From here, enter in the information for your RBL as follows:

The DNS list would be the hostname of the server that Exim will do DNS lookups against, and the info URL is generally what appears in bounceback messages where senders can go to either look up their IP, or find out more information on the RBL.

Once you’ve saved, go back into the Exim Configuration Editor under RBLs, and select “On” next to your RBL name.

Automation

You can also automate this by using an RBL template, rather than going through WHM. This is particularly useful for server setup scripts, or applying this change across multiple servers.

First, go into /var/cpanel/rbl_info (if the folder doesn’t exist, create it), and create a file called yourdnsbllist.yaml

The YAML file would look something like this:

---
dnslists:
- dns.myrbl.org
name: myrbl
url: http://fakeurl.org/checkmyip.php

Now in /etc/exim.conf.localopts, add the following:

acl_myrbl_rbl=1

Of course, the myrbl part would reflect the name of the actual RBL you created.

To rebuild the Exim config, run /scripts/buildeximconf

Related posts:

1. Copy Outgoing Email on a cPanel Server with Exim
2. Modifying SMTP Relay Settings for Exim
3. Exim ACL Ratelimit Database Not Available

Note: You can’t control the incoming email policies of remote mail servers or RBL’s. However, most email providers will not intentionally inconvenience their own users by blocking legitimate email, so if you continue to have problems, I’d recommend contacting the email administrator of the remote server.

1. Do you look like a spammer?

First of all, if you’re sending out massive mailing lists, whether you consider it spam or not, you’re asking for it.  Out of a list of 100,000 people, you can expect that a couple hundred of them are going to prompt spam complaints to your email provider, especially of the emails are of a “spammy” nature.  If you’re not sure where you sit on the line between spam and email marketing, take a look at this post.

2. Practice proper mailing list etiquette

As a mailing list grows, you’re occasionally going to have email addresses that become invalid, or users that no longer want to receive your email.  Don’t think that by hiding your opt-out link, you’re going to keep a subscriber. The recipient is more likely to mark your email as spam than hunt around for a way to remove their email address from your list, so make things easier by putting your opt-out link at the top with a reminder of why you are sending the email. For example:

You are receiving this newsletter because you purchased a product on mywebsite.com and requested to receive notifications. If you no longer want to be part of this mailing list, please click <here>

That being said, it’s extremely important that you promptly honor opt-out requests, and regularly check for bounced email for addresses that may no longer exist.

In addition to this, when sending email locally, your SMTP hostname should simply be “localhost”.

3. Limit outgoing email

If you’re a hosting provider and aren’t specifically catering to users that do bulk mailing, you may want to limit how much email each users can send, and advise users with large mailing lists to use services like Constant Contact.  Tweaking a mail server to effectively send huge amounts of email without issue can be very difficult, and isn’t something I’d recommend even offering for shared hosting platforms.  In a shared environment where the actions of one user can affect many, outgoing email should be limited and then allowed on a per-case basis. There are two simple ways to do this:

• In WHM > Tweak Settings, set the outgoing mail limit . You can specifically allow domains to send more by adding them to /var/cpanel/maxemails on versions 11.26 and lower, or adding a MAX_EMAIL_PER_HOUR option to /var/cpanel/users/$user for cpanel 11.28 and higher.
• In exim.conf, set the following options:

recipients_max_reject = true

recipients_max = 50

The best way to do this so the change is retained over cPanel and Exim updates is to add the options in /etc/exim.conf.local under @CONFIG@, then run /scripts/buildeximconf

Exim considers each email as one email, regardless of how many recipients are in it.  This may be an inconvenience to some users, but in reality any mailing list should be sent as one recipient per email.  For larger organizations that use mailing lists for discussion, a listserv software like Mailman is a better solution.

4. Tighten up your mail server

If you’ve ever wanted to be the target of a spam hack, allowing PHP nobody mail is the best way to accomplish this.  Hopefully by now you’re running suPHP, but if you’re still running PHP as a DSO, whenever a PHP script uses the mail() function to send email it’s going to do so as the user “nobody”, or whatever user that Apache runs as.  Since the user “nobody” is a system user, it bypasses mailing limitations that you may have already set up via cPanel or exim.conf. This means that a rogue mailing script on your server can send out unlimited amounts of email and cause your server to get blacklisted. You can adjust this setting in WHM > Tweak Settings.

You’ll also want to make sure that SMTP Tweak is turned on:

/scripts/smtpmailgidonly on

It’s also a good idea to require sender verification, which can be enabled in WHM > Exim Configuration Editor

5. Always use SMTP

Similarly, mailing list software should be configured to use SMTP with a valid email address, username, and password. Don’t rely on sendmail or the php/perl mail functions – you need to send as a valid authenticated user.  Most mailing list software supports the use of SMTP, and using PHP or perl it’s very easy to incorporate SMTP authentication.

6. Use DomainKeys and SPF records

You want other mail servers to know that when they get mail from you, it’s actually from your server and not spoofed.  Consider using DKIM and SPF records to allow remote mail servers to authenticate your email. You’ll find that this may instantly improve your email delivery to services like Yahoo, MSN, and Hotmail.

See: Installing DomainKeys and SPF Records

7. Subscribe to Feedback loops

It’s very important for email administrators and hosting provides to subscribe to feedback loops.  Many remote mail and blacklist providers offer them, and they can be a very useful tool for identifying possible spammers on your network, as well as preemptively resolving issues with mailing lists.  If you don’t have an Abuse contact set up your domain and IP addresses, you should do that now – and register your IP(s).   AOL, Hotmail, Yahoo, and Spamcop are excellent ones to be on.  It’s also important to have your abuse@domain.com address set up so people can contact you if they want to report spam from your server or network.

8. Monitor your IPs

As easy as it is to get blacklisted on the various RBL’s out there, you’ll want to be checking if your IPs may be listed and therefore causing your email to bounce.  RBLmon.com is a good way to get started, or you can implement blacklist checking into your existing monitoring solution.  The goal is to know when your IPs are blacklisted as soon as possible.

9. Use different IPs for email

By default, when you send email your email will go out on the main IP of the server. For sites that send large amounts of email, consider putting them on separate IPs so that they don’t affect the mail delivery of other users on the server, or the network in general.

See: Changing Exim’s Sending IP

10. Set up your DNS properly

It should go without saying that whatever IP you use to send mail should have a proper reverse DNS record, and the forward DNS of that PTR should match. For example, if your mail server is named mail.mydomain.com and points to 5.6.7.8, then the PTR for 5.6.7.8 should also be mail.mydomain.com.  Ideally these records should match the EHLO/HELO name given by your MTA (Exim). This name can be altered in /etc/mailhelo if you have this option checked in WHM > Exim Configuration Editor.

Related posts:

1. Opening an Additional Exim Port
2. Copy Outgoing Email on a cPanel Server with Exim
3. Changing Exim’s Sending IP

You’ll want DomainKeys and SPF records if your users have trouble sending email to certain providers, or they are having issues with spoofed (forged) email. CPanel currently allows two easy ways for you or your users to set up email verification. This is supported at least from cPanel 11.18 onward.

User-Level:

You can enable the “Email Authentication” feature in WHM ~> Feature Manager, which will enable the Email Authentication icon in the users’ cPanels where they can create DomainKeys and SPF records for their domain(s).

Root-level:

There are scripts in /usr/local/cpanel/bin that can install these on a per-user basis:

/usr/local/cpanel/bin/domain_keys_installer $user

/usr/local/cpanel/bin/spf_installer $user

(and corresponding scripts to remove, like spf_uninstaller and domain_keys_uninstaller)

If you want to hit up everyone on the server, you can run my for loop one-liner:

for user in `ls -A /var/cpanel/users` ; do /usr/local/cpanel/bin/domain_keys_installer $user && /usr/local/cpanel/bin/spf_installer $user ; done

Now what about new users? cPanel already though of that, and has options to create hooks for when after an account is created. To set up the server to automatically create an SPF record and DomainKey for new accounts, edit /scripts/postwwwacct and paste in the following code:

#!/usr/bin/perl

my %OPTS = @ARGV;
$ENV{USER} = “$OPTS{‘user’}”;
system q(/usr/local/cpanel/bin/domain_keys_installer $USER);
system q(/usr/local/cpanel/bin/spf_installer $USER);

To verify an SPF record and/or DomainKey, you can run a DNS check:

dig default._domainkey.$domain TXT

dig $domain TXT

A technical note about DKIM:

You might know that DKIM is actually a generated key pair, similar to an SSH or SSL Certificate’s RSA key. CPanel stores these files in /var/cpanel/domain_keys, where the public folder contains the key reflected in the DNS zone, and the private folder contains the private key. You may have users that actually authenticate via DKIM in their mail clients, in which case you may need to provide them with the private key in order for them to sent email.

Related posts:

1. Using DKIM with Exim and cPanel
2. 10 Tips for Improving Email Delivery
3. Installing an SSL Certificate for MySQL