Manually triggering the same style of block/suspension that BlockCracking uses?

Bastille

Verified User
Joined
Mar 25, 2013
Messages
97
Hello,

Whenever an account gets compromised and hits the (relatively) low outbound threshold we have in place for most e-mails, we have to do a bunch of steps that BC also does. The main catch, however, is that we immediately (after verifying the account was compromised) dump a new password on the e-mail for safety reasons and so the approach that BC has more elegance and finesse to it. Is there a way for us, as an admin, to manually trigger what BC does when it activates?

Best regards,
 
If you check in the /etc/exim.pl, you'll see a sub section
Code:
sub block_cracking_notify
There's a long string that dumps into the /etc/virtual/mail_task.queue, which the dataskq will pickup within 1 minute.
Add that long string to the /etc/virtual/mail_task.queue (with variables set) to manually trigger it.

Note, this call to mail_task.queue is only to issue the notification purposes.. and when applicable, suspends email password, etc. (depends on type of block, script, User smtp-auth, or Email smtp-auth)

The exim configs actually do the blocking itself in:
Code:
/etc/exim.blockcracking/auth.conf
/etc/exim.blockcracking/script.conf
with a short shell script call to dump the IP/user to the files:
Code:
/var/spool/exim/blocked_authenticated_users
/var/spool/exim/blocked_script_paths
respectively.

The dataskq has it's own auto-unblock, based on various conditions.. I believe triggered during the tally or password reset, etc.. probably not related to the question.

John
 
Back
Top