disable the default E-Mail address from sending out E-Mail
Needs Feedback
Hello,
We think it is essential to have such feature. When cPanel passwords are compromised, hackers can exploit that account and send e-mails. At least in our company, we haven't sen 1 single user using the default e-mail address to send e-mail.
Why allow that? It doesn't cause anything but problems.
I like this idea 
cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.
It is extremely unlikely that this will be considered for inclusion into the product. The system user account being able to send email is integral to basic sendmail functionality. The majority of configured mail scripts on user accounts would cease to function if this were disabled (very few, in my experience, are configured to send via SMTP as opposed to sendmail). While the "From:" is usually customized to appear to be sending from a given user account with such scripts, it's actually leveraging the system user to send that mail.
If there is significant demand for this feature, it is likely that the furthest this would be implemented is as an option to enable/disable alongside a warning that disabling mail functionality at the system user level would likely break almost all mail sending script functionality unless it was explicitly configured to use SMTP over sendmail. This would include mail sending functionality from scripts like Joomla, Wordpress, etc.
The advised way to tackle this problem would be to identify how users are being compromised (out of date scripts? insecure passwords? etc) and close any security concerns.
It is extremely unlikely that this will be considered for inclusion into the product. The system user account being able to send email is integral to basic sendmail functionality. The majority of configured mail scripts on user accounts would cease to function if this were disabled (very few, in my experience, are configured to send via SMTP as opposed to sendmail). While the "From:" is usually customized to appear to be sending from a given user account with such scripts, it's actually leveraging the system user to send that mail.
If there is significant demand for this feature, it is likely that the furthest this would be implemented is as an option to enable/disable alongside a warning that disabling mail functionality at the system user level would likely break almost all mail sending script functionality unless it was explicitly configured to use SMTP over sendmail. This would include mail sending functionality from scripts like Joomla, Wordpress, etc.
The advised way to tackle this problem would be to identify how users are being compromised (out of date scripts? insecure passwords? etc) and close any security concerns.
It is extremely unlikely that this will be considered for inclusion into the product. The system user account being able to send email is integral to basic sendmail functionality. The majority of configured mail scripts on user accounts would cease to function if this were disabled (very few, in my experience, are configured to send via SMTP as opposed to sendmail). While the "From:" is usually customized to appear to be sending from a given user account with such scripts, it's actually leveraging the system user to send that mail.
If there is significant demand for this feature, it is likely that the furthest this would be implemented is as an option to enable/disable alongside a warning that disabling mail functionality at the system user level would likely break almost all mail sending script functionality unless it was explicitly configured to use SMTP over sendmail. This would include mail sending functionality from scripts like Joomla, Wordpress, etc.
The advised way to tackle this problem would be to identify how users are being compromised (out of date scripts? insecure passwords? etc) and close any security concerns.
It is extremely unlikely that this will be considered for inclusion into the product. The system user account being able to send email is integral to basic sendmail functionality. The majority of configured mail scripts on user accounts would cease to function if this were disabled (very few, in my experience, are configured to send via SMTP as opposed to sendmail). While the "From:" is usually customized to appear to be sending from a given user account with such scripts, it's actually leveraging the system user to send that mail.
If there is significant demand for this feature, it is likely that the furthest this would be implemented is as an option to enable/disable alongside a warning that disabling mail functionality at the system user level would likely break almost all mail sending script functionality unless it was explicitly configured to use SMTP over sendmail. This would include mail sending functionality from scripts like Joomla, Wordpress, etc.
The advised way to tackle this problem would be to identify how users are being compromised (out of date scripts? insecure passwords? etc) and close any security concerns.
Im agree with this feature request, or at least, add a cPanel option to prevent the MTA to delivery non-local emails from @server-hostname.
Im agree with this feature request, or at least, add a cPanel option to prevent the MTA to delivery non-local emails from @server-hostname.
Cpanel currently sends bacup reports and I guess other emails from this address. I would like to be able to configure the sender address and disable all outgoing e-mail from the user@hostname addresses.
Cpanel currently sends bacup reports and I guess other emails from this address. I would like to be able to configure the sender address and disable all outgoing e-mail from the user@hostname addresses.
I agree to this features, As most of the Form based SPAM mails are using this email ID to send emails and creating a problem.
I agree to this features, As most of the Form based SPAM mails are using this email ID to send emails and creating a problem.
Would be a nice feature to have. The ability to disable the default email send functionality would at least give us the chance to debug the hacked site while it is still live, without the risk of more spam being sent out.
Would be a nice feature to have. The ability to disable the default email send functionality would at least give us the chance to debug the hacked site while it is still live, without the risk of more spam being sent out.
The default email account also fails DMARC for our clients - Instead, it should be properly authenticating through an "aligned" domain name (so DMARC bounces stop).
The default email account also fails DMARC for our clients - Instead, it should be properly authenticating through an "aligned" domain name (so DMARC bounces stop).
This is a must have. If all other cpanel features are configured to use default email, it is stupid and wrong, and this form of spam is the most common one, please allow us to stop default email account from sending out emails!
Thank you
This is a must have. If all other cpanel features are configured to use default email, it is stupid and wrong, and this form of spam is the most common one, please allow us to stop default email account from sending out emails!
Thank you
Email sent without a defined 'from' is sent as username@serverhostname, but such email (for a valid reason) is not signed via serverhostname DKIM, if the domain is using strict DMARC for SPF/DKIM as should be, it will be rejected as
It should not allowed to send from @serverhostname
Rejected email affects the IP reputation.
Please make at least configurable global/per account, similar as IPV6 config, we should able to set per API/UI.
Email sent without a defined 'from' is sent as username@serverhostname, but such email (for a valid reason) is not signed via serverhostname DKIM, if the domain is using strict DMARC for SPF/DKIM as should be, it will be rejected as
It should not allowed to send from @serverhostname
Rejected email affects the IP reputation.
Please make at least configurable global/per account, similar as IPV6 config, we should able to set per API/UI.
Replies have been locked on this page!