Exim4 Outbound IP address based on web domain IP

I have a server with 5 ips and lot of domains hosted in the panel. The domains are equally distributed among the availables IPs.
I am trying to create a function in exim4 config to allow the usage of web domain IP as outbound interface IP. That way, if a domain is infected and starts to send spam, when the IP is added to a blacklist it will only affect the other domains allocated to that IP, leaving the rest of the domains untouched. Its like a way to minimize the impact of an email spam attack. Of course i also have a few extra rules to avoid a hack, but no rule is 100% effective regarding hackers.
What do you think about it?
Do you have any hint on how to acheive that?

Thanks for the amazing work you are doing!!

1 Like

Just in case someone needs this functionality. This is how i resolve it:

I made the following script that creates a file with a domain: ip mapping:

#!/bin/bash -l


# First the default ip

# Then search for web domains and extract the ip
  while IFS="" read -r line || [ -n "$line" ]
    eval $line
  done < $USER_DATA_DIR/web.conf

And then in exim conf file, under transports:

  driver = smtp
  helo_data = mail.${sender_address_domain}
  dkim_domain = DKIM_DOMAIN
  dkim_selector = mail
  dkim_private_key = DKIM_PRIVATE_KEY
  dkim_canon = relaxed
  dkim_strict = 0
  interface = "${lookup{$sender_address_domain}lsearch*{/etc/exim4/domainips}{$value}}"

Then i configure a cron to run this script every 5 min to keep the list up to date.


Hi @ramirojoaquin

Welcome to the hestia board and thanks for sharing your script! I’m sorry for the delayed answer.

I’ll check it with out devs, if you allow, we could implement it maybe directly to hestia.

1 Like


a mapping like this as default, if there are mutliple IPs on the system totally makes sense. I guess if implemented directly with the mail-stack, there should be no need for a cron-script at all :wink:

I am glad to help! Of course i allow. It would be very nice to have that feature in Hestia core.
Thanks for the good work!

1 Like

Excellent thank you!

I sugest
# First the default ip
hostname -I | { read default others ; echo "*:" $default; } > $EXIM_DOMAIN_IPS_FILE
to avoid hardcoded IP in the script.

1 Like

This feature was added to master and will be available in the next version.

1 Like