im having a problem with new feature DA to manage domain IPS file for exim outbound

knoll

Verified User
Joined
Sep 26, 2005
Messages
140
Location
Belgium
Hey,
im having a problem with new feature DA to manage domain IPS file for exim outbound:
https://www.directadmin.com/features.php?id=1692

my mainserver ip gs2.opelmanta.be is banned by a big internet isp in belgium in their 'spamfilter'
totally uncorrect but after almost a week they still not fixed it
can i can't do anything about it myself.

So i was thinking about moving the mailserver for all clients to another ip (on my first tought only the mailserver so i want to keep all the rest on the correct mainip)

so this i what i do:
adding
Code:
add_domain_to_domainips=1 >> directadmin.conf
than i did
Code:
service directadmin restart
than running this commands
Code:
echo "action=rewrite&value=domainips" >> /usr/local/directadmin/data/task.queue
then i changed the ip from .54 to .49

then i tryed this but the file stayed blank
Code:
Similarly, for helo_data:
All:
echo "action=rewrite&value=helo_data" >> /usr/local/directadmin/data/task.queue
Just for one IP:
echo "action=rewrite&value=helo_data&ip=1.2.3.4" >> /usr/local/directadmin/data/task.queue

so i didn't know what to put there
so i tryed to put the hostname there:
here are the files

Code:
[root@gsi2 ~]# cat /etc/virtual/domainips
*:185.244.39.49
[root@gsi2 ~]# cat /etc/virtual/helo_data
mailserv.opelmanta.be

and added the new ip .49 in directadmin and in the username than directadmin did a duplicate of a records in named but for the .49 to
than i changed mail A to .49
then after named & exim restart i tryed to mail but i was still mailing with the hostname gsi2.opelmanta.be (the ip .54)
then i tryed to change to spf ip to .49 to was still set on 54 there.

This is all that i did

if i do host i think it looks great but its not working :'(
Code:
[root@gsi2 ~]# host opelhistorics.be
opelhistorics.be has address 185.244.39.54
opelhistorics.be mail is handled by 10 mail.opelhistorics.be.
[root@gsi2 ~]# host mail.opelhistorics.be
mail.opelhistorics.be has address 185.244.39.49
[root@gsi2 ~]
and with dig
Code:
[root@gsi2 ~]# dig opelhistorics.be

; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> opelhistorics.be
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24626
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;opelhistorics.be.              IN      A

;; ANSWER SECTION:
opelhistorics.be.       14399   IN      A       185.244.39.49
opelhistorics.be.       14399   IN      A       185.244.39.54

;; Query time: 14 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Mar 23 00:49:31 CET 2019
;; MSG SIZE  rcvd: 77

[root@gsi2 ~]# dig mail.opelhistorics.be

; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> mail.opelhistorics.be
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61947
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;mail.opelhistorics.be.         IN      A

;; ANSWER SECTION:
mail.opelhistorics.be.  14399   IN      A       185.244.39.49

;; Query time: 13 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Mar 23 00:49:37 CET 2019
;; MSG SIZE  rcvd: 66

[root@gsi2 ~]#

i really hope someone finds what i do wrong i'm using SpamBlockerTechnology* powered exim.conf, Version 4.5.12
many thanks !
 
Last edited:
just a question for this new feature they all need to be have the .49 ip added the users or can't it go another way that i just gets used for mailserver?
 
I'm not sure, but from what I've read from that feature section... shouldn't the domain (opelhistorics.be) not also be created on this .49 ip?
At least that is what it says here:
https://www.directadmin.com/features.php?id=1692
for any domain created with an IP that is not the server IP.
helo_data will only get owned IPs.
Which would also prevent the need of changing SPF records if I'm not mistaken. But I could be wrong, I don't know, never used this.

For the rest I will just be following this thread as I also find this interesting on how this is used.
 
opelhistorics.be has on userlevel 2 ips the .54 ip (main ip that is blocked in spamfilter) and .49 a new ip that i want to use mainly for mailserver
but every a record is duplicated like this:
[root@gsi2 etc]# host www.opelhistorics.be
www.opelhistorics.be has address 185.244.39.49
www.opelhistorics.be has address 185.244.39.54

here the named file of the domainname i setted spf to .49(mailservip) is this needed or may it stay on the main ip like it was normally (54
cp 14400 IN A 185.244.39.54
ftp 14400 IN A 185.244.39.49
ftp 14400 IN A 185.244.39.54
imap 14400 IN A 185.244.39.54
kimc 14400 IN A 185.244.39.49
kimc 14400 IN A 185.244.39.54
localhost 14400 IN A 127.0.0.1
mail 14400 IN A 185.244.39.49
ns1 14400 IN A 185.244.39.54
ns2 14400 IN A 185.244.39.54
opelhistorics.be. 14400 IN A 185.244.39.49
opelhistorics.be. 14400 IN A 185.244.39.54
pop 14400 IN A 185.244.39.49
pop 14400 IN A 185.244.39.54
smtp 14400 IN A 185.244.39.49
smtp 14400 IN A 185.244.39.54
www 14400 IN A 185.244.39.49
www 14400 IN A 185.244.39.54
www.kimc 14400 IN A 185.244.39.49
www.kimc 14400 IN A 185.244.39.54

opelhistorics.be. 14400 IN MX 10 mail



_dmarc 14400 IN TXT "v=DMARC1; p=reject; sp=none; rua=mailto:mymail"
opelhistorics.be. 14400 IN TXT "v=spf1 a mx ip4:185.244.39.49 ~all"
x._domainkey 14400 IN TXT ( "v=DKIM1; k=rsa; p=mykey$
"mykey$
"mykey$

localhost 14400 IN AAAA ::1

when i go to https://mxtoolbox.com/SuperTool.aspx?action=mx:opelhistorics.be&run=toolpage#
it says:

smtp:185.244.39.49
220 gsi2.opelmanta.be ESMTP Exim 4.92 Sat, 23 Mar 2019 01:56:59 +0100
Test Result
SMTP Banner Check Reverse DNS does not match SMTP Banner More Info
SMTP Reverse DNS Mismatch OK - 185.244.39.49 resolves to mailserv.opelmanta.be
SMTP Valid Hostname OK - Reverse DNS is a valid Hostname
SMTP TLS OK - Supports TLS.
SMTP Connection Time 1.689 seconds - Good on Connection time
SMTP Open Relay OK - Not an open relay.
SMTP Transaction Time 4.170 seconds - Good on Transaction Time
Session Transcript:
Connecting to 185.244.39.49

220 gsi2.opelmanta.be ESMTP Exim 4.92 Sat, 23 Mar 2019 01:56:59 +0100 [1564 ms]
EHLO keeper-us-east-1c.mxtoolbox.com
250-gsi2.opelmanta.be Hello keeper-us-east-1c.mxtoolbox.com [18.205.72.90]
250-SIZE 524288000
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP [689 ms]
MAIL FROM:<[email protected]>
250 OK [891 ms]
RCPT TO:<[email protected]>
550 authentication required [824 ms]

LookupServer 4592ms
so here you see it switches back to the main server and i don't know why and /var/log/exim/mainlog doesn't tell anything

here is a mailheader from [email protected] to [email protected] (i have the same header for every mailadres)
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from gsi2.opelmanta.be
by gsi2.opelmanta.be with LMTP
id SP5UNxGFlVyKTwAAyIxAOQ
(envelope-from <[email protected]>)
for <[email protected]>; Sat, 23 Mar 2019 02:00:01 +0100
Return-path: <[email protected]>
Envelope-to: [email protected]
Delivery-date: Sat, 23 Mar 2019 02:00:01 +0100
Received: from mail by gsi2.opelmanta.be with spam-scanned (Exim 4.92)
(envelope-from <[email protected]>)
id 1h7V0z-0000bc-RE
for [email protected]; Sat, 23 Mar 2019 02:00:01 +0100
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on gsi2.opelmanta.be
X-Spam-Level:
X-Spam-Status: No, score=-1.0 required=7.5 tests=ALL_TRUSTED
autolearn=unavailable autolearn_force=no version=3.4.2
Received: from myhomehost.be ([myhomepc] helo=ALEXPC)
by gsi2.opelmanta.be with esmtpa (Exim 4.92)
(envelope-from <[email protected]>)
id 1h7V0z-0000bY-Or
for [email protected]; Sat, 23 Mar 2019 02:00:01 +0100
From: "Alex Vanhecke" <[email protected]>
To: "'Alex Vanhecke'" <[email protected]>
Subject: test
Date: Sat, 23 Mar 2019 01:59:53 +0100
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_08F1_01D4E11C.1B34DC50"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdThE7h6mljpd9ewSROLFeqFCQRQMA==
Content-Language: nl-be
X-MS-TNEF-Correlator: 00000000421045E4F251EA46845FCA9558867BEA04304D00

i don't know if dkim dmarc will work on this feature?
or do i something wrong neither ;)
i think i gave all the info i could give now ;)

it whould be great to use this feature to use it for mailserver on other ip only and not for everything
i really hope someone could tell me what i must do
many thanks on advance
Greets Alex
 
Last edited:
Your exim.conf version must be too old and does not support the feature. You should upgrade it to at least 4.4.x
 
Your exim.conf version must be too old and does not support the feature. You should upgrade it to at least 4.4.x

Im using SpamBlockerTechnology* powered exim.conf, Version 4.5.12 # August 15, 2018 the latest stable version
 
and this is present in the exim.conf it was already there:
exim.conf 4.3.1

adds these lines to the remote_smtp section:
interface = <; ${if exists{/etc/virtual/domainips}{${lookup{$sender_address_domain}lsearch*{/etc/virtual/domainips}}}}
helo_data = ${if exists{/etc/virtual/helo_data}{${lookup{$sending_ip_address}iplsearch{/etc/virtual/helo_data}{$value}{$primary_hostname}}}{$primary_hostname}}

and this one, just after #EDIT#1 (after #primary_hostname)
smtp_active_hostname = ${if exists{/etc/virtual/helo_data}{${lookup{$interface_address}iplsearch{/etc/virtual/helo_data}{$value}{$primary_hostname}}}{$primary_hostname}}

But if you look at a few posts above here you see what i set in /helo_data (directadmin wasn't doing anything with that file it was empty)
i really don't know if thats correct.

i really hope on a fast fix
 
Last edited:
@zEitEr: Could you have a look at post #3 of me in this thread and confirm or deny if this is necessary? That is the case at this moment, but is this indeed needed? We still wonder about that.
 
Last edited:
here 2 screenshots of the ip's
one in the admin area taken:
1.jpg
and the one in the user historics
this is the user where i allready have the 'correct' dns records to test out if it works
2.jpg

when we do telnet on it you see it switching back to gsi2 (the mainserver ip)
[root@test ~]# telnet 185.244.39.49 25
Trying 185.244.39.49...
Connected to 185.244.39.49.
Escape character is '^]'.
220 gsi2.opelmanta.be ESMTP Exim 4.92 Sat, 23 Mar 2019 14:48:53 +0100

and the used exim.conf here:
Code:
# SpamBlockerTechnology* powered exim.conf, Version 4.5.12
# August 15, 2018
# Exim configuration file for DirectAdmin
# Requires exim.pl as distributed by DirectAdmin here:
# [url]http://files.directadmin.com/services/exim.pl[/url] version 21 or higher
# ClamAV optional
# SpamAssassin optional
# Dovecot/IMAP Mandatory
# *SpamBlockerTechnology is a Trademark of NoBaloney Internet Services:
# [url]http://www.nobaloney.net[/url]
# 
# WARNING! Do NOT use this exim.conf Exim configuration file unless you
# make the required modifications to your Exim configuration
# following the instructions in the README file included in this
# distribution:
# README-SpamBlockerVersion4exim.conf.txt
# 
# The original exim.conf file distributed with Exim 4, includes the
# following copyright notice:
# 
# Copyright (C) 2002 University of Cambridge, Cambridge, UK
# 
# Portions of the file are taken from the exim.conf file as
# distributed with DirectAdmin ([url]http://www.directadmin.com/[/url])
# 
# Copyright (C) 2003-2011 JBMC Software, St Albert, AB, Canada
# 
# Portions of this file are written by NoBaloney Internet Services
# and are copyright as follows:
# 
# Copyright (C) 2004-2011 NoBaloney Internet Services, Riverside, Calif., USA
# 
# The entire Exim 4 distribution, including the exim.conf file, is
# distributed under the GNU GENERAL PUBLIC LICENSE, Version 2,
# June 1991. If you do not have a copy of the GNU GENERAL PUBLIC LICENSE
# you may download it, in it's entirety, from the website at:
# 
# [url]http://www.nobaloney.net/exim/gnu-gpl-v2.txt[/url]
# 
# Thanks to all the members of the DirectAdmin community and of the exim
# community who have given their # much needed and appreciated help.
# 
# The most recent version of this file may always downloaded from the website
# at: [url]http://www.nobaloney.net/downloads/spamblocker[/url]
# 
# MODIFICATION INSTRUCTIONS
# 
# YOU MUST MAKE THE CHANGES TO THIS
# SpamBlockerTechnology* powered exim.conf, Version 4.0
# file as documented in the README file.
# 
# The README file for this version is named:
# README-SpamBlockerVersion4exim.conf.txt

# CONFIGURATION STARTS HERE

#EDIT#1:
# primary_hostname =
smtp_active_hostname = ${if exists{/etc/virtual/helo_data}{${lookup{$interface_address}iplsearch{/etc/virtual/helo_data}{$value}{$primary_hostname}}}{$primary_hostname}}

#EDIT#2-CLAMAV:
# av_scanner = clamd:/var/run/clamav/clamd
.include_if_exists /etc/exim.clamav.load.conf

#Block Cracking variables
.include_if_exists /etc/exim.blockcracking/variables.conf

#Easy Spam Figher variables
.include_if_exists /etc/exim.easy_spam_fighter/variables.conf

#SRS
.include_if_exists /etc/exim.srs.conf

#EDIT#3:
# qualify_domain =

#EDIT#4:
perl_startup = do '/etc/exim.pl'

#EDIT#5:
system_filter = /etc/system_filter.exim

#EDIT#6:
untrusted_set_sender = *

#EDIT#7:
daemon_smtp_ports = 25 : 587 : 465
tls_on_connect_ports = 465

#EDIT#8:
local_from_check = false

RBL_DNS_LIST=\
       cbl.abuseat.org : \
       bl.spamcop.net : \
       b.barracudacentral.org : \
       zen.spamhaus.org

.include /etc/exim.variables.conf
.include /etc/exim.strings.conf
.include_if_exists /etc/exim.strings.conf.custom

#EDIT#10:
helo_allow_chars = _

#EDIT#11:
log_selector = \
  +delivery_size \
  +sender_on_delivery \
  +received_recipients \
  +received_sender \
  +smtp_confirmation \
  +subject \
  +smtp_incomplete_transaction \
  -dnslist_defer \
  -host_lookup_failed \
  -queue_run \
  -rejected_header \
  -retry_defer \
  -skip_delivery \
  +arguments

#EDIT#12:
syslog_duplication = false

#EDIT#13:
acl_not_smtp = acl_script
acl_smtp_auth = acl_check_auth
acl_smtp_connect = acl_connect
acl_smtp_helo = acl_check_helo
acl_smtp_mail = ${if ={$interface_port}{587} {accept}{acl_check_mail}}
acl_smtp_rcpt = acl_check_recipient
acl_smtp_dkim = ${if ={$interface_port}{587} {accept}{acl_check_dkim}}
acl_smtp_data = acl_check_message
acl_smtp_mime = acl_check_mime

#EDIT#14:
addresslist whitelist_senders = nwildlsearch;/etc/virtual/whitelist_senders
addresslist blacklist_senders = nwildlsearch;/etc/virtual/blacklist_senders
domainlist blacklist_domains = nwildlsearch;/etc/virtual/blacklist_domains
domainlist whitelist_domains = nwildlsearch;/etc/virtual/whitelist_domains
domainlist local_domains = lsearch;/etc/virtual/domains
domainlist relay_domains = lsearch;/etc/virtual/domains
domainlist use_rbl_domains = lsearch;/etc/virtual/use_rbl_domains
domainlist skip_rbl_domains = nwildlsearch;/etc/virtual/skip_rbl_domains
hostlist skip_rbl_hosts = ${if exists{/etc/virtual/skip_rbl_hosts}{wildlsearch;/etc/virtual/skip_rbl_hosts}}
hostlist skip_rbl_hosts_ip = ${if exists{/etc/virtual/skip_rbl_hosts_ip}{/etc/virtual/skip_rbl_hosts_ip}}
hostlist auth_relay_hosts = *
hostlist bad_sender_hosts = nwildlsearch;/etc/virtual/bad_sender_hosts
hostlist bad_sender_hosts_ip = /etc/virtual/bad_sender_hosts_ip
hostlist whitelist_hosts = nwildlsearch;/etc/virtual/whitelist_hosts
hostlist whitelist_hosts_ip = /etc/virtual/whitelist_hosts_ip
BLACKLIST_USERNAMES = /etc/virtual/blacklist_usernames
BLACKLIST_SMTP_USERNAMES = /etc/virtual/blacklist_smtp_usernames
BLACKLIST_SCRIPT_USERNAMES = /etc/virtual/blacklist_script_usernames

#EDIT#15:
#domainlist skip_av_domains = nwildlsearch;/etc/virtual/skip_av_domains

#EDIT#16:
#relay_hosts/pophosts moved to variables.conf

#EDIT#17:
never_users = root

#EDIT#18:
host_lookup = *

#EDIT#19:
rfc1413_hosts = *
rfc1413_query_timeout = 0s

#EDIT#20:
#exim.variables.conf

#EDIT#21:
#exim.variables.conf

#EDIT#22:
#exim.variables.conf

#EDIT#23:
tls_advertise_hosts = *
#auth_over_tls_hosts = *

.include_if_exists /etc/exim.variables.conf.post

##################################################################################
# Access Control Lists
##################################################################################
begin acl


######################################
# ACL CONNECT
######################################
#EDIT#24:
acl_connect:
  warn set acl_m_spam_assassin_has_run = 0
  warn set acl_m_is_whitelisted = 0
  .include_if_exists /etc/exim.easy_spam_fighter/connect.conf
  accept hosts = *


######################################
# ACL CHECK MAIL
######################################
acl_check_mail:
  accept  condition = ${if eq{$acl_m_is_whitelisted}{1}{1}{0}}

#EDIT#31:
  accept  sender_domains = +whitelist_domains
          logwrite = $sender_host_address whitelisted in local domains whitelist
          set acl_m_is_whitelisted = 1
  accept  hosts = +whitelist_hosts
          logwrite = $sender_host_address whitelisted in local hosts whitelist
          set acl_m_is_whitelisted = 1
  accept  hosts = +whitelist_hosts_ip
          logwrite = $sender_host_address whitelisted in local hosts IP whitelist
          set acl_m_is_whitelisted = 1
  # accept if envelope sender is in whitelist
  accept  senders = +whitelist_senders
          logwrite = $sender_host_address whitelisted in local sender whitelist
          set acl_m_is_whitelisted = 1

  .include_if_exists /etc/exim.easy_spam_fighter/check_mail.conf
  accept


######################################
# ACL CHECK AUTH
######################################
#EDIT#24.5#
acl_check_auth:
  drop  set acl_m_authcount = ${eval10:0$acl_m_authcount+1}
        condition = ${if >{$acl_m_authcount}{2}}
        delay = 10s
        message = ONLY_ONE_AUTH_PER_CONN

  accept


######################################
# ACL CHECK HELO
######################################
#EDIT#25:
acl_check_helo:

  .include_if_exists /etc/exim.acl_check_helo.pre.conf

  # accept mail originating on this server unconditionally
  accept  hosts = <; @[]; 127.0.0.0/8 ; ::1 ; @
  # deny if the HELO pretends to be this host
    deny message = HELO_HOST_IMPERSANATION
      condition = ${if or { \
                            {eq{$sender_helo_name}{$smtp_active_hostname}} \
                            {eq{$sender_helo_name}{[$interface_address]}} \
                          } {true}{false} }
  # deny if the HELO is an IP address
    deny message = HELO_IS_IP
         condition   = ${if eq{$interface_port}{25}}
         condition   = ${if isip{$sender_helo_name}}
  # deny if hostname if ylmf-pc, which accounts for a HUGE percentage of BF attacks
    deny message = HELO_BLOCKED_FOR_ABUSE
         condition   = ${if eq{$sender_helo_name}{ylmf-pc}}
  # deny if the HELO pretends to be one of the domains hosted on the server
    deny message = HELO_IS_LOCAL_DOMAIN
        condition = ${if match_domain{$sender_helo_name}{+local_domains}{true}{false}}
        hosts = ! +relay_hosts
        
  .include_if_exists /etc/exim.acl_check_helo.post.conf

  accept


######################################
# ACL SCRIPT
######################################
acl_script:

  .include_if_exists /etc/exim.acl_script.pre.conf

  discard set acl_m_uid = ${perl{find_uid}}
          set acl_m_username = ${perl{get_username}{$acl_m_uid}}
          condition = ${if !eq {$acl_m_uid}{-1}{yes}{no}}
          condition = ${if >{${perl{hit_limit_user}{$acl_m_username}}}{1}}
          message = USER_TOO_MANY

  discard condition = ${if !eq{$originator_uid}{$exim_uid}}
          condition = ${if exists{BLACKLIST_USERNAMES}}
          condition = ${lookup{$acl_m_username}lsearch{BLACKLIST_USERNAMES}{1}{0}}
          message = USER_ON_BLACKLIST_SCRIPT BLACKLIST_USERNAMES

  discard condition = ${if !eq{$originator_uid}{$exim_uid}}
          condition = ${if exists{BLACKLIST_SCRIPT_USERNAMES}}
          condition = ${lookup{$acl_m_username}lsearch{BLACKLIST_SCRIPT_USERNAMES}{1}{0}}
          message = USER_ON_BLACKLIST_SCRIPT BLACKLIST_SCRIPT_USERNAMES

  .include_if_exists /etc/exim.blockcracking/script.conf

  accept

  .include_if_exists /etc/exim.blockcracking/script.recipients.conf


######################################
# ACL CHECK RECIPIENT
######################################
#EDIT#26:
acl_check_recipient:

  .include_if_exists /etc/exim.acl_check_recipient.pre.conf

  # block certain well-known exploits, Deny for local domains if
  # local parts begin with a dot or contain @ % ! / |
  deny  domains       = +local_domains
        message = Invalid characters in local_part
        local_parts   = ^[.] : ^.*[@%!|]

  # If you've hit the limit, you can't send anymore. Requires exim.pl 17+
  drop  message = AUTH_TOO_MANY
        condition = ${perl{auth_hit_limit_acl}}
        authenticated = *

  drop  message = MULTIPLE_BOUNCE_RECIPIENTS
        senders = : postmaster@*
        condition = ${if >{$recipients_count}{0}{true}{false}}

  drop  message = TOO_MANY_FAILED_RECIPIENTS
        log_message = REJECTED - Too many failed recipients - count = $rcpt_fail_count
        condition = ${if > {${eval:$rcpt_fail_count}}{3}{yes}{no}}
        !verify = recipient/callout=2m,defer_ok,use_sender

  drop  message = DOMAIN_SUSPENDED
        domains = +local_domains
        condition = ${if exists{/etc/virtual/${domain}_off}{yes}{no}}

  drop  authenticated = *
        condition = ${if exists{BLACKLIST_USERNAMES}}
        set acl_m_uid = ${perl{find_uid_auth_id}{$authenticated_id}}
        set acl_m_username = ${perl{get_username}{$acl_m_uid}}
        condition = ${if !eq {$acl_m_uid}{-1}{yes}{no}}
        condition = ${lookup{$acl_m_username}lsearch{BLACKLIST_USERNAMES}{1}{0}}
        message = USER_ON_BLACKLIST_SMTP
        logwrite = User account $acl_m_username is blocked via BLACKLIST_USERNAMES

  drop  authenticated = *
        condition = ${if exists{BLACKLIST_SMTP_USERNAMES}}
        set acl_m_uid = ${perl{find_uid_auth_id}{$authenticated_id}}
        set acl_m_username = ${perl{get_username}{$acl_m_uid}}
        condition = ${if !eq {$acl_m_uid}{-1}{yes}{no}}
        condition = ${lookup{$acl_m_username}lsearch{BLACKLIST_SMTP_USERNAMES}{1}{0}}
        message = USER_ON_BLACKLIST_SMTP
        logwrite = User account $acl_m_username is blocked via BLACKLIST_SMTP_USERNAMES

  accept  condition = ${if eq{$acl_m_is_whitelisted}{1}{1}{0}}

  .include_if_exists /etc/exim.acl_check_recipient.mid.conf

  #Block Cracking - [url]https://github.com/Exim/exim/wiki/BlockCracking[/url]
  .include_if_exists /etc/exim.blockcracking/auth.conf

  # restrict port 587 to authenticated users only
  # see also daemon_smtp_ports above
  accept  hosts = +auth_relay_hosts
	  condition = ${if eq {$interface_port}{587} {yes}{no}}
	  endpass
	  message = RELAY_NOT_PERMITTED_AUTH
	  authenticated = *
  # Deny all Mailer-Daemon messages not for us:
  deny message = We didn't send the message
       senders = :
       domains = !+relay_domains
	   !authenticated = *

  # Deny if the recipient doesn't exist:
    deny message = NO_SUCH_RECIPIENT
         domains = +local_domains
	 !verify = recipient
  # Remaining Mailer-Daemon messages must be for us
    accept senders = :
	   domains = +relay_domains

#EDIT#27:
  # 1st deny checks if it's a hostname or IPV4 address with dots or IPV6 address
    deny message = R1: HELO_SHOULD_BE_FQDN
         !authenticated = *
         condition   = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}}
         condition   = ${if match{$sender_helo_name}{\N\.\N}{no}{yes}}
  ## 2nd deny makes sure the hostname doesn't end with a dot (invalid)
  #  deny message = R2: HELO_SHOULD_BE_FQDN
  #       !authenticated = *
  #       condition   = ${if match{$sender_helo_name}{\N\.$\N}}
  # 3rd deny makes sure the hostname has no double-dots (invalid)
    deny message = R3: HELO_SHOULD_BE_FQDN
         !authenticated = *
         condition   = ${if match{$sender_helo_name}{\N\.\.\N}}
  ## 4th deny make sure the hostname doesn't end in .home (invalid domain)
  #  deny message = R4: HELO_SHOULD_BE_FQDN
  #       !authenticated = *
  #       condition  = ${if match{$sender_helo_name}{\N\.home$\N}}

#EDIT#28:
  # warn domains = +skip_av_domains
  # set acl_m0 = $tod_epoch

#EDIT#29:
  deny  domains       = !+local_domains
        local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./

#EDIT#30:
  accept  hosts = :
          logwrite = Whitelisted as having local origination

#EDIT#32:
    deny message = 554 denied. 5.7.1 BLOCKED_DUE_TO_SPAM_SENDER
    domains = +use_rbl_domains
    domains = !+skip_rbl_domains
    hosts = !+skip_rbl_hosts : !+skip_rbl_hosts_ip
    senders = +blacklist_senders

#EDIT#33:
    deny message = 554 denied. 5.7.1 BLOCKED_DUE_TO_SPAM_HOST
       # only for domains that do want to be tested against RBLs
       domains = +use_rbl_domains
       domains = !+skip_rbl_domains
       hosts = !+skip_rbl_hosts : !+skip_rbl_hosts_ip
       hosts = +bad_sender_hosts

#EDIT#34:
    deny message = 554 denied. 5.7.1 BLOCKED_DUE_TO_SPAM_IP
       hosts = +bad_sender_hosts_ip

#EDIT#35:
  accept domains = +local_domains
         sender_domains = !+blacklist_domains
         hosts = !+bad_sender_hosts
         hosts = !+bad_sender_hosts_ip
         dnslists = list.dnswl.org&0.0.0.2
         dnslists = list.dnswl.org!=127.0.0.255
         logwrite = $sender_host_address whitelisted in list.dnswl.org

#EDIT#36:
  # accept domains = +local_domains
  #        dnslists = hostkarma.junkemailfilter.com=127.0.0.1
  #        logwrite = $sender_host_address whitelisted in hostkarma.junkemailfilter.com

#EDIT#37:
  # accept  local_parts = whitelist
  #         domains     = example.com

#EDIT#38:
  require verify = sender

#EDIT#39:
    deny message = 554 denied. 5.7.1 BLOCKED_DUE_TO_SPAM_DOMAIN
       domains = +use_rbl_domains
       domains = !+skip_rbl_domains
       hosts = !+skip_rbl_hosts : !+skip_rbl_hosts_ip
       sender_domains = +blacklist_domains

#EDIT#40:
#    deny message = 554 denied. 5.7.1 Forged Paypal Mail, not sent from PayPal.
#         senders = *@paypal.com
#         condition = ${if match {$sender_host_name}{\Npaypal.com$\N}{no}{yes}}

#EDIT#41:
  warn hosts = +skip_rbl_hosts
       logwrite = $sender_host_address RBL whitelisted in skip_rbl_hosts
  warn hosts = +skip_rbl_hosts_ip
       logwrite = $sender_host_address RBL whitelisted in skip_rbl_hosts_ip
  warn domains = +skip_rbl_domains
       logwrite = $sender_host_address RBL whitelisted $domain in skip_rbl_domains
  
  deny message = RBL_BLOCKED_BY_LIST
       hosts    = !+relay_hosts
       domains = +use_rbl_domains
       domains = !+skip_rbl_domains
       hosts = !+skip_rbl_hosts : !+skip_rbl_hosts_ip
       !authenticated = *
       dnslists = RBL_DNS_LIST

  .include_if_exists /etc/exim.easy_spam_fighter/check_rcpt.conf

  .include_if_exists /etc/exim.greylist.conf
  
#COMMENT#43:
# ACCEPT EMAIL BEGINNING HERE
  # accept if address is in a local domain as long as recipient can be verified
  accept  domains = +local_domains
          endpass
	  message = UNKNOWN_USER
          verify = recipient
#COMMENT#44
  # accept if address is in a domain for which we relay as long as recipient
  # can be verified
  accept  domains = +relay_domains
          endpass
          verify = recipient
#EDIT#45:
  accept  hosts = +relay_hosts
          add_header = X-Relay-Host: $sender_host_address

  accept  hosts = +auth_relay_hosts
          endpass
          message = AUTH_REQUIRED
          authenticated = *

  .include_if_exists /etc/exim.acl_check_recipient.post.conf

# FINAL DENY EMAIL BEFORE DATA BEGINS HERE
  # default at end of acl causes a "deny", but line below will give
  # an explicit error message:
  deny    message = RELAY_NOT_PERMITTED


######################################
# ACL CHECK DKIM
######################################
acl_check_dkim:
  accept  condition = ${if eq{$acl_m_is_whitelisted}{1}{1}{0}}
          
  .include_if_exists /etc/exim.easy_spam_fighter/check_dkim.conf
  accept


######################################
# ACL CHECK MESSAGE
######################################
# ACL that is used after the DATA command (ClamAV)
acl_check_message:

  .include_if_exists /etc/exim.acl_check_message.pre.conf

#EDIT#46.1#T9653
  warn    condition       = ${if !def:h_Message-ID: {yes}{no}}
          message         = Adding Message-ID header because it is missing!
          add_header      = Message-ID: <GENERATED-WASMISSING-$message_exim_id@$primary_hostname>

  accept  condition = ${if eq{$acl_m_is_whitelisted}{1}{1}{0}}

  .include_if_exists /etc/exim.easy_spam_fighter/check_message.conf

#EDIT#46:
.include_if_exists /etc/exim.clamav.conf

  .include_if_exists /etc/exim.acl_check_message.post.conf

  accept

######################################
# ACL that is used for each MIME attachment in the email.
acl_check_mime:

  .include_if_exists /etc/exim.check_mime.conf.custom
  .include_if_exists /etc/exim.easy_spam_fighter/check_mime.conf

  accept


##################################################################################
# AUTHENTICATION CONFIGURATION
##################################################################################
begin authenticators

plain:
    driver = plaintext
    public_name = PLAIN
    server_prompts = :
    server_condition = "${perl{smtpauth}{0}}"
    server_set_id = $2

login:
    driver = plaintext
    public_name = LOGIN
    server_prompts = "Username:: : Password::"
    server_condition = "${perl{smtpauth}{0}}"
    server_set_id = $1

#EDIT#47:
# REWRITE CONFIGURATION
# There is no rewriting specification in this exim.conf file. If your
# configuration requires one, it would go here


.include_if_exists /etc/exim.authenticators.post.conf

##################################################################################
# ROUTERS CONFIGURATION
##################################################################################
begin routers
#EDIT#48:

.include_if_exists /etc/exim.routers.pre.conf

lookuphost:
  driver = dnslookup
  domains = ! +local_domains
  ignore_target_hosts = 127.0.0.0/8
  condition = "${perl{check_limits}}"
  transport = remote_smtp
  no_more

# RELATED: [url]http://help.directadmin.com/item.php?id=153[/url]
# smart_route:
#   driver = manualroute
#   domains = ! +local_domains
#   ignore_target_hosts = 127.0.0.0/8
#   condition = "${perl{check_limits}}"
#   route_list = !+local_domains HOSTNAME-or-IP#
#   transport = remote_smtp

#COMMENT#49:
#DIRECTORS CONFIGURATION

.include_if_exists /etc/exim.spamassassin.conf

#EDIT#50:
# Spam Assassin
#spamcheck_director removed. Use the exim.spamassassin.conf

majordomo_aliases:
  driver = redirect
  allow_defer
  allow_fail
  data = ${if exists{/etc/virtual/${domain}/majordomo/list.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/list.aliases}}}}
  domains = lsearch;/etc/virtual/domainowners
  file_transport = address_file
  group = daemon
  pipe_transport = majordomo_pipe
  retry_use_local_part
  no_rewrite
  user = majordomo

majordomo_private:
  driver = redirect
  allow_defer
  allow_fail
  #condition = "${if eq {$received_protocol} {local} {true} {false} }"
  condition = "${if or { {eq {$received_protocol} {local}} \
                         {eq {$received_protocol} {spam-scanned}} } {true} {false} }"
  data = ${if exists{/etc/virtual/${domain}/majordomo/private.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/private.aliases}}}}
  domains = lsearch;/etc/virtual/domainowners
  file_transport = address_file
  group = daemon
  pipe_transport = majordomo_pipe
  retry_use_local_part
  user = majordomo

domain_filter:
  driver = redirect
  allow_filter
  no_check_local_user
  condition = "${if exists{/etc/virtual/${domain}/filter}{yes}{no}}"
  user = "${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}"
  group = "mail"
  file = /etc/virtual/${domain}/filter
  directory_transport = address_file
  pipe_transport = virtual_address_pipe
  retry_use_local_part
  no_verify

uservacation:
  # uservacation reply to all except errors, bounces, lists
  driver = accept
  condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/vacation.conf}{yes}{no}}
  condition = ${if match{$h_X-Spam-Status:}{\N^Yes\N}{no}{yes}}
  require_files = /etc/virtual/${domain}/reply/${local_part}.msg
  # do not reply to errors and bounces or lists
  senders = " ! ^.*-request@.*:\
              ! ^owner-.*@.*:\
              ! ^postmaster@.*:\
              ! ^listmaster@.*:\
              ! ^mailer-daemon@.*\
              ! ^root@.*"
  transport = uservacation
  unseen

userautoreply:
  driver = accept
  condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/autoresponder.conf}{yes}{no}}
  condition = ${if match{$h_X-Spam-Status:}{\N^Yes\N}{no}{yes}}
  require_files = /etc/virtual/${domain}/reply/${local_part}.msg
  # do not reply to errors and bounces or lists
  senders = " ! ^.*-request@.*:\
              ! ^owner-.*@.*:\
              ! ^postmaster@.*:\
              ! ^listmaster@.*:\
              ! ^mailer-daemon@.*\
              ! ^root@.*"
  transport = userautoreply
  unseen

#any callbacks doing sender verify checks to this server accept SRS0 encoded emails if they exist, else the verify will fail.
#until we figure out how to extract the original forwarder name in exim, we'll accept and drop all SRS0 encoded emails.
#the srs_recipient is the original remote sender, so we dont want to forwarder there, else it will generated untraced backscatter (no data=srs_recipient)
#I had found srs_orig_recipient variable, but wasn't able to use it to check for local fordwarders.
#so any email to [email protected] will be accepted and dropped into the :blackhole:, which should be sufficient to satisfy the sender verify, and prevent any spam since it's always dropped.
#if the final recipient hits "reply", it should already go to the orignal remote sender, not to the SRS name.
srs_router:
  driver =	redirect
  condition = ${if exists{/etc/exim.srs.forward.conf}}
  srs =		reverse
  data = :blackhole:
  domains =	+local_domains
   
#forwarder exists
#user exists
virtual_user_unseen:
  driver = accept
  condition = ${if exists{/etc/virtual/${domain}/passwd}{1}{0}}
  condition = ${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}{1}{0}}
  condition = ${perl{save_virtual_user}}
  domains = lsearch;/etc/virtual/domainowners
  group = mail
  .include_if_exists /etc/exim/local_part_suffix.conf
  retry_use_local_part
  transport = dovecot_lmtp_udp
  unseen

#forwarder exists
#user does not exist
virtual_aliases_nouser_nostar:
  driver = redirect
  .include_if_exists /etc/exim.srs.forward.conf
  allow_defer
  allow_fail
  condition = ${if exists{/etc/virtual/${domain}/passwd}{1}{0}}
  condition = ${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}{1}{0}}
  condition = ${lookup{$local_part}lsearch{/etc/virtual/${domain}/passwd}{0}{1}}
  data = ${lookup{$local_part}lsearch{/etc/virtual/$domain/aliases}}
  file_transport = address_file
  group = mail
  pipe_transport = virtual_address_pipe
  retry_use_local_part
  .include_if_exists /etc/exim/local_part_suffix.conf

#forwarder does not exist
#user exists
virtual_user:
  driver = accept
  condition = ${if exists{/etc/virtual/${domain}/passwd}{1}{0}}
  condition = ${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}{0}{1}}
  condition = ${perl{save_virtual_user}}
  domains = lsearch;/etc/virtual/domainowners
  group = mail
  retry_use_local_part
  transport = dovecot_lmtp_udp
  .include_if_exists /etc/exim/local_part_suffix.conf

#wildcard forwarder
#user should have already been caught above
virtual_aliases:
  #only the wildcard will be used here
  driver = redirect
  .include_if_exists /etc/exim.srs.forward.conf
  allow_defer
  allow_fail
  data = ${if exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch*{/etc/virtual/$domain/aliases}}}}
  file_transport = address_file
  group = mail
  pipe_transport = virtual_address_pipe
  retry_use_local_part
  .include_if_exists /etc/exim/local_part_suffix.conf

#COMMENT#51:
drop_solo_alias:
  driver = redirect
  allow_defer
  allow_fail
  data = ${if exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch{/etc/virtual/$domain/aliases}}}}
  file_transport = devnull
  group = mail
  pipe_transport = devnull
  retry_use_local_part
  #include_domain = true
  .include_if_exists /etc/exim/local_part_suffix.conf

#COMMENT#52:
userforward:
  driver = redirect
  allow_filter
  check_ancestor
  check_local_user
  no_expn
  file = $home/.forward
  file_transport = address_file
  pipe_transport = address_pipe
  reply_transport = address_reply
  directory_transport = address_directory
  no_verify

system_aliases:
  driver = redirect
  allow_defer
  allow_fail
  data = ${lookup{$local_part}lsearch{/etc/aliases}}
  file_transport = address_file
  pipe_transport = address_pipe
  retry_use_local_part
  # user = exim

localuser:
  driver = accept
  check_local_user
  condition = "${if eq {$domain} {$primary_hostname} {yes} {no}}"
  transport = local_delivery

#COMMENT#53:
##################################################################################
# TRANSPORTS CONFIGURATION
##################################################################################
begin transports

.include_if_exists /etc/exim.transports.pre.conf

#COMMENT#54:
spamcheck:
  driver = pipe
  batch_max = 100
  command = /usr/sbin/exim -oMr spam-scanned -bS
  current_directory = "/tmp"
  group = mail
  home_directory = "/tmp"
  log_output
  message_prefix = 
  message_suffix = 
  return_fail_output
  no_return_path_add
  transport_filter = /usr/bin/spamc -u ${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}
  use_bsmtp
  user = mail

#COMMENT#55:
majordomo_pipe:
  driver = pipe
  group = daemon
  return_fail_output
  user = majordomo

#COMMENT#56:
local_delivery:
  driver = appendfile
  delivery_date_add
  envelope_to_add
  directory = /home/$local_part/Maildir/
  directory_mode = 770
  create_directory = true
  maildir_format
  group = mail
  mode = 0660
  return_path_add
  user = ${local_part}

#COMMENT#57:
virtual_localdelivery:
  driver = appendfile
  create_directory
  delivery_date_add
  directory_mode = 770
  envelope_to_add
  directory = /home/${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}/imap/${domain}/${local_part}/Maildir
  maildir_format
  group = mail
  mode = 660
  return_path_add
  user = "${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}"
  quota = ${if exists{/etc/virtual/${domain}/quota}{${lookup{$local_part}lsearch*{/etc/virtual/${domain}/quota}{$value}{0}}}{0}}
  .include_if_exists /etc/exim/virtual_localdelivery.conf.post

#EDIT#58:
uservacation:
  driver = autoreply
  file = /etc/virtual/${domain}/reply/${local_part}.msg
  from = "${local_part}@${domain}"
  log = /etc/virtual/${domain}/reply/${local_part}.log
  no_return_message
  headers = ${if exists{/etc/virtual/${domain}/reply/${local_part}.headers}{${readfile{/etc/virtual/${domain}/reply/${local_part}.headers}}}}
  subject = ${if def:h_Subject: {\
                ${if exists{/etc/virtual/${domain}/reply/${local_part}.subject}\
                    {${readfile{/etc/virtual/${domain}/reply/${local_part}.subject}{}}}\
                    {Autoreply}\
                }: ${quote:${escape:${length_60:$h_Subject:}}}}\
                {I am on vacation}}
  to = "${sender_address}"
  user = mail
  once = /etc/virtual/${domain}/reply/${local_part}.once
  once_file_size = 100K
  once_repeat = ${if exists{/etc/virtual/${domain}/reply/${local_part}.once_time}{${readfile{/etc/virtual/${domain}/reply/${local_part}.once_time}{}}}{2d}}

#COMMENT#59:
userautoreply:
  driver = autoreply
  bcc = ${lookup{${local_part}} lsearch {/etc/virtual/${domain}/autoresponder.conf}{$value}}
  file = /etc/virtual/${domain}/reply/${local_part}.msg
  from = "${local_part}@${domain}"
  log = /etc/virtual/${domain}/reply/${local_part}.log
  no_return_message
  headers = ${if exists{/etc/virtual/${domain}/reply/${local_part}.headers}{${readfile{/etc/virtual/${domain}/reply/${local_part}.headers}}}}
  subject = ${if def:h_Subject: {\
                ${if exists{/etc/virtual/${domain}/reply/${local_part}.subject}\
                    {${readfile{/etc/virtual/${domain}/reply/${local_part}.subject}{}}}\
                    {Autoreply}\
                }: ${quote:${escape:${length_60:$h_Subject:}}}}\
                {Autoreply Message}}
  to = "${sender_address}"
  user = mail
  once = /etc/virtual/${domain}/reply/${local_part}.once
  once_file_size = 100K
  once_repeat = ${if exists{/etc/virtual/${domain}/reply/${local_part}.once_time}{${readfile{/etc/virtual/${domain}/reply/${local_part}.once_time}{}}}{2d}}

#COMMENT#60:
devnull:
  driver = appendfile
  file = /dev/null

#COMMENT#61:
remote_smtp:
  driver = smtp
  headers_add = "${if def:authenticated_id{X-Authenticated-Id: ${authenticated_id}}}"
  interface = <; ${if exists{/etc/virtual/domainips}{${lookup{$sender_address_domain}lsearch*{/etc/virtual/domainips}}}}
  helo_data = ${if exists{/etc/virtual/helo_data}{${lookup{$sending_ip_address}iplsearch{/etc/virtual/helo_data}{$value}{$primary_hostname}}}{$primary_hostname}}
  hosts_try_chunking =
.include_if_exists /etc/exim.dkim.conf

#EDIT#62:
address_pipe:
  driver = pipe
  return_output

virtual_address_pipe:
  driver = pipe
  group = nobody
  return_output
  user = "${lookup{$domain}lsearch* {/etc/virtual/domainowners}{$value}}"
.include_if_exists /etc/exim.cagefs.pipe.conf

#COMMENT#63:
address_file:
  driver = appendfile
  delivery_date_add
  envelope_to_add
  return_path_add

#COMMENT#64:
address_reply:
  driver = autoreply

dovecot_lmtp_udp:
  driver = lmtp
  socket = /var/run/dovecot/lmtp
  #maximum number of deliveries per batch, default 1
  batch_max = 200
  delivery_date_add
  envelope_to_add
  return_path_add
  user = mail
  
address_directory:
  driver = appendfile
  maildir_format
  maildir_use_size_file
  delivery_date_add
  envelope_to_add
  return_path_add

##################################################################################
# RETRY CONFIGURATION
##################################################################################
#EDIT#65:
# Domain               Error       Retries
# ------               -----       -------
begin retry
*                      quota
*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,8h
# End of Exim 4 configuration
 
Last edited:
@all,

Just completed testing. I've got numerous domains in /etc/virtual/domainips on a server with more than 2 IPv4.

I've sent 1st email with the original file, how it was generated by Directadmin. The received email was sent from an IP `95.bb.cc.235`. Expected, and it is fine.

Then I removed all the records from the file, and added only one new:

Code:
*:149.bb.cc.59

without any record changed in DNS, I've send the 2nd email. And the email headers shows emails was sent from the specified IP `149.bb.cc.59`.

So it's working as it is should be.



@Richard,

Default SPF records from Directadmin allow to send emails from all IP addresses to which MX and A records for a domain are resolved. Hence there is no need to change IP address for the domain, if it's MX record was updated. The user @knoll mentioned somewhere that MX record has been modified to match the new IP.



I'm not sure, but from what I've read from that feature section... shouldn't the domain (opelhistorics.be) not also be created on this .49 ip?
At least that is what it says here:
https://www.directadmin.com/features.php?id=1692

Which would also prevent the need of changing SPF records if I'm not mistaken. But I could be wrong, I don't know, never used this.

For the rest I will just be following this thread as I also find this interesting on how this is used.



@knoll,

For posting configs you'd better put your lines between CODE /CODE tags with square brackets.

For the feature to work you don't need to change anything in Directadmin interface at all, no need to assign or re-assign IPs. The feature as how I suggested it in my reply to your previous thread is enough simple and will work with a modification of the one file /etc/virtual/domainips.

with the hostname gsi2.opelmanta.be (the ip .54)

Why would you expect to see another hostname there? Did you change your server's hostname? What you need to check in headers is the line with:

Code:
Received: from [149.bb.cc.59]

So from the steps you completed I might conclude an email was sent from a new IP, and the headers were read a wrong way.

That's it.
 
@zEitEr: Thank you, I understand about the mx and spf, bu I still like to know if the domein must be created on the second ip (like in the screenshot). Since this is mentioned in the docs.
 
@zEitEr ok sorry for the code thing will edit it after this message sometimes i see the code pictogram sometimes not will do it manual :)
this was allready set .49 is the ip i want to use for mail .54 the mainip
Code:
[root@gsi2 ~]# cat /etc/virtual/domainips
*:185.244.39.49
But i'm not sure about the Helo thing since directadmin didn't added anything there i just manual set the 'mailserv.opelmanta.be'
there since its the hostname of the ip 185.244.39.49
Code:
[root@gsi2 ~]# cat /etc/virtual/helo_data
mailserv.opelmanta.be
so to get this all working i can delete the ip back out of the username so the ip is 'free' again
and delete all dns records that use the ip .49
and just change the mail A to the ip .49
since MX is pointing to mail?

But i think we should expect the .49 ip to be in the headers than and its not here
and if it still says gsi2.opelmanta.be as hostname in the mx banner i think it will continue be blocket at our isp Telenet?
since gsi2.opelmanta.be has the .54 ip

what to set in that helo thing?
many thanks for the support i will wait on your answear than i will go and try to fix
if i can't get it right you mind to take a look? i guess you only take a few minutes for this and i'm trying to get my webshops back working on telenet for days :'(

Code:
 
@Richard,

It depends on what you want to achieve.

If you want to rely on Directadmin and have the file /etc/virtual/domainips fully managed by Directadmin, then you need re-assign IPs in the control panel, and have add_domain_to_domainips=1 in directadmin.conf

If you want simply all emails to leave your server from a different IP, then you set add_domain_to_domainips=0 in directadmin.conf and manage the file /etc/virtual/domainips yourself.

@zEitEr: Thank you, I understand about the mx and spf, bu I still like to know if the domein must be created on the second ip (like in the screenshot). Since this is mentioned in the docs.

@knoll

Do you focus on a right thing yet? Try and send an email to gmail, hotmail, or yahoo, to @mail-tester.com in the end. And see what IP is used for sending emails before changing anything in DNS. Multiple changes in DNS might bring to issue and you will need to wait for changes to propagate. The worst thing which might happen is a fail of SPF.

HELO and SMTP banner are rather the last things which you need to think about yet. Whether you leave the file /etc/virtual/helo_data empty (and a primary hostname will be used) or you will add your data into it or let directadmin manage it, you should decide yourself. I'm not aware on how the mail service provider filters incoming emails.

How did they block your IP? Use telnet to identify whether or not you can connect to them from your IPs:

Code:
telnet -b [COLOR=#333333]185.244.39.49[/COLOR] [COLOR=#333333]spamfilter.ip[/COLOR] 25
Code:
telnet -b [COLOR=#333333]185.244.39.54[/COLOR] [COLOR=#333333]spamfilter.ip[/COLOR] 25
 
@zEitEr ok its working now i didn't understand the helo part i have manual set there something but after i deleted the ip out of the user so the ip was free again
the helo file gets empty
i deleted all dns records of the added ip

mail A pointing to the ip .49
mx pointing to mail

and SPF is set on .49 ? or can it stay on the head ip .54 ?

now the headers are showing its sended outof .49
Code:
Return-Path: [email protected]
Received: from charles.telenet-ops.be (LHLO charles.telenet-ops.be)
 (2a02:1800:110:4:0:0:f00:16) by zcsnocm114.telenet-ops.be with LMTP; Sat,
 23 Mar 2019 18:17:32 +0100 (CET)
Received: from gsi2.opelmanta.be ([[B][U][COLOR="#000080"]185.244.39.49[/COLOR][/U][/B]])
	by charles.telenet-ops.be with bizsmtp
	id rVHY1z06a13e3vd01VHYY0; Sat, 23 Mar 2019 18:17:32 +0100
X-Spamcause: gggruggvucftvghtrhhoucdtuddrgedutddrjeefgddutddvucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuthgvlhgvnhgvthdrsggvnecuuegrihhlohhuthemuceftddtnecuogfuphgrmhfkphfpvghtfihorhhkucdludehtddmnefjrghmjfgvrgguvghrhfhivghlugcujfgvrgguvghrucfutghorhhinhhgucdlqddutddmnecujfgurhephffvufffkfggtgfothesmhdtghepvddtvdenucfhrhhomhepfdetlhgvgicugggrnhhhvggtkhgvfdcuoegrlhgvgiesohhpvghlhhhishhtohhrihgtshdrsggvqeenucfkphepudekhedrvdeggedrfeelrdegledpvddufedruddukedrvddvjedrvddtieenucfrrghrrghmpehinhgvthepudekhedrvdeggedrfeelrdegledphhgvlhhopehgshhivddrohhpvghlmhgrnhhtrgdrsggvpdhmrghilhhfrhhomheprghlvgigsehophgvlhhhihhsthhorhhitghsrdgsvgdprhgtphhtthhopehknhholhhlsehtvghlvghnvghtrdgsvgenucevlhhushhtvghrufhiiigvpedt
Delivered-To: [email protected]
X-TN-Spam: YES
X-TN-Spam: YES
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=opelhistorics.be; s=x; h=Content-Type:MIME-Version:Message-ID:Date:Subject:
	To:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:
	Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
	:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
	List-Subscribe:List-Post:List-Owner:List-Archive;
	bh=AA/jqPyzkA4+rOKsyZ0zomOV5Ist3d4u74zxcIzj1n0=; b=GLOuts5mPMuP6O1iAUjtwMNf2K
	u0pOl7QtHEYHUy5zJD4C8MBFUbc42tdh4ANPe9q/zRG8axLUKXij0wfZOadgLUABzpgCvguQHmA/z
	aFdbUbBCooP2xlHrWjwPRdg/+6z0qTf5ec9LPjzGymuNyzsL1Y/Qkytm16AOCH3B97hRh6bx5wMTD
	5DUGoMrZE98MYFAjc3F0PCcc12RhgrT2H7vtUFJT09ncdXEDxjHBooZfYo2MYbYJUGPcmGSwNOF9p
	KfpiJtYH/Mv39A6sswv6lIslbreMGC5fapyGVJZrec0LWXh9ONNn026aRrTPxQagsamKLjCeIAet6
	ZwZ4V9mQ==;
Received: from dd576e3ce.access.telenet.be ([213.118.227.206] helo=ALEXPC)
	by gsi2.opelmanta.be with esmtpa (Exim 4.92)
	(envelope-from <[email protected]>)
	id 1h7kGy-0001oH-48
	for [email protected]; Sat, 23 Mar 2019 18:17:32 +0100
From: "Alex Vanhecke" <[email protected]>
To: "'Alex Vanhecke'" <[email protected]>
Subject: [SPAM] test
Date: Sat, 23 Mar 2019 18:17:21 +0100
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_NextPart_000_0345_01D4E1A4.A8695AF0"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdThnERsk9YiHf1aQ5yisDRe8QG7cw==
Content-Language: nl-be
X-MS-TNEF-Correlator: 00000000421045E4F251EA46845FCA9558867BEA644A4D00
X-Authenticated-Id: [email protected]

But its still blocked on their firewall i wanne bet it just has something to do with the gsi2.opelmanta.be hostname in the header
isn't there a way to change this from gsi2.opelmanta.be to mailserv.opelmanta.be (this is the rDNS host of the .49 ip that works now)
i think my problem is solved if i can do this
 
If the both telnet's failed to connect to their 25 port, you don't need to worry about HELO part at all.

Update /etc/virtual/helo_data with

Code:
185.244.39.49:mailserv.opelmanta.be

if you need it.
 
the helo part is working but still blocked pf
Code:
Return-Path: [email protected]
Received: from jules.telenet-ops.be (LHLO jules.telenet-ops.be)
 (2a02:1800:120:4:0:0:f00:c) by zcsnocm114.telenet-ops.be with LMTP; Sat, 23
 Mar 2019 18:43:43 +0100 (CET)
Received: from mailserv.opelmanta.be ([185.244.39.49])
	by jules.telenet-ops.be with bizsmtp
	id rVjj1z0F613e3vd01Vjj37; Sat, 23 Mar 2019 18:43:43 +0100
X-Spamcause: gggruggvucftvghtrhhoucdtuddrgedutddrjeefgddutdejucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuthgvlhgvnhgvthdrsggvnecuuegrihhlohhuthemuceftddtnecuogfuphgrmhfkphfpvghtfihorhhkucdludehtddmnefjrghmjfgvrgguvghrhfhivghlugcujfgvrgguvghrucfutghorhhinhhgucdlqddutddmnecujfgurhephffvufffkfggtgfothesmhdtghepvddtvdenucfhrhhomhepfdetlhgvgicugggrnhhhvggtkhgvfdcuoegrlhgvgiesohhpvghlhhhishhtohhrihgtshdrsggvqeenucfkphepudekhedrvdeggedrfeelrdegledpvddufedruddukedrvddvjedrvddtieenucfrrghrrghmpehinhgvthepudekhedrvdeggedrfeelrdegledphhgvlhhopehmrghilhhsvghrvhdrohhpvghlmhgrnhhtrgdrsggvpdhmrghilhhfrhhomheprghlvgigsehophgvlhhhihhsthhorhhitghsrdgsvgdprhgtphhtthhopehknhholhhlsehtvghlvghnvghtrdgsvgenucevlhhushhtvghrufhiiigvpedt
Delivered-To: [email protected]
X-TN-Spam: YES
X-TN-Spam: YES
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=opelhistorics.be; s=x; h=Content-Type:MIME-Version:Message-ID:Date:Subject:
	To:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:
	Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
	:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
	List-Subscribe:List-Post:List-Owner:List-Archive;
	bh=MLrzlQk1cLaafB6DVRg4iuKYQgci2uTDmjQw6EpDxOk=; b=m/+PKT3Y/MlxTho8pwbOzkJkqn
	dyPLaroL1b6WWdRLZU1kdIIHwQo2h5mUDT4YPbOmKqcRmTX23/2Xma4SSn8UqVhzHGl07/ApG53rJ
	N9vmfyiYENjLnpG3R0hx4qO+WYFO1isOmMJZUBB7yhs+BmV7ew2mfbxLTod6NFz7btm7Z3/e7B8kJ
	aBdznRBFi506IYLS1ffaI/pqKnLK2J6yWU17YjzgfXfhH3te72g4O8WcI6xgEspq9SdK1rHX1EQcu
	ya//uuSc6wiu4HhwrUydOnqp0peDEFEwNVfW2q5gJ7Qt1SUVAncE8ZtMqzDoaeBZ+/CIxjUFSwzL0
	d4ajwQ4A==;
Received: from dd576e3ce.access.telenet.be ([213.118.227.206] helo=ALEXPC)
	by gsi2.opelmanta.be with esmtpa (Exim 4.92)
	(envelope-from <[email protected]>)
	id 1h7kgJ-0002O5-GH
	for [email protected]; Sat, 23 Mar 2019 18:43:43 +0100
From: "Alex Vanhecke" <[email protected]>
To: "'Alex Vanhecke'" <[email protected]>
Subject: [SPAM] testmail
Date: Sat, 23 Mar 2019 18:43:32 +0100
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_NextPart_000_0354_01D4E1A8.5107FBA0"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdThn+lB5nPiWxaCT7+vUXkUMxY/uA==
Content-Language: nl-be
X-MS-TNEF-Correlator: 00000000421045E4F251EA46845FCA9558867BEA244B4D00
X-Authenticated-Id: [email protected]
i tryed the telnet's
i think they do it this way i'm not an expert like you
they mailserver for example charles.telenet.be gets block warning from the zcsnocm114.telenet-ops.be host and i think that zcsn is they spamblocker ip
i can connect on all charles.telenet.be jules.telenet.be etc but not on the zcsn hostname

[root@gsi2 etc]# telnet -b 185.244.39.49 195.130.137.86 25
Trying 195.130.137.86...
Connected to 195.130.137.86.
Escape character is '^]'.
220 charles.telenet-ops.be bizsmtp ESMTP server ready

[root@gsi2 etc]# telnet -b 185.244.39.49 jules.telenet-ops.be. 25
Trying 195.130.132.44...
Connected to jules.telenet-ops.be..
Escape character is '^]'.
220 jules.telenet-ops.be bizsmtp ESMTP server ready

[root@gsi2 etc]# telnet -b 185.244.39.49 213.224.144.118 25
Trying 213.224.144.118...
telnet: connect to address 213.224.144.118: Connection timed out
what could i do now ? :)
 
If the both telnet's failed to connect to their 25 port, you don't need to worry about HELO part at all.

Update /etc/virtual/helo_data with

Code:
185.244.39.49:mailserv.opelmanta.be

if you need it.

this works but further in the mailheader that i get from the mail
he points back to gsi2

i guess its the DKIM part
maybe recreate DKIM for the domainname?
Return-Path: [email protected]
Received: from jules.telenet-ops.be (LHLO jules.telenet-ops.be)
(2a02:1800:120:4:0:0:f00:c) by zcsnocm114.telenet-ops.be with LMTP; Sat, 23
Mar 2019 18:43:43 +0100 (CET)
Received: from mailserv.opelmanta.be ([185.244.39.49])
by jules.telenet-ops.be with bizsmtp
id rVjj1z0F613e3vd01Vjj37; Sat, 23 Mar 2019 18:43:43 +0100
X-Spamcause: gggruggvucftvghtrhhoucdtuddrgedutddrjeefgddutdejucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuthgvlhgvnhgvthdrsggvnecuuegrihhlohhuthemuceftddtnecuogfuphgrmhfkphfpvghtfihorhhkucdludehtddmnefjrghmjfgvrgguvghrhfhivghlugcujfgvrgguvghrucfutghorhhinhhgucdlqddutddmnecujfgurhephffvufffkfggtgfothesmhdtghepvddtvdenucfhrhhomhepfdetlhgvgicugggrnhhhvggtkhgvfdcuoegrlhgvgiesohhpvghlhhhishhtohhrihgtshdrsggvqeenucfkphepudekhedrvdeggedrfeelrdegledpvddufedruddukedrvddvjedrvddtieenucfrrghrrghmpehinhgvthepudekhedrvdeggedrfeelrdegledphhgvlhhopehmrghilhhsvghrvhdrohhpvghlmhgrnhhtrgdrsggvpdhmrghilhhfrhhomheprghlvgigsehophgvlhhhihhsthhorhhitghsrdgsvgdprhgtphhtthhopehknhholhhlsehtvghlvghnvghtrdgsvgenucevlhhushhtvghrufhiiigvpedt
Delivered-To: [email protected]
X-TN-Spam: YES
X-TN-Spam: YES
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=opelhistorics.be; s=x; h=Content-Type:MIME-Version:Message-ID:Date:Subject:
To:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
List-Subscribe:List-Post:List-Owner:List-Archive;
bh=MLrzlQk1cLaafB6DVRg4iuKYQgci2uTDmjQw6EpDxOk=; b=m/+PKT3Y/MlxTho8pwbOzkJkqn
dyPLaroL1b6WWdRLZU1kdIIHwQo2h5mUDT4YPbOmKqcRmTX23/2Xma4SSn8UqVhzHGl07/ApG53rJ
N9vmfyiYENjLnpG3R0hx4qO+WYFO1isOmMJZUBB7yhs+BmV7ew2mfbxLTod6NFz7btm7Z3/e7B8kJ
aBdznRBFi506IYLS1ffaI/pqKnLK2J6yWU17YjzgfXfhH3te72g4O8WcI6xgEspq9SdK1rHX1EQcu
ya//uuSc6wiu4HhwrUydOnqp0peDEFEwNVfW2q5gJ7Qt1SUVAncE8ZtMqzDoaeBZ+/CIxjUFSwzL0
d4ajwQ4A==;
Received: from dd576e3ce.access.telenet.be ([213.118.227.206] helo=ALEXPC)
by gsi2.opelmanta.be with esmtpa (Exim 4.92)
(envelope-from <[email protected]>)
id 1h7kgJ-0002O5-GH
for [email protected]; Sat, 23 Mar 2019 18:43:43 +0100

i hope you can still find what i could do? :)
maybe this?
4) At this point, any domain created after the change should have the DKIM keys created, and dns zones updated.
For existing domains, you can either enable it individually for each domain, one-by-one:
cd /usr/local/directadmin/scripts
./dkim_create.sh domain.com
 
Last edited:
Connections to 213.224.144.118 from my end fail too.

Anyway if they still block you, there might be 2 possible solutions:

1. Rent a VPS for 4-8 EUR/mo and use it as a SMTP relay for your server.
2. Use 3rd party services for transmitting emails.
 
Code:
Received: from dd576e3ce.access.telenet.be ([213.118.227.206] helo=ALEXPC)
by gsi2.opelmanta.be with esmtpa (Exim 4.92)


Connect to mailserv.opelmanta.be from ALEXPC then.
 
thanks for everything @zEitEr @Richard G
i think it works
after sometime i was testing again and i see it worked maybe DNS change or etc was delayed.
Now it works mails have no [SPAM] and webshop orders work
will check again tomorow morning if it still works it sends by mailserv. maybe their spamfilter has got slower dns
 
Back
Top