System account it's trying to send spam

[mencargo]

A cPanel account is trying to send spam, that it's currently staying in the Mail Queue, but it got so huge (1 million), that it used all VPS inodes for storage.
I would like to prevent it from generating the mail in the first place or at least discard it instead of staying in queue.

A typical email it's like:

Sender User: cpanelaccount
Sender Domain: cpanelaccountmaindomain
Sender: [email protected]
Sender Host: localhost
Sender IP: 127.0.0.1
Authentication: localuser

With that in mind, I'm looking for a rule that checks that "sender" address exists in the server, but I can't find it.

What does "Authentication: localuser" mean? That any local user can send emails without password? Can this be restricted?

 

[cPanelMichael]

Hello,

It's possible the messages were sent without SMTP authentication or with a spoofed "FROM" address. Try using a command like this to track down the source of SPAM if it's coming from a script:

awk '/cwd=\/home\// {print $3}' /var/log/exim_mainlog|sort|uniq -c|sort -n

The following documents are great starting points when attempting to stop email abuse:

How to Prevent Email Abuse - cPanel Knowledge Base - cPanel Documentation
How to Prevent Spam with Mail Limiting Features - cPanel Knowledge Base - cPanel Documentation

Thank you.