Disable Outbound email from specific cpanel account? One user?

USA_Webmaster

Well-Known Member
Dec 10, 2015
68
12
58
USA
cPanel Access Level
Root Administrator
While I wait for a response, I'm going to read over the How to Prevent Email Abuse - cPanel Knowledge Base - cPanel Documentation and see if I can get results here.

I recently received a null route for UCEProtect Abuse because of heavy spamming. It looks like it's just the one account on WHM. How do I completely disable email for only that account without deleting the entire account? It's a large account with gigs of data and I'm sure they still need access to it. Perhaps I can limit outbound email to one specific account to patch solve this until it's fixed?

I've gone into the cPanel account, and deleted all the email accounts, BUT, there is still that single email account... what does deleting the entire MAIL folder do? Could that disable email?
 
Last edited:

ffeingol

Well-Known Member
PartnerNOC
Nov 9, 2001
715
280
363
cPanel Access Level
DataCenter Provider
I'm assuming that the account that is left is the user-id of that cPanel account? If so, there is not much you can do. Otherwise, in cPanel, you can click manage to the right of email and look at the restrictions section you can do various things to disable mail.
 

USA_Webmaster

Well-Known Member
Dec 10, 2015
68
12
58
USA
cPanel Access Level
Root Administrator
So as far as you know, or understand cPanel, there is no way to "disable" email for a single cPanel account from inside WHM or perhaps using SSH at root? It just seems like such a trivial thing, I can't believe this might not be possible... for paid software with over a decade of development.. mind-boggling.
 

quietFinn

Well-Known Member
Feb 4, 2006
1,653
326
438
Finland
cPanel Access Level
Root Administrator
If a cPanel account in our server is sending spam the 1st thing to do is to check if it's:
1 - sent from outside of the server, i.e. AUTH RELAY
or
2 - sent locally, i.e. LOCAL RELAY

If it's 1 I check what email account the spammers are using, and then I change password for that email account, and inform the owner of the account.

if it's 2 I try to find out what script is used to send the emails. Sometimes it's just a vulnerable contact form, but sometimes it means that the account is hacked, and in that case I would suspend the account.
 

USA_Webmaster

Well-Known Member
Dec 10, 2015
68
12
58
USA
cPanel Access Level
Root Administrator
If a cPanel account in our server is sending spam the 1st thing to do is to check if it's:
1 - sent from outside of the server, i.e. AUTH RELAY
or
2 - sent locally, i.e. LOCAL RELAY

If it's 1 I check what email account the spammers are using, and then I change password for that email account, and inform the owner of the account.

if it's 2 I try to find out what script is used to send the emails. Sometimes it's just a vulnerable contact form, but sometimes it means that the account is hacked, and in that case I would suspend the account.
What if they don't want to fix the suspended account? The paid account just sits there until they fix it? Do you normally restore a backup for free from a few days back? Or just cross-sell them on malware removal? What is #3 step... you are very smart. I like this response. TY!
 

quietFinn

Well-Known Member
Feb 4, 2006
1,653
326
438
Finland
cPanel Access Level
Root Administrator
It is possible to prevent a cPanel account from sending emails:

However if the account is hacked they have to fix it, I can restore backup (for free), but that's only 2 days back, and in many cases that does not fix the root cause.