Select the action for the system to take on an email account when it detects a potential spammer

davetanguay

Active Member
Mar 30, 2008
37
1
58
I have Tweak Settings > Select the action for the system to take on an email account when it detects a potential spammer > set to "Hold outgoing mail"

Is there a way to view these hold emails? And how would I release them?

Does root get alerted when there are messages on hold?
 
  • Like
Reactions: Gino Viroli

rpvw

Well-Known Member
Jul 18, 2013
1,088
446
113
UK
cPanel Access Level
Root Administrator
This is the section from the release notes :
Reject and hold outgoing mail for suspect spammers
When an email account sends outbound mail to a large number of unique recipients, the server marks that email account as a potential spammer. Administrators can configure the threshold of unique recipients with the Number of unique recipients per hour to trigger potential spammer notification tweak setting.

In cPanel & WHM version 74, administrators can now select the action that the server should automatically perform when it detects potential spammers. Use the Select the action for the system to take on an email account when it detects a potential spammer tweak setting to configure this behavior in the Mail section of WHM's Tweak Settings interface (WHM >> Home >> Server Configuration >> Tweak Settings). The server will perform one of the following actions:
  • Take no action — Do not perform any action for the email account.
  • Hold outgoing mail — Hold all outbound messages in a queue for the email account.
  • Reject outgoing mail — Reject all outbound messages for the email account.
Note:

This setting defaults to Take no action.

To release or delete outgoing mail held in the queue, perform the following actions in cPanel's Email Accounts interface (cPanel >> Home >> Email >> Email Accounts):
  1. Click Manage Suspension.
  2. Select Allow for the Send option.
  3. If applicable, click Delete messages from the mail queue to remove any queued messages.
  4. Click Save.
It describes how to release them, but I am unsure if they will be available in the WHM mail queue to be inspected.

As far as the alert to root - it looks like that is managed by the Tweak Settings
Number of unique recipients per hour to trigger potential spammer notification.
The system will send a notification when any email account sends email to more than the specified number of recipients in one hour.
Email sent by mailman is exempt from this detection.​

Hope this helps.​
 
  • Like
Reactions: Gino Viroli

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,911
2,234
363
Hello @davetanguay,

The information from the Release Notes that's quoted in the previous post should answer your questions. Let us know if you need additional clarification or have additional questions.

Thanks!
 

mangoo_

Member
Aug 25, 2011
7
0
51
Hello @davetanguay,

The information from the Release Notes that's quoted in the previous post should answer your questions. Let us know if you need additional clarification or have additional questions.

Thanks!
Is there a way to whitelist selected account?

I have dozens of accounts on the server, but one of them is sending a newsletter to thousands of users. The "Number of unique recipients per hour to trigger potential spammer notification" is set to 500 and is global.
If I change this value to 5000 or 10000, it will affect all accounts on the server, not just the one sending a newsletter to thousands on users.


In other words, I'd like to exempt account "someaccount" from mail hold if the mailing is too large, but have this security feature still applied to other accounts.
 

Gino Viroli

Well-Known Member
Oct 2, 2007
69
5
58
cPanel Access Level
Root Administrator
Is there a way to whitelist selected account?

I have dozens of accounts on the server, but one of them is sending a newsletter to thousands of users. The "Number of unique recipients per hour to trigger potential spammer notification" is set to 500 and is global.
If I change this value to 5000 or 10000, it will affect all accounts on the server, not just the one sending a newsletter to thousands on users.


In other words, I'd like to exempt account "someaccount" from mail hold if the mailing is too large, but have this security feature still applied to other accounts.
AFAIK the only way is to turn OFF the new feature "Monitor the number of unique recipients per hour to detect potential spammers." (in "WHM > Server Configuration > Tweak Settings > Mail") and just use only the old feature "Max hourly emails per domain" that can be set per account basis.
If the user who is sending out thousands of mail per hour is on its own domain/cpanel account, go to "WHM > Account Functions > Modify an Account" and modify his account by setting "Maximum Hourly Email by Domain Relayed" to 10000 only for his account.

Anyway, IMHO, a user that sends thousands of email per hour is not normal. He should use an application to send them slowly, your server IP might end up blacklisted by other servers.
 
Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,911
2,234
363
In other words, I'd like to exempt account "someaccount" from mail hold if the mailing is too large, but have this security feature still applied to other accounts.
Hello @mangoo_,

The functionality you are seeking was added in cPanel & WHM version 74 as part of the following case:

Implemented case CPANEL-20694: Ability to set auto-detect threshold for users

It's not yet offered as part of an option in WHM >> Modify an Account or as a package value, but you can manually add the following value to an account's cPanel user file (e.g. /var/cpanel/users/username123):

Code:
EMAIL_OUTBOUND_SPAM_DETECT_THRESHOLD=
The value must be higher than the value set for the global Number of unique recipients per hour to trigger potential spammer notification setting (thus you can allow some accounts to send more emails than what's configured with the global value).

Thank you.