Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Disabling single cpanel email account

Discussion in 'E-mail Discussion' started by zaslayer, Dec 6, 2013.

  1. zaslayer

    zaslayer Registered

    Joined:
    Dec 6, 2013
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi There,

    I work for a hosting provider. At the moment we have trouble with a single cpanel email account that is being used to relay spam. I know cpanel has no option to disable an account, but I do require a way to stop this account from sending spam, without disrupting the other email accounts for this specific cpanel account.

    Right now all I can do is delete spam email from the queue, but this is obviously not ideal. The spam origin is constantly changing, therefore blacklisting source IP's is of no use either. I have changed the password for the account a few times, but this does not help. I am however not sure if there is a service I should restart after the password change, in order to drop all authenticate connections to the server,so as to make the password change effective.

    Any advice appreciated.
     
    #1 zaslayer, Dec 6, 2013
  2. vlee

    vlee Well-Known Member

    Joined:
    Oct 13, 2005
    Messages:
    352
    Likes Received:
    23
    Trophy Points:
    168
    Location:
    Spokane, Washington
    cPanel Access Level:
    Root Administrator
    Do you use like ConfigServer Security & Firewall - csf?

    If not you should look into this because does help block possible issues like that.

    Just a possible fix.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 vlee, Dec 6, 2013
  3. zaslayer

    zaslayer Registered

    Joined:
    Dec 6, 2013
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi vlee,

    Thank you for the response. We do use csf. However in this case, I believe the spammer has managed to compromise the account and is in fact authenticating as that user thus csf blocking wont work in this case.
     
    #3 zaslayer, Dec 6, 2013
  4. vlee

    vlee Well-Known Member

    Joined:
    Oct 13, 2005
    Messages:
    352
    Likes Received:
    23
    Trophy Points:
    168
    Location:
    Spokane, Washington
    cPanel Access Level:
    Root Administrator
    Maybe this will work and you will need to backup the use email if using IMAP. Delete the user email account make sure that there is no possible scripts on their website that maybe linking use email and mail server information.

    Then recreate the user email account and use a very strong password and use like !, # $ in the password.

    Just more thoughts for you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 vlee, Dec 6, 2013
  5. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    11
    Trophy Points:
    168
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    I would change that cPanel account's password and every email account's passwords. If the emails are sent from outside of the server that would stop it.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #5 quietFinn, Dec 6, 2013
  6. zaslayer

    zaslayer Registered

    Joined:
    Dec 6, 2013
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    That is unnecessarily drastic.

    Surely if I change the password, and immediately after, restart exim and/or dovecot, it should kill all authenticated sessions to the server and force any new sessions to authenticate again? Therefore the spammers should bot be able to authenticate any longer as they do not have the new password? Am I missing something here?

    We make use of the password generator that always generates very random strong passwords.
     
    #6 zaslayer, Dec 6, 2013
  7. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,442
    Likes Received:
    1,961
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    In addition to changing the email passwords, you can also implement some of the options listed at:

    cPanel - Prevent Email Abuse

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #7 cPanelMichael, Dec 9, 2013
(You must log in or sign up to post here.)
Loading...
Similar Threads - Disabling single cpanel
  1. benhuragmf

    Disabling NetworkManager Issue

    benhuragmf, Nov 21, 2018, in forum: General Discussion
    Replies:
    3
    Views:
    168
    cPanelLauren
    Nov 21, 2018
  2. Stephen Bignell

    SOLVED [CPANEL-23906] Disabling FTP server removes FTP Server Selection from WHM UI

    Stephen Bignell, Nov 11, 2018, in forum: General Discussion
    Replies:
    4
    Views:
    253
    cPanelMichael
    Nov 30, 2018
  3. dr_lucas

    SOLVED Mariadb 10.2 - Disabling Strict Mode

    dr_lucas, Aug 9, 2018, in forum: Database Discussion
    Replies:
    15
    Views:
    1,190
    cPanelMichael
    Aug 20, 2018
  4. Remitur

    Disabling local delivery, forcing the use of external DNS?

    Remitur, Jul 6, 2018, in forum: E-mail Discussion
    Replies:
    4
    Views:
    207
    cPanelLauren
    Jul 9, 2018
  5. aptechnologies

    Disabling NetworkManager

    aptechnologies, May 31, 2018, in forum: General Discussion
    Replies:
    1
    Views:
    568
    cPanelLauren
    Jun 1, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice