Spam Experts Help

cPanel and WHM Configuration for Spam Experts

Hosted Cloud

To restrict deliveries to your WHM server from our filtering nodes only when domains use the SpamExperts MX records please do the following:

  1. SSH to the WHM server
  2. Create a new file /opt/setest with the following content
  3. #!/bin/bash
    host -t MX $1 | sort -n -k1 | cut -d ' ' -f 7 | sed -e 's/\.$//' | xargs | sed -e 's/ /:/g' | tr -d '\n'

  4. Save the file
  5. Create a new file: /opt/setestptr with the following content
  6. #!/bin/bash
    host -t PTR $1 | cut -d ' ' -f5 | sed 's/\.$//g' | tr -d '\n'

  7. Save the file
  8. Chmod the file the following command:
  9. chmod +x /opt/setest  && chmod +x /opt/setestptr

  10. Open the Exim Configuration Editor and enable the Advanced Mode and search for 'custom_begin_recp_verify'
  11. Paste the following into the box provided
  12. ######################################################################################
    ## Start SpamExperts verification
    defer
    !condition = ${if match_domain{${run {/opt/setestptr $sender_host_address}}}{*.antispamcloud.com}}
    set acl_m_mx_records = ${run {/opt/setest $domain}}
    condition = ${if eq{$acl_m_mx_records}{mx.spamexperts.com:fallbackmx.spamexperts.eu:lastmx.spamexperts.net}}
    message = Please deliver mail to the address specified in the MX records for this domain.
    ## End SpamExperts verification
    ######################################################################################

  13. Save the configuration and you're all set. This configuration does the following:

If the MX records of the domain are exactly set to those in the condition:

  1. Accept mails if they originate from the hosts with the PTR *.antispamcloud.com or localhost
  2. Reject direct deliveries not originating from the 'safe' hosts

If the domain does not have their MX records configured as in the Exim configuration, it is assumed that they are not behind the filter and direct deliveries are accepted (given it passes the default ACL settings).

Local Cloud

To restrict deliveries to your WHM server from your filtering nodes only when domains use the SpamExperts MX records please do the following:

  1. Create a delivery hostname in your DNS. using A records that point to each of your primary IPs.
  2. delivery.example.com > A > Primary IP node 1
    delivery.example.com > A > Primary IP node 2
    delivery.example.com > A > Primary IP node 2

    Please note in this article uses 'example.com' as the root hostname for your nodes.

  3. SSH to the WHM server
  4. Create a new file /opt/setest with the following content
  5. #!/bin/bash
    host -t MX $1 | sort -n -k1 | cut -d ' ' -f 7 | sed -e 's/\.$//' | xargs | sed -e 's/ /:/g' | tr -d '\n'

  6. Save the file
  7. Create a new file: /opt/setestptr with the following content
  8. #!/bin/bash
    host -t PTR $1 | cut -d ' ' -f5 | sed 's/\.$//g' | tr -d '\n'

  9. Save the file
  10. Chmod the file the following command:
  11. chmod +x /opt/setest && chmod +x /opt/setestptr

  12. Open the Exim Configuration Editor and enable the Advanced Mode and search for 'custom_begin_recp_verify'
  13. Paste the following into the box provided
  14. ######################################################################################
    ## Start SpamExperts verification
    defer
    !condition = ${if match_domain{${run {/opt/setestptr $sender_host_address}}}{*.example.com}}
    set acl_m_mx_records = ${run {/opt/setest $domain}}
    condition = ${if eq{$acl_m_mx_records}{mx1.example.com:mx2.example.com:mx3.example.com}}
    message = Please deliver mail to the address specified in the MX records for this domain.
    ## End SpamExperts verification
    ######################################################################################

  15. Save the configuration and you're all set.

If the MX records of the domain are exactly set to those in the condition:

  1. Accept mails if they originate from the hosts with the PTR *.example.com or localhost
  2. Reject direct deliveries not originating from the 'safe' hosts

If the domain does not have their MX records configured as in the Exim configuration, it is assumed that they are not behind the filter and direct deliveries are accepted (given it passes the default ACL settings).