Block cPanel linux user from sending email

miTgiB

Alright, I know how to block a [email protected] and adjust max hourly email, but the linux user that php scripts use? Google ninja skills are failing me and https://documentation.cpanel.net/display/CKB/How+to+Prevent+Email+Abuse doesn't seem to provide what I am looking for. So maybe someone has dealt with this before?

jar

I think this syntax is still good: http://www.cyberciti.biz/tips/block-outgoing-network-access-for-a-single-user-from-my-server-using-iptables.html

Idea is to block the port by UID in the firewall. We did it at HG a lot when someone would get their web app compromised.

century1stop

you can tweak exim to prevent "nobody" from delivery to external mail exchange (if that's what you are looking for).

miTgiB

century1stop said: you can tweak exim to prevent "nobody" from delivery to external mail exchange (if that's what you are looking for).

Already have done this, but suPHP sends as the linux user, so I am looking at what @jarland provided.

AlexanderM

This is what I do, to disable email for one account you can change the permission of /etc directory for that particular user, under the root account;

chmod 0 /home/**username**/etc 
chattr +ia /home/**username**/etc

jar

@AlexanderM said:
This is what I do, to disable email for one account you can change the permission of /etc directory for that particular user, under the root account;

chmod 0 /home/**username**/etc 
chattr +ia /home/**username**/etc

That's interesting. What's the theory behind that? I could see that locking the passwd file for actual email users, not sure of the impact on PHP Mail function.

Traffic

@jarland said:
That's interesting. What's the theory behind that? I could see that locking the passwd file for actual email users, not sure of the impact on PHP Mail function.

My exact thoughts. Shouldn't there be something else in addition to this?

century1stop

wonder if this article will help http://blog.ideashower.com/post/15147324959/how-to-block-email-from-a-specific-address-on-a-cpanelwh

Sady

We used to do it by blocking something like "mail" (can't recall which exactly function it was) using disabled_functions in that affected username's php.ini & then chattring it.

AlexanderM

@jarland said:
That's interesting. What's the theory behind that? I could see that locking the passwd file for actual email users, not sure of the impact on PHP Mail function.

Try it and it will work :-)

eLohkCalb

It can get pretty tricky when exim config file could not be fully (or say, properly) customized in cPanel.

Usually I create a junkaddresses file somewhere, which contains something like:

[email protected]

Follow by defining a junk_addresses list in Exim Configuration Manager (within WHM):

addresslist junk_addresses = lsearch;/somewhere/junkaddresses

And then add these into the "custom_begin_outgoing_notsmtp_checkall" box under "acl_not_smtp" section:

deny
condition = ${if or { \
 { match_address{${address:$h_from:}}{+junk_addresses} } \
 { match_address{${sender_address}}{+junk_addresses} } \
} {yes}{no}}
message = Junk.
accept

Not sure if this works for you though.

Francisco

If you're running cloudlinux and you're having issues with sendmail/phpmail, just hit me up on Skype and I can give you a copy of my sendmail condom.

Francisco

miTgiB

Francisco said: I can give you a copy of my sendmail condom.

Without holes, don't need the server to be Frantiplying

Francisco

@miTgiB said:
Without holes, don't need the server to be Frantiplying

Deal with spamhaus or deal with Fransupport, your choice :P

Francisco

doughmanes

I'd rather be waterboarded and forced to listen to Nickleback than deal with the bipolar girlfriend better known as Spamhaus

miTgiB

doughmanes said: waterboarded and forced to listen to Nickleback

Didn't they force Megadeath? Or was there actual variety?

globalRegisters

There was some variety but their heavy gun was Deicide.