Re: XMPP SPAM

2015-11-10 Thread Greg Troxel

Simon Josefsson  writes:

> I'm running my own jabberd2 server since a couple of months.  For the
> past 2-3 weeks I've been starting to receive XMPP spam (a couple of
> times per week).  Is there some configuration that could help here, or
> do how people handle this?  Sample s2s log output below (IP and hostname
> of spammer de-identified; josefsson.org is my domain, jabber.spammer.net
> is the remote server).

I wonder if greylisting could help.  I almost never receive incoming
jabber messages from people that I don't already have on a roster.  So a
delay of 30m would be ok for new presence requests.  But I realize that
kind of breaks the I in IM.

Another thought is an IP-address-based RBL, like the ones used for spam.


signature.asc
Description: PGP signature


Re: XMPP SPAM

2015-11-10 Thread Simon Josefsson
Sergio Durigan Junior  writes:

> On Monday, November 09 2015, Simon Josefsson wrote:
>
>> I'm running my own jabberd2 server since a couple of months.  For the
>> past 2-3 weeks I've been starting to receive XMPP spam (a couple of
>> times per week).  Is there some configuration that could help here, or
>> do how people handle this?  Sample s2s log output below (IP and hostname
>> of spammer de-identified; josefsson.org is my domain, jabber.spammer.net
>> is the remote server).
>
> fail2ban is a good solution for this.

What would the rule to detect spam be?  Perhaps I would want
spamassassin (or something similar) to be run on the content, and after
that trigger a fail2ban rule.  I haven't been able to find any guides on
doing this out there though.

/Simon


signature.asc
Description: PGP signature


Re: XMPP SPAM

2015-11-09 Thread Sergio Durigan Junior
On Monday, November 09 2015, Simon Josefsson wrote:

> I'm running my own jabberd2 server since a couple of months.  For the
> past 2-3 weeks I've been starting to receive XMPP spam (a couple of
> times per week).  Is there some configuration that could help here, or
> do how people handle this?  Sample s2s log output below (IP and hostname
> of spammer de-identified; josefsson.org is my domain, jabber.spammer.net
> is the remote server).

fail2ban is a good solution for this.

-- 
Sergio
GPG key ID: 237A 54B1 0287 28BF 00EF  31F4 D0EB 7628 65FC 5E36
Please send encrypted e-mail if possible
http://sergiodj.net/


signature.asc
Description: PGP signature


Re: XMPP SPAM

2015-11-09 Thread Tomasz Sterna
Dnia 2015-11-09, pon o godzinie 21:18 +0100, Simon Josefsson pisze:
> how people handle this?

My solution is:
# firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source 
address=193.105.240.126 reject"


-- 
 /o__ Is truth not truth for all?
(_<^'  the Sky", stardate 5476.4.



signature.asc
Description: This is a digitally signed message part


XMPP SPAM

2015-11-09 Thread Simon Josefsson
I'm running my own jabberd2 server since a couple of months.  For the
past 2-3 weeks I've been starting to receive XMPP spam (a couple of
times per week).  Is there some configuration that could help here, or
do how people handle this?  Sample s2s log output below (IP and hostname
of spammer de-identified; josefsson.org is my domain, jabber.spammer.net
is the remote server).

/Simon

Mon Nov  9 14:54:20 2015 [notice] [13] [1.2.3.4, port=43000] incoming connection
Mon Nov  9 14:54:20 2015 [notice] [13] [1.2.3.4, port=43000] incoming stream 
online (id tbk0g818v3kzf67dr8tehwxcp1q2zbisn3t4cuc8)
Mon Nov  9 14:54:20 2015 [notice] [13] [1.2.3.4, port=43000] incoming stream 
online (id x8d4fqvoj95g7i5kr07utc7opflmozr4pns9)
Mon Nov  9 14:54:20 2015 [notice] [13] [1.2.3.4, port=43000] received dialback 
auth request for route 'josefsson.org/jabber.spammer.net'
Mon Nov  9 14:54:20 2015 [notice] dns lookup for jabber.spammer.net returned 1 
result (ttl 6012)
Mon Nov  9 14:54:20 2015 [notice] [14] [1.2.3.4, port=5269] outgoing connection 
for 'jabber.spammer.net'
Mon Nov  9 14:54:20 2015 [notice] [14] [1.2.3.4, port=5269] sending dialback 
auth request for route 'josefsson.org/jabber.spammer.net'
Mon Nov  9 14:54:20 2015 [notice] [16] [1.2.3.4, port=39052] incoming connection
Mon Nov  9 14:54:20 2015 [notice] [16] [1.2.3.4, port=39052] incoming stream 
online (id fudo3l9ulhoftw3icp50ow4djwmgubla6yyak845)
Mon Nov  9 14:54:20 2015 [notice] [16] [1.2.3.4, port=39052] incoming stream 
online (id tlipo11e62236gm233xfp7ln6w8e0d3tzmjnnk2u)
Mon Nov  9 14:54:21 2015 [notice] [16] [1.2.3.4, port=39052] checking dialback 
verification from jabber.spammer.net: sending valid
Mon Nov  9 14:54:21 2015 [notice] [14] [1.2.3.4, port=5269] outgoing route 
'josefsson.org/jabber.spammer.net' is now valid, TLS negotiated
Mon Nov  9 14:54:21 2015 [notice] [13] [1.2.3.4, port=43000] incoming route 
'josefsson.org/jabber.spammer.net' is now valid, TLS negotiated
Mon Nov  9 14:56:20 2015 [notice] [16] [1.2.3.4, port=39052] no dialback started
Mon Nov  9 14:56:20 2015 [notice] [16] [1.2.3.4, port=39052] disconnect, 
packets: 1


signature.asc
Description: PGP signature