How to stop sendmail?

This post should be of some use to you:
Exim Mail Server disable but still send mail

 

Did you fully read the post I linked you to?

 

Hello,

You may find the following document helpful:

How to Prevent Email Abuse - cPanel Knowledge Base - cPanel Documentation

In particular, the section on "SMTP Restrictions" explains how this feature ensures spammers cannot directly interact with remote mail servers or work around mail security settings.

Thank you.

 

Hello,

You may want to contact the individual RBL list administrators to request delisting or to ask for more information about why your IP is added to the black list.

Thank you.

 

Hello,

You may want to consider enabling the "Prevent “nobody” from sending mail" option under the "Mail" tab in "WHM >> Tweak Settings" and then ensuring any problematic accounts are assigned a version of PHP that uses a handler such as CGI:

MultiPHP Manager for WHM - Version 64 Documentation - cPanel Documentation

However, generally the better approach is to address the hacked WordPress installations:

What log files to check after an account gets hacked/defaced?

Thank you.

 

Hello,

Disabling sendmail can break certain functionality (e.g. Autoresponders, Notifications) on a cPanel system and is unsupported. You're going to need to determine the source of the SPAM messages or implement other methods of preventing email abuse. If you wanted to temporarily disable sendmail to see if that helps you to identify the source of SPAM, then you'd rename the "/sbin/sendmail" file to something else.

What PHP handler is enabled for the versions of PHP installed on the system?

Thank you.

 

You'd need to switch to a handler such as CGI or DSO (where Apache runs as the "nobody" user) if you wanted the "Prevent “nobody” from sending mail" option to be more effective. However, generally the better approach is to implement better security practices to prevent exploits to scripts installed on the websites. There's a thread on this topic at:

Log Checking

Exim logs email activity to the /var/log/exim_mainlog file. The following thread is useful if you want to search this log:

Reading and Understanding the exim main_log

Thank you.

 

Exim still processes the messages so activity is logged to /var/log/exim_mainlog. Another option to consider is to use a third-party application such as CSF/LFD:

https://download.configserver.com/csf/readme.txt

Search the above document for "LF_SCRIPT_LIMIT" for information about this feature can notify you about messages sent from the server through scripts.

Thank you.