Disabling single cpanel email account

zaslayer

Registered
Dec 6, 2013
4
0
1
cPanel Access Level
Root Administrator
Hi There,

I work for a hosting provider. At the moment we have trouble with a single cpanel email account that is being used to relay spam. I know cpanel has no option to disable an account, but I do require a way to stop this account from sending spam, without disrupting the other email accounts for this specific cpanel account.

Right now all I can do is delete spam email from the queue, but this is obviously not ideal. The spam origin is constantly changing, therefore blacklisting source IP's is of no use either. I have changed the password for the account a few times, but this does not help. I am however not sure if there is a service I should restart after the password change, in order to drop all authenticate connections to the server,so as to make the password change effective.

Any advice appreciated.
 

zaslayer

Registered
Dec 6, 2013
4
0
1
cPanel Access Level
Root Administrator
Hi vlee,

Thank you for the response. We do use csf. However in this case, I believe the spammer has managed to compromise the account and is in fact authenticating as that user thus csf blocking wont work in this case.
 

vlee

Well-Known Member
Oct 13, 2005
373
26
178
Spokane, Washington
cPanel Access Level
Root Administrator
Hi vlee,

Thank you for the response. We do use csf. However in this case, I believe the spammer has managed to compromise the account and is in fact authenticating as that user thus csf blocking wont work in this case.
Maybe this will work and you will need to backup the use email if using IMAP. Delete the user email account make sure that there is no possible scripts on their website that maybe linking use email and mail server information.

Then recreate the user email account and use a very strong password and use like !, # $ in the password.

Just more thoughts for you.
 

quietFinn

Well-Known Member
Feb 4, 2006
1,894
464
438
Finland
cPanel Access Level
Root Administrator
Hi vlee,

Thank you for the response. We do use csf. However in this case, I believe the spammer has managed to compromise the account and is in fact authenticating as that user thus csf blocking wont work in this case.
I would change that cPanel account's password and every email account's passwords. If the emails are sent from outside of the server that would stop it.
 

zaslayer

Registered
Dec 6, 2013
4
0
1
cPanel Access Level
Root Administrator
That is unnecessarily drastic.

Surely if I change the password, and immediately after, restart exim and/or dovecot, it should kill all authenticated sessions to the server and force any new sessions to authenticate again? Therefore the spammers should bot be able to authenticate any longer as they do not have the new password? Am I missing something here?

We make use of the password generator that always generates very random strong passwords.