[Spce-user] NGCP-FRAUD Protection doesn't work in 4.3.1

Matthias Hohl matthias.hohl at telematica.at
Mon Apr 25 13:05:58 EDT 2016


3. Bug:

I also see that in the notifcation mail doesn't split between "daily" or "monthly" limit exceeded.

This is the mail template:

Customer # [% customer_id %] has been locked due to exceeding the configured
credit balance threshold ([% interval_cost %] >= [% interval_limit %]) in the [% type %] settings.

But as [% type %] there is just "customer".

That’s how this looks like in the notification mail:

Customer # 6 has been locked due to exceeding the configured
credit balance threshold (6.11 >= 1.00) in the customer settings.


But there should by "daily" or "monthly" setting, to see it in mail, which limit was exceeded.





-----Ursprüngliche Nachricht-----
Von: Spce-user [mailto:spce-user-bounces at lists.sipwise.com] Im Auftrag von Matthias Hohl
Gesendet: Montag, 25. April 2016 18:45
An: Kirill Solomko <ksolomko at sipwise.com>
Cc: Spce-user at lists.sipwise.com
Betreff: Re: [Spce-user] NGCP-FRAUD Protection doesn't work in 4.3.1

Hello,

I tested it and it definitely didnt work.
All my billing profiles have the same setting. All are with lock level = all outgoing calls.

If a subscriber reach this limit, i got the notification but the subscriber get not be locked to "all outgoing calls".

I also get the mail notification everytime again when cronjob task run as long as i rise up the call limit. Also if i lock the subscriber by myself, i recieve the notifications.

Can i give you any more informations or log files?

> Am 25.04.2016 um 17:59 schrieb Kirill Solomko <ksolomko at sipwise.com>:
> 
> HI Matthias,
> 
> Having retested your complain about subscribers being left “unlocked” it should work as expected with the version you have.
> 
> Could you please check your fraud control settings and make sure that 
> you have “lock level” set for the particular fraud control to something else than “none” (mind the inheritance from billing profiles), otherwise the customer will not be locked.
> 
> As for your question to send emails to locked subscribers it is not currently possible as the component works on the customer level and when triggered it locks a customer based on his balance and then chain locks all related subscribers.
> For example you have 2 subscribers within a customer and one did 100 calls and another one 0, there is no point in sending an email to the “innocent” subscriber.
> 
> Kind regards,
> Kirill
> 
>> On 25 Apr 2016, at 13:50, Matthias Hohl <matthias.hohl at telematica.at> wrote:
>> 
>> Aah sorry, i saw that there is also a "type" setting in the template. 
>> ;)
>> 
>> -----Ursprüngliche Nachricht-----
>> Von: Spce-user [mailto:spce-user-bounces at lists.sipwise.com] Im 
>> Auftrag von Matthias Hohl
>> Gesendet: Montag, 25. April 2016 13:29
>> An: 'Kirill Solomko' <ksolomko at sipwise.com>
>> Cc: Spce-user at lists.sipwise.com
>> Betreff: Re: [Spce-user] NGCP-FRAUD Protection doesn't work in 4.3.1
>> 
>> Hello,
>> 
>> thanks for the information.
>> 
>> But i see that there is now just 1 template for fraud lock and one for fraud without lock.
>> Is there no difference between daily and month limit anymore? It would be good if this would be different mails as well.
>> 
>> BTW: is it possible to send also an information mail about a lock to 
>> the subscriber Mail address instead
>> 
>> 
>> -----Ursprüngliche Nachricht-----
>> Von: Kirill Solomko [mailto:ksolomko at sipwise.com]
>> Gesendet: Montag, 25. April 2016 00:52
>> An: Matthias Hohl <matthias.hohl at telematica.at>
>> Cc: Spce-user at lists.sipwise.com
>> Betreff: Re: [Spce-user] NGCP-FRAUD Protection doesn't work in 4.3.1
>> 
>> Hi Matthias,
>> 
>> Thank you for your feedback. I have identified the issue and going to release a hotfix today.
>> 
>> As for your question regarding editing the templates you can do that from the GUI interface (Email Templates) where you create a template with name '’customer_fraud_lock_email’ or "’customer_fraud_warning_email’ respectively, it is best if you jump copy the content from the original template(s) as it contains macros, and adjust the text to your taste.
>> 
>> You can fetch the original templates by executing the following sql query:
>> 
>> mysql -e "select name,from_email,subject,body from billing.email_templates where name like 'customer_fraud_%_default_email'\G”
>> 
>> Kind regards,
>> Kirill
>> 
>>> On 23 Apr 2016, at 13:02, Matthias Hohl <matthias.hohl at telematica.at> wrote:
>>> 
>>> Hello,
>>> 
>>> I did an update today at 4 o clock and the "no sender" error dissapeared now and i got the notification mails, but the subscriber didn't get locked automatically.
>>> 
>>> I also want the mail templates for daily and auto notifications to edit. Currently they are simply the same. Is it also possible to edit the "from" mail header to another adress?
>>> 
>>> Where i can change this settings?
>>> 
>>>> Am 22.04.2016 um 14:55 schrieb Kirill Solomko <ksolomko at sipwise.com>:
>>>> 
>>>> Hi Matthias,
>>>> 
>>>> Thank you for your report.
>>>> I have pinned down the issue and going to release a hotfix nearest time.
>>>> 
>>>> (expected packages to upgrade: ngcp-billing-tools, ngcp-panel)
>>>> 
>>>> Kind regards,
>>>> Kirill
>>>> 
>>>>> On 22 Apr 2016, at 13:00, Matthias Hohl <matthias.hohl at telematica.at> wrote:
>>>>> 
>>>>> Hello,
>>>>> 
>>>>> i use a wildcard zertificate for https.
>>>>> Just for kamailio tls i use the selfsigned cause we doesn't use 
>>>>> tls currently.
>>>>> 
>>>>> I changed the setting and can execute the script now but I get now 
>>>>> this
>>>>> error:
>>>>> 
>>>>> 
>>>>> root at spce:~# /usr/sbin/ngcp-fraud-daily-lock no sender
>>>>> 
>>>>> Trace begun at /usr/share/perl5/Email/Sender/Simple.pm line 117 
>>>>> Email::Sender::Simple::send_email('Email::Sender::Simple',
>>>>> 'Email::Abstract=ARRAY(0x300b810)', 'HASH(0x3aae940)') called at 
>>>>> /usr/share/perl5/Email/Sender/Role/CommonSending.pm line 45 
>>>>> Email::Sender::Role::CommonSending::try {...}  at 
>>>>> /usr/share/perl5/Try/Tiny.pm line 79 eval {...} at 
>>>>> /usr/share/perl5/Try/Tiny.pm line 72 
>>>>> Try::Tiny::try('CODE(0x3aae928)', 
>>>>> 'Try::Tiny::Catch=REF(0x2df6768)')
>>>>> called at /usr/share/perl5/Email/Sender/Role/CommonSending.pm line
>>>>> 58 
>>>>> Email::Sender::Role::CommonSending::send('Email::Sender::Simple',
>>>>> 'Email::Simple=HASH(0x3aaea30)', 'HASH(0x300ba20)') called at 
>>>>> /usr/sbin/ngcp-fraud-daily-lock line 124 
>>>>> main::send_email('HASH(0x2da1988)', 'ARRAY(0x36a98e0)') called at 
>>>>> /usr/sbin/ngcp-fraud-daily-lock line 171 main::main at 
>>>>> /usr/sbin/ngcp-fraud-daily-lock line 176
>>>>> 
>>>>> 
>>>>> root at spce:~# /usr/sbin/ngcp-fraud-auto-lock no sender
>>>>> 
>>>>> Trace begun at /usr/share/perl5/Email/Sender/Simple.pm line 117 
>>>>> Email::Sender::Simple::send_email('Email::Sender::Simple',
>>>>> 'Email::Abstract=ARRAY(0x30888f0)', 'HASH(0x3b2bcc0)') called at 
>>>>> /usr/share/perl5/Email/Sender/Role/CommonSending.pm line 45 
>>>>> Email::Sender::Role::CommonSending::try {...}  at 
>>>>> /usr/share/perl5/Try/Tiny.pm line 79 eval {...} at 
>>>>> /usr/share/perl5/Try/Tiny.pm line 72 
>>>>> Try::Tiny::try('CODE(0x3b2bca8)', 
>>>>> 'Try::Tiny::Catch=REF(0x2e73898)')
>>>>> called at /usr/share/perl5/Email/Sender/Role/CommonSending.pm line
>>>>> 58 
>>>>> Email::Sender::Role::CommonSending::send('Email::Sender::Simple',
>>>>> 'Email::Simple=HASH(0x3b2bdb0)', 'HASH(0x3088b60)') called at 
>>>>> /usr/sbin/ngcp-fraud-auto-lock line 124 
>>>>> main::send_email('HASH(0x3730438)', 'ARRAY(0x3739d30)') called at 
>>>>> /usr/sbin/ngcp-fraud-auto-lock line 171 main::main at 
>>>>> /usr/sbin/ngcp-fraud-auto-lock line 176
>>>>> 
>>>>> 
>>>>> -----Ursprüngliche Nachricht-----
>>>>> Von: Spce-user [mailto:spce-user-bounces at lists.sipwise.com] Im 
>>>>> Auftrag von Victor Seva
>>>>> Gesendet: Freitag, 22. April 2016 12:48
>>>>> An: spce-user at lists.sipwise.com
>>>>> Betreff: Re: [Spce-user] NGCP-FRAUD Protection doesn't work in 
>>>>> 4.3.1
>>>>> 
>>>>>> On 04/22/2016 11:39 AM, Matthias Hohl wrote:
>>>>>> Hello,
>>>>>> 
>>>>>> today i found out that the ngcp-fraud-daily-lock and 
>>>>>> ngcp-fraud-auto-lock doesn't work on a subscriber with too much 
>>>>>> traffic in
>>>>> version 4.3.1.
>>>>>> In version 4.2.1 it definitely works. 
>>>>>> To solve this problem i checked the cronjob log and saw, that the 
>>>>>> cronjobs was executed.
>>>>>> Then I tried to execute the commands directly and got this error:
>>>>>> 
>>>>>> 
>>>>>> root at spce:/var/log# /usr/sbin/ngcp-fraud-daily-lock
>>>>>> 500 Can't connect to 127.0.0.1:1442 (certificate verify failed) 
>>>>>> Can't connect to 127.0.0.1:1442 (certificate verify failed) SSL 
>>>>>> connect attempt failed error:14090086:SSL 
>>>>>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at 
>>>>>> /usr/share/perl5/LWP/Protocol/http.pm line 49.
>>>>>> 
>>>>>> 
>>>>>> root at spce:/var/log# /usr/sbin/ngcp-fraud-auto-lock
>>>>>> 500 Can't connect to 127.0.0.1:1442 (certificate verify failed) 
>>>>>> Can't connect to 127.0.0.1:1442 (certificate verify failed) SSL 
>>>>>> connect attempt failed error:14090086:SSL 
>>>>>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at 
>>>>>> /usr/share/perl5/LWP/Protocol/http.pm line 49.
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> Any idea to solve this problem?
>>>>>> In changelog you wrote, that you updated the ngcp-fraud scripts 
>>>>>> for 4.3.1, so maybe there is something wrong?
>>>>> 
>>>>> This should be a problem with the certificate you are using. Are 
>>>>> you using a self-sign certificate?
>>>>> 
>>>>> There is a new config for disable the check for scripts:
>>>>> 
>>>>> security:
>>>>> ngcp_panel:
>>>>> scripts:
>>>>>  restapi:
>>>>>    sslverify: no
>>>>> 
>>>>> 
>>>>> On production I would say you should not use self-sign certificates.
>>>>> Maybe letsencrypt?
>>>>> 
>>>>> --
>>>>> Victor Seva
>>>>> Software Engineer
>>>>> 
>>>>> Phone: +43(0)1 301 2029
>>>>> Email: vseva at sipwise.com
>>>>> Website: www.sipwise.com
>>>>> 
>>>>> Particulars according Austrian Companies Code paragraph 14 
>>>>> "Sipwise GmbH“ - Europaring F15 – 2345 Brunn am Gebirge 
>>>>> FN:305595f, Commercial Court Vienna,
>>>>> ATU64002206
>>>>> 
>>>>> _______________________________________________
>>>>> Spce-user mailing list
>>>>> Spce-user at lists.sipwise.com
>>>>> https://lists.sipwise.com/listinfo/spce-user
>> 
>> _______________________________________________
>> Spce-user mailing list
>> Spce-user at lists.sipwise.com
>> https://lists.sipwise.com/listinfo/spce-user
> 
_______________________________________________
Spce-user mailing list
Spce-user at lists.sipwise.com
https://lists.sipwise.com/listinfo/spce-user



More information about the Spce-user mailing list