Stop account from using mail()

Razva

Member
Aug 30, 2012
16
1
3
cPanel Access Level
Root Administrator
Hey,

I've implemented the /etc/blockeddomains solution and it kinda works. All messages are now blocked into the queue, not relayed, which is great in some cases.

At this moment I have a couple of users who are sending massive waves of spam because of some bad written WordPress themes. The clients asked me to keep their sites online for a couple of days, until they fix their websites.

Is there any way to block their access to the queue completely? They are sending massive amounts of spam to the Exim queue, which is slowing down everybody else and driving me crazy. Also I receive a ton of queue size notifications from cPanel (which is great, usually).

Basically I would like to disable their access to the mail() function or their access to the Exim queue.

We're using the latest cPanel / WHM version.

Thanks,
Razva
 

Razva

Member
Aug 30, 2012
16
1
3
cPanel Access Level
Root Administrator
Fire this command to find the exact path that sends emails:
Code:
grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n
I know what path is sending emails, the client also knows and he's working at fixing things. Right now even if he deletes the files that send spam they - obviously - appear again in a couple of hours, because of the WP Theme exploit. So until he fixes the theme (it'll take at least 2-3 days) I need to disable his access to the mail() function or his access to the Exim queue. Any advice?
 

ModServ

Well-Known Member
Oct 17, 2006
337
5
168
Egypt
cPanel Access Level
Root Administrator
There's a workaround for this, Create separate php.ini for this user and in disable_functions add mail function and you can as well in the same php.ini change the path of sendmail (sendmail_path = "/usr/sbin/sendmail -t -i") to anything else like /dev/null.
 

Infopro

Well-Known Member
May 20, 2003
17,107
515
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
He should work on his theme locally on his own computer to fix it while his live site runs a default WP style, get an updated theme from his theme vendor, or just change to some other theme.

I don't care if it was my best friend, and longest with me client, the theme should be replaced right away, or the account, suspended.

(it'll take at least 2-3 days)
10 minutes is too long. 2-3 days is unacceptable.

GL!
 
  • Like
Reactions: ModServ

ModServ

Well-Known Member
Oct 17, 2006
337
5
168
Egypt
cPanel Access Level
Root Administrator
He should work on his theme locally on his own computer to fix it while his live site runs a default WP style, get an updated theme from his theme vendor, or just change to some other theme.

I don't care if it was my best friend, and longest with me client, the theme should be replaced right away, or the account, suspended.



10 minutes is too long. 2-3 days is unacceptable.

GL!
Yes, exactly that's what you should do.

Another workaround, Modify an Account then Maximum Hourly Email by Domain Relayed.
i.imgur.com/NWw0YF4.png
 
  • Like
Reactions: Infopro

Razva

Member
Aug 30, 2012
16
1
3
cPanel Access Level
Root Administrator
There's a workaround for this, Create separate php.ini for this user and in disable_functions add mail function and you can as well in the same php.ini change the path of sendmail (sendmail_path = "/usr/sbin/sendmail -t -i") to anything else like /dev/null.
Great point, thanks!
 
Last edited:
  • Like
Reactions: ModServ