Stop account from using mail()

[Razva]

Hey,

I've implemented the /etc/blockeddomains solution and it kinda works. All messages are now blocked into the queue, not relayed, which is great in some cases.

At this moment I have a couple of users who are sending massive waves of spam because of some bad written WordPress themes. The clients asked me to keep their sites online for a couple of days, until they fix their websites.

Is there any way to block their access to the queue completely? They are sending massive amounts of spam to the Exim queue, which is slowing down everybody else and driving me crazy. Also I receive a ton of queue size notifications from cPanel (which is great, usually).

Basically I would like to disable their access to the mail() function or their access to the Exim queue.

We're using the latest cPanel / WHM version.

Thanks,
Razva

 

[ModServ]

Fire this command to find the exact path that sends emails:

grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n

 

[Razva]

Fire this command to find the exact path that sends emails:

grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n

I know what path is sending emails, the client also knows and he's working at fixing things. Right now even if he deletes the files that send spam they - obviously - appear again in a couple of hours, because of the WP Theme exploit. So until he fixes the theme (it'll take at least 2-3 days) I need to disable his access to the mail() function or his access to the Exim queue. Any advice?

 

[ModServ]

There's a workaround for this, Create separate php.ini for this user and in disable_functions add mail function and you can as well in the same php.ini change the path of sendmail (sendmail_path = "/usr/sbin/sendmail -t -i") to anything else like /dev/null.

 

[Infopro]

He should work on his theme locally on his own computer to fix it while his live site runs a default WP style, get an updated theme from his theme vendor, or just change to some other theme.

I don't care if it was my best friend, and longest with me client, the theme should be replaced right away, or the account, suspended.

(it'll take at least 2-3 days)

10 minutes is too long. 2-3 days is unacceptable.

GL!

 

[ModServ]

He should work on his theme locally on his own computer to fix it while his live site runs a default WP style, get an updated theme from his theme vendor, or just change to some other theme.

I don't care if it was my best friend, and longest with me client, the theme should be replaced right away, or the account, suspended.



10 minutes is too long. 2-3 days is unacceptable.

GL!

Yes, exactly that's what you should do.

Another workaround, Modify an Account then Maximum Hourly Email by Domain Relayed.
i.imgur.com/NWw0YF4.png

 

[Infopro]

Please attach images to your posts instead of linking to image hosting services.

Thanks.

 

[Razva]

There's a workaround for this, Create separate php.ini for this user and in disable_functions add mail function and you can as well in the same php.ini change the path of sendmail (sendmail_path = "/usr/sbin/sendmail -t -i") to anything else like /dev/null.

Great point, thanks!

 

[ModServ]

Please attach images to your posts instead of linking to image hosting services.

Thanks.

Will do next time, thanks for letting me know that.

Great point, thanks!

You are most welcome.