Sender Rewriting Scheme (SRS) in Exim version 4.96

Last modified: February 17, 2023


Overview

In cPanel & WHM version 108, we upgraded Exim to version 4.96. This new implementation requires explicit Exim configuration directives to know whether a Sender Rewriting Scheme (SRS) applies when your server forwards an email, and to perform the return address rewrite if needed. This includes both cPanel-provided routers and transports as well as those created using the Advanced Editor tab on the Exim Configuration Manager mail interface (WHM » Service Configuration » Exim Configuration Manager).

Note:

Your Exim customizations may not require changes. However, if you do not make required changes, the server at the ultimate destination may not accept mail that your server forwards if the source domain requests strict SPF enforcement.

What changed in the cPanel & WHM server

Custom routers and transports responsible for sending mail must be able to tell whether or not a local forwarder processed a message, and to transform the return address if required. The cPanel & WHM server now handles this by creating a second copy of the transport.

  • We duplicate the relevant transport and add the return_path and max_rcpt directives to the copy.
      max_rcpt    = 1
      return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}
  • We change the relevant routers to select which copy of the target transport to use (original or modified). This depends on whether the nominal recipient is or is not the original recipient.
      transport = ${if eq {$local_part@$domain} 
    {$original_local_part@$original_domain}
    {custom_transport} {custom_transport_srs}}

For more information on how to modify routers and transports to support SRS, read our Exim Configuration Manager documentation. For more information on Sender Rewriting Schemes, read the Exim SRS documentation. For examples of how WHM uses SRS in your server, refer to the lookuphost router, and the remote_smtp and remote_forwarded_smtp transports in the Advanced Editor tab on the Exim Configuration Manager mail interface (WHM » Service Configuration » Exim Configuration Manager). For another example of how to implement SRS in custom configurations, read our How to use SendGrid as a Smarthost support article.

Possible configuration changes

You may need to make configuration changes to ensure that your messages reach the proper destination.

An example of a configuration that you will need to change is custom support for one or more smarthosts. The target server will eventually see the forwarded message, so your Exim server must apply SRS changes to assure that Sender Policy Framework (SPF) checks will pass.

An example of a configuration that you will not need to change is custom support for sending a duplicate copy of an outgoing message to an external archival server. The target of the forwarder will not see that copy of the message, so the forwarder does not need to apply any SRS changes. However, you may choose to apply SRS anyway to reduce the number of custom configurations.

Support for SMTP authentication in the Exim Configuration Manager’s Basic Editor

In cPanel & WHM version 108, we added the Smarthost requires SMTP authentication setting to the Basic Editor tab in WHM’s Exim Configuration Manager interface. If you have used the Advanced Editor of the Exim Configuration Manager to modify the default configuration of Exim for smarthosts, you may be able to simplify your configuration by using this new Basic Editor function.

To use this function, you must enter a route_list in the Smarthost support text box and set the Smarthost requires SMTP authentication setting to On. Then you can provide a Username and Password for Exim to submit when it connects to the designated smarthosts.

Note:

All smarthosts configured through the Basic Editor tab in WHM’s Exim Configuration Manager interface use the same credentials. You must use the Advanced Editor tab in WHM’s Exim Configuration Manager interface to configure multiple smarthost servers that require unique credentials.

Additional Documentation