cPanel & WHM Version 98 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!
This object is in archive! 

Built-in SRS support under Advanced Exim Configuration Editor in WHM.

Jonas Carlsson shared this idea 9 years ago
Completed

Built-in SRS support under Advanced Exim Configuration Editor in WHM.


According to Support Request Id 3266325 - "SRS support?" I submit this feature request. Native support for SRS settings would be nice, since currently mail forwarders break SPF records.

Replies (35)

photo
1

Like

photo
3

Would love to see this implemented soon. SRS support is already included in the cPanel Exim RPM but the configuration options need added to Advanced Exim Configuration Editor in WHM (or even a simple checkbox in Basic Editor).

Without SRS, email forwarders to any mail server that follows SPF will either discard (hard fail) or likely place in spam folder (soft fail) any mails that were originally sent from a domain specifying SPF records.

photo
1

at least just add these lines by default in exim configuration file

http://mg.iceni.pl/archives/11

photo
2

I'd like to see this implemented too, more and more hosts are enabling SPF so the forwarder feature is soon going to be completely useless unless we can enable SRS

photo
1

Request: SRS checkbox in Exim > Basic > Security

photo
1

Waiting to see the feature implemented in next release !

photo
1

yes this is a must with SPF starting to be used more widely.

photo
1

I'd also like the zone file to add RP much easier like a wizard and possibly HINFO

photo
1

Really looking forward to when this will be added as a feature. Definitly a must have for an SPF world.

photo
1

Would definitely like to see this feature added to help prevent forwarding issues.

photo
1

We would like this feature too.

photo
1

This needs to be implemented yesterday!

photo
1

This feature request is a must. SRS is extremely effective, and a must if you really want people to be able to use forwarders.

photo
1

Yes, this is needed. See http://www.openspf.org/SRS if you want to understand what SRS is and why it is a requirement today.

photo
1

SPF and other anti-spam circumvention/domain verification methods are extremely vital, and SRS must be in place to allow forwarders to behave normally.

photo
1

Please add SRS!

photo
1

Yes - we had dkim problems until installing SRS (sender rewrite). please add to the framework.

photo
1

Plus One, this would help me keep details of where may mails are forwarded private

photo
1

SRS is definitely needed, please add this option. We have many clients that are using forwarders and they have problems because SPF check does not pass without SRS. So only option for us is to disable SPF check (and increase number of spoofed spam mails).

photo
1

SRS is really needed. Hope you will soon get this feature.

photo
1

This should really be implemented as soon as possible since forwarding as it stands now is becoming more and more of an issue. I've had to block my user's ability to forward to certain email services because they were blocking us as spammers due to forwarded email. Get on this pronto!

photo
1

+1, native SRS support needed.

photo
1

For nearly a year I've had SRS enabled on the cPanel servers I maintain. Of course, when Exim gets updated I have to redo the configuration.


But it only takes adding seven lines of code to Exim, and I have never had a single problem with forwarded emails not being delivered / being rejected since implementation. I really can't think of any good reason why SRS support is not available in cPanel at this point.


A search engine search for "cpanel SRS support" will yield instructions for manually activating SRS within Exim on a cPanel server.


M

photo
1

Would be nice to have SRS enabled by default or by using an option in WHM. Many of my clients have problems with their email forwarders to other domains which have SPF configured. This is more and more common nowadays.

photo
1

I agree. A major ISP in the UK have implemented strict SPF checking which is breaking email for anyone using email forwarding. SRS would help keep those users happy.

photo
1

Would be nice if this was added

photo
1

People who use their personal Gmail for POP3/SMTP of a cPanel account see SPF softfails a lot and legitimate email goes to their Gmail SPAM. We really need SRS enabled by default in order for SPF/DKIM to be useful on cPanel installs.

photo
1

Like to add my name to this request. Our mail forwarders have been rejecting SPF mail as:

SMTP error from remote mail server after MAIL FROM:<<someuser>@hotmail.com> SIZE=4498: 550 Unable to relay for hotmail.com

photo
1

This issue of SRS support keeps coming up on various cPanel servers I help to administer. The changes in exim.conf are pretty simple, and it would be extremely useful for this to be a built-in feature, rather than something I have to keep patching for after updates. Email forwarding is basically broken without SRS these days, so I would hope this could be prioritized.

photo
1

Support for this is well overdue really, would be great to have it implemented from cPanel side.

photo
2

Like many have said before this is really easy to setup and a problem is cpanel reseting changes on update. Here's my configuration that's been running for more than one year without issues.


@/scripts/postbuildeximconf


  1. #!/bin/bash
  2. echo "/etc/exim.conf: Adding srs forward to virtual_aliases and virtual_aliases_nostar"
  3. sed -i "/\(virtual_aliases_nostar\|virtual_aliases\):/{
  4. N
  5. s/\( *\)driver = redirect/\1driver = redirect\n\1srs = forward/g
  6. }" /etc/exim.conf

@/etc/exim.conf.local (can use advanced exim editor to change it). Replace <SECRET_CHANGEME>


  1. ...
  2. @CONFIG
  3. hide srs_config = <SECRET_CHANGEME>
  4. ...
  5. @DIRECTORMIDDLE@
  6. srs_router:
  7. driver=redirect
  8. srs=reverseandforward
  9. data=${srs_recipient}
  10. ...

Think that's it, and this should really be a Cpanel setting instead of a workaround.

photo
1

Manuel, if that works, you've saved me hours of work. Thank you. +1 from me.

photo
1

It does work, the only problem is that it will be removed after each cPanel update :/ cPanel will update quite regularly as-well, unless ofcourse if you turn off automatic updates which isn't ideal...

photo
1

Zed, that's why i've put the script for: /scripts/postbuildeximcon


That persists on Cpanel updates.

photo
1

I've been doing this all manually for two years now [or however long Ben has had the info on his site]. Works fine manually.


If /etc/exim.conf.local options persist across Exim updates and if, as you say, /scripts/postbuildeximconf persists across updates, that'll really be great.


Worse case: Doesn't persist. Manuel's instructions certainly work fine for setting it up.

Best case: does persist


However, and this goes without saying, cPanel should have incorporated this in a long time ago. they've known about it -- but I suspect the 'feature request' didn't get enough hits to earn their time. But considering how easy it is to implement, there is no good reason why it hasn't already been put in there by cPanel.


m

photo
1

Thanks Manual, adding exim.conf to the top of the file:


hide srs_config = KEY


If you were to go back into the 'Exim Configuration Editor' in WHM -> Save the settings it will remove the line at the top of the exim.conf file - I am presuming you're not updating this file directly via the Exim Configuration Editor?


Reason I ask is because we have several staff members whom generally access/modify settings, so making things as 'straight' forward as possible is ideal.

photo
1

No, do NOT edit exim.conf. Use the Exim Advanced Editor! This is working fine for me and will survive Exim changes/rebuilds. Many thanks, Manuel!!


1) First, edit or create /scripts/postbuildeximconf (chmod 755) and add this:

  1. #!/bin/bash
  2. echo "/etc/exim.conf: Adding srs forward to virtual_aliases and virtual_aliases_nostar"

  3. sed -i "/\(virtual_aliases_nostar\|virtual_aliases\):/{

  4. N

  5. s/\( *\)driver = redirect/\1driver = redirect\n\1srs = forward/g

  6. }" /etc/exim.conf


2) Next, open Exim Advanced Editor. At the end of the CONFIG section, but before the next section, BEGINACL, click the "Add additional configuration setting" button. This created a new line into the CONFIG section with two form fields with an = between them. In the first field, put "hide srs_config" (no quotes) and in the second field, put your key (64 random chars).


3) Also in Exim Advanced Editor, find "Section: DIRECTORMIDDLE" and add this to the first empty box under it:

  1. srs_router:
  2. driver=redirect

  3. srs=reverseandforward
  4. data=${srs_recipient}

4) Save. This will Rebuild Exim and then Restart.


I did this on a machine that has NEVER had SRS before, and instantly, forwarding tests confirm that it's all working exactly as it should be.


Of note... I never touched any exim conf file. This WILL survive future rebuilds. Try it! Thanks again, Manuel, for the postbuildeximconf idea!!!


- Scott

photo
1

Perfect, that worked for me Scott!

photo
1

Scott / Manuel


I've followed your instructions and points 2 & 3 work fine but the postbuildeximconf script doesn't take any effect so the srs = forward doesn't get added. I don't want to edit the exim.conf file directly, any thoughts on why this may be failing?


Thanks


Richard

photo
1

Does the script have execute permissions? What happens if you run it manually?

photo
1

Sorry should have tried it manually. I get the following error:


sed: couldn't open temporary file /etc/sedwGKKr9: Permission denied


Running it as root doesn't return an error. It's got 755 permission but I guess it needs to have a different group / owner?


Thanks


Richard

photo
1

Actually it is working it's just the Advanced Editor page doesn't show the changes for some reason. If I open the exim.conf file I can see srs = forward has been added. I also tested by removing those lines and saving again via the advanced editor, when I opened exim.conf the srs = forward was there. I guess it's just not pulling through the updates on the advanced editor page.


Thanks for responding.


Richard

photo
1

It doesn't show the change because that script is run after the configuration is saved. This is to ensure that the template from advanced editor gets "fixed".


Glad it worked

photo
1

I see this has changed to In Progress which is fantastic news. I stumbled across this issue today and am in the process of manually fixing it as per the previous comments and can't believe that this isn't already in the GUI.


But thank you. Hoping my up vote today tipped the scales!

photo
1

Confirm that the manual fix above works. Thank you.

photo
1

wow. "in progress". Great information.

photo
1

Now that this is completed, do I need to back out the manual changes above? Also, where do I find this in the exim advanced config editor. We're now running 11.52.2.1

photo
1

Hi

you'll find it in the 54 changelog, this is not part of 11.52.2.1

Implemented case CPANEL-2746: Implement SRS support for the Basic Exim Config editor.

photo
1

Same question, and same major version here (11.52.1).

Before I upgrade to 11.54, should I rollback my custom config?


Anyway, Thanks cPanel for this feature.

photo
1

I just tried to enable this this morning and it killed my exim as there is now:


Error message from syntax check:

2016-02-03 10:41:45 Exim configuration error:

there are two routers called "srs_router"

I'll dig in to it.

photo
1

In the end I did have to back out Manuel's changes above and then disable SRS via the Basic Exim config, save, re-enable SRS, save, and it worked.

photo
1

I suggest you disable SRS on cpanel 11.54 before making the changes and then:


1. You'll need to remove the postbuildeximconf created before (or remove the lines if you had it doing something else)


  1. rm /scripts/postbuildeximconf


2. Remove the changed made in advanced director

2.1. Remove the hide_srs line (at top)


  1. hide srs_config = ......

2.2. Remove this srs_router


  1. srs_router:
  2. driver=redirect
  3. srs=reverseandforward
  4. data=${srs_recipient}

3. Activate SRS in basic configuration

Replies have been locked on this page!