cPanel & WHM Version 94 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!

disable the default E-Mail address from sending out E-Mail

Kualo LTD shared this idea 7 years ago
Needs Feedback

Hello,


We think it is essential to have such feature. When cPanel passwords are compromised, hackers can exploit that account and send e-mails. At least in our company, we haven't sen 1 single user using the default e-mail address to send e-mail.


Why allow that? It doesn't cause anything but problems.

Best Answer
photo

It is extremely unlikely that this will be considered for inclusion into the product. The system user account being able to send email is integral to basic sendmail functionality. The majority of configured mail scripts on user accounts would cease to function if this were disabled (very few, in my experience, are configured to send via SMTP as opposed to sendmail). While the "From:" is usually customized to appear to be sending from a given user account with such scripts, it's actually leveraging the system user to send that mail.


If there is significant demand for this feature, it is likely that the furthest this would be implemented is as an option to enable/disable alongside a warning that disabling mail functionality at the system user level would likely break almost all mail sending script functionality unless it was explicitly configured to use SMTP over sendmail. This would include mail sending functionality from scripts like Joomla, Wordpress, etc.


The advised way to tackle this problem would be to identify how users are being compromised (out of date scripts? insecure passwords? etc) and close any security concerns.

Comments (8)

photo
1

It is extremely unlikely that this will be considered for inclusion into the product. The system user account being able to send email is integral to basic sendmail functionality. The majority of configured mail scripts on user accounts would cease to function if this were disabled (very few, in my experience, are configured to send via SMTP as opposed to sendmail). While the "From:" is usually customized to appear to be sending from a given user account with such scripts, it's actually leveraging the system user to send that mail.


If there is significant demand for this feature, it is likely that the furthest this would be implemented is as an option to enable/disable alongside a warning that disabling mail functionality at the system user level would likely break almost all mail sending script functionality unless it was explicitly configured to use SMTP over sendmail. This would include mail sending functionality from scripts like Joomla, Wordpress, etc.


The advised way to tackle this problem would be to identify how users are being compromised (out of date scripts? insecure passwords? etc) and close any security concerns.

photo
1

Im agree with this feature request, or at least, add a cPanel option to prevent the MTA to delivery non-local emails from @server-hostname.

photo
1

Cpanel currently sends bacup reports and I guess other emails from this address. I would like to be able to configure the sender address and disable all outgoing e-mail from the user@hostname addresses.

photo
1

I agree to this features, As most of the Form based SPAM mails are using this email ID to send emails and creating a problem.

photo
1

Would be a nice feature to have. The ability to disable the default email send functionality would at least give us the chance to debug the hacked site while it is still live, without the risk of more spam being sent out.

photo
1

The default email account also fails DMARC for our clients - Instead, it should be properly authenticating through an "aligned" domain name (so DMARC bounces stop).

photo
1

This is a must have. If all other cpanel features are configured to use default email, it is stupid and wrong, and this form of spam is the most common one, please allow us to stop default email account from sending out emails!

Thank you

photo
2

Email sent without a defined 'from' is sent as username@serverhostname, but such email (for a valid reason) is not signed via serverhostname DKIM, if the domain is using strict DMARC for SPF/DKIM as should be, it will be rejected as


xuser@gmail.com
(ultimately generated from xemail)
host gmail-smtp-in.l.google.com [172.217.197.26]
SMTP error from remote mail server after end of data:
550-5.7.26 Unauthenticated email from cpaneldomain.tld is not accepted due to
550-5.7.26 domain's DMARC policy. Please contact the administrator of
550-5.7.26 hostingfacil.co domain if this was a legitimate mail. Please visit
550-5.7.26 https://support.google.com/mail/answer/2451690 to learn about the
550 5.7.26 DMARC initiative. bc10si1765674qvb.155 - gsmtp
It should not allowed to send from @serverhostname


Rejected email affects the IP reputation.


Please make at least configurable global/per account, similar as IPV6 config, we should able to set per API/UI.

Leave a Comment
 
Attach a file