mailips}{$value}{}}}{}}
helo_data = ${if exists {/etc/mailhelo}{${lookup{$sender_address_domain}lsearch*{/etc/mailhelo}{$value}{$primary_hostname}}}{$primary_hostname}}
Save the configuration. All the outgoing mail will be relayed trough the filterserver and accept original and DKIM signed emails.
DONE / COMPLETE.
OPTIONAL / IF REQUIRED ONLY: Routing all mails to a smarthost with SMTP Authentication:
-
Go to the "Exim Configuration Editor" in WHM.
-
Choose "Advanced Editor". do not include "begin authenticators".
-
Otherwise, simply append our 4 lines and leave out our "begin authenticators".
begin authenticators spamgateway_login: driver = plaintext public_name = LOGIN client_send = : username@example.com : yourUserPassword
Add a Router in the Router Configuration Box.
send_via_spamgateway: driver = manualroute domains = ! +local_domains transport = spamgateway_smtp route_list = "* resolver2.nocser.net::587 byname" host_find_failed = defer no_more
Add a Transport to the Transport Configuration Box.
spamgateway_smtp: driver = smtp hosts = resolver2.nocser.net hosts_require_auth = resolver2.nocser.net hosts_require_tls = resolver2.nocser.net
Restart Exim.
OPTIONAL / IF REQUIRED ONLY: Extra: Routing all mails for a specific domain to a smarthost with individual outgoing accounts:
To be able to set custom settings/limits for outgoing users, use the information above (Routing with SMTP Authentication) with a small change. Use this:
client_send = : ${extract{user}{${lookup{$sender_address_domain}lsearch{/etc/exim_spamgateway}}}} :
${extract{pass}{${lookup{$sender_address_domain}lsearch{/etc/exim_spamgateway}}}}
instead of the client_send in the previous example.
To create a file called /etc/exim_spamgateway with the following structure, use this :
domain1.com: user=user@domain1.com pass=abc domain2.com: user=user@domain2.com pass=xyz
OPTIONAL / IF REQUIRED ONLY: Extra: Limiting Outgoing for certain domains
This option can be combined with the individual accounts configuration to restrict outgoing only to specific domains. You can add the following entry (underneath domains) in the router :
senders = ^.*@domain1.com : ^.*@domain2.com
