Knowledgebase

  1. Portal Home
  2. Knowledgebase
  3. Mail & Tools Docs
  4. cPanel EXIM configuration Full

  Categories

Other Docs
5
Domain - DNS Docs
2
Mail & Tools Docs
4
Hosting - Server Docs
5

  Categories

  Support

My Support Tickets
News
Knowledgebase
Downloads
Network Status
Open Ticket

cPanel EXIM configuration Full Print

  • 4

Access Control List (ACL) Options

1. Apache SpamAssassin™ Settings

  1. Apache SpamAssassin™ Spam Score Threshold for Rejecting Spam

    • Default: No reject rule by spam score.
    • Setting: Define a threshold to automatically reject emails marked as spam by SpamAssassin.
    • Recommendation: Set the spam level to 5.0 for medium-level protection.

  2. Dictionary Attack Protection

    • Default: Off
    • Setting: Provides protection against dictionary attacks.
    • Recommendation: Enable by setting to On.

  3. Reject Emails Sent to the Server’s Hostname

    • Default: Off
    • Setting: Used to reject emails sent to the server’s hostname.
    • Recommendation: Enable by setting to On to block spam incoming emails.

  4. Enable Apache SpamAssassin™ for Secondary MX Domains

    • Default: Off
    • Setting: Enables SpamAssassin on secondary MX domains.
    • Recommendation: Set to On.

  5. Ratelimit Suspicious SMTP Servers

    • Default: Off
    • Setting: Limits incoming connections from suspicious SMTP servers.
    • Recommendation: Enable by setting to On to reduce suspicious emails.

  6. Apache SpamAssassin™: Ratelimit Spam Score Threshold

    • Default: No ratelimiting by spam score.
    • Setting: Adds rate limiting to messages marked as spam.
    • Recommendation: Apply limits for messages with a spam score above 10.0.

  7. Ratelimit Incoming Connections with Only Failed Recipients

    • Default: Off
    • Setting: Limits connections for non-targeted emails.
    • Recommendation: Enable by setting to On to reduce server load.

  8. Require HELO Before MAIL

    • Default: Off
    • Setting: Mandates the HELO command according to the SMTP protocol.
    • Recommendation: Enable by setting to On to enforce proper email behavior.

  9. Introduce a Delay into the SMTP Transaction for Unknown Hosts and Messages Detected as Spam

    • Default: Off
    • Setting: Adds a delay for messages from unknown servers.
    • Recommendation: Enable by setting to On to slow down spam submissions.

  10. Do Not Delay SMTP Connections for Hosts in the Greylisting “Trusted Hosts” List

    • Default: Off
    • Setting: Disables delay for trusted servers.
    • Recommendation: Enable by setting to On to speed up connections from trusted hosts.

  11. Require Remote (hostname/IP address) HELO

    • Default: Off
    • Setting: Requires connecting servers to send a valid HELO command.
    • Recommendation: Enable by setting to On.

  12. Require RFC-Compliant HELO

    • Default: Off
    • Setting: Mandates an RFC-compliant HELO command.
    • Recommendation: Enable by setting to On to reject non-compliant connections.

  13. Allow DKIM Verification for Incoming Messages

    • Default: Off
    • Setting: Enables DKIM verification for incoming messages.
    • Recommendation: Enable by setting to On to verify email reliability.

  14. Reject DKIM Failures

    • Default: Off
    • Setting: Rejects emails that fail DKIM verification.
    • Recommendation: Enable by setting to On to block fake emails.

  15. Maximum Message Recipients (Soft Limit)

    • Default: No rejection based on number of recipients.
    • Setting: Limits the maximum number of recipients that can be sent simultaneously.
    • Recommendation: Set a limit between 50-100.

  16. Maximum Message Recipients Before Disconnect (Hard Limit)

    • Default: No disconnection based on number of recipients.
    • Setting: Limits the maximum number of recipients that can be sent simultaneously.
    • Recommendation: Set a maximum of 100.

2. Access Lists

  1. Blacklisted SMTP IP Addresses

    • Setting: Contains blacklisted IP addresses. IPs on this list cannot access the server or send emails. Spam senders and unwanted connections are added to this list.
    • Recommendation: Use the Edit option to add spam or malicious IP addresses to the blacklist. Identify IPs from reliable sources and regularly update the list.

  2. Sender Verification Bypass IP Addresses

    • Setting: IP addresses on this list are exempt from sender verification. Typically used for trusted servers and networks.
    • Recommendation: Use the Edit option to add trusted server and service IP addresses to bypass the verification step. Only add completely trusted IPs.

  3. Only-Verify-Recipient

    • Setting: Defines IP addresses where only recipient verification is performed without sender verification.
    • Recommendation: If you need to perform only recipient verification on a specific network, use the Edit option to add the relevant IPs.

  4. Trusted SMTP IP Addresses

    • Setting: Contains trusted SMTP IP addresses. These IPs can operate with fewer restrictions when connecting to the server.
    • Recommendation: Use the Edit option to add trusted SMTP IP addresses, allowing these IPs to send emails smoothly. Include your trusted email servers and services.

  5. Backup MX Hosts

    • Setting: Contains IP addresses of backup MX (Mail Exchange) servers. Backup servers are activated when the primary server is unreachable for email delivery.
    • Recommendation: Use the Edit option to add reliable backup MX servers. This ensures uninterrupted email delivery during server access issues.

  6. Trusted Mail Users

    • Setting: Defines trusted mail users. These users can send and receive emails with fewer security restrictions.
    • Recommendation: Use the Edit option to add your trusted mail users, ensuring these users are not hindered by email exchange restrictions.

  7. Blocked Domains

    • Setting: Contains blocked domain names. Emails from these domains do not reach the server and are blocked.
    • Recommendation: Use the Manage option to add domain names that send spam or malicious emails, blocking unnecessary emails from reaching your server.

  8. Blocked Countries

    • Setting: Contains blocked countries. All email traffic from these countries is blocked. Useful for blocking spam or malicious email traffic from specific regions.
    • Recommendation: Use the Manage option to block email traffic from specific countries. This is particularly useful if spam traffic from certain countries is high.

3. Domains and IPs

  1. Send Mail from the Account’s IP Address

    • Default: Off
    • Setting: When enabled, emails are sent from the IP address assigned to each domain. This allows each domain to send emails from its unique IP address.
    • Recommendation: Enable by setting to On to allow each domain to send emails from its own IP. This provides IP-based separation in email transmission and can sometimes aid in spam detection.

  2. Use the Reverse DNS Entry for the Mail HELO/EHLO if Available

    • Default: Off
    • Setting: If a reverse DNS (RDNS) entry is available, the mail server uses it in the HELO/EHLO command. Reverse DNS verifies which domain an IP address belongs to.
    • Recommendation: Enable by setting to On to activate reverse DNS entry. This helps email servers match your IP address with your domain, typically increasing email reliability.

  3. Rebuild Reverse DNS Cache and Update Mail HELO

    • Setting: Rebuilds the reverse DNS cache and updates the HELO command. This ensures that reverse DNS information is up-to-date.
    • Recommendation: Use this option if you have made changes to reverse DNS configurations to refresh the cache.

  4. Reference /etc/mailhelo for Custom Outgoing SMTP HELO

    • Default: Off
    • Setting: References the /etc/mailhelo file to use custom SMTP HELO commands. The HELO command is used as an introduction when establishing SMTP connections.
    • Recommendation: Enable by setting to On if you use custom HELO values for different domains, activating these custom configurations.

  5. Reference /etc/mailips for Custom IP on Outgoing SMTP Connections

    • Default: Off
    • Setting: References the /etc/mailips file to use custom IP addresses for outgoing SMTP connections. This setting allows each domain to send emails from a specific IP address.
    • Recommendation: Enable by setting to On to configure custom IP addresses for each domain. This can be useful for IP address management, allowing each domain to send emails from different IPs.

4. Filters

  1. System Filter File

    • Default: /etc/cpanel_exim_system_filter
    • Setting: Defines general email filtering rules on the server. Filters applied to incoming and outgoing emails are specified in this file.
    • Recommendation: Use the default filtering file. If you need to define custom filtering rules, you can edit this file to better manage your server’s email traffic.

  2. Attachments: Filter Messages with Dangerous Attachments

    • Default: Off
    • Setting: Filters emails containing dangerous attachments. This setting prevents email delivery of files that may contain malware or viruses.
    • Recommendation: Enable by setting to On to filter out dangerous attachments. This is crucial for enhancing security and preventing malicious software from reaching your server.

  3. Apache SpamAssassin™: Global Subject Rewrite

    • Default: Off
    • Setting: Rewrites the subject line of emails marked as spam by SpamAssassin. This helps users easily identify spam emails.
    • Recommendation: Enable by setting to On to add a prefix (e.g., SPAM) to the subject lines of spam emails. This allows users to quickly recognize spam messages, improving user experience.

  4. Apache SpamAssassin™: Bounce Spam Score Threshold

    • Default: No bouncing by spam score
    • Setting: Bounces (rejects) emails exceeding a certain spam score. However, there is a risk of abuse by spam servers using this feature.
    • Recommendation: Use the default setting to disable bouncing. This prevents your server from becoming a spam target due to automated rejection responses.

  5. Apache SpamAssassin™: X-Spam-Subject/Subject Header Prefix for Spam Emails

    • Default: SPAM
    • Setting: Adds a prefix to the subject line of emails marked as spam by SpamAssassin. This makes spam emails easily identifiable.
    • Recommendation: Keep the default setting (**SPAM). This ensures spam emails are clearly marked, aiding in quick identification and management by users.

5. Mail Settings

  1. Log Sender Rates in the Exim Mainlog

    • Default: Off
    • Setting: Logs sender rates in the Exim main log file. Useful for tracking spam senders.
    • Recommendation: Enable by setting to On to maintain logs for monitoring issues or spam senders.

  2. Sender Verification Callouts

    • Default: Off
    • Setting: Verifies the sender’s email address. Helps block fake sender addresses.
    • Recommendation: Enable by setting to On to block emails from fake sender addresses.

  3. Smarthost Support

    • Default: None
    • Setting: Allows routing outgoing emails through a Smarthost. A Smarthost is an external SMTP server used to relay emails.
    • Recommendation: Configure if using a Smarthost.
      • Smarthost requires SMTP authentication: Enable by setting to On to require authentication for the Smarthost.
      • Smarthost username and password: Enter the Smarthost SMTP authentication credentials here.

  4. Autodiscovery SPF Include Hosts from the Smarthost Route List

    • Default: Off
    • Setting: Enables SPF (Sender Policy Framework) verification for emails routed through the Smarthost.
    • Recommendation: Enable by setting to On to activate SPF verification.

  5. SPF Include Hosts for All Domains on This System

    • Default: None
    • Setting: Adds SPF verification hosts for all domains.
    • Recommendation: Add relevant SPF hosts if using SPF protection.

  6. Enable BAYES_POISON_DEFENSE Apache SpamAssassin™ Ruleset

    • Default: Off
    • Setting: Provides defense against Bayes filter poisoning.
    • Recommendation: Enable by setting to On to protect against Bayes filter poisoning.

  7. Enable Passive OS Fingerprinting for Apache SpamAssassin™

    • Default: Off
    • Setting: Collects OS fingerprints of incoming emails and analyzes them using SpamAssassin rules.
    • Recommendation: Enable by setting to On to enhance security analysis.

  8. Enable KAM Apache SpamAssassin™ Ruleset

    • Default: Off
    • Setting: Enables the KAM ruleset, which includes advanced rules for spam detection.
    • Recommendation: Enable by setting to On to improve spam detection capabilities.

  9. Enable the Apache SpamAssassin™ Ruleset that cPanel Uses on cpanel.net

    • Default: Off
    • Setting: Enables the SpamAssassin ruleset used by cPanel.
    • Recommendation: Enable by setting to On to benefit from these additional rules.
Was this answer helpful?

Related Articles

What is Corporate Mail Service What is a Corporate Email Service? What is a Corporate Email Service? Advantages, Disadvantages,... Yandex SMTP - IMAP - POP Settings Yandex SMTP, IMAP, and POP Settings: A Guide to Properly Configuring Your Email Account and... Advanced Domain and DNS Management Techniques Advanced Domain and DNS Management Techniques Domain and DNS management play a critical role in...
Back

Powered by WHMCompleteSolution

  Support

My Support Tickets
News
Knowledgebase
Downloads
Network Status
Open Ticket