BlockCracking notices and unblocking (TEMPLATES) (SKINS)

Version 1.47

Feature
Finished

BETA BlockCracking is where exim keeps track of how many non-existent emails a sender tries to send within a given period of time, and blocks the account from sending if the count is too high. Requires exim.conf 4.2.3+ and exim.pl 19. Can be installed with CustomBuild 2.0: http://help.directadmin.com/item.php?id=576 the changes listed here let you configure how DA manages the ability to unblock the account. These changes are only a small portion of the feature, the bulk of it is in the Exim module, to be installed via CustomBuild. ****************************************************** 1) Unblocking for blocked smtp-auth Users: Once an account is blocked, they're likely going to want to be unblocked, but the account must be deemed "safe" first. New directadmin.conf variable: block_cracking_unblock=1|2 1 means the standard password change will unblock the account. Note that the account itself is not allowed to do this, it must go up one level, as the alleged spammer knows the password, and we don't want them just resetting the password to spam more. So if a user@email.com is blocked, the password must be changed from the User Level by a DirectAdmin User. If a DirectAdmin User is block, then their creator or higher (a Reseller or Admin) must changed from the Reseller or Admin Levels. However, the "Lost Password" tool on the 2222 Login Page will unblock the DA user upon password reset, as it's set to a new random value that the hacker (hopefully) cannot learn (assumes the email is not a local one) Note that I say "change" password, which is what I expect you to do, as a compromised account is once were the smtp-auth password is known, thus must be changed. However, if you change it to unblock it, there is nothing stopping you from setting it back to the original value. This is not recommended, as it will allow the spammer to send more spam. Of course, if it's a false positive, then this should be fine (eg, you set a BlockCracking limit too low, etc..) 2 means, all rules of 1 apply, but 2 adds the extra "automatic unblocking" to happen after a give amount of time. We really don't recommend you set this, but hopefully, Users will have changed their passwords on their own free will (we hope).. so the option frees up your time by having it done automatically. directadmin.conf variable, set in minutes for the number of minutes before an account is unblocked: block_cracking_unblock_minutes=120 0 doesn't do anything at this time, but we may reserve it to prevent unblocking... if someone would ever want that (me thinks not) ****************************************************** 2) Unblocking for blocked Paths The same block_cracking_unblock variable is used to dertmine unblocking abilities for paths. For a User to unblock a path, they can go to: User Level -> E-Mail Accounts -> E-Mail Usage and it will show all paths below /home/user (inclusive), which they can select and unblock. Paths outside of /home/user, eg: /tmp or /home/otheruser will not show up in this table, and cannot be removed. ****************************************************** 3) Notices. When a limit is reached, the exim.pl adds the following to the /etc/virtual/mail_task.queue file: action=block_cracking&type=smtp&authenticated_id=user@domain.com&sender_host_address=1.2.3.4&log_time=10423498 action=block_cracking&type=script&authenticated_id=admin&script_path=/home/admin/domains/domain.com/public_html&sender_host_address=&log_time=1409820955 DA then picks that up, and will send notices as applicable. Who get notified depends on these already existent variables: notify_on_mass_emailing=0|1 # Global on/off switch for all the other notify variables notify_user_on_mass_emailing=0|1 notify_reseller_on_mass_emailing=0|1 notify_admins_on_per_email_mass_emailings=0|1 All 4 of these notify variables default to 1. http://www.directadmin.com/search_versions.php?query=notify+mass_emailing Once the "who" is figured out, assuming there are more than 0, the block_cracking_notice.txt template is used, and notices are delivered using the Message System. ****************************************************** TEMPLATES: block_cracking_notice.txt block_cracking_notice_script.txt contains the message to sent to the DA accounts. ****************************************************** SKINS user/email/usage.html Top added: |*if BLOCK_CRACKING_PATHS="yes"| |BLOCK_CRACKING_PATHS_TABLE| <br><br> |*endif| bottom added: |SENDING_PHP_SCRIPTS| to list all php scripts that sent that day.

Interested to try DirectAdmin? Get a 30-day Free Trial!