System account it's trying to send spam

mencargo

Registered
Jul 30, 2013
3
0
1
Mexico
cPanel Access Level
Root Administrator
A cPanel account is trying to send spam, that it's currently staying in the Mail Queue, but it got so huge (1 million), that it used all VPS inodes for storage.
I would like to prevent it from generating the mail in the first place or at least discard it instead of staying in queue.

A typical email it's like:

Sender User: cpanelaccount
Sender Domain: cpanelaccountmaindomain
Sender: [email protected]
Sender Host: localhost
Sender IP: 127.0.0.1
Authentication: localuser

With that in mind, I'm looking for a rule that checks that "sender" address exists in the server, but I can't find it.

What does "Authentication: localuser" mean? That any local user can send emails without password? Can this be restricted?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,202
363
Hello,

It's possible the messages were sent without SMTP authentication or with a spoofed "FROM" address. Try using a command like this to track down the source of SPAM if it's coming from a script:

Code:
awk '/cwd=\/home\// {print $3}' /var/log/exim_mainlog|sort|uniq -c|sort -n
The following documents are great starting points when attempting to stop email abuse:

How to Prevent Email Abuse - cPanel Knowledge Base - cPanel Documentation
How to Prevent Spam with Mail Limiting Features - cPanel Knowledge Base - cPanel Documentation

Thank you.