Relay emails through external mailserver. Mass update SPF records
hi guys
I want to make cpanel relay all emails through my other mailserver (for all clients on the server)
So my question is
1: How do i do that
2: how do i mass update the clients spf record to include the new mailserver ?
-
Hey there! When this has come up in the past, we usually recommend against it as the system just isn't designed to work this way. There was a good recommendation from another Forum member at https://support.cpanel.net/hc/en-us/community/posts/21930069564951-cPanel-as-a-relay-and-DKIM with additional details.
0 -
But what about the cpanel smarthost thingy isnt that exactly the case for this ?
0 -
No - the smarthost option is to send messages from a cPanel server to an external machine when your provider is blocking port 25 so you can't send emails another way. This forwards the message to an external tool for processing. It's important to note that these message are *locally generated emails from the cPanel server* and not incoming messages being proxied to another system.
cPanel doesn't have a mechanism to serve as it's own relay with any default settings that I'm aware of. I'm certain it's possible with Exim, but I don't have a guide to set that up.
0 -
But that is also kind a what i want
I have the cpanel server with all my clients
then i have an external mail server also.
The idea is to relay all the clients email through the external mailserver (amazon SES or whatever) I do have port 25 open, but i would prefere all mails was sent via my external mailserver.
Incoming mails to cpanel will still just be received that way.
But to accomplish this, even if its amazon ses thats set as the smart host. All clients would need to have their SPF updated with the amazon ses mailserver right ?0 -
If you want all *local emails from cPanel* to get sent not through port 25 but through a smarthost, this is the guide you want:
If you use that too, you shouldn't need to add anything special as DKIM gets handled properly. You may need to customize the SPF record, but your specific smarthost you're working with likely has details on that.
If you want all *incoming mail to the cPanel server* to get processed by Exim and then re-sent out through a Smarthost, that's what I don't have a guide on configuring.
0 -
Thanks, i found that post and its nice :) My second question is how can i "mass update" all my clients SPF record, so i can add the new IP's to their spf :)
0 -
There isn't a tool for that - in previous posts I've recommended careful scripting with sed/awk in order to mass update zones:
https://support.cpanel.net/hc/en-us/community/posts/19129342635799-Bulk-Edit-SPF
0 -
Ufh okay that makes it a bit more difficulty - Appreciate your help :)
0 -
in WHM -> Service Configuration -> Exim Configuration Manager -> Mail
there is a setting:
SPF include hosts for all domains on this system
"A comma-separated list of hosts that the system will add as SPF include entries for all domains on the system with SPF enabled."0 -
The option that quietfinn mentions will work for *new* DNS zones, but it won't go through and rewrite any existing zones on the machine. You may still want to configure that for future domains you create, but it won't solve the underlying issue of existing zones on the system.
0 -
cPRex
I am quite sure you are wrong, I have added that in production servers with hundreds of dns zones, and it was added to each dns zone.I was testing this in a test server:
Updating your system to reflect any changes...
Updating “SPF include hosts for all domains on this system” from “” to “_omaspf.omadomain.com”.
“SPF include hosts for all domains on this system” was updated.Maybe good to notice that you can add SPF include host(s) that way, but you can't remove them that way, so you must know what you are doing.
0 -
It's possible - I have been wrong before :)
-I created a new test machine and confirmed the default Tweak Setting of "Enable SPF on domains for newly created accounts" was set to on.
-I then created two cPanel accounts so I could examine the DNS zones
-They both got a default SPF record that looked like this:zonetest1.com. 14400 IN TXT "v=spf1 +a +mx +ip4:10.2.35.167 ~all"
-I then went to WHM >> Exim Configuration Manager and adjusted it to use "otherdomain.com"
-it works!zonetest2.com. 14400 IN TXT "v=spf1 ip4:10.2.35.167 include:otherdomain.com +a +mx ~all"
So there we go - a nice way to add an SPF record to every zone instantly. +1 for quietFinn!!!
0
Please sign in to leave a comment.
Comments
12 comments