XMPP SPAM

2015-11-09 Thread Simon Josefsson 
I'm running my own jabberd2 server since a couple of months.  For the
past 2-3 weeks I've been starting to receive XMPP spam (a couple of
times per week).  Is there some configuration that could help here, or
do how people handle this?  Sample s2s log output below (IP and hostname
of spammer de-identified; josefsson.org is my domain, jabber.spammer.net
is the remote server).

/Simon

Mon Nov  9 14:54:20 2015 [notice] [13] [1.2.3.4, port=43000] incoming connection
Mon Nov  9 14:54:20 2015 [notice] [13] [1.2.3.4, port=43000] incoming stream 
online (id tbk0g818v3kzf67dr8tehwxcp1q2zbisn3t4cuc8)
Mon Nov  9 14:54:20 2015 [notice] [13] [1.2.3.4, port=43000] incoming stream 
online (id x8d4fqvoj95g7i5kr07utc7opflmozr4pns9)
Mon Nov  9 14:54:20 2015 [notice] [13] [1.2.3.4, port=43000] received dialback 
auth request for route 'josefsson.org/jabber.spammer.net'
Mon Nov  9 14:54:20 2015 [notice] dns lookup for jabber.spammer.net returned 1 
result (ttl 6012)
Mon Nov  9 14:54:20 2015 [notice] [14] [1.2.3.4, port=5269] outgoing connection 
for 'jabber.spammer.net'
Mon Nov  9 14:54:20 2015 [notice] [14] [1.2.3.4, port=5269] sending dialback 
auth request for route 'josefsson.org/jabber.spammer.net'
Mon Nov  9 14:54:20 2015 [notice] [16] [1.2.3.4, port=39052] incoming connection
Mon Nov  9 14:54:20 2015 [notice] [16] [1.2.3.4, port=39052] incoming stream 
online (id fudo3l9ulhoftw3icp50ow4djwmgubla6yyak845)
Mon Nov  9 14:54:20 2015 [notice] [16] [1.2.3.4, port=39052] incoming stream 
online (id tlipo11e62236gm233xfp7ln6w8e0d3tzmjnnk2u)
Mon Nov  9 14:54:21 2015 [notice] [16] [1.2.3.4, port=39052] checking dialback 
verification from jabber.spammer.net: sending valid
Mon Nov  9 14:54:21 2015 [notice] [14] [1.2.3.4, port=5269] outgoing route 
'josefsson.org/jabber.spammer.net' is now valid, TLS negotiated
Mon Nov  9 14:54:21 2015 [notice] [13] [1.2.3.4, port=43000] incoming route 
'josefsson.org/jabber.spammer.net' is now valid, TLS negotiated
Mon Nov  9 14:56:20 2015 [notice] [16] [1.2.3.4, port=39052] no dialback started
Mon Nov  9 14:56:20 2015 [notice] [16] [1.2.3.4, port=39052] disconnect, 
packets: 1


signature.asc
Description: PGP signature

Re: XMPP SPAM

2015-11-09 Thread Tomasz Sterna 
Dnia 2015-11-09, pon o godzinie 21:18 +0100, Simon Josefsson pisze:
> how people handle this?

My solution is:
# firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source 
address=193.105.240.126 reject"


-- 
 /o__ Is truth not truth for all?
(_<^'  the Sky", stardate 5476.4.



signature.asc
Description: This is a digitally signed message part

Re: XMPP SPAM

2015-11-09 Thread Sergio Durigan Junior 
On Monday, November 09 2015, Simon Josefsson wrote:

> I'm running my own jabberd2 server since a couple of months.  For the
> past 2-3 weeks I've been starting to receive XMPP spam (a couple of
> times per week).  Is there some configuration that could help here, or
> do how people handle this?  Sample s2s log output below (IP and hostname
> of spammer de-identified; josefsson.org is my domain, jabber.spammer.net
> is the remote server).

fail2ban is a good solution for this.

-- 
Sergio
GPG key ID: 237A 54B1 0287 28BF 00EF  31F4 D0EB 7628 65FC 5E36
Please send encrypted e-mail if possible
http://sergiodj.net/


signature.asc
Description: PGP signature