Email Password Change - Exim Restart
In the recent days of email accounts becoming compromised to send out spam, even with safeguards in place, it still happens!
If a customer changes their email account password via cPanel and spam is being sent, attackers are using RSET to continue sending mail from the already authenticated session.
We have got around this by closing the session via exim (easiest way is to restart Exim, but could also look in to closing this cleanly for the affected user).
I am requesting a restart of Exim or a clean close of any connections associated with the email account where a password is being changed to prevent spam from still being sent from the pre-authenticated connection.