Most of the wordpress sites victimized by hackers due to too many vulnerabilities in different plugins and themes, through which hackers inserted whatever they want, in most cases the worst spamming scripts. In that scenario, how a server admin can secure its server mail ips from being black listed and server overloading without making changes in client’s website and without suspending client’s account on cpanel servers.
First consider restricting smtp authenticated emails
Update client’s domain package through Home »Account Information »List Accounts
Locate client’s domain, click left side + icon and the click on “Modify Account” and set both below given features with value of ”1”, it will not allow vulnerable domain to send more than 1 email in an hour.
Maximum Hourly Email by Domain Relayed 1
Maximum percentage of failed or deferred messages a domain may send per hour. 1
Then
Create a file via ssh, called /etc/ blockeddomains and add the list of domains to block email from to this file, one line at a time.
vi /etc/blockeddomains
add the domain name whose email sending ability is required to be disabled, one per line, as
domain1.com
domain2.com
then save it with QQ
to view whether your domains has been added to this file, run
cat /etc/blockeddomains
Now the next part is with your WHM/cpanel
Log into WHM and navigate to “Service Configuration »Exim Configuration Manager”
Just above “BEGINACL” click add configuration
In the first box enter “domainlist blocked_domains” without the quotes and in the second box enter without the quotes “lsearch;/etc/blockeddomains”
Then I scrolled down to “Section: ROUTERSTART” and entered the following
reject_domains:
driver = redirect
# RBL Blacklist incoming hosts
domains = +blocked_domains
allow_fail
data = :fail: Connection rejected: SPAM source $domain is manually blacklisted.
and then scrolled down and click Save.
This will block all emails that are sent and authenticated as a user with the mentioned domain. If an email uses PHP mail() then the email may possibly be sent as user@serverhostname.tld instead of the domain itself. If this is a concern then you may want to disable the PHP mail function for that user. This would be done using a custom php.ini file.
=======================================
How to disable PHP mail() sending ability/function for a particular domain in cpanel/whm
Before initiating how to stop php email functionality for a specific user, I wish you to check your “php and suEXEC” configuration because php.ini needs to be setup according to the php and suEXEC configuration.
For that login to WHM, go to Home »Service Configuration »Configure PHP and suEXEC
suEXEC must be complied with Apache and suphp should be phphandler, view the below image. If it is not so php.ini may not load correctly.
Then go to Home »Service Configuration »PHP Configuration Editor
Scroll down the page and click on ”Save” button without making any changes, when it will save, it will show you off all the content of server’s php.ini file, simply copy the whole text and save it in a text file in your local system as “php.ini” file. Then search this “disable_functions”, after locating it edit this line as
disable_functions = mail, sendmail, other features
there should not any quotes on sides like
;disable_functions = “mail, sendmail, other features” but it must look like disable_functions = mail, sendmail, other features
Also while finding the above line in server’s php.ini, verify whether those quotes inserted on sides, if yes then you also need to un-comment that line too using this file /usr/local/lib/php.ini through command line shell.
vi /usr/local/lib/php.ini
locate disable_functions and uncomment it and it should look like disable_functions = all disable functions, so that your default php.ini could load.
Now open the cpanel of particular user and create two files in its root directory before public_html
1) php.ini
2) .htaccess
Insert whole the text you save in your system after updating your server’s php.ini file here which have incremental list of disabled functions as mail, sendmail and then save it.
Then open .htaccess file and insert as below (we are creating this .htaccess file because we have configure suPHP) as your /home/username/public_html/.htaccess is being overwritten so we place the suPHP setting into /home/username/.htaccess instead.
suPHP_ConfigPath /home/username/
Why we create .htaccess file?
If ‘suPHP_ConfigPath /home/username/’ is in .htaccess, only 1 custom php.ini needs to be placed in /home/username. If ‘suPHP_ConfigPath /home/username/’ is not used, a custom php.ini must reside in each directory containing .php files that require the php.ini
Now you may verify whether your php.ini file of current user is loading correctly or not just by uploading phpinfo.php file on any path of this domain and loading that file via browser and then searching disable_functions, keep one thing in mind that you should not add “phpinfo” function in your clients php.ini file if you want to load phpinfo.php file otherwise that file phpinfo.php will not load but if you want to hide your phpinfo.php, you may after checking can update your user’s php.ini file as
disable_functions = mail, sendmail, phpinfo, other features (this will not allow loading your php info file via browser).
This all will then not allow sending emails for that particular user from your php.
There could be worst cases when even after disabling email sending ability of a user through smtp authentication as well as php mailing but emails are still being queued in case if the injected script by a hacker use your php mailer and also a TCP connection to an smtp server, in that scenario you may achieve your goal by disabling stream_socket_client and fsockopen through your client’s php.ini file.
Add stream_socket_client and fsockopen in disable_functions list and switch allow_url_fopen = On within that php.ini file (it will disable fsockopen)
Now your disable function list for client’s php.ini file will look like
disable_functions = mail, sendmail, phpinfo, stream_socket_client, fsockopen, other default disabled functions
This is the most clearly and widely written article regarding preventing a user from sending emails in cpanel/whm, hopefully it will help you.