Occasionally with reseller hosting, one client can cause problems for others if the accounts are not sufficiently isolated from one another. One such case of this is when one client becomes hacked with spam-sending malware, and causes the outgoing mail IP to become blocked.
Obviously, the correct approach to take is to immediately do whatever it takes to stop the spam emails from being generated, clear the Exim queue of all spam emails waiting to be sent, identify all malicious code within the account, clean the account, and then properly secure the account so that no further attacks occur.
If the attack is caught early, blacklisting typically doesn't occur. However, if the attack continues, the mail-sending IP may become blacklisted and this will cause problems for all users on the server.
To prevent the uncompromised accounts from suffering and being affected by the blacklisted IP while you work to clean and secure the compromised account and to request delisting from the RBLs, one may consider the possibility of placing the domains on separate mail IPs.
Another scenario in which one may choose to do this is to separate a client that uses mailing lists, or to separate clients based on their packages and email limits/restrictions.
Regardless of the case, this will require some configuration. This article aims to outline the steps needed for configuring this with a DirectAdmin server.
DirectAdmin uses the following files to manage this:
You can either manually manage this, or you can allow DirectAdmin to manage it based on what IP domains are assigned.
You can manually edit these files and restart Exim to make the changes take place. You should have the following settings set in the DirectAdmin configuration for manual outgoing mail IP management (note that these are the same settings as when you are using the default setup of sending mail from the main server IP):
Let's say that 188.8.131.52 is my secondary IP and I want to use my secondary IP as my outgoing mail IP from now on. Currently, the domainips file doesn't exist since domainips_default_ip= is empty in the directadmin.conf file and add_domain_to_domainips is set to 0. I want to manually manage which domains send from the primary and have all others send from the secondary. I would just create the domainips file with the following:
And restart Exim.
service exim restart
And viola! I am now sending mail from my secondary IP 184.108.40.206.
For a more complex domain-IP setup with a fallback IP, a sample /etc/virtual/domainips file will contain the following:
*:220.127.116.11 domain.com:18.104.22.168 other.com:22.214.171.124
Where domain.com and other.com will use 126.96.36.199 and all other domains will use 188.8.131.52 upon an Exim restart.
The helo can be configured similarly so that the Exim welcome headers are different depending on IP being connected to.
A sample helo_data file based on the last example would be as follows:
Remember to restart Exim after making any of these modifications!
You also have the option to allow DirectAdmin to manage these files, but this requires that each domain sends from its assigned IP (for any domain created with an IP that is not the server IP). The helo_data will only get owned IPs. This configuration requires the following directadmin.conf setting:
You can also set a fallback IP. If you want to specify a different fallback IP other than your server IP, you can set in the directadmin.conf with the variable:
You can use the following commands to configure this (be sure to replace 184.108.40.206 with the fallback IP you'd like to use):
/usr/local/directadmin/directadmin set add_domain_to_domainips 1 /usr/local/directadmin/directadmin set domainips_default_ip 220.127.116.11 restart
Now, you will need to have DirectAdmin rewrite these Exim configuration files since it will be managing them for you:
echo "action=rewrite&value=domainips" >> /usr/local/directadmin/data/task.queue echo "action=rewrite&value=helo_data" >> /usr/local/directadmin/data/task.queue
Finally, confirm that data has been written to these files (these files do not exist by default) and restart Exim.
service exim restart
You may now be done configuring the domainips and helo_data files, but there are a few more very important considerations when it comes to the mailserver's overall configuration. You must now reconfigure your SPF and PTR records to ensure that they are set to use the correct IP(s)! If you have any questions about how to configure them properly, reference our article regarding email best practices or contact support. 2)KnownHost Wiki Mail Server Configuration