Disable Outbound email from specific cpanel account? One user?

[USA_Webmaster]

While I wait for a response, I'm going to read over the How to Prevent Email Abuse - cPanel Knowledge Base - cPanel Documentation and see if I can get results here.

I recently received a null route for UCEProtect Abuse because of heavy spamming. It looks like it's just the one account on WHM. How do I completely disable email for only that account without deleting the entire account? It's a large account with gigs of data and I'm sure they still need access to it. Perhaps I can limit outbound email to one specific account to patch solve this until it's fixed?

I've gone into the cPanel account, and deleted all the email accounts, BUT, there is still that single email account... what does deleting the entire MAIL folder do? Could that disable email?

 

[ffeingol]

I'm assuming that the account that is left is the user-id of that cPanel account? If so, there is not much you can do. Otherwise, in cPanel, you can click manage to the right of email and look at the restrictions section you can do various things to disable mail.

 

[USA_Webmaster]

So as far as you know, or understand cPanel, there is no way to "disable" email for a single cPanel account from inside WHM or perhaps using SSH at root? It just seems like such a trivial thing, I can't believe this might not be possible... for paid software with over a decade of development.. mind-boggling.

 

[quietFinn]

If a cPanel account in our server is sending spam the 1st thing to do is to check if it's:
1 - sent from outside of the server, i.e. AUTH RELAY
or
2 - sent locally, i.e. LOCAL RELAY

If it's 1 I check what email account the spammers are using, and then I change password for that email account, and inform the owner of the account.

if it's 2 I try to find out what script is used to send the emails. Sometimes it's just a vulnerable contact form, but sometimes it means that the account is hacked, and in that case I would suspend the account.

 

[USA_Webmaster]

If a cPanel account in our server is sending spam the 1st thing to do is to check if it's:
1 - sent from outside of the server, i.e. AUTH RELAY
or
2 - sent locally, i.e. LOCAL RELAY

If it's 1 I check what email account the spammers are using, and then I change password for that email account, and inform the owner of the account.

if it's 2 I try to find out what script is used to send the emails. Sometimes it's just a vulnerable contact form, but sometimes it means that the account is hacked, and in that case I would suspend the account.

What if they don't want to fix the suspended account? The paid account just sits there until they fix it? Do you normally restore a backup for free from a few days back? Or just cross-sell them on malware removal? What is #3 step... you are very smart. I like this response. TY!

 

[quietFinn]

It is possible to prevent a cPanel account from sending emails:

Suspend cPanel account outgoing email

This function sets Exim's queue to suspend and force failure for email that a user sends to an external address. **Note:** If mail for a cPanel user's account is suspended, the system will reject their email before the mail server puts it in queue.

api.docs.cpanel.net

However if the account is hacked they have to fix it, I can restore backup (for free), but that's only 2 days back, and in many cases that does not fix the root cause.