Results 1 to 2 of 2

Thread: Manually triggering the same style of block/suspension that BlockCracking uses?

  1. #1
    Join Date
    Mar 2013
    Posts
    47

    Manually triggering the same style of block/suspension that BlockCracking uses?

    Hello,

    Whenever an account gets compromised and hits the (relatively) low outbound threshold we have in place for most e-mails, we have to do a bunch of steps that BC also does. The main catch, however, is that we immediately (after verifying the account was compromised) dump a new password on the e-mail for safety reasons and so the approach that BC has more elegance and finesse to it. Is there a way for us, as an admin, to manually trigger what BC does when it activates?

    Best regards,

  2. #2
    If you check in the /etc/exim.pl, you'll see a sub section
    Code:
    sub block_cracking_notify
    There's a long string that dumps into the /etc/virtual/mail_task.queue, which the dataskq will pickup within 1 minute.
    Add that long string to the /etc/virtual/mail_task.queue (with variables set) to manually trigger it.

    Note, this call to mail_task.queue is only to issue the notification purposes.. and when applicable, suspends email password, etc. (depends on type of block, script, User smtp-auth, or Email smtp-auth)

    The exim configs actually do the blocking itself in:
    Code:
    /etc/exim.blockcracking/auth.conf
    /etc/exim.blockcracking/script.conf
    with a short shell script call to dump the IP/user to the files:
    Code:
    /var/spool/exim/blocked_authenticated_users
    /var/spool/exim/blocked_script_paths
    respectively.

    The dataskq has it's own auto-unblock, based on various conditions.. I believe triggered during the tally or password reset, etc.. probably not related to the question.

    John

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •