General

• Outgoing email sent via exim is tracked per cPanel account
• Matching Subject headers for outgoing email sent via exim is tracked per cPanel account
• Script path location (cwd) is tracked per cPanel account
• Matching script path location (cwd) is tracked per cPanel account
• Outgoing SMTP connections to remote servers (that bypass exim) are tracked
• Matching script path location for outgoing SMTP connections to remote servers (that bypass exim) are tracked
• Authenticated outgoing email is tracked by account and connecting IP address
• osm uses real-time Packet Inspection to track SMTP connections, this is primarily useful if you cannot use the csf SMTP_BLOCK or cPanel provided equivalent feature
• Configurable trigger levels for each type of tracking on a per email/connection per second basis
• Apache Status used to link outgoing email with actual scripts being used
• Multiple actions can be performed once a report is raised after a trigger level is reached:
  • Send an email report of the events
  • Store the report of events to view in the WHM UI
  • Hold outgoing email from the cPanel/email account in the exim queue
  • Discard outgoing email from the cPanel/email account
  • Suspend the whole cPanel account
  • Prevent the email account from logging in
  • Rename the reported path
  • Run the custom script configured in the WHM UI
  • Rename the file determined from the Apache Status
  • Block the IP address (AUTHRELAY, ALWAYSRELAY, POPRELAY, Apache Status) in csf
• Custom action script is configurable and can be sent JSON, YAML, XML and PERL data structures to allow for client specific actions
• Inheritance rules are used to configure all trigger levels for each cPanel account plus the default settings

We will provide more information once we enter Beta testing and will put out a call for limited slots for those that would like to help test at that time.