I wouldn't consider myself to be a newbie with Linux, but I'm certainly not in this kind of stuff every day, so go easy on me!
I do know my way around the server though.
We are having a large number of spammers using contact forms on our site to send out spam to outside addresses. I know that's a common problem, but what I'm trying to prevent it as much as possible. I already have these options set to ON:
Prevent “nobody” from sending mail
Restrict outgoing SMTP to root, exim, and mailman
But yet, contact forms that don't have smtp authentication setup are still able to send emails through the standard php mail() function. Unless I'm not understanding what those options do?
My company sells website templates, so each installation for our demos has built in contact forms and other submission forms that use the mail() function. Basically I want those to not work. I only have a handful of forms on my main site that actually get used as real contact forms. All the ones that I do need to work I already have setup to work with smtp authentication and they work great.
Any contact form that I don't want to send is sent from:
For example if my domain is domain.com and my username is domainco, then the user is:
I use MailScanner FE and I am able to watch those emails come through.
So my question is, how can I prevent just that user from being able to send emails altogether but still allow everyone to send? There's really never a reason why that user would ever need to send an email. I've read through everything that I can find for the last two days, and I've gotten no where. I can't delete the user either, because it's my default cpanel username.
Is there something that I need to add to the exim config? I had seen this, but it doesn't work:
Or maybe there's a php setting that I need to configure?
I hoe I've given enough information to identify what I'm trying to do. If you need clarification please let me know.
Thanks in advance!