Email SRS support for Cpanel and Exim

Built-in SRS support under Advanced Exim Configuration Editor in WHM.
avatar
mtindor

For nearly a year I’ve had SRS enabled on the cPanel servers I maintain. Of course, when Exim gets updated I have to redo the configuration.

But it only takes adding seven lines of code to Exim, and I have never had a single problem with forwarded emails not being delivered / being rejected since implementation. I really can’t think of any good reason why SRS support is not available in cPanel at this point.

A search engine search for “cpanel SRS support” will yield instructions for manually activating SRS within Exim on a cPanel server.

M

Google apps smtp email and relay settings

from: https://support.google.com/a/answer/176600?hl=en

Google Apps SMTP settings to send mail from a printer, scanner, or app

You can set up your on-premises multifunction printer, scanner, fax, or application to send email through Google Apps. The three available options are: SMTP relay service, Gmail SMTP server and Restricted Gmail SMTP server.

For details about configuring your device or application to send SMTP messages, refer to its documentation. Google Support cannot assist with the configuration settings.

  1. SMTP relay service – used to send mail from your organization by authenticating with the IP address(s). You can send messages to anyone inside or outside of your domain.
  2. Gmail SMTP server – requires authentication with your Gmail/Google Apps account and password. Messages can be sent to anyone inside or outside of your domain.
  3. Restricted Gmail SMTP server – does not require authentication, and you will be restricted to send messages to Gmail or Google Apps users only.

The table below will help you decide which one of these options will best meet your needs:

Option Google Apps SMTP relay (recommended) Gmail SMTP server Restricted Gmail SMTP server
FQDN of SMTP Service smtp-relay.gmail.com smtp.gmail.com aspmx.l.google.com
Configuration requirements Port 25, 465, or 587
SSL/TLS optional.
One or more static IP addresses are required.
Port 465 (SSL required)
Port 587 (TLS required)
Dynamic IPs allowed
Port 25
TLS not required
Dynamic IPs allowed
Mail can only be sent to Gmail or Google Apps users
Requires authentication IP address provides authentication. Your full Gmail or Google Apps email address required for authentication No.
Bypasses anti-spam No. Suspicious emails may be filtered. No. Suspicious emails may be filtered. No. Suspicious emails may be filtered.
Sending Limits Limits for registered Google Apps users.
A registered user cannot relay messages to more than 10,000 recipients per day.
For full SMTP relay limits please see Sending limits for the SMTP relay service.
2000 Messages per day. See Sending limits for more detailed information. Per user receiving limits will apply.

You can use the SMTP relay service in the Google Admin console to relay mail from your device or application. This is possible once you add your network IP range to the SMTP relay service. You will need to configure your device to connect to smtp-relay.gmail.com on ports 25 or 465, 587. For more details about using this setting, see SMTP relay service setting.

Gmail SMTP Server could also be used to relay messages from your device or application. You can connect to Gmail mail servers using SMTP, SSL/TLS. If you connect using SMTP, you can only send mail to Gmail or Google Apps users; if you connect using SSL/TLS, you can send mail to anyone.

If your device or application supports SSL – connect to smtp.gmail.com on port 465.

To connect with SSL, you need to provide a Google username and password for authentication. Ensure that the username you use has cleared the CAPTCHA word verification test that appears when the user first logs in. We also recommend ensuring that the account has a secure password.

If your device or application does not support SSL – connect to aspmx.l.google.com on port 25.

You must configure an SPF record for your domain with the IP address of the device or application to ensure that recipients do not reject mail sent from it. You must also add this IP address to the Email Whitelist box in your Google Admin console. For example, if your sending device sends from 123.45.67.89, add that address to your SPF record without removing the Google Apps mail servers from the record: v=spf1 ip4:123.45.67.89 include:_spf.google.com ~all

SMTP Reverse DNS Mismatch Warning – Reverse DNS does not match SMTP Banner

This alert on an SMTP check on Mxtoolbox is trivial.

It could be because your outbound (sending) mail server is blocking un-authenticated port 25 use by spammers. Instead you can authenticate (login) on port 487 to send email.

This from Mxtoolbox:

“Also, the banner mismatch is just a warning. There’s nothing that says that having a mismatch (or no hostnme in your banner at all) will cause you to have difficulty sending or receiving mail, it’s really more of a best practice.”

Find DNS server records mx cname ttl A record rDNS

Easily find your nameserver’s records including a, mx, cname and ttl for each:
Network-tools.com

My favorite overall DNS testing tool for 2012 is intoDNS.com, which will also show your rDNS record.

How to tell if your website has a dedicated IP

http://www.robtex.com/ip/

Email bounces – creating SPF records and rDNS

If your hosting account does not have a correct Reverse DNS entry some receiving email servers may reject your email because of this. It is something generic which some mail servers to check for. You can sort this properly a couple of ways…

Update the Reverse DNS for that IP to match the A record you created earlier or if ask your hosting company to do it.

Ask your ISP or hosting company if you can forward your outbound email to one of their mail servers..called a relay server.

You should also make an SPF record for your domain. Read more here: http://www.openspf.org/

Posted in email tips. No Comments »