Disable outgoing mails from system users.

[amolmistry]

Hello,

Noticed that there are lots of mails being sent from [email protected] (this is the user when it gets created when we Add hosting of domain name in cPanel)

Any Idea how to disable spamming from such users?

 

[Infopro]

In cPanel:
Set Up a Default Address - cPanel Documentation

Select "Discard with error to sender" add a message, No Such User Here

in WHM for new accounts:
Home » Server Configuration » Tweak Settings, Mail tab.

Initial default/catch-all forwarder destination [?]
Forwarding destination for a new account’s catch-all/default address. (Users may modify this value via the Default Address interface in cPanel.) “Fail” rejects the message and notifies the remote SMTP server. This is usually the best choice if you are getting mail attacks. “Blackhole” accepts and processes the message but then silently discards it. This avoids notifying the remote SMTP server but violates SMTP RFC 5321 and generally should not be used.

Select "Fail" here and save configuration.

 

[anton_latvia]

Well, depends what kind of scripts those users use to send mail. You can disable mail() function in PHP, so will have to use SMTP with authentication. Or better search and block those scripts, which generate spam. Since this could be also "good" emails, each case should be investigated separately.

 

[amolmistry]

In cPanel:
Set Up a Default Address - cPanel Documentation

Select "Discard with error to sender" add a message, No Such User Here

in WHM for new accounts:
Home » Server Configuration » Tweak Settings, Mail tab.



Select "Fail" here and save configuration.

Hi Infopro,

But thing is I wish to discard the mails which are being sent from system user accounts (which are got created while adding hosting i.e. cpanel.com user : cpanel ([email protected])).

 

[Infopro]

I'm sorry, your query is unclear to me.

System emails, for example quota or email box full emails, are sent to the system user. user @host.servername.com and are forwarded to that users real, Contact email address. user @host.servername.com is not a "real" email address.

ConfigServer blog has a post on this located here you might find interesting:
Why you should use :fail:

 

[amolmistry]

I'm really very sorry Infopro, I mean to say, there are spamming is happening from that user which are getting creating after Account addition, check attached screenshot and check yellow highlighted part so that you will come to know exactly what I mean.

 

[Infopro]

Well, we'd have to see some of the emails I think to be able to give you proper direction.

User mileshig is the cPanel user. He can't send emails out on "his" own. His scripts could, as Anton mentions above. For mileshig to send email, he'd have to create an actual email account, which by your image, he does not have right now.

Depending on the settings I mentioned previously, a spammer could send emails to anyname at mileshig's domain.com

 

[SoftDux]

I can add to this:

Let's say Bob's email address was hijacked and now [email protected] sends spam, using outlook (or any other email client) through SMTP.

How does one stop all outgoing mail for a certain user, or domain?

 

[amolmistry]

Hello,

Atleast is there any option to disable mailing services for specific user/email id?