In the past, when you wanted to send an email, you set up a mail server on a Linux/Windows box and have your mail delivered to the inbox. But cybercriminals started to take leverage of this simplicity and started sending spam emails to wreck network reputation and getting the entire mail server IP addresses blacklisted.

For businesses, this is an alarming situation as it causes inconvenience to users and results in support desk pile-up with support queries. To overcome this situation, some clients prefer using mailchannels. In this blog, we explain how to setup MailChannels configuration in CPanel.

What is Mailchannels Cloud?

MailChannels Cloud is an SMTP (Simple Mail Transfer Protocol) relay service that checks and identifies spammers in the network and eliminate email issues to prevent IP address blacklisting. It can maintain better email reputation and makes sure the emails reach exact destination successfully.

Before getting into an in-depth analysis of MailChannels Cloud, let’s have a look at how an SMTP Relay Service works.

Since Email is the most widely used application on the Internet, its usage varies with individuals. From setting up a webmail account to a WordPress installation that sends out bulk newsletters, email plays an important role. When a customer sends an email, the customer expects it to reach the destination without fail. What an SMTP relay service do here is to guarantee the send emails reach the destination inbox successfully.

How an SMTP relay server achieves this is by going through all the emails that leave the servers and identifies the spam mail from the list and block it. While the emails from authentic sources are filtered out by the relay server system and sent out through a large number of IP addresses run by anti-spam experts.

The relay will then figure out the next steps for the email to reach its destination by finding the domain names of the recipient and then may send directly to the MTA ( Message Transfer Agent) of the recipient email service or the mail travel through multiple MTA’s acting as SMTP servers before it reaches the destination inbox.

The following steps are followed when MailChannels receives an email message before sending it to its destination.

1. The first step is to identify the original sender of the email. If the email originated from a PHP script, then the script name, path, along with the responsible user is pinpointed.

2. The email undergoes scanning to check malicious contents.

3. The reputation of the email sender is checked using MailChannels internal reputation check system.

4. The recipient email addresses are checked to see if there are any Spam Traps.

5. The sender’s email domain is checked whether they imitate well know brands. In such cases, the emails are flagged.

6. If an email is flagged as spam as per any of the above criteria, then the email is immediately rejected. If any sender is found to be acting suspicious, the emails from this specific user are then monitored.

7. Once all the criteria are met, the email is delivered to their respective recipient’s inbox.

8. Once the email is delivered to the inbox, MailChannels evaluate the messages generated from the recipient’s email server to see what they think of that specific email. If any response state the email has any spam contents, this information is sent to MailChannels Internal reputation system to rate limit or block the email user from delivering more emails in future.

When MailChannels identifies a spam email, the sender of that email gets a Non-Delivery Report to let them know the email has been rejected. Also, a notification is sent to the user to inform about the spamming activity in the server. This notification allows the user to take necessary actions and make sure such instances are not repeated from that specific sender in future.

Is your IP blacklisted in any RBL ?
Check and Delist your IP using our free Rbl-Check Plugin

Setting Up MailChannels for cPanel

To relay emails through MailChannels, your Mail Transfer Agent ( MTA ) must authenticate with MailChannels Cloud using the credentials provided to you.

If you are using cPanel with Exim and want to relay your email through MailChannels, navigate to Main > Service Configuration > Exim Configuration Editor, click on the Advanced Editor button and enter the following.

Section: AUTH

|begin authenticators
|
|mailchannels_login:
|driver = plaintext
|public_name = LOGIN
|client_send = : MailChannelsUsername : MailChannelsPassword

Next, replace MailChannelsUsername and MailChannelsPassword with the username and password assigned by MailChannels.

NOTE: Only include “begin authenticators” if it is not already in the configuration.

The next two sections can be used as per the user’s wish. If you wish to preserve the CPanel max hourly email limits, then please make use of the POSTMAILCOUNT option or you can use the ROUTERSTART section. You only need to implement one from the above-mentioned options.

Section: POSTMAILCOUNT

If you wish to preserve the max hourly email limits specified, then you have to use this option. If you wish the server to still accept mail for the localdomains and only relaying mail out then domains = section should be added. Other all email, incoming and outgoing gets relayed.

|remoteserver_route:
|driver = manualroute
|transport = mailchannels_smtp
|domains = !+local_domains
|route_list = * smtp.mailchannels.net::25 randomize byname

Section: ROUTERSTART

To use ROUTERSTART make the following changes.

|send_via_mailchannels:
|driver = manualroute
|domains = ! +local_domains
|transport = mailchannels_smtp
|hosts_randomize = true
|route_list = * smtp.mailchannels.net::25 randomize byname
|host_find_failed = defer

Section: TRANSPORTSTART

Please make these changes to the Section: TRANSPORTSTART configuration box.

|mailchannels_smtp:
|driver = smtp|
|hosts_require_auth = *
|tls_tempfail_tryclear = true
|headers_add = X-AuthUser: ${if match {$authenticated_id}{.*@.*}\
|{$authenticated_id} {${if match {$authenticated_id}{.+}\
|{$authenticated_id@$primary_hostname}{$authenticated_id}}}}

Enabling Mailing List X-Header

Most of the cPanel servers use Mailing List. So you should add the X-MC-MailingList headers enable to identify the sending account.

This can be done by adding the following line to the mailman_virtual_transport section:

headers_add = "X-MC-MailingList: $original_local_part@$original_domain\n"

Excluding Specific Receiver Domains

To exclude emails to certain domains from being routed through MailChannels Cloud, add the following line to the route Section: ROUTERSTART configuration box:

domains =! receivingdomain.com: +local_domains

An example of the configuration after this change is given below,

|send_via_mailchannels:
|driver = manualroute
|domains = ! +local_domains
|senders = !*@example.com : !*@example2.com
|transport = mailchannels_smtp
|route_list = "* smtp.mailchannels.net::25 byname"
|host_find_failed = defer
|no_more

Once the changes have been made to the Exim configuration, you need to restart the service to activate the changes.

Routing only one Specific Sender Domain

If you want to route email traffic from a specific sender domain through MailChannels Cloud, then replace the line starting with “senders” to the following:

senders = *@example.com

To route email only from a specific user, specify the full address:

senders = user@example.com

SPF Records Configuration

Once you have configured MailChannels Cloud, you need to use correct Sender Policy Framework (SPF) records to configure your DNS settings, so you can ensure that email recipients will properly identify and receive your email.

The following records are needed for SPF to work correctly. Replace example.com with your own domain name:

Location Type Value

Example.com SRV v=spf1 a mx include:relay.mailchannels.net?all

If you already have an SPF record, simply add include:relay.mailchannels.net to this entry. Make sure to add it before the “all” mechanism as “all” always matches and typically goes at the end of the SPF record.

DKIM Configuration

DKIM is not necessarily needed for MailChannels to work with cPanel users. However, to include your DKIM key to cPanel,

Add the following lines into the Exim configuration already in place.

In the TRANSPORTSTART Section at the end of “mailchannels_smtp” transport:
dkim_domain = $sender_address_domain
dkim_selector = default
dkim_canon = relaxed
dkim_private_key = "/var/cpanel/domain_keys/private/${dkim_domain}"

The final “mailchannels_smtp” transport section will look as,

mailchannels_smtp:
driver = smtp
hosts_require_auth = *
tls_tempfail_tryclear = true
headers_add = X-AuthUser: ${if match {$authenticated_id}{.*@.*}\
{$authenticated_id} {${if match {$authenticated_id}{.+}\
{$authenticated_id@$primary_hostname}{$authenticated_id}}}}
dkim_domain = $sender_address_domain
dkim_selector = default
dkim_canon = relaxed
dkim_private_key = "/var/cpanel/domain_keys/private/${dkim_domain}"

Ensure that you restart your mail server application after making changes to the configuration files.

Configure DNS MX/SRV records

To filter your emails by MailChannels, you need to configure your MX records to point to the MailChannels Cloud MX points and create additional DNS SRV records.

Complete the following steps to configure your DNS MX/SRV records:

Go to the Settings page in your MailChannels Account. Click on Configure DNS MX/SRV records panel to expand the panel if it isn’t already.

3. Create the DNS SRV records as shown in the first example snippet in the settings panel. The example snippet should contain one SRV record for each existing MX record in your DNS.

4. Change your DNS MX records as shown in the second snippet in the settings panel.

Now you have configured MailChannels to relay your emails. This makes email receivers get their mails on time and saves you from the headache of your server IP’s getting blacklisted.

Thanks for dropping by. Ready for the next blog?

Plesk Acquired SolusVM