Skip to main content

Block sending e-mail from defaul address

Nabbello
Hello, how can i stop sending e-mail from default email address? example user@serverhostname I have a user who send a lot of spam from default email and i have a local relay alert. Thanks

Comments

5 comments

Date Votes
  • cPanelLauren
    You can't block that address from sending email, the things you can do to manage this account are listed here: Email Accounts - Version 84 Documentation - cPanel Documentation What leads you to believe the user is sending spam using this account?
    0
  • Nabbello
    @cPanelLauren This is a delivery report example:
    Event: success alt="success">https://rockethosting.it:2087/cPanel_magic_revision_0/cjt/images/icons/success.png
    Sender User: user
    Sender Domain: domain.com
    From Address: user@serverhostname
    Sender: user
    Sent Time: Dec 5, 2019, 12:49:12 PM
    Sender Host: localhost
    Sender IP: 127.0.0.1
    Authentication: localuser
    Spam Score:
    Recipient: obscured@gmail.com
    Delivered To: obscured@gmail.com
    Delivery User: -remote-
    Delivery Domain:
    Router: lookuphost
    Transport: remote_smtp
    Out Time: Dec 5, 2019, 12:49:12 PM
    ID: 1icpd1-0004vM-1Q
    Delivery Host: gmail-smtp-in.l.google.com
    Delivery IP: obscured
    Size: 3.15 KB
    Result: Accepted
    and i have many email Time: Thu Dec 5 09:59:21 2019 +0100 Type: LOCALRELAY, Local Account - obscureduser Count: 101 emails relayed Blocked: No
    0
  • cPanelLauren
    This looks more like the result of an email sent via a PHP Script than anything else to me. What is the output of the following: grep "cwd=/home/user" /var/log/exim_mainlog
    There are a number of variations of commands like this but ultimately this is going to find emails sent via a script with the current working directory in /home/user (remove any identifying information like IP addresses and actual domain names)
    1
  • Nabbello
    @cPanelLauren a lot of 2019-12-05 20:54:02 cwd=/home/user/public_html 3 args: /usr/sbin/sendmail -t -i
    0
  • cPanelLauren
    @cPanelLauren a lot of 2019-12-05 20:54:02 cwd=/home/user/public_html 3 args: /usr/sbin/sendmail -t -i

    Hello, I'd check that user's public_html for the script that's sending mail. You may also want to look at running a malware scan on the account. The user is most likely not aware they're sending this mail and it's the result of a malware script.
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post