The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Blocking emails (sendmail) from localhost?

Discussion in 'E-mail Discussions' started by celitocomm, Nov 17, 2014.

  1. celitocomm

    celitocomm Registered

    Joined:
    Nov 17, 2014
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi all,

    I have done a lot of searching and have done the things I thought I had to to prevent this, but it hasn't seemed to help.

    My company runs a cPanel server with about 100 domains on it. One of our users running WordPress was just infected with PHP/Kryptik which was a virus that was sending spam from the server itself. The mail queue in cPanel was filled with messages that were showing as being from the server itself.

    Without revealing actual information, here is what I mean:
    Client's root user name is user@domain.com
    Our cPanel server is hosting.mycompany.com

    In the mail queue, the messages were shown as being from user@hosting.mycompany.com. The command that this malicious PHP script was running was: /usr/sbin/sendmail -t -i . What can do I do to prevent all users from being able to use sendmail, and send mail that comes from @hosting.mycompany.com when that isn't how they should be sending email? I believe from what I read if they use webmail, it will show up that way as well, so I need to be able to do this without breaking anything.

    SMTP Restrictions are enabled. I have "Restrict outgoing SMTP to root, exim, and mailman (FKA SMTP Tweak)" and "Prevent “nobody” from sending mail" enabled.

    I also have another client that is running a (legitimate) cron job that is sending messages from theiraccount@hosting.mycompany.com. It's from a WordPress plugin that is running backups. So, again, how can I block these types of things without breaking anything?

    Thanks for any help.
     
  2. celitocomm

    celitocomm Registered

    Joined:
    Nov 17, 2014
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hey Michael,

    I tried the one where I block email from one domain, but it didn't seem to work. I assume because mail was being generated from the server itself so the domain didn't match their domain.

    It looks like your second look will do what I need to do though. I'll tes tit out and update. Thanks for the help!

    -Brent
     
Loading...

Share This Page