Richard G
Verified User
Today I got a very important customer blocked by blockcracking.
He send out a lot of mails to a lot of systems, some of which have the same email addres but on more domains like (.com and .org and .ch).
Now the user got blocked with this notice:
Where can I find these 100 non-existant emails in the logs? This happened a few minutes ago and I instantly checked the mailqueue which had a lot of emails with a D in front of it, since they were delivered. But they were visible because in the batch there were email addresses without the D in front of it.
Those might be non existant so I counted them, and those were only 5 email addresses.
So how come this user got blocked? This should not be happening with only 5 non existing email adresses.
How can this be fixed? Because this is not good.
He send out a lot of mails to a lot of systems, some of which have the same email addres but on more domains like (.com and .org and .ch).
Now the user got blocked with this notice:
The address [email protected] has just finished sending 100 non-existant emails within a 1h period, and has been blocked.
There could be a spammer, the account could be compromised, or just sending more emails than usual.
To unblock this account, the password must be changed by a DirectAdmin User.
Changing the password through the E-Mail self-serve options will not work, as the password is likely compromised.
The last IP to send an email was xx.xx.xx.xx.
This warning was triggered by the BlockCracking monitoring tool in exim.
The E-Mail account is managed under the username User account.
Where can I find these 100 non-existant emails in the logs? This happened a few minutes ago and I instantly checked the mailqueue which had a lot of emails with a D in front of it, since they were delivered. But they were visible because in the batch there were email addresses without the D in front of it.
Those might be non existant so I counted them, and those were only 5 email addresses.
So how come this user got blocked? This should not be happening with only 5 non existing email adresses.
How can this be fixed? Because this is not good.