Why is the "Allow Remote Domains" Tweak Setting considered a security risk?
The option notes the following:
This can be a major security problem. If you must have it enabled, be sure not to allow users to park common Internet domains."
The primary risk for remote domains and common domains (e.g. gmail.com, hotmail.com) is that it can allow a malicious user to intercept emails sent from other users on your cPanel server to remote destinations.
Exim assumes that domains existing in the /etc/localdomains file are hosted by the local cPanel server. Let's say a user adds gmail.com as an addon domain or alias in their cPanel account. If that were to happen, gmail.com would automatically be added to the /etc/localdomains file. If the person that added gmail.com creates a firstname.lastname@example.org email account in cPanel, and another domain hosted locally on your cPanel server sends an email to email@example.com, then the email would be delivered to the person that created the gmail.com domain in cPanel as opposed to the actual Gmail servers.
If you need to temporarily add a domain name that resolves to another server, then instead of enabling "Allow Remote Domains" in WHM >> Tweak Settings, you can instead temporarily add the IP addresses of the remote name servers utilized for that domain in the WHM >> IP Functions >> Configure Remote Service IPs >> Remote Name Server IPs interface. Users are permitted to add addon or parked domains only with nameserver IPs in this list.