Use Mailgun with Exim on cPanel/WHM to Solve SPAM email Issue

My regular transnational/marketing email provider, Mandrill will be only available for paid MailChimp customer starting 27th April 2016. As I never exceed 12,000 FREE emails per month, I think there is no point to use any paid transnational services. Upon searching, I find out that Mailgun provides 10,000 FREE emails per month which should be sufficient for my use. Upon testing, the function provided by Mailgun is sufficient for my needs.

I mainly use this services because my websites utilize phpmail or sendmail function & also to send server generated message. This kind of email function many throw many emails into SPAM folder of the intended recipients. The situation become worsened if the intended recipients are using hotmail/livemail/outlook, which has stricter filtering. The recipient may not receive the email at all. Not even in Junk folder.

This is a big issue if you are running an e-commerce and even bigger issue for newsletter/mailing list website like Interspire Email Marketer.

To solve this issue, we can use transnational email or bulk email service such as Mailgun with Exim on cPanel/WHM server.

To integrate Mailgun with Exim on cPanel/WHM, we have to add proper settings as below. If you migrating from Mandrill, make sure all settings from Mandrill removed.


1. Login to WHM with a root access & browse to


WHM → Service Configuration → Exim Configuration Manager → Advanced Editor


4. Search for – “Section: AUTH” & add the following code. Change [email protected] : password with your email & Mailgun Password

driver = plaintext
public_name = LOGIN
hide client_send = : [email protected] : password


5. Search for – “Section: ROUTERSTART” & add the following code.

driver = manualroute
domains = ! +local_domains
transport = mailgun_transport
route_list = "* byname"
host_find_failed = defer


6. Search for – “Section: TRANSPORTSTART” & add the following code.

driver = smtp
hosts =
hosts_require_auth =
hosts_require_tls =


7. Save the new configuration.

8. Send a test email & you should see the email header should have something with *mailgun.*

Defeat wp-login.php Brute Force Attack By Whitelist IP in .htaccess

In dealing WordPress Login (wp-login.php) brute force attack, previously, I recommend changing username & password as mentioned in WordPress Brute Force Attack – Change Username/Login ID post.

For Cloudflare users, you may block the login page for other visitors from other country except yours as mention in Defeat wp-login.php Brute Force Attack Using Cloudflare & .htaccess. However, this method has there are some limitation where you must use Cloudflare services & not many attack originated from your country.

Another method is by whitelisting your IP. If your IP is dynamic, you may want to find out your IP ranges.

After that add the code below in your “.htaccess” file and replace the “allow from XXX.XXX.XXX.XXX/XX with your IP ranges.

<FilesMatch "wp-login.php">
 order deny,allow
 deny from all
 allow from XXX.XXX.XXX.XXX/XX
 allow from YYY.YYY.YYY.YYY/YY
 allow from ZZZ.ZZZ.ZZZ.ZZZ/ZZ

Page 1 of 5312345...102030...Last »