Harry Potter and The Jabber Spam

Pá 13 ledna 2017

After many many years of happy using XMPP we were finally awarded with the respect of spammers and suddenly some of us (especially those who have their JID in their email signature) are getting a lot of spim.

Fortunately, the world of Jabber is not so defenceless, thanks to XEP-0016 (Privacy Lists). Not only it is possible to set up list of known spammers (not only by their complete JIDs, but also by whole domains), but it is also possible to build a more complicated constructs.

Usually these constructs are not very well supported by GUI so most of the work must be done by sending plain XML stanzas to the XMPP stream. For example with pidgin one can open XMPP Console by going to Tools/XMPP Console and selecting appropriate account for which the privacy lists are supposed to be edited.

Whole system of ACLs consists from multiple lists. To get a list of all those privacy lists for the particular server, we need to send this XMPP stanza:

<iq type='get' id='getlist1'>
        <query xmlns='jabber:iq:privacy'/>


If the stanza is sent correctly and your server supports XEP-0016, then the server replies with the list of all privacy lists:

<iq id='getlist1' type='result'>
        <query xmlns='jabber:iq:privacy'>
                <default name='urn:xmpp:blocking'/>
                <list name='invisible'/>
                <list name='urn:xmpp:blocking'/>

To get a content of one particular list we need to send this stanza:

<iq type='get' id='getlist2'>
    <query xmlns='jabber:iq:privacy'>
        <list name='urn:xmpp:blocking'/>

And again the server replies with this list:

<iq id='getlist2' type='result'>
    <query xmlns='jabber:iq:privacy'>
        <list name='urn:xmpp:blocking'>
            <item order='0' action='deny'
                value='talk.mipt.ru' type='jid'/>
            <item order='0' action='deny'
                value='im.flosoft.biz' type='jid'/>
            <item order='0' action='deny'
                value='nius.net' type='jid'/>
            <item order='0' action='deny'
                value='jabber.me' type='jid'/>
            <item order='0' action='deny'
                value='tigase.im' type='jid'/>
            <item order='0' action='deny'
                value='pisem.net' type='jid'/>
            <item order='0' action='deny'
                value='qip.ru' type='jid'/>
            <item order='0' action='deny'
                value='crypt.mn' type='jid'/>
            <item order='0' action='deny'
                value='atteq.com' type='jid'/>
            <item order='0' action='deny'
                value='j3ws.biz' type='jid'/>
            <item order='0' action='deny'
                value='jabber.dol.ru' type='jid'/>
            <item order='0' action='deny'
                value='vpsfree.cz' type='jid'/>
            <item order='0' action='deny'
                value='buckthorn.ws' type='jid'/>
            <item order='0' action='deny'
                value='pandion.im' type='jid'/>

Server goes through every item in the list and decides based on the value of action attribute. If the actual considered stanza does not match any item in the list, the whole system defaults to allow.

I was building a blocking list like this for some time (I have even authored a simple Python script for adding new JID to the list), but it seems to be road to nowhere. Spammers are just generating new and new domains. The only workable solution seems to me to be white-list. Some domains are allowed, but everything else is blocked.

See this list stanza sent to the server (answer should be simple one line empty XML element):

<iq type='set' id='setwl1'>
    <query xmlns='jabber:iq:privacy'>
        <list name='urn:xmpp:whitelist'>
            <item type='jid' value='amessage.de'
                  action='allow' order='1'/>
            <item type='jid' value='ceplovi.cz'
                  action='allow' order='2'/>
            <item type='jid' value='cepl.eu'
                  action='allow' order='3'/>
            <item type='jid' value='dukgo.com'
                  action='allow' order='4'/>
            <item type='jid' value='eischmann.cz'
                  action='allow' order='5'/>
            <item type='jid' value='gmail.com'
                  action='allow' order='7'/>
            <item type='jid' value='gtalk2voip.com'
                  action='allow' order='8'/>
            <item type='jid' value='jabber.at'
                  action='allow' order='9'/>
            <item type='jid' value='jabber.cz'
                  action='allow' order='10'/>
            <item type='jid' value='jabber.fr'
                  action='allow' order='11'/>
            <item type='jid' value='jabber.org'
                  action='allow' order='12'/>
            <item type='jid' value='jabber.ru'
                  action='allow' order='13'/>
            <item type='jid' value='jabbim.cz'
                  action='allow' order='14'/>
            <item type='jid' value='jankratochvil.net'
                  action='allow' order='15'/>
            <item type='jid' value='kde.org'
                  action='allow' order='16'/>
            <item type='jid' value='loqui.im'
                  action='allow' order='17'/>
            <item type='jid' value='mac.com'
                  action='allow' order='18'/>
            <item type='jid' value='metajack.im'
                  action='allow' order='19'/>
            <item type='jid' value='njs.netlab.cz'
                  action='allow' order='20'/>
            <item type='jid' value='stpeter.im'
                  action='allow' order='21'/>
            <item type='jid' value='ucw.cz'
                  action='allow' order='22'/>
            <item action='deny' order='23'/>

Server goes in order through all items on the list, and if it doesn’t match on any item, it hits the last item in the list, which denies the access.

It is also useful to make sure the list which have actually created be default:

<iq type='set' id='default1'>
    <query xmlns='jabber:iq:privacy'>
        <default name='urn:xmpp:whitelist'/>

So, now I am in the state of testing, how it works (using as server jabberd2 version 2.4.0 from the RHEL-6/EPEL package).

Category: computer Tagged: xmpp