I disable Mail for Domain on Account plan to prevent email sending, but domain still sending emails.
I get this email:
This is the mail system at host to2-al8-webmin-nginx.localdomain.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<client@recipient.domain>: host aspmx.l.google.com[142.251.10.26] said: 550-5.7.1
[123.123.123.123 (my virtualmin IP address)] The IP you're using to send mail is not authorized
550-5.7.1 to send email directly to our servers. Please use the SMTP relay
at 550-5.7.1 your service provider instead. Learn more at 550 5.7.1
https://support.google.com/mail/?p=NotAuthorizedError
r9-20020a639b09000000b0041a1183a507si18462472pgd.422 - gsmtp (in reply to
end of DATA command)
The attachment is email sent from a wordpress plugin.
How can I prevent each domain from sending email from virtualmin mail server?
WordPress will try to send email, this is nothing that webmin/virtualmin can prevent. There is however a plugin for WordPress named disable emails
The error you are receiving is due to the domains SPF/DMARC/DKIM records not including the addresses of the Web server and should most of the time be fixable in the domains DNS settings.
Are you sure you want to disable emails? It also blocks the option to recover a password, maybe digging down the rabbit hole and fixing the actual problem is the better way in the long run.
I want to prevent malicious scripts from sending spam. If this virtualmin server is sending spam from malware, then it need to be razed because malware have access to root and I need to setup new server to replace breached server.
This is not a fault from virtualmin. This is a problem with the Email settings in DNS.
You will have this problem with all other software too. You need to configure the domain settings propperly, mainly the DNS records, and the email security-related / anti-spam settings.
If you sent me a direct msg with the domain name, i could check and see what is missing / needs to be modified for it to work as intended.
Thanks. I know how PHP Mailer works. I didn’t know for sure whether WP used it.
Since that’s the case, disabling it in the domain’s php.ini and making it immutable while root should quickly end the spam (along with any other mail sent through mail(). The immutability can be removed once the malware is removed.
That’s assuming it’s unintentional, of course. If the account is intentionally sending spam, then the solution is to lose the account.
In addition to all the other suggestions posted above, if you use Virtualmin’s mail limits feature (Virtualmin → Email Settings → Mail Rate Limiting - you really should if you don’t) then set it to zero for the domain on which you don’t want WordPress to send outgoing email.
Would that not work for you?
PS You might have to enable mail for the virtual server to be able to use Virtualmin’s mail limit feature.
Whoa, I don’t even know that there is this feature available since I didn’t plan to send any emails at all…
I enabled it, but since mail for domain is disabled for all domains except default sever that created by post install wizard, no domains show up on the list that can be set to zero. I can only limit it globally.
Yes, counterintutive though it may appear to be, you will have to enable mail for a virtual server to disable outgoing email. I.e. enable mail by checking the box under Virtualmin → Edit Server and once it is enabled you can use Virtualmin mail rate limits to set the limit for this virtual server to zero to disable outgoing email.