When a cPanel account is suspended it simply prevents access via that accounts login details and restricts the mysql user associated with it. It does not however prevent existing scripts from using the server to send mail or spam and this is generally what happens when people hack your WordPress or Joomla or Drupal sites.
The Fix:
You need to create a blacklist and have exim check that black list.
create
/etc/blockeddomains
add the domain
echo "example.com" >> /etc/blockeddomains
check to make sure it’s correct:
cat /etc/blockeddomains
Now you need to add a custom rule into the exim configuration manager in your WHM panel.
Go to WHM –> Service Configuration –> EXIM Configuration Manager –> Advanced Editor
scroll down until you see a GIANT BLUE BUTTON that says “add additional configuration setting” and enter
domainlist blocked_domains = lsearch;/etc/blockeddomains
next search the page for “ROUTERSTART”
add the below code
eject_domains:
driver = redirect
domains = +blocked_domains
allow_fail
data = :fail: Connection rejected: SPAM source $domain is manually blacklisted.
All done. Just add domains to that list if you wish to prevent them from sending mail.
Credit for this goes to Linux Brigade : http://www.linuxbrigade.com/block-account-sending-mail-whmcpanel/
Leave a Reply