Re: XMPP SPAM
Simon Josefsson writes: > I'm running my own jabberd2 server since a couple of months. For the > past 2-3 weeks I've been starting to receive XMPP spam (a couple of > times per week). Is there some configuration that could help here, or > do how people handle this? Sample s2s log output below (IP and hostname > of spammer de-identified; josefsson.org is my domain, jabber.spammer.net > is the remote server). I wonder if greylisting could help. I almost never receive incoming jabber messages from people that I don't already have on a roster. So a delay of 30m would be ok for new presence requests. But I realize that kind of breaks the I in IM. Another thought is an IP-address-based RBL, like the ones used for spam. signature.asc Description: PGP signature
Re: XMPP SPAM
Sergio Durigan Junior writes: > On Monday, November 09 2015, Simon Josefsson wrote: > >> I'm running my own jabberd2 server since a couple of months. For the >> past 2-3 weeks I've been starting to receive XMPP spam (a couple of >> times per week). Is there some configuration that could help here, or >> do how people handle this? Sample s2s log output below (IP and hostname >> of spammer de-identified; josefsson.org is my domain, jabber.spammer.net >> is the remote server). > > fail2ban is a good solution for this. What would the rule to detect spam be? Perhaps I would want spamassassin (or something similar) to be run on the content, and after that trigger a fail2ban rule. I haven't been able to find any guides on doing this out there though. /Simon signature.asc Description: PGP signature
Re: XMPP SPAM
On Monday, November 09 2015, Simon Josefsson wrote: > I'm running my own jabberd2 server since a couple of months. For the > past 2-3 weeks I've been starting to receive XMPP spam (a couple of > times per week). Is there some configuration that could help here, or > do how people handle this? Sample s2s log output below (IP and hostname > of spammer de-identified; josefsson.org is my domain, jabber.spammer.net > is the remote server). fail2ban is a good solution for this. -- Sergio GPG key ID: 237A 54B1 0287 28BF 00EF 31F4 D0EB 7628 65FC 5E36 Please send encrypted e-mail if possible http://sergiodj.net/ signature.asc Description: PGP signature
Re: XMPP SPAM
Dnia 2015-11-09, pon o godzinie 21:18 +0100, Simon Josefsson pisze: > how people handle this? My solution is: # firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source address=193.105.240.126 reject" -- /o__ Is truth not truth for all? (_<^' the Sky", stardate 5476.4. signature.asc Description: This is a digitally signed message part
XMPP SPAM
I'm running my own jabberd2 server since a couple of months. For the past 2-3 weeks I've been starting to receive XMPP spam (a couple of times per week). Is there some configuration that could help here, or do how people handle this? Sample s2s log output below (IP and hostname of spammer de-identified; josefsson.org is my domain, jabber.spammer.net is the remote server). /Simon Mon Nov 9 14:54:20 2015 [notice] [13] [1.2.3.4, port=43000] incoming connection Mon Nov 9 14:54:20 2015 [notice] [13] [1.2.3.4, port=43000] incoming stream online (id tbk0g818v3kzf67dr8tehwxcp1q2zbisn3t4cuc8) Mon Nov 9 14:54:20 2015 [notice] [13] [1.2.3.4, port=43000] incoming stream online (id x8d4fqvoj95g7i5kr07utc7opflmozr4pns9) Mon Nov 9 14:54:20 2015 [notice] [13] [1.2.3.4, port=43000] received dialback auth request for route 'josefsson.org/jabber.spammer.net' Mon Nov 9 14:54:20 2015 [notice] dns lookup for jabber.spammer.net returned 1 result (ttl 6012) Mon Nov 9 14:54:20 2015 [notice] [14] [1.2.3.4, port=5269] outgoing connection for 'jabber.spammer.net' Mon Nov 9 14:54:20 2015 [notice] [14] [1.2.3.4, port=5269] sending dialback auth request for route 'josefsson.org/jabber.spammer.net' Mon Nov 9 14:54:20 2015 [notice] [16] [1.2.3.4, port=39052] incoming connection Mon Nov 9 14:54:20 2015 [notice] [16] [1.2.3.4, port=39052] incoming stream online (id fudo3l9ulhoftw3icp50ow4djwmgubla6yyak845) Mon Nov 9 14:54:20 2015 [notice] [16] [1.2.3.4, port=39052] incoming stream online (id tlipo11e62236gm233xfp7ln6w8e0d3tzmjnnk2u) Mon Nov 9 14:54:21 2015 [notice] [16] [1.2.3.4, port=39052] checking dialback verification from jabber.spammer.net: sending valid Mon Nov 9 14:54:21 2015 [notice] [14] [1.2.3.4, port=5269] outgoing route 'josefsson.org/jabber.spammer.net' is now valid, TLS negotiated Mon Nov 9 14:54:21 2015 [notice] [13] [1.2.3.4, port=43000] incoming route 'josefsson.org/jabber.spammer.net' is now valid, TLS negotiated Mon Nov 9 14:56:20 2015 [notice] [16] [1.2.3.4, port=39052] no dialback started Mon Nov 9 14:56:20 2015 [notice] [16] [1.2.3.4, port=39052] disconnect, packets: 1 signature.asc Description: PGP signature
