Kennisbank
Exim Configuration Manager Basic Editor Print dit artikel
Overview:
Select the Basic Editor tab in the Exim Configuration Manager interface to modify your server’s Exim configuration settings.
All
This tab displays all available settings. To filter the displayed settings, select a category tab. You can also use the Find text box to search for a specific Basic Editor setting.
ACL settings
These settings limit who can send mail to your server. Use these settings to minimize bandwidth usage, prevent spam, and block emails with a forged sender address (spoofed emails).
The system discards any email messages that it rejects at SMTP time.
Apache SpamAssassin™ reject spam score threshold
This setting sets the spam score that Apache SpamAssassin™ uses to reject incoming messages.
Enter a positive or negative number, which may contain a single decimal point.
If you enter a value that contains an integer greater than or less than 0
and a decimal point, Apache SpamAssassin multiplies the value that you enter by a measure of ten. For example, if you enter a spam score threshold of 1.6
, Apache SpamAssassin sets the threshold to 16
.
This setting defaults to No reject rule by spam score.
Dictionary attack protection
This setting allows you to drop and rate-limit hosts with more than four failed recipients, in order to block dictionary attacks. A dictionary attack is a method whereby a malicious user attempts to guess a password with words in a dictionary.
This setting defaults to On.
Reject remote mail sent to the server’s hostname
This setting allows you to reject messages in which the recipient exists as an address of your server’s primary hostname. In general, the primary hostname, a common target for spammers, should not receive remote mail.
This setting Defaults to Off.
Enable Apache SpamAssassin™ for secondary MX domains
This setting configures Apache SpamAssassin to scan email for domains that exist in the /etc/secondarymx
file which users send to the primary mail exchanger.
This setting defaults to On.
Ratelimit suspicious SMTP servers
This setting allows you to rate-limit incoming SMTP connections that violate RFCs. This setting rate-limits mail servers that do not send QUIT, recently matched an RBL, or recently attacked the server. Real mail servers must follow RFC specifications.
To ensure that the system does not rate-limit an SMTP connection, add the server to a whitelist. This allows the system to deliver mail from connections that violate RFCs to your inbox. To add a server to a whitelist, edit the Only-verify-recipient setting in the Access Lists tab, and enter the IP address of the trusted server.
This setting defaults to On.
Apache SpamAssassin™: ratelimit spam score threshold
This setting allows you to rate-limit hosts that send spam to your server. When you activate this setting, rate limits delay email from hosts that send you spam. The system activates rate limits when it meets both of the following conditions:
-
A host reaches or exceeds the Apache SpamAssassin score that you enter in the text box.
-
That host exceeds the number of emails that the rate-limit formula specifies. Exim averages rate limits over time. By default, the system uses the following rate-limit formula:
ratelimit = 1.2 / 1h / strict / per_conn / noupdate
This setting defaults to No ratelimiting by spam score.
Ratelimit incoming connections with only failed recipients
This setting allows you to rate-limit incoming SMTP connections that only send email to failed recipients during five separate connection times in the past hour.
This setting defaults to On.
Require HELO before MAIL
This setting allows you to require that incoming SMTP connections send a HELO command before they send a MAIL command.
A HELO is a command that mail servers send before an email, and that specifies the name of the sending domain. Apache SpamAssassin can perform various checks on this information (for example, it can ensure that the domain name matches the IP address that sent the message). This ensures that your server does not receive spam that reports a false domain name.
This setting defaults to On.
Introduce a delay into the SMTP transaction for unknown hosts and messages detected as spam.
This setting configures the SMTP receiver to wait a few additional seconds for a connection when it detects spam messages. Typically, legitimate mailing systems will wait past the delay, whereas spammers do not wait past the delay.
The system excludes the following remote hosts from the delay:
-
Neighbor IP addresses in the same netblock
-
Loopback addresses
-
Trusted Hosts
-
Relay Hosts
-
Backup MX Hosts
-
Skip SMTP Checks Host
-
Sender Verify Bypass Hosts
-
If you use third-party sites to diagnose mail server issues, this setting may falsely detect spam messages.
-
If your external monitoring system reports failures after you update your server, configure your monitoring system to allow 45 seconds timeout for connections to port
25
. For more information about how to adjust the timeout and polling settings, read your monitoring system’s documentation.-
If that does not resolve the problem, add the IP address of your monitoring system to the Trusted SMTP IP Addresses section of WHM’s Exim Configuration Manager interface (WHM >> Home >> Service Configuration >> Exim Configuration Manager).
-
If you still encounter errors on your monitoring system, disable the Introduce a delay into the SMTP transaction for unknown hosts and messages detected as spam setting in the Basic Editor section of WHM’s Exim Configuration Manager interface (WHM >> Home >> Service Configuration >> Exim Configuration Manager). However, this will likely result in an increase in spam that your server receives.
-
This setting defaults to On.
Do not delay the SMTP connections for hosts in the Greylisting “Trusted Hosts” list
This setting configures the SMTP receiver to not delay any hosts that you add to the list in the Trusted Hosts tab in WHM’s Greylisting Interface (WHM >> Home >> Email >> Greylisting).
This setting defaults to On.
Do not delay the SMTP connections for hosts in the Greylisting “Common Mail Providers” List
This setting configures the SMTP receiver to not delay any hosts that you add to the list in the Common Main Providers tab in WHM’s Greylisting interface (WHM >> Home >> Email >> Greylisting).
This setting defaults to Off.
Require remote (hostname/IP address) HELO
This setting allows you to require that incoming SMTP connections send a HELO command that does not match the primary hostname or a local IP address (IPv4 or IPv6). Enable this setting to block emails with a forged sender address (spoofed emails).
This setting defaults to On.
Require remote (domain) HELO
This setting allows you to require that incoming SMTP connections send a HELO command that does not match your server’s local domains. Enable this setting to block emails with a forged sender address (spoofed emails).
This setting defaults to Off.
Require RFC-compliant HELO
This setting allows you to require that incoming SMTP connections send a HELO command that conforms with the Internet standards in RFC 2821 4.1.1.1.
If you enable this setting, it overrides any entries in the /etc/alwaysrelay
and /etc/relayhosts
files.
This setting defaults to On.
Allow DKIM verification for incoming messages
This setting allows you to use DomainKeys Identified Mail (DKIM) verification to verify incoming messages.
This verification process can slow your server’s performance.
This setting defaults to Off.
Reject DKIM failures
This setting allows you to reject email at SMTP time if the sender fails DKIM key validation.
You must set the Allow DKIM verification for incoming messages setting to On to enable this setting.
This setting defaults to Off.
Maximum message recipients (soft limit)
This setting allows you to determine the number of recipient addresses your server accepts in a single message.
RFCs specify that SMTP servers must accept at least 100 RCPT commands for a single message.
This setting defaults to No rejection based on number of recipients.
Maximum message recipients before disconnect (hard limit)
This setting allows you to determine the number of recipient addresses that your server permits in a single message before it disconnects and rate-limits a connection.
RFCs specify that SMTP servers must accept at least 100 RCPT commands for a single message.
This setting defaults to No disconnection based on number of recipients.
Access Lists
These settings further limit who sends mail to your server.
Blacklisted SMTP IP addresses
This setting allows you to edit the list of blacklisted SMTP IP addresses. The system does not allow these IP addresses to connect to the SMTP server, and instead drops connections with a 550 error.
Click Edit to modify this setting.
Sender verification bypass IP addresses
This setting allows you to edit the list of IP addresses that the system excludes from SMTP sender verification checks.
Click Edit to modify this setting.
Only-verify-recipient
This setting allows you to edit the list of hosts or IP addresses that the system excludes from all spam checks at SMTP connection time, except recipient verification checks. The system adds any hosts or IP addresses you enter here to the /etc/trustedmailhosts
file.
Click Edit to modify this setting.
Trusted SMTP IP addresses
This setting allows you to edit the list of hosts or IP addresses that the system excludes from the following checks at SMTP connection time:
-
Recipient verification checks
-
Sender checks
Note:These senders must still use an RFC-compliant HELO name if the Require RFC-compliant HELO setting is enabled.
-
Spam checks
-
Relay checks.
Note:The system adds any hosts’ IP addresses that you enter here to the
/etc/skipsmtpcheckhosts
file.
Click Edit to modify this setting.
Backup MX hosts
This setting allows you to edit the list of hosts from which the system permits SMTP connections, regardless of rate limits. Make certain that you properly configure reverse DNS records for any hosts which you enter here.
Click Edit to modify this setting.
Trusted mail users
The Trusted mail users setting allows system administrators to designate certain users as trusted mail users. This setting affects the EXPERIMENTAL: Rewrite From: header to match actual sender setting in the Mail tab. Trusted users can bypass the EXPERIMENTAL: Rewrite From: header to match actual sender setting. The Trusted mail users setting allows the listed users to modify their From: header, and the EXPERIMENTAL: Rewrite From: header to match actual sender setting does not override these changes. Enter the trusted mail usernames or their email addresses, one per line.
Click Edit to modify this setting.
Blocked Domains
This setting allows you to filter your server’s incoming email by region or country.
When you click Manage, a new browser tab will appear with WHM’s Filter Incoming Emails by Domain interface (WHM >> Home >> Email >> Filter Incoming Emails by Domain).
Blocked Countries
This setting allows you to filter your server’s incoming email by domain.
When you click Manage, a new browser tab will appear with WHM’s Filter Incoming Emails by Country interface (WHM >> Home >> Email >> Filter Incoming Emails by Country).
Domains and IPs
These settings change the IP address from which Exim sends mail. When you disable them, Exim will automatically send mail from your server’s main shared IP address. For more information, read our How to Configure the Exim Outgoing IP Address documentation.
This setting defaults to Off.
Send mail from account’s IP address
This setting allows you to automatically send mail for users without a dedicated IP address from a reseller’s main shared IP address. It will not use the server’s main shared IP address. The system will also use the server’s hostname for reseller accounts that share an IP address. If you want to change this, you must use a custom configuration.
Make certain that you use the correct reverse DNS (rDNS) entries for your hosting provider. An invalid entry can cause mail servers to reject your server’s mail. For more information, read our How to Configure Reverse DNS for BIND in WHM documentation.
-
This setting only applies to IPv4 addresses.
-
When you enable this setting:
-
The
/usr/local/cpanel/scripts/updateuserdomains
script will automatically populate the/etc/mailhelo
and/etc/mailips
files. This will overwrite any manual changes in the/etc/mailhelo
and/etc/mailips
files. -
The system disables the Reference /etc/mailhelo for outgoing SMTP HELO and Reference /etc/mailips for outgoing SMTP connections settings.
-
This setting defaults to Off.
Use the reverse DNS entry for the mail HELO/EHLO if available
The system will use the server’s IP address as the reverse DNS for all outgoing SMTP connections. This only applies during the HELO/EHLO request.
This setting defaults to ON.
Rebuild Reverse DNS Cache and Update Mail HELO
This setting updates the reverse DNS cache and user domains for mail HELO. This setting only appears when you enable the Use the reverse DNS entry for the mail HELO/EHLO if available setting.
Reference /etc/mailhelo for custom outgoing SMTP HELO
This setting allows you to send a HELO command based on the domain name in the /etc/mailhelo
file. For more information, read our How to Configure the Exim Outgoing IP Address documentation.
The system disables this setting if you enable the Send mail from account’s IP address or the Use the reverse DNS entry for the mail HELO/EHLO if available settings.
This setting defaults to Off.
Reference /etc/mailips for custom IP on outgoing SMTP connections
This setting allows you to send outgoing mail from the IP address that matches the domain name in the /etc/mailips
file. For more information, read our How to Configure the Exim Outgoing IP Address documentation.
The system disables this setting if you enable the Send mail from account’s IP address setting.
This setting defaults to Off.
Filters
These settings allow you to select and configure filters that can block spam and potentially dangerous attachments.
System Filter File
Use this setting to enable or disable Exim’s system filter file, which the system stores in the /etc/cpanel_exim_system_filter
file. You can also choose to specify and customize another Exim system filter file.
Regardless of the setting that you select, the Exim configuration includes all of the files in the /usr/local/cpanel/etc/exim/sysfilter/options/
directory.
This setting defaults to /etc/cpanel_exim_system_filter.
Attachments: Filter messages with dangerous attachments
Select this setting to filter email messages that contain potentially dangerous attachments. The system filters the following file extensions:
.ade
.adp
.bas
.bat
.chm
.cmd
.com
.cpl
.crt
.eml
.exe
.hlp
.hta
.inf
.ins
.isp
.js
.jse
.lnk
.mdb
.mde
.msc
.msi
.msp
.mst
.pcd
.pif
.reg
.scr
.sct
.shs
.url
.vbs
.vbe
.wsf
.wsh
.wsc
This setting defaults to On.
Apache SpamAssassin™: Global Subject Rewrite
Select this setting to prefix the Subject header with information from the X-Spam-Subject header and omit the X-Spam-Subject header.
This setting defaults to On.
Apache SpamAssassin™: bounce spam score threshold
Select this setting to define the spam score that Apache SpamAssassin uses to bounce incoming messages. Enter a positive or negative number, which may contain a single decimal point. For more information, read the Apache SpamAssassin documentation.
This setting defaults to No bouncing by spam score.
Apache SpamAssassin™: X-Spam-Subject/Subject header prefix for spam emails
Select this setting to use the default X-Spam-Subject header prefix for spam email or to enter a custom prefix.
You can use an Exim variable as a custom prefix. For a complete list of Exim’s variables, read Exim’s documentation.
This setting defaults to ***SPAM***.
Was dit antwoord nuttig?
Gerelateerde artikelen
This collection of features allows you to configure Apache. Apache functions as your web server...
Overview: This interface allows you to select cPanel & WHM log files for the cpanellogd...
Overview: The system uses cipher suites to negotiate security settings for Web Disk network...
Overview: The system uses cipher suites to negotiate security settings for network connections...
Overview: Visitors see the index page by default when they access a directory (for example,...