The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Suspended account still sending mail

Discussion in 'E-mail Discussions' started by yamaharr1, Jul 23, 2010.

  1. yamaharr1

    yamaharr1 Well-Known Member

    Joined:
    Jun 22, 2007
    Messages:
    91
    Likes Received:
    0
    Trophy Points:
    6
    I have an account that has been suspended but the user is still able to send mail how can I stop them from sending mail?

    I don't yet want to terminate the account or delete the email account for a few reasons.
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,471
    Likes Received:
    199
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Are you sure they are still sending emails, or are emails in queue from before the suspension?
     
  3. yamaharr1

    yamaharr1 Well-Known Member

    Joined:
    Jun 22, 2007
    Messages:
    91
    Likes Received:
    0
    Trophy Points:
    6
    Definitely still sending emails, I suspended the account a few days ago and right now their is an email in queue from 8 hours ago this is when the last time they sent out a bulk mailing.
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,471
    Likes Received:
    199
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I can't duplicate this here on a server running CURRENT. After suspending the account, I cannot login to it, I can receive to it. You might want to put in a ticket with your host or cPanel directly on this.

    GL!
     
  5. yamaharr1

    yamaharr1 Well-Known Member

    Joined:
    Jun 22, 2007
    Messages:
    91
    Likes Received:
    0
    Trophy Points:
    6
    I just submitted a support request.

    I double checked to make sure I was not crazy, the account is suspended and they just sent 200+ emails today.

    I'm sure Cpanel will be able to figure it out, I will post the results here in case anyone else runs across this issue.
     
  6. yamaharr1

    yamaharr1 Well-Known Member

    Joined:
    Jun 22, 2007
    Messages:
    91
    Likes Received:
    0
    Trophy Points:
    6
    The first response I received

    Suspend/Unsuspend an Account
     
  7. Lyttek

    Lyttek Well-Known Member

    Joined:
    Jan 2, 2004
    Messages:
    770
    Likes Received:
    3
    Trophy Points:
    18
    Email access will still continue. Change their email passwords to block them.
     
  8. yamaharr1

    yamaharr1 Well-Known Member

    Joined:
    Jun 22, 2007
    Messages:
    91
    Likes Received:
    0
    Trophy Points:
    6
    That's not such a bad idea.

    But all and all suspension should mean everything
     
  9. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,471
    Likes Received:
    199
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Yep, easy answer is change the email account password. A nice tool for that sort of thing: ConfigServer Mail Manage

    Meantime, I understand what the reply to the ticket says, but I tested this myself last night and suspending that account meant no login via my email client to check, receive, or send any email.

    Anyone else have an account they can test on and confirm?
     
  10. yamaharr1

    yamaharr1 Well-Known Member

    Joined:
    Jun 22, 2007
    Messages:
    91
    Likes Received:
    0
    Trophy Points:
    6
    I use ConfigServer Mail Manage

    What I think they are doing is using their desktop client and going through the mail server, doing this they wouldn't need to log into anything except through the SMTP and from the response it seems that is not blocked on a suspended account, kind of negates the meaning suspend a bit.
     
  11. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,471
    Likes Received:
    199
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    If I suspend my test account, then open my mail client (outlook 2007) to send myself a spam email, I can't. That test accounts email address asks for a password, as it's locked out from connecting to the mail server.

    I just tested this again right now and find this to be the case.

    If you can give me some idea as to how they're sending emails without logging into the server I'll try that.
     
  12. yamaharr1

    yamaharr1 Well-Known Member

    Joined:
    Jun 22, 2007
    Messages:
    91
    Likes Received:
    0
    Trophy Points:
    6
    I wish I knew how they were doing it then I could close it. This is so strange.

    Changed all the passwords and they sent a fresh new set of emails today.

    A couple days back I noticed an unsent email but today I only see the bounced emails could they be using some sort of desktop application and in it they have there email set so the bounce backs know where to go but they are not going through the email server during sending?
     
  13. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,471
    Likes Received:
    199
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    You changed the password(s) and email is still being sent? That sure seems strange to me.

    We're missing something here. More details are needed.
     
  14. Miraenda

    Miraenda Well-Known Member

    Joined:
    Jul 28, 2004
    Messages:
    242
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Coralville, Iowa USA
    Are they using some program to send? If so, is it mailman? If they are sending emails in batches, it has to be something other than regular SMTP here.

    First of all, to prove it's sendmail not SMTP, remove their domains (any primary, addon, sub and parked domains on their account) from /etc/localdomains, which prevents any further SMTP emails. If they are still sending at that point, it's sendmail that they are using. Removing from /etc/localdomains won't prevent sending using a script with sendmail.

    Now, any scripts should have been suspended when the account was suspended, so that would be even more confusing how they are sending unless the suspension didn't kill off their already existing processes. You could change their account to be root owned, which would prevent them from executing any scripts as their user as well as ensure all of their processes aren't running.
     
    #14 Miraenda, Jul 25, 2010
    Last edited: Jul 25, 2010
  15. yamaharr1

    yamaharr1 Well-Known Member

    Joined:
    Jun 22, 2007
    Messages:
    91
    Likes Received:
    0
    Trophy Points:
    6
    Cpanel sent me some more info

     
  16. yamaharr1

    yamaharr1 Well-Known Member

    Joined:
    Jun 22, 2007
    Messages:
    91
    Likes Received:
    0
    Trophy Points:
    6
    Just wanted to update this the above did not work they are still sending emails, I will contact support again.
     
  17. JawadArshad

    JawadArshad Well-Known Member
    PartnerNOC

    Joined:
    Apr 8, 2008
    Messages:
    447
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    PK
    cPanel Access Level:
    DataCenter Provider
    This is strange, could you post some log entries of emails sent and replace the actual domain names and email accounts with dummy names etc. Without more details, replies from experts here may be intelligent guesses.
     
  18. yamaharr1

    yamaharr1 Well-Known Member

    Joined:
    Jun 22, 2007
    Messages:
    91
    Likes Received:
    0
    Trophy Points:
    6
    It appears the issue might be because of forwarders. Cpanel support is looking into it and looked into some header information.

    Cpanel response

    I removed the forwarders let's see what happens.
     
  19. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    When possible, please send me a private message with your ticket ID number; I would like to review the notes and applicable details about the circumstances involved.
     
  20. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    Forwarders

    Suspending an account does not block forwarders. It should block them but it has never been a priority for cpanel.
     
Loading...

Share This Page