[Spce-user] NGCP-FRAUD Protection doesn't work in 4.3.1
Matthias Hohl
matthias.hohl at telematica.at
Tue Apr 26 02:58:28 EDT 2016
Hello,
No i have booth tested.
One just billing profile fraud preferences and one the customer fraud preferencesy
And i have sure done overwritting it in customer fraud preferences.
I overwrite interval, lock level and notify but as i told you, i just get information mail but no lock...
Same bahavior like i get with the billing profile fraud preferences... I get information mail but no lock.
> Am 25.04.2016 um 23:33 schrieb Kirill Solomko <ksolomko at sipwise.com>:
>
> Hi Matthias,
>
> I take it you have fraud interval limits set on a customer level but fraud lock type set on the customer’s billing profile level.
>
> The initial logic remains the same as it was before mr4.3.1 and if a customer has fraud interval set to something it picks all his fraud preferences ignoring the ones set for the billing profile.
>
> So to have customer fraud preferences working you have to override interval+lock_level+notify, and although it is the same behaviour as before I agree it is not as normally expected and therefore, going to be a subject to improve.
>
> Kind regards,
> Kirill
>
>> On 25 Apr 2016, at 18:45, Matthias Hohl <matthias.hohl at telematica.at> wrote:
>>
>> Hello,
>>
>> I tested it and it definitely didnt work.
>> All my billing profiles have the same setting. All are with lock level = all outgoing calls.
>>
>> If a subscriber reach this limit, i got the notification but the subscriber get not be locked to "all outgoing calls".
>>
>> I also get the mail notification everytime again when cronjob task run as long as i rise up the call limit. Also if i lock the subscriber by myself, i recieve the notifications.
>>
>> Can i give you any more informations or log files?
>>
>>> Am 25.04.2016 um 17:59 schrieb Kirill Solomko <ksolomko at sipwise.com>:
>>>
>>> HI Matthias,
>>>
>>> Having retested your complain about subscribers being left “unlocked” it should work as expected with the version you have.
>>>
>>> Could you please check your fraud control settings and make sure that you have “lock level” set for the particular fraud control to something else than “none” (mind the inheritance from billing profiles),
>>> otherwise the customer will not be locked.
>>>
>>> As for your question to send emails to locked subscribers it is not currently possible as the component works on the customer level and when triggered it locks a customer based on his balance and then chain locks all related subscribers.
>>> For example you have 2 subscribers within a customer and one did 100 calls and another one 0, there is no point in sending an email to the “innocent” subscriber.
>>>
>>> Kind regards,
>>> Kirill
>>>
>>>> On 25 Apr 2016, at 13:50, Matthias Hohl <matthias.hohl at telematica.at> wrote:
>>>>
>>>> Aah sorry, i saw that there is also a "type" setting in the template. ;)
>>>>
>>>> -----Ursprüngliche Nachricht-----
>>>> Von: Spce-user [mailto:spce-user-bounces at lists.sipwise.com] Im Auftrag von Matthias Hohl
>>>> Gesendet: Montag, 25. April 2016 13:29
>>>> An: 'Kirill Solomko' <ksolomko at sipwise.com>
>>>> Cc: Spce-user at lists.sipwise.com
>>>> Betreff: Re: [Spce-user] NGCP-FRAUD Protection doesn't work in 4.3.1
>>>>
>>>> Hello,
>>>>
>>>> thanks for the information.
>>>>
>>>> But i see that there is now just 1 template for fraud lock and one for fraud without lock.
>>>> Is there no difference between daily and month limit anymore? It would be good if this would be different mails as well.
>>>>
>>>> BTW: is it possible to send also an information mail about a lock to the subscriber Mail address instead
>>>>
>>>>
>>>> -----Ursprüngliche Nachricht-----
>>>> Von: Kirill Solomko [mailto:ksolomko at sipwise.com]
>>>> Gesendet: Montag, 25. April 2016 00:52
>>>> An: Matthias Hohl <matthias.hohl at telematica.at>
>>>> Cc: Spce-user at lists.sipwise.com
>>>> Betreff: Re: [Spce-user] NGCP-FRAUD Protection doesn't work in 4.3.1
>>>>
>>>> Hi Matthias,
>>>>
>>>> Thank you for your feedback. I have identified the issue and going to release a hotfix today.
>>>>
>>>> As for your question regarding editing the templates you can do that from the GUI interface (Email Templates) where you create a template with name '’customer_fraud_lock_email’ or "’customer_fraud_warning_email’ respectively, it is best if you jump copy the content from the original template(s) as it contains macros, and adjust the text to your taste.
>>>>
>>>> You can fetch the original templates by executing the following sql query:
>>>>
>>>> mysql -e "select name,from_email,subject,body from billing.email_templates where name like 'customer_fraud_%_default_email'\G”
>>>>
>>>> Kind regards,
>>>> Kirill
>>>>
>>>>> On 23 Apr 2016, at 13:02, Matthias Hohl <matthias.hohl at telematica.at> wrote:
>>>>>
>>>>> Hello,
>>>>>
>>>>> I did an update today at 4 o clock and the "no sender" error dissapeared now and i got the notification mails, but the subscriber didn't get locked automatically.
>>>>>
>>>>> I also want the mail templates for daily and auto notifications to edit. Currently they are simply the same. Is it also possible to edit the "from" mail header to another adress?
>>>>>
>>>>> Where i can change this settings?
>>>>>
>>>>>> Am 22.04.2016 um 14:55 schrieb Kirill Solomko <ksolomko at sipwise.com>:
>>>>>>
>>>>>> Hi Matthias,
>>>>>>
>>>>>> Thank you for your report.
>>>>>> I have pinned down the issue and going to release a hotfix nearest time.
>>>>>>
>>>>>> (expected packages to upgrade: ngcp-billing-tools, ngcp-panel)
>>>>>>
>>>>>> Kind regards,
>>>>>> Kirill
>>>>>>
>>>>>>> On 22 Apr 2016, at 13:00, Matthias Hohl <matthias.hohl at telematica.at> wrote:
>>>>>>>
>>>>>>> Hello,
>>>>>>>
>>>>>>> i use a wildcard zertificate for https.
>>>>>>> Just for kamailio tls i use the selfsigned cause we doesn't use tls
>>>>>>> currently.
>>>>>>>
>>>>>>> I changed the setting and can execute the script now but I get now
>>>>>>> this
>>>>>>> error:
>>>>>>>
>>>>>>>
>>>>>>> root at spce:~# /usr/sbin/ngcp-fraud-daily-lock no sender
>>>>>>>
>>>>>>> Trace begun at /usr/share/perl5/Email/Sender/Simple.pm line 117
>>>>>>> Email::Sender::Simple::send_email('Email::Sender::Simple',
>>>>>>> 'Email::Abstract=ARRAY(0x300b810)', 'HASH(0x3aae940)') called at
>>>>>>> /usr/share/perl5/Email/Sender/Role/CommonSending.pm line 45
>>>>>>> Email::Sender::Role::CommonSending::try {...} at
>>>>>>> /usr/share/perl5/Try/Tiny.pm line 79 eval {...} at
>>>>>>> /usr/share/perl5/Try/Tiny.pm line 72
>>>>>>> Try::Tiny::try('CODE(0x3aae928)', 'Try::Tiny::Catch=REF(0x2df6768)')
>>>>>>> called at /usr/share/perl5/Email/Sender/Role/CommonSending.pm line
>>>>>>> 58 Email::Sender::Role::CommonSending::send('Email::Sender::Simple',
>>>>>>> 'Email::Simple=HASH(0x3aaea30)', 'HASH(0x300ba20)') called at
>>>>>>> /usr/sbin/ngcp-fraud-daily-lock line 124
>>>>>>> main::send_email('HASH(0x2da1988)', 'ARRAY(0x36a98e0)') called at
>>>>>>> /usr/sbin/ngcp-fraud-daily-lock line 171 main::main at
>>>>>>> /usr/sbin/ngcp-fraud-daily-lock line 176
>>>>>>>
>>>>>>>
>>>>>>> root at spce:~# /usr/sbin/ngcp-fraud-auto-lock no sender
>>>>>>>
>>>>>>> Trace begun at /usr/share/perl5/Email/Sender/Simple.pm line 117
>>>>>>> Email::Sender::Simple::send_email('Email::Sender::Simple',
>>>>>>> 'Email::Abstract=ARRAY(0x30888f0)', 'HASH(0x3b2bcc0)') called at
>>>>>>> /usr/share/perl5/Email/Sender/Role/CommonSending.pm line 45
>>>>>>> Email::Sender::Role::CommonSending::try {...} at
>>>>>>> /usr/share/perl5/Try/Tiny.pm line 79 eval {...} at
>>>>>>> /usr/share/perl5/Try/Tiny.pm line 72
>>>>>>> Try::Tiny::try('CODE(0x3b2bca8)', 'Try::Tiny::Catch=REF(0x2e73898)')
>>>>>>> called at /usr/share/perl5/Email/Sender/Role/CommonSending.pm line
>>>>>>> 58 Email::Sender::Role::CommonSending::send('Email::Sender::Simple',
>>>>>>> 'Email::Simple=HASH(0x3b2bdb0)', 'HASH(0x3088b60)') called at
>>>>>>> /usr/sbin/ngcp-fraud-auto-lock line 124
>>>>>>> main::send_email('HASH(0x3730438)', 'ARRAY(0x3739d30)') called at
>>>>>>> /usr/sbin/ngcp-fraud-auto-lock line 171 main::main at
>>>>>>> /usr/sbin/ngcp-fraud-auto-lock line 176
>>>>>>>
>>>>>>>
>>>>>>> -----Ursprüngliche Nachricht-----
>>>>>>> Von: Spce-user [mailto:spce-user-bounces at lists.sipwise.com] Im
>>>>>>> Auftrag von Victor Seva
>>>>>>> Gesendet: Freitag, 22. April 2016 12:48
>>>>>>> An: spce-user at lists.sipwise.com
>>>>>>> Betreff: Re: [Spce-user] NGCP-FRAUD Protection doesn't work in 4.3.1
>>>>>>>
>>>>>>>> On 04/22/2016 11:39 AM, Matthias Hohl wrote:
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>> today i found out that the ngcp-fraud-daily-lock and
>>>>>>>> ngcp-fraud-auto-lock doesn't work on a subscriber with too much
>>>>>>>> traffic in
>>>>>>> version 4.3.1.
>>>>>>>> In version 4.2.1 it definitely works.
>>>>>>>> To solve this problem i checked the cronjob log and saw, that the
>>>>>>>> cronjobs was executed.
>>>>>>>> Then I tried to execute the commands directly and got this error:
>>>>>>>>
>>>>>>>>
>>>>>>>> root at spce:/var/log# /usr/sbin/ngcp-fraud-daily-lock
>>>>>>>> 500 Can't connect to 127.0.0.1:1442 (certificate verify failed)
>>>>>>>> Can't connect to 127.0.0.1:1442 (certificate verify failed) SSL
>>>>>>>> connect attempt failed error:14090086:SSL
>>>>>>>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at
>>>>>>>> /usr/share/perl5/LWP/Protocol/http.pm line 49.
>>>>>>>>
>>>>>>>>
>>>>>>>> root at spce:/var/log# /usr/sbin/ngcp-fraud-auto-lock
>>>>>>>> 500 Can't connect to 127.0.0.1:1442 (certificate verify failed)
>>>>>>>> Can't connect to 127.0.0.1:1442 (certificate verify failed) SSL
>>>>>>>> connect attempt failed error:14090086:SSL
>>>>>>>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at
>>>>>>>> /usr/share/perl5/LWP/Protocol/http.pm line 49.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Any idea to solve this problem?
>>>>>>>> In changelog you wrote, that you updated the ngcp-fraud scripts for
>>>>>>>> 4.3.1, so maybe there is something wrong?
>>>>>>>
>>>>>>> This should be a problem with the certificate you are using. Are you
>>>>>>> using a self-sign certificate?
>>>>>>>
>>>>>>> There is a new config for disable the check for scripts:
>>>>>>>
>>>>>>> security:
>>>>>>> ngcp_panel:
>>>>>>> scripts:
>>>>>>> restapi:
>>>>>>> sslverify: no
>>>>>>>
>>>>>>>
>>>>>>> On production I would say you should not use self-sign certificates.
>>>>>>> Maybe letsencrypt?
>>>>>>>
>>>>>>> --
>>>>>>> Victor Seva
>>>>>>> Software Engineer
>>>>>>>
>>>>>>> Phone: +43(0)1 301 2029
>>>>>>> Email: vseva at sipwise.com
>>>>>>> Website: www.sipwise.com
>>>>>>>
>>>>>>> Particulars according Austrian Companies Code paragraph 14 "Sipwise
>>>>>>> GmbH“ - Europaring F15 – 2345 Brunn am Gebirge FN:305595f,
>>>>>>> Commercial Court Vienna,
>>>>>>> ATU64002206
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Spce-user mailing list
>>>>>>> Spce-user at lists.sipwise.com
>>>>>>> https://lists.sipwise.com/listinfo/spce-user
>>>>
>>>> _______________________________________________
>>>> Spce-user mailing list
>>>> Spce-user at lists.sipwise.com
>>>> https://lists.sipwise.com/listinfo/spce-user
>
More information about the Spce-user
mailing list