BlockCracking

Credit to https://github.com/Exim/exim/wiki/BlockCracking

this version has been modified for use with a DirectAdmin System.
It requires a minimum of exim.conf 4.3.3 and exim.pl 29

Installation

See this guide for automated CustomBuild 2.0 install:
http://help.directadmin.com/item.php?id=576

Help

See the forum for issues or questions:
http://forum.directadmin.com/forumdisplay.php?f=90

About

The idea BlockCracking is that spammers typically send masses of emails and a large number of those emails are invalid or no longer exists (spammers don't confirm them)
The BlockCracking code will keep count of these invalid deliveries and block the sender of the given type, if the limit is hit, within a period of time.

Sender Types:
- auth: an account who had authenticated with smtp-auth
- script: any script being delivered to exim via /usr/sbin/sendmail|exim commandline, including php mail();

Settings

You can use the /etc/exim.blockcracking/variables.conf.custom to override the default variables.(see below)
There are also DirectAdmin directadmin.conf options to control how DA handles the reports:
http://www.directadmin.com/features.php?id=1645

block_cracking_unblock=0|1|2
block_cracking_unblock_minutes=120

block_cracking_unblock=
0 = script paths and E-Mails cannot be unblocked by DA.
1 >= emails and paths can be unblocked by the User*
2 >= Automatically unblocked after 'block_cracking_unblock_minutes' have passed, plus abilities from =1

*an E-Mail block must be done one-level up, eg: E-Mail unblocked by User. If User is blocked, unblocked by Reseller or via Lost Password tool.

Files

-- variables.conf

If you want to customize the file, create your own file:
-- variables.conf.custom, and set only the values in this file as desired, and they'll override the defaults.
Use double equals in the variables.conf.custom, to override the varibles.conf

BC_LIM == 100            - how many invalid emails can be send withn BC_PERIOD before block
BC_PERIOD == 1h          - Period of time the invalid emails can be send before block
BC_SHELL	         - leave this alone
BC_UNLIMITED_USERNAMES ==- usual acounts that should not have script restrictions. you can add extra users if desired.
BC_DENIED_PATHS	 	- path to the regex for scripts.denied_paths.txt. Create scripts.denied_paths.custom.txt for custom changes, and re-install with CB2.

BC_SKIP_AUTHENTICATED_USERS - Path of list of smtp-auth email addresses to not be scanned by BC. Does not need to exist. /etc/virtual/bc_skip_authenticated_users
BC_SKIP_SENDING_HOSTS 	- path of list of hosts that are allowed to connect and not be scanned by BC.  Does not need to exist. /etc/virtual/bc_skip_sending_hosts
BC_VERIFY_CALLOUT	- adjust the timeouts as needed. Slow client-to-exim is likely caused by the remote smtp verification: https://www.exim.org/exim-html-current/doc/html/spec_html/ch-access_control_lists.html#CALLaddparcall

-- auth.conf

Contains the BlockCracking code to count and block smtp authenticated accounts.
Blocks to the file:
/var/spool/exim/blocked_authenticated_users

-- script.conf

Contains the BlockCracking code to count and block script paths.
Since exim has no way of knowing which script actually sent the message, this code will track and rate-lmiit based on the script's working path.
This will allow other possibly valid scripts in other paths to continue working.
Blocks to the file:
/var/spool/exim/blocked_script_paths

-- script.recipients.conf

Contains a "recipients" ACL for the scripts.conf to call, because the non-SMTP ACLs must figure out the recipients one-by-one (Credit to Lena for helping with this)

-- script.denied_paths.txt

Contains a list of nwildlsearch regex values to be compared against the current working directory for a sending script.
Will the cwd does not contain the filename, just the path it's under.
CustomBuild 2.0 will create this file for you, based on the scripts.denied_paths.txt.
If you want to customize it, create scripts.denied_paths.custom.txt, and CB will use this instead of the scripts.denied_paths.default.txt.

-- /etc/virtual/bc_skip_authenticated_users

Optional file, does not need to exist.
Contains list of smtp-auth email addresses which will be skipped / not scanned by BlockCracking

-- /etc/virtual/bc_skip_sending_hosts

Optional file, does not need to exist.
Contains hostlist of IPs or rDNS host addresses email addresses which will be skipped / not scanned by BlockCracking.
Wildcards may work on rDNS hostnames, but should be listed after any full IPs or 1.2.3.4/24 ranges