Step 1: Enable WHM's SMTP Restrictions:

Spammers commonly attempt to work around mail security settings by interacting directly with remote mail servers. WHM's SMTP Restrictions can prevent users from doing so.

You can access this feature in 2 locations:

Home >> Server Configuration >> Tweak Settings, under the Mail Tab as Restrict outgoing SMTP to root, exim, and mailman.

Home >> Security Center >> SMTP Restrictions

Enabling this setting restricts outgoing email connection attempts to the mail transfer agent (MTA), the mailman system user, and the root user. Ultimately, this forces both scripts and users to use Exim's Sendmail binary, rather than directly accessing the socket.

Important: Prior to version 11.32, this feature would simply block any attempt to connect to a remote mail server. Starting with cPanel & WHM 11.32, the software redirects the outgoing connection attempt to the local mail server.

Step 2: Prevent the nobody system user from sending mail:

Preventing the nobody system user from sending mail to remote addresses prevents would-be abusers from having any anonymity in process accounting. This is because PHP and CGI scripts generally run as nobody when the system is using mod_php, or when suEXEC is disabled.

You can access the Prevent “nobody” from sending mail setting at Home >> Server Configuration >> Tweak Settings, under the Mail Tab.

Step 3: Enable suPHP and enable suExec or mod_ruid2:

Enabling suPHP and suEXEC or mod_ruid2 will improve process accounting across your system. Ultimately, this step will allow you to know which users are running which processes system-wide.

Step 4: Configure the max hourly emails settings:

You can limit the number of emails a domain can send per hour. To do so, you can use the Max hourly emails per domain option under the Mail tab at Home >> Server Configuration >> Tweak Settings. This setting defines a server-wide limit for every domain.

Step 5: Configure high failure rate protection:

Finally, you need to set a value for the Maximum percentage of failed or deferred messages a domain may send per hour setting. You can configure this option under the Mail tab at Home >> Server Configuration >> Tweak Settings.