Re: vogler.d.o runs stretch now! Next steps...
- To: "W. Martin Borgert" <debacle@debian.org>
- Cc: debian-rtc@lists.debian.org
- Subject: Re: vogler.d.o runs stretch now! Next steps...
- From: Denver Gingerich <denver@ossguy.com>
- Date: Wed, 7 Feb 2018 09:07:02 -0500
- Message-id: <[🔎] 20180207140701.5cxnyzjqz7z6kuad@ossguy.com>
- In-reply-to: <20180118110625.GA10168@fama>
- References: <20180108232505.GA22942@fama> <0b274c59-b677-a65e-8e7d-b62d1cf5f785@pocock.pro> <20180109001413.GA2023@fama> <20180117222747.GA9307@fama> <20180117224519.mb2hhpbzljyflfsn@ossguy.com> <20180118110625.GA10168@fama>
On Thu, Jan 18, 2018 at 12:06:25PM +0100, W. Martin Borgert wrote:
> On 2018-01-17 17:45, Denver Gingerich wrote:
> > There are a few services that rely on such messages to get through (such as https://jmp.chat/ - disclosure: I run it) and there are lots of other ways to handle spam with a smaller stick.
>
> The idea is to use mod_firewall and block messages of strangers,
> that contain certain strings, e.g. "ddos" or "payout". Also some
> well-known SPIM servers can be blacklisted. (This is what I got
> from singpolyma, btw.)
Those are indeed the sorts of rules singpolyma and I use. You can see our list of well-known SPIM servers in the attached blacklist-20180207.txt file, and the list of strings that cause strangers' messages to be blocked in the attached firewall-20180207.pfw file. The rest of firewall-20180207.pfw shows how we always deliver messages to roster contacts (even if they include spam keywords) and a couple other related rules.
> IMHO, the blacklist and rules should be published somewhere, so
> that everybody can understand, why a message is blocked and whom
> to contact to get their server off the blacklist ;~)
Definitely! I hope the lists I've attached are helpful - feel free to merge them with whatever list you have going already.
> > I'm happy to discuss other spam mitigation techniques if you're interested - we've managed to get to quite a good place with the personal server I use.
>
> Yes, please! Just post to this list, I'm curious!
Hopefully the aforementioned attachments arrive - they are effectively everything we use for spam mitigation, and they work very well in my experience (I can't remember the last time I received a spam message).
Denver
https://jmp.chat/
buckthorn.ws
draugr.us
j3ws.biz
pandion.im
qip.ru
jabber.cd
bev083.ddns.mobi
yif.fi
privacy.re
sar.mn
core.mx
poly.space
www.mabol.de
proxy.shop
vpn.team
::deliver
%LIST blacklist: file:/etc/prosody/blacklist.txt
CHECK LIST: blacklist contains $<@from|host>
LOG=[info] SPAM BLACKLIST: $<@from> to $<@to>
BOUNCE=policy-violation (You are blocked for SPAM.)
FROM: wsmnw.lt@scc.chpc.ac.za
LOG=[info] SPAM BLACKLIST: $<@from> to $<@to>
BOUNCE=policy-violation (You are blocked for SPAM.)
ORIGIN MARKED: spammer (3600s)
LOG=[info] SPAM MARKED: $<@from> to $<@to>
BOUNCE=policy-violation (You are blocked for SPAM.)
# Pass stanzas that a user sends to their own account
TO SELF?
PASS.
# Pass stanzas that are addressed to a valid full JID
TO FULL JID?
PASS.
# Pass stanzas from contacts
SUBSCRIBED?
PASS.
IN ROSTER?
PASS.
%SEARCH body: body#
%PATTERN xsndr: xsndr
KIND: message
COUNT: xsndr in body > 0
LOG=[info] SPAM PATTERN: $<@from> to $<@to>
BOUNCE=policy-violation (You are blocked for SPAM.)
%PATTERN mybulka: mybulka
KIND: message
COUNT: mybulka in body > 0
LOG=[info] SPAM PATTERN: $<@from> to $<@to>
BOUNCE=policy-violation (You are blocked for SPAM.)
%PATTERN onion: .%.onion
KIND: message
COUNT: onion in body > 0
LOG=[info] SPAM PATTERN: $<@from> to $<@to>
BOUNCE=policy-violation (You are blocked for SPAM.)
%PATTERN ruadvertisement: [Pp]еклама
KIND: message
COUNT: ruadvertisement in body > 0
LOG=[info] SPAM PATTERN: $<@from> to $<@to>
BOUNCE=policy-violation (You are blocked for SPAM.)
%PATTERN advert: [Aa]%s*d%s*v%s*e%s*r%s*t
KIND: message
COUNT: advert in body > 0
LOG=[info] SPAM PATTERN: $<@from> to $<@to>
BOUNCE=policy-violation (You are blocked for SPAM.)
%PATTERN promotion: [Pp]romotion
KIND: message
COUNT: promotion in body > 0
LOG=[info] SPAM PATTERN: $<@from> to $<@to>
BOUNCE=policy-violation (You are blocked for SPAM.)
%PATTERN ddos: [Dd][Dd][Oo][Ss]
KIND: message
COUNT: ddos in body > 0
LOG=[info] SPAM PATTERN: $<@from> to $<@to>
BOUNCE=policy-violation (You are blocked for SPAM.)
%PATTERN escrow: [Ee]scrow
KIND: message
COUNT: escrow in body > 0
LOG=[info] SPAM PATTERN: $<@from> to $<@to>
BOUNCE=policy-violation (You are blocked for SPAM.)
%PATTERN payout: payout
KIND: message
COUNT: payout in body > 0
LOG=[info] SPAM PATTERN: $<@from> to $<@to>
BOUNCE=policy-violation (You are blocked for SPAM.)
%PATTERN buy: buy
KIND: message
COUNT: buy in body > 0
LOG=[info] SPAM PATTERN: $<@from> to $<@to>
BOUNCE=policy-violation (You are blocked for SPAM.)
%PATTERN spam: [Ss]pam
KIND: message
COUNT: spam in body > 0
LOG=[info] SPAM PATTERN: $<@from> to $<@to>
BOUNCE=policy-violation (You are blocked for SPAM.)
%PATTERN ads: ads
KIND: message
COUNT: ads in body > 0
LOG=[info] SPAM PATTERN: $<@from> to $<@to>
BOUNCE=policy-violation (You are blocked for SPAM.)
%PATTERN seller: seller
KIND: message
COUNT: seller in body > 0
LOG=[info] SPAM PATTERN: $<@from> to $<@to>
BOUNCE=policy-violation (You are blocked for SPAM.)
Reply to: