Re: Spim is increasing for debian.org
On Wed, 5 Dec 2018 at 11:59, W. Martin Borgert <debacle@debian.org> wrote:
>
> Quoting Petter Reinholdtsen <pere@hungry.com>:
> > The amount of spam I recieve via XMPP for my debian.org user is
> > increasing. Is there a firewall in place now, or is it still missing?
>
> It is still missing, unfortunately.
>
> The versions of prosody and prosody-modules installed are sufficient
> for a firewall now, it "just" needs to be done.
>
> Any help is very welcome!
> (imagine some fancy ASCII art frames here!)
Happy to help however I can. Obviously there is no magic switch to
just block spam[*], and actively preventing it requires work. The main
person I know who is working on this indeed would prefer to keep the
rules non-public. If that's a problem for debian.org, then obviously
that ruleset isn't a solution. There is a basic anti-spam script
bundled with mod_firewall, which will filter out some things.
Pretty much all the spam is coming from badly maintained servers, and
a lot of work is being done behind the scenes to get those fixed or
shut down (including notifying ISPs where appropriate). Repeat
offenders will be listed at https://github.com/JabberSPAM/blacklist
(note, this is new and there are no entries yet).
[*] blocking all messages from non-contacts is currently an effective
step, though not an ideal one. Currently this can only be configured
server-wide, but I'm looking into making it possible for users to
configure this themselves on a per-account basis.
> We are not the only ones suffering: Germanys most important Jabber
> server was down for some hours yesterday:
Indeed, it's an ongoing problem with no easy solution. XMPP is lucky
that it has many more tools available to combat spam than SMTP ever
had, but that doesn't mean it's automatic. We're still figuring out
the best counter-measures. But so are the spammers...
Anyway, let me know if there's anything I can help with.
Regards,
Matthew
Reply to: