CPanel: permanent whitelist static IPs/hosts using antirelayd/relayhosts

If you are using CPanel you already know that its mail server (exim) uses a mechanism to allow pop-before-smtp relaying for sending outgoing emails. The IPs allowed to relay on the server are added dynamically to the file /etc/relayhosts by the antirelayd daemon.

The exim configuration for this:

/etc/exim.conf: hostlist relay_hosts = lsearch;/etc/relayhosts : localhost

What is antirelaydantirelayd is a daemon that checks /var/log/maillog for pop3/imap logins and keeps track of valid ones for use with smtp relaying. It manages the /etc/relayhosts file automatically so if you are trying to add a static IP in that file it will be cleaned up by antirelayd.
So how can we whitelist some IP and add it permanently to the allowed hosts to relay mail using the server? Well this is very simple but not documented properly (you can easily see this if you are looking into the file /usr/sbin/antirelayd that is just a perl script). So all you have to do is create a file (if no such file exists) called alwaysrelay in /etc and add the IPs you always want to be allowed to relay outgoing mails on the server. Normally /etc/alwaysrelay will not exist, but if it does just edit the file and append the needed IPs.


and add each IP on a separate line. After this either restart antirelayd or wait for a little while and it will automatically include these IPs in /etc/relayhosts and they will not be cleaned any more (permanent relay).

The same result can be achieved by creating a different file (for ex. /etc/staticrelay) and including it in the exim configuration (in the relay_hosts config similar to /etc/relayhosts). This file will be manually maintained and not cleaned up by antirelayd so the result is the same. Choose the method that you prefer (either antirelayd or exim.conf)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s