How to manually change the outgoing IP address for email delivery on a WHM/cPanel Server

Background

You might resort to changing your WHM server’s outgoing SMTP address as a last resort when your server’s IP address has been blacklisted. The most common reason why legitimate email servers are blacklisted is because a mailbox’s password was guessed by a script kiddy. Although most email systems have protections against password guessing, the unfortunately reality is that when you’re hosting a thousands of mailboxes this will inevitably happen. The time and cost dealing with a blacklisted server is immense so fortunately most email servers, including Exim supplied with WHM, has a facility to specify a new originating IP address.

Warning

This procedure should only be performed if you know what you are doing. Changing the outgoing IP address can have huge repercussions on email delivery, specifically because:

1. SPF is heavily enforced on the internet. If you don’t update the SPF records of your clients, most of them will start having problems where email now lands in SPAM.

2. You cannot just change IP addresses or assign new IP addresses in isolation when it comes to email delivery. You have to be ultra aware of the PTR record, and you need access to the reverse record creation before you perform this procedure. Almost 100% of email servers fail with no PTR record, and numerous check for perfect forward and reverse validity.

Procedure

Now that we have the warnings out of the way, let’s move to the task at hand.

[root@server ~]# cat /etc/mailips 
*:a.b.c.1
#*:a.b.c.2

# Change Log
# 14 July 2020 rotation, changed from .2 to .1 after Truncate incident

/etc/mailips contains the list of IP addresses available for rotation. Of course you need to have that IP address available in network settings already.

A good practice would be to keep a change log so that you can historically keep track of what happened and also so that you can quickly orientate yourself in an emergency.

Once you made the changes, remember to service exim restart

Please note

In WHM you also have to change a non default which will allow different IP addresses for outgoing email:

Tools to test

MX Toolbox has an excellent tool to check the domain health, we highly recommend you run a number of your domains through this tools to ensure that everything is working as expected.

https://mxtoolbox.com/domain/

References

Please refer to the official documentation to fully understand the whole procedure:

Share this article

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to Top