The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Stop account from using mail()

Discussion in 'E-mail Discussions' started by Razva, Jul 27, 2015.

  1. Razva

    Razva Member

    Joined:
    Aug 30, 2012
    Messages:
    6
    Likes Received:
    1
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hey,

    I've implemented the /etc/blockeddomains solution and it kinda works. All messages are now blocked into the queue, not relayed, which is great in some cases.

    At this moment I have a couple of users who are sending massive waves of spam because of some bad written WordPress themes. The clients asked me to keep their sites online for a couple of days, until they fix their websites.

    Is there any way to block their access to the queue completely? They are sending massive amounts of spam to the Exim queue, which is slowing down everybody else and driving me crazy. Also I receive a ton of queue size notifications from cPanel (which is great, usually).

    Basically I would like to disable their access to the mail() function or their access to the Exim queue.

    We're using the latest cPanel / WHM version.

    Thanks,
    Razva
     
  2. ModServ

    ModServ Well-Known Member

    Joined:
    Oct 17, 2006
    Messages:
    332
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Egypt
    cPanel Access Level:
    Root Administrator
    Fire this command to find the exact path that sends emails:
    Code:
    grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n
     
  3. Razva

    Razva Member

    Joined:
    Aug 30, 2012
    Messages:
    6
    Likes Received:
    1
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I know what path is sending emails, the client also knows and he's working at fixing things. Right now even if he deletes the files that send spam they - obviously - appear again in a couple of hours, because of the WP Theme exploit. So until he fixes the theme (it'll take at least 2-3 days) I need to disable his access to the mail() function or his access to the Exim queue. Any advice?
     
  4. ModServ

    ModServ Well-Known Member

    Joined:
    Oct 17, 2006
    Messages:
    332
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Egypt
    cPanel Access Level:
    Root Administrator
    There's a workaround for this, Create separate php.ini for this user and in disable_functions add mail function and you can as well in the same php.ini change the path of sendmail (sendmail_path = "/usr/sbin/sendmail -t -i") to anything else like /dev/null.
     
  5. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,453
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    He should work on his theme locally on his own computer to fix it while his live site runs a default WP style, get an updated theme from his theme vendor, or just change to some other theme.

    I don't care if it was my best friend, and longest with me client, the theme should be replaced right away, or the account, suspended.

    10 minutes is too long. 2-3 days is unacceptable.

    GL!
     
    ModServ likes this.
  6. ModServ

    ModServ Well-Known Member

    Joined:
    Oct 17, 2006
    Messages:
    332
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Egypt
    cPanel Access Level:
    Root Administrator
    Yes, exactly that's what you should do.

    Another workaround, Modify an Account then Maximum Hourly Email by Domain Relayed.
    i.imgur.com/NWw0YF4.png
     
    Infopro likes this.
  7. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,453
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Please attach images to your posts instead of linking to image hosting services.

    Thanks.
     
  8. Razva

    Razva Member

    Joined:
    Aug 30, 2012
    Messages:
    6
    Likes Received:
    1
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Great point, thanks!
     
    #8 Razva, Jul 27, 2015
    Last edited: Jul 27, 2015
    ModServ likes this.
  9. ModServ

    ModServ Well-Known Member

    Joined:
    Oct 17, 2006
    Messages:
    332
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Egypt
    cPanel Access Level:
    Root Administrator
    Will do next time, thanks for letting me know that.

    You are most welcome.
     
Loading...

Share This Page