If you have a compromised cPanel account which is used by spammers to send out spam emails, you can use the following trick to prevent the account from sending out any emails temporarily until you can fix the issue.
Edit “/etc/cpanel_exim_system_filter” and add the following ACL to the end of it.
Change USERNAME to compromised cPanel account.
if ( $received_protocol is "local" or $received_protocol is "esmtpa" ) and ( $h_Received contains "USERNAME" ) then seen finish endif
If you want to make the change permanent, you have to create a file in “/usr/local/cpanel/etc/exim/sysfilter/options” and put above rule in it.