Although the default address can be easily changed in the WHM, this setting only applies to newly created accounts. Many of the servers that have been around for some time have a good number of accounts set to the standard cPanel username default address (DA). It goes without saying that DA setup like this are extremely susceptible to dictionary attacks and can quickly overload server resources. To change these to a more acceptable solution, we have the following script. You can change the $MESSAGE variable if you would like to use something other than the recommended :fail:, which rejects mail at SMTP time and saves CPU cycles compared to other solutions like :blackhole:.
NOTE: This does not change accounts that are already set to something other than their associated cPanel username. I'm sure it can be re-written to do so but that was not my intention.
# This script backups up the virtual aliases directory and
# then changes any accounts that are set to the default
# cPanel system account to the action specified below.
# Action for default mail
# Common options are:
# :fail: no such user here [RECOMMENDED]
MESSAGE=":fail: no such user here"
cp -vaf /etc/valiases /etc/valiases.`date +%s`
for i in *
echo "Checking/Converting $i...";
USER=`grep -e "^$i:" /etc/userdomains|cut -d' ' -f2`;
sed -i "s/^*: $USER$/*: $MESSAGE/g" $i;