3

I have a GCP instance running with whm/cpanel and mailgun setup using exim for multiple accounts using multiple domains.

The current setup works for all domains however it only validates for the main domain. Mailgun supports multiple domains with multiple credentials.

When sending an email from a domain other than 'c*********t.com' emails have the VIA in gmail because the header.from does't match.

dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=c*****s.com

Screenshot of 'VIA' and 'Images are not displayed'

Section: AUTH

mailgun_login:
driver = plaintext
public_name = LOGIN
hide client_send = : postmaster@c*********t.com : 
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Section: ROUTERSTART

mailgun:
driver = manualroute
domains = ! +local_domains
transport = mailgun_transport
route_list = "* smtp.mailgun.org::2525 byname"
host_find_failed = defer
no_more

Section: TRANSPORTSTART

mailgun_transport:
driver = smtp
hosts = smtp.mailgun.org
hosts_require_auth = smtp.mailgun.org
hosts_require_tls = smtp.mailgun.org

Any suggestions or alternatives would be appreciated. Thank you.

UPDATE Current Errors in log based on the answer provided below:

LOG: MAIN
  cwd=/usr/local/cpanel/whostmgr/docroot 4 args: /usr/sbin/exim -v -M 
1gPYIq-0001cc-UL
delivering 1gPYIq-0001cc-UL
Transport port=25 replaced by host-specific port=2525
Connecting to smtp.mailgun.org [**.**.**.***]:2525 ... connected
  SMTP<< 220 ak47 ESMTP ready
  SMTP>> EHLO instance-1
  SMTP<< 250-ak47
         250-AUTH PLAIN LOGIN
         250-SIZE 52428800
         250-8BITMIME
         250-ENHANCEDSTATUSCODES
         250-SMTPUTF8
         250 STARTTLS
  SMTP>> STARTTLS
  SMTP<< 220 2.0.0 Start TLS
  SMTP>> EHLO instance-1
  SMTP<< 250-ak47
         250-AUTH PLAIN LOGIN
         250-SIZE 52428800
         250-8BITMIME
         250-ENHANCEDSTATUSCODES
         250 SMTPUTF8
  SMTP>> AUTH LOGIN
  SMTP<< 334 VXNlcm5hbWU6
  SMTP>> *
  SMTP<< 500 5.5.1 Invalid command
  SMTP>> QUIT
  SMTP(close)>>
Transport port=25 replaced by host-specific port=2525
Connecting to smtp.mailgun.org [**.**.**.***]:2525 ... connected
  SMTP<< 220 ak47 ESMTP ready
  SMTP>> EHLO instance-1
  SMTP<< 250-ak47
         250-AUTH PLAIN LOGIN
         250-SIZE 52428800
         250-8BITMIME
         250-ENHANCEDSTATUSCODES
         250-SMTPUTF8
         250 STARTTLS
  SMTP>> STARTTLS
  SMTP<< 220 2.0.0 Start TLS
  SMTP>> EHLO instance-1
  SMTP<< 250-ak47
         250-AUTH PLAIN LOGIN
         250-SIZE 52428800
         250-8BITMIME
         250-ENHANCEDSTATUSCODES
         250 SMTPUTF8
  SMTP>> AUTH LOGIN
  SMTP<< 334 VXNlcm5hbWU6
  SMTP>> *
  SMTP<< 500 5.5.1 Invalid command
  SMTP>> QUIT
  SMTP(close)>>
Transport port=25 replaced by host-specific port=2525
Connecting to smtp.mailgun.org [**.**.**.***]:2525 ... connected
  SMTP<< 220 ak47 ESMTP ready
  SMTP>> EHLO instance-1
  SMTP<< 250-ak47
         250-AUTH PLAIN LOGIN
         250-SIZE 52428800
         250-8BITMIME
         250-ENHANCEDSTATUSCODES
         250-SMTPUTF8
         250 STARTTLS
  SMTP>> STARTTLS
  SMTP<< 220 2.0.0 Start TLS
  SMTP>> EHLO instance-1
  SMTP<< 250-ak47
         250-AUTH PLAIN LOGIN
         250-SIZE 52428800
         250-8BITMIME
         250-ENHANCEDSTATUSCODES
         250 SMTPUTF8
  SMTP>> AUTH LOGIN
  SMTP<< 334 VXNlcm5hbWU6
  SMTP>> *
  SMTP<< 500 5.5.1 Invalid command
  SMTP>> QUIT
  SMTP(close)>>
LOG: MAIN
  == *********@gmail.com R=mailgun T=mailgun_transport defer (-42): authentication required but authentication attempt(s) failed
user2059376
  • 131
  • 1
  • 4

2 Answers2

2

By working off of the Answer by Caracos(which I tried but couldn't get working) I was able to find this forum post and after modifying the details for Mailgun its working like a charm. I also like this solution because it is scalable to other mail relay services if needed.
https://forums.cpanel.net/threads/how-to-send-email-from-different-domains-using-different-smarthosts.641949/

I'll just outline the settings I used for Mailgun but refer to the link for more detailed explanations, pictures and other examples like Sendgrid, Mailjet and Sendpulse.

  1. In WHM, go to the "Exim Configuration Manager" (Home > Service Configuration > Exim Configuration Manager). After, click in the "Advanced Editor" tab.
    (Probably a good idea to backup settings before making these changes)

Section: AUTH

#Smart Host Sending
sendbysmarthosts:
driver = plaintext
public_name = LOGIN
hide client_send = : ${extract{user} 
{${lookup{$sender_address_domain}lsearch{/etc/exim_smarthosts}}}}: ${extract{pass}{${lookup{$sender_address_domain}lsearch{/etc/exim_smarthosts}}}}

Section: PREROUTERS

#Smart Host Sending
sendbysmarthostsrouter:
driver = manualroute
domains = ! +local_domains
condition =  "${if eq{${lookup{$sender_address_domain}partial- 
lsearch{/etc/exim_smarthosts}{$value}}}{}{false}{true}}"
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
headers_add = "${perl{mailtrapheaders}}"
transport = sendbysmarthoststransport
route_list = * ${extract{smtp} {${lookup{$sender_address_domain}lsearch{/etc/exim_smarthosts}}}}

Section: TRANSPORTSTART

#Smart Host Sending
sendbysmarthoststransport:
driver = smtp
port = ${extract{port} 
{${lookup{$sender_address_domain}lsearch{/etc/exim_smarthosts}}}}
hosts_require_auth = $host_address
hosts_require_tls = $host_address

Scroll to the bottom of the page and Save the Exim configuration and make sure Exim restarts.

  1. Create the file named "exim_smarthosts" in "/etc" directory with Mailgun or other smarthost parameters.

This is some example data, change the domain, user and pass.

#Sending by Mailgun
domain1.com: domain=domain1.com user=postmaster@mg.domain1.com pass=MAILGUN_password smtp=smtp.mailgun.org port=587
domain2.com: domain=domain2.com user=postmaster@mg.domain2.com pass=MAILGUN_password smtp=smtp.mailgun.org port=587
domain3.com: domain=domain3.com user=postmaster@mg.domain2.com pass=MAILGUN_password smtp=smtp.mailgun.org port=587

The 3rd example uses domain2.com credentials for domain3.com, this will work but the emails will include a via mg.domain2.com

Now email sent out from cPanel created email accounts on their respective domains will be intercepted by exim (allowed to connect to external SMTP servers) and relayed through Mailgun if the credentials in /etc/exim_smarthosts are correct and DNS settings are correct. However the WHM security settings still restrict all cPanel accounts from connecting to any external SMTP service so we need to do one more step to utilize the above setup for app based emailing.

FYI: This is the setting that should be kept on restricting external SMTP connections
WHM Admin >> Tweak Settings >> Mail >> Restrict outgoing SMTP to root, exim, and mailman

To send email from Joomla, Wordpress or other CMS or App follow the next steps

  1. a) Create an email account in cPanel and get the secure login credentials.
    cPanel >> Email Accounts >> (New Email) >> Connect Devices >> Set Up Email Client

    b) Use this Username, Password and Outgoing Server details in your Joomla, WordPress or other CMS/App/Plugin

Now your CMS's, plugins and apps are only connecting to an internal SMTP account but when that account sends out it is relayed through the external SMTP setup in the first steps.

BIG THANKS to DigitalComunic on cPanel forums whose diligent work and troubleshooting has given us a robust workaround that should be useful for years to come!!

Supamic
  • 21
  • 3
0

I have the same setup (VPS + WHM/cPanel + Exim + Mailgun) and after doing some online research, I've found a few helpful websites regarding this topic and managed to come out with the correct configuration. Below are the solutions that I'm currently using on my VPS and hope it will help you as well. It should solve your "via" problem and might solve the intermittent "550 5.7.1 Relaying denied" error from Mailgun as well:



Go to the "Exim Configuration Editor" in WHM. Choose "Advanced Editor" and insert the configuration below:



Section: AUTH

mailgun_login:
driver = plaintext
public_name = LOGIN
hide client_send = ": ${extract{login}{${lookup{$sender_address_domain}lsearch{/etc/exim_mailgun}{$value}fail}}} : ${extract{password}{${lookup{$sender_address_domain}lsearch{/etc/exim_mailgun}{$value}fail}}}"



Section: ROUTERSTART

mailgun:
driver = manualroute
domains = ! +local_domains
transport = mailgun_transport
route_list = "* smtp.mailgun.org::587 byname"
host_find_failed = defer
no_more



Section: TRANSPORTSTART

mailgun_transport:
driver = smtp
hosts = smtp.mailgun.org
hosts_require_auth = smtp.mailgun.org
hosts_require_tls = smtp.mailgun.org



Then create a file named /etc/exim_mailgun and insert the content similar to the structure below (Replace it with your Mailgun's domain login credentials that was verified):

domain1.com:    username=postmaster@mg.domain1.com     password=abcdefghi
domain2.com:    username=postmaster@mg.domain2.com     password=jklmnopqr



UPDATE:

As commented by @Supamic, I've sometimes encountered the error that he mentioned when the email was sent by Mail Delivery System (Mailer-Daemon@hostname.yourserver.com) to my external email account (Gmail):

authentication required but authentication attempt(s) failed


My guess is perhaps due to Mailer-Daemon “Sender identification” part as Exim was not able to grab the login credentials from my /etc/exim_mailgun as there’s no sender’s domain: 

“Sender identification U=mailnull D=-system- S=mailnull”

To resolve this problem, cPanel tech support recommended that I've forward all the email from Mailer-Daemon to a local email address hosted on my server and then use the forwarder function to pass the email to my Gmail account.



As for the intermittent "550 5.7.1 Relaying denied" error, after contacting cPanel tech support, the recommendation that they gave me is to force smtp.mailgun.org to a single IP by setting a static IP in /etc/hosts instead of allowing Exim to resolve smtp.mailgun.org to multiple IPs.

The authentication error will start to happen when Exim's resolved smtp.mailgun.org to multiple IPs. The cPanel tech support unable to point the exact cause for this "550 5.7.1 Relaying denied" error. Perhaps something is not working right with Mailgun's maintaining their authentication across their redundant SMTP infrastructure.

You can resolve Mailgun's SMTP server IPs by using either one of the commands below:

nslookup smtp.mailgun.org

dig +short smtp.mailgun.org @resolver1.opendns.com


Use one of the IP from the result and put it within you /etc/hosts file: 

xxx.xxx.xxx.xxx     smtp.mailgun.org



And I want to echo @Supamic's BIG THANKS to awesome cPanel Technical Support Team. Their dedication in troubleshooting are to be commended.

Caracos
  • 1
  • 1
  • Almost have this working. Previously it was saying `file not found` but I fixed that issue and now I'm receiving and authentication issue `authentication required but authentication attempt(s) failed` I'm using the default Default SMTP Login and password from Mailgun is this correct? – user2059376 Nov 21 '18 at 19:30
  • Does this "authentication required but authentication attempt(s) failed" error happened intermittently or 100% of the time? – Caracos Nov 22 '18 at 20:17
  • I've updated my post regarding the intermittent "550 5.7.1 Relaying denied" error. I'm not sure why you're receiving "authentication required but authentication attempt(s) failed". The configurations is working fine on my server for a few weeks. Are you using the default Mailgun's sandbox login? You need to add your own domain and verified it. – Caracos Nov 23 '18 at 10:35