Block sending e-mail from defaul address

Nabbello · Dec 3, 2019

Hello, how can i stop sending e-mail from default email address? example [email protected]

I have a user who send a lot of spam from default email and i have a local relay alert.

Thanks

cPanelLauren · Dec 4, 2019

You can't block that address from sending email, the things you can do to manage this account are listed here: Email Accounts - Version 84 Documentation - cPanel Documentation

What leads you to believe the user is sending spam using this account?

Nabbello · Dec 5, 2019

@cPanelLauren

This is a delivery report example:

Event:	success
Sender User:	user
Sender Domain:	domain.com
From Address:	[email protected]
Sender:	user
Sent Time:	Dec 5, 2019, 12:49:12 PM
Sender Host:	localhost
Sender IP:	127.0.0.1
Authentication:	localuser
Spam Score:
Recipient:	[email protected]
Delivered To:	[email protected]
Delivery User:	-remote-
Delivery Domain:
Router:	lookuphost
Transport:	remote_smtp
Out Time:	Dec 5, 2019, 12:49:12 PM
ID:	1icpd1-0004vM-1Q
Delivery Host:	gmail-smtp-in.l.google.com
Delivery IP:	obscured
Size:	3.15 KB
Result:	Accepted

and i have many email
Time: Thu Dec 5 09:59:21 2019 +0100
Type: LOCALRELAY, Local Account - obscureduser
Count: 101 emails relayed
Blocked: No

cPanelLauren · Dec 5, 2019

This looks more like the result of an email sent via a PHP Script than anything else to me. What is the output of the following:

Code:

grep "cwd=/home/user" /var/log/exim_mainlog

There are a number of variations of commands like this but ultimately this is going to find emails sent via a script with the current working directory in /home/user

(remove any identifying information like IP addresses and actual domain names)

Nabbello · Dec 5, 2019

@cPanelLauren

a lot of

2019-12-05 20:54:02 cwd=/home/user/public_html 3 args: /usr/sbin/sendmail -t -i

cPanelLauren · Dec 5, 2019

Nabbello said:
@cPanelLauren

a lot of

2019-12-05 20:54:02 cwd=/home/user/public_html 3 args: /usr/sbin/sendmail -t -i

Hello,

I'd check that user's public_html for the script that's sending mail. You may also want to look at running a malware scan on the account. The user is most likely not aware they're sending this mail and it's the result of a malware script.

Thread starter	Similar threads	Forum	Replies	Date
	block people from sending to a specific domain or mail	Email	5	Nov 15, 2021
M	SOLVED How to block port 143 from sending emails?	Email	7	Dec 2, 2020
R	Block account sending phishing email?	Email	1	Jul 7, 2019
	Prevent users from sending emails that gets server IP blocked?	Email	8	Sep 14, 2018
A	block any user sending to specific email address	Email	3	May 6, 2018

Search

Search

Block sending e-mail from defaul address

Nabbello

Active Member

cPanelLauren

Product Owner II

Nabbello

Active Member

cPanelLauren

Product Owner II

Nabbello

Active Member

cPanelLauren

Product Owner II