Which email header determines domain for manual IP via /etc/mailhelo and /etc/mailips? #Exim #transactional #marketing

Kenric Ashe

• January 24, 2024 21:58
• Edited

I have read the instructions for how to manually configure Exim outgoing IP addresses using /etc/mailhelo and /etc/mailips. What's not clear is what exactly is it in the process of sending an email that determines the domain? I was hoping it would be the domain in the Return-Path header, but is it the From address?

My ultimate goal is to have separate IP addresses for transactional vs marketing emails.

Here is my /etc/mailhelo (paraphrased for privacy):

bounce.example.com: mta1.example.com
*: mta2.example.com

And here is my /etc/mailips:

mta1.example.com: 123.456.789.001
*: 123.456.789.002

When I send a transactional email from support@example.com, the Received header indicates mta2.example.com as expected. And that is how I know that my manual config has taken effect because previously it was mta1.example.com which is the primary hostname for my VPS.

When I send marketing emails also from support@example.com but with Return-Path: some-ID-here@bounce.example.com (with a catch-all on bounce.example.com for my web app to automate bounce handling), the Received header still indicates mta2.example.com. I expected it to be mta1.example.com based on what I put in /etc/mailhelo and bounce.example.com being in the Return-Path.

As a test for trying to figure out what determines the domain, I added this to /etc/mailhelo:

foo.com: mta1.example.com

And when I send an email from anyone@foo.com, the Received header changes to:

Received: from mta1.example.com (mta2.example.com. [123.456.789.002]) by mx.google.com [...]

Does that mean mta1.example.com was the HELO? That's at least an improvement. But the actual IP used by Exim when connecting to mx.google.com is still the one for mta2?

So there are two issues here:

1. What determines the domain that Exim uses when manually configured via cPanel's /etc/mailhelo and /etc/mailips?

2. Why doesn't the Received header indicate the mta1 domain and IP inside the parentheses when sending from a foo.com address?

• 

  Kenric Ashe

  • January 24, 2024 22:06
  • Edited

  Yippee I get to answer my own questions!

  I figured out from analyzing the source code of /etc/exim.conf and /etc/exim.pl.local and some trial and error that it's neither the From address nor Return-Path which determine the domain relevant to /etc/mailhelo.

  In the case of emails sent from a web app via localhost with no auth, it's just root with no domain, or maybe something else but either way it defaults to the * wildcard in /etc/mailhelo.

  In the case of emails sent with user authentication, it's the email account username which determines the domain.

  So my simple solution was to create a new email account to enable user auth for my web apps, localhost@bounce.example.com, which resulted in the domain being bounce.example.com, thus matching what I had in /etc/mailhelo.

  The user auth via localhost@bounce.example.com has no impact on the From address nor Return-Path as long as those are specified via the web app.

  [Edit: I realize now that maybe marketing@bounce.example.com would have been more clear as to its purpose, but either one works as long as it's only used for marketing emails and never for transactional.]

  Next, in /etc/mailips it's the domains e.g. bounce.example.com that need to be specified separately from /etc/mailhelo, thus mta1.example.com was not relevant in /etc/mailips.

  My edits of /etc/mailhelo resulted in a change in Gmail's Received header, indicating that the first domain is the HELO presented by my server.

  Then editing /etc/mailips corresponded to the domain and IP inside the parentheses. My guess is that the domain inside parentheses is from reverse lookup on the IP.

  Additionally, Yahoo is perfectly clear about the IP and HELO/EHLO from my server:

  Received: from 123.456.789.001 (EHLO mta1.example.com)

  I am stoked that I now have separate IP addresses for transactional vs marketing emails!

  Can someone update the How to Configure the Exim Outgoing IP Address article with this info, please?

  0
• 

  cPRex Jurassic Moderator

  • January 24, 2024 23:48

  I'm glad you found a good answer.  What specific info do you think should be updated on that page?

  0
• 

  Kenric Ashe

  • January 25, 2024 01:18

  Well I suppose a summary of what determines the domain, either no domain (?) when it's localhost, or the username when authenticated. Maybe a link to this page?

  0
• 

  cPRex Jurassic Moderator

  • January 25, 2024 22:16

  As far as I'm aware, that's just default Exim behavior.  We have the WHM >> Tweak Settings option of "Restrict outgoing SMTP to root, exim, and mailman (FKA SMTP Tweak)" which enables Exim to process emails without an authenticated domain, but this has always been username-based as far as I am aware.

  0
• 

  Kenric Ashe

  • January 25, 2024 23:28
  • Edited

  Re: "domain", not sure we're talking about the same thing. I'm talking about what in the process of sending an email determines the domain as described in the instructions for /etc/mailhelo and /etc/mailips. That is not just default Exim behavior. It is defined in /etc/exim.pl.local as I documented in my answer to my own question. This is the second simple suggestion I've made in two days. Didn't expect either of them to be such a big deal. If cPanel is too busy to update documentation, I suppose this post will do for those who search for it.

  0
• 

  cPRex Jurassic Moderator

  • January 25, 2024 23:29

  I'm honestly confused at what needs to get updated.  I'm happy to tweak the docs, but I'm just not following along with this one well for some reason.

  0
• 

  Kenric Ashe

  • January 27, 2024 00:50

  Well my suggestion (see below) is very simple.

  It's a bit more complex -- yet important -- to first understand why the edit is needed.

  Let's take another look at the /etc/mailhelo example from the above-linked knowledge base page:

  example.com: example.com
  sub.example.com: example.com
  example.net: example.net
  addon.example.net: example.net
  *: hostname.example.com

  The paragraph before that example includes this statement:

  "This file governs which domain sends the HELO command."

  It's ambiguous what's meant by "domain", and it doesn't fully address how the domains on the left (keys) are different from the domains on the right (values).

  It's also not an entirely accurate statement, as it is not a domain that sends the HELO command. More specifically it is the value on the right which is used as the HELO string passed to the receiving SMTP server.

  Nowhere is it mentioned what the source is of the domain key from which the HELO value is derived.

  Now you might have assumed that it's based on the domain from user authentication, or localhost in the case of a local connection, but other people (myself included and I'm guessing at minimum the 3 other people who are already following this thread within 2 days after it started) consider multiple other possibilities such as:

  • From address
  • Return-Path
  • Reply-To

  If the knowledge base article had specified what determines the domain key, that would have saved me 3 hours of Exim config and Perl script analysis and testing.

  My hope is that sharing this info will save time for others, and I appreciate your willingness to update the documentation.

  Now here's my suggested addition:

  In the mailhelo and mailips files, the domain keys on the left are derived from the username when the SMTP connection is made with user authentication, or localhost for local connections.

  0
• 

  cPRex Jurassic Moderator

  • January 29, 2024 15:07

  I've brought this thread to the attention of the email team and highlighted that change you mentioned at the end.

  0
• 

  Kenric Ashe

  • January 29, 2024 18:49

  Thank you!

  0

Please sign in to leave a comment.