XSF Discussion - 2017-12-19


  1. Guus has left
  2. stefandxm has joined
  3. la|r|ma has joined
  4. marc has left
  5. lskdjf has left
  6. daniel has left
  7. marc has joined
  8. marc has left
  9. marc has joined
  10. daniel has left
  11. ralphm has joined
  12. daniel has joined
  13. lskdjf has left
  14. Kev has left
  15. daniel has joined
  16. sonny has joined
  17. sonny has joined
  18. daniel has joined
  19. lskdjf has left
  20. lskdjf has left
  21. lskdjf has left
  22. lskdjf has joined
  23. lskdjf has left
  24. lskdjf has left
  25. lskdjf has joined
  26. lskdjf has left
  27. lskdjf has joined
  28. lskdjf has left
  29. lskdjf has joined
  30. lskdjf has left
  31. lskdjf has joined
  32. marc has left
  33. remko has joined
  34. lskdjf has left
  35. sonny has joined
  36. sonny has joined
  37. efrit has joined
  38. sonny has left
  39. sonny has joined
  40. SamWhited has left
  41. Guus has left
  42. Guus has joined
  43. mrkiko has joined
  44. SamWhited has joined
  45. mrkiko has joined
  46. @Alacer has left
  47. waqas has left
  48. @Alacer has joined
  49. Guus has left
  50. tux has left
  51. tux has joined
  52. efrit has left
  53. jmpman has joined
  54. jmpman has joined
  55. la|r|ma has left
  56. SamWhited has left
  57. SamWhited has joined
  58. SamWhited has joined
  59. uc has joined
  60. SamWhited has joined
  61. SamWhited has joined
  62. stefandxm has left
  63. stefandxm has joined
  64. stefandxm has left
  65. stefandxm has joined
  66. stefandxm has left
  67. stefandxm has joined
  68. stefandxm has left
  69. stefandxm has joined
  70. SamWhited has joined
  71. SamWhited has joined
  72. stefandxm has left
  73. stefandxm has joined
  74. SamWhited has joined
  75. SamWhited has joined
  76. SamWhited has joined
  77. SamWhited has joined
  78. stefandxm has left
  79. stefandxm has joined
  80. stefandxm has left
  81. stefandxm has joined
  82. stefandxm has left
  83. stefandxm has joined
  84. stefandxm has left
  85. stefandxm has joined
  86. SamWhited has joined
  87. SamWhited has joined
  88. stefandxm has left
  89. stefandxm has joined
  90. SouL has joined
  91. SamWhited has left
  92. SamWhited has joined
  93. stefandxm has left
  94. stefandxm has joined
  95. SouL has left
  96. stefandxm has left
  97. stefandxm has joined
  98. stefandxm has left
  99. stefandxm has joined
  100. xnyhps has left
  101. SouL has left
  102. SouL has joined
  103. SouL has left
  104. stefandxm has left
  105. stefandxm has joined
  106. la|r|ma has left
  107. la|r|ma has left
  108. SamWhited has joined
  109. SamWhited has joined
  110. @Alacer has left
  111. SamWhited has joined
  112. SamWhited has joined
  113. @Alacer has joined
  114. la|r|ma has joined
  115. goffi has joined
  116. @Alacer has left
  117. @Alacer has joined
  118. @Alacer has left
  119. @Alacer has joined
  120. remko has joined
  121. remko has left
  122. remko has joined
  123. Tobias has joined
  124. Guus has joined
  125. stefandxm has left
  126. Guus has left
  127. Guus has joined
  128. ralphm has joined
  129. daniel has left
  130. Guus has left
  131. stefandxm has joined
  132. daniel jonasw, could you hit the the merge button on my protoxep when you have a minute so it makes the 24h notice window for the council agenda tomorrow?
  133. jonasw sure!
  134. jonasw didn’t see the mail, sorry
  135. Kev has joined
  136. daniel jonasw: thank you
  137. stefandxm has left
  138. ralphm has left
  139. stefandxm has joined
  140. mimi89999 has left
  141. Steve Kille has left
  142. jonasw daniel, mail sent :-)
  143. marc has joined
  144. Steve Kille has left
  145. pep. has left
  146. ralphm has left
  147. Steve Kille has joined
  148. Guus has joined
  149. Guus has left
  150. Guus has joined
  151. zinid has left
  152. ralphm has joined
  153. moparisthebest has joined
  154. Guus has left
  155. daniel has left
  156. Alex has joined
  157. Guus has left
  158. lskdjf has joined
  159. marc has left
  160. ralphm has joined
  161. daniel has left
  162. daniel has left
  163. efrit has joined
  164. Syndace has left
  165. Syndace has joined
  166. SouL has left
  167. uc has joined
  168. ralphm has left
  169. matlag has left
  170. matlag has left
  171. matlag has joined
  172. sonny has left
  173. SouL has joined
  174. Tobias has joined
  175. sonny has joined
  176. ralphm has joined
  177. SouL has joined
  178. daniel has left
  179. SouL has joined
  180. SouL has joined
  181. uc has joined
  182. SamWhited has joined
  183. SamWhited has joined
  184. SouL has joined
  185. jcbrand has joined
  186. Alex has left
  187. SouL has joined
  188. daniel has left
  189. tim@boese-ban.de has joined
  190. lumi has joined
  191. SouL has joined
  192. Syndace has joined
  193. Syndace has joined
  194. pep. has joined
  195. SouL has joined
  196. jcbrand has left
  197. jcbrand has left
  198. Ge0rG has left
  199. jcbrand has left
  200. jcbrand has joined
  201. vanitasvitae has left
  202. vanitasvitae has joined
  203. la|r|ma has joined
  204. SouL has joined
  205. daniel has left
  206. @Alacer has left
  207. @Alacer has joined
  208. efrit has left
  209. @Alacer has left
  210. @Alacer has joined
  211. SouL has left
  212. Syndace has left
  213. Syndace has joined
  214. mrkiko has left
  215. mrkiko has joined
  216. Guus has left
  217. SouL has joined
  218. SouL has joined
  219. pep. has left
  220. Guus has left
  221. SouL has left
  222. SouL has left
  223. tim@boese-ban.de has joined
  224. lumi has left
  225. Tobias has left
  226. jjrh has left
  227. SouL has joined
  228. SouL has joined
  229. jubalh has joined
  230. ralphm has joined
  231. SouL has joined
  232. lovetox has joined
  233. SouL has joined
  234. SamWhited has joined
  235. SamWhited has joined
  236. daniel has left
  237. daniel has joined
  238. jjrh has left
  239. jjrh has left
  240. SouL has left
  241. jjrh has left
  242. jjrh has left
  243. SouL has left
  244. jjrh has left
  245. Syndace has left
  246. Syndace has joined
  247. lskdjf has joined
  248. lskdjf has joined
  249. SamWhited has left
  250. Alex has joined
  251. Guus has left
  252. ralphm has joined
  253. SouL has left
  254. jcbrand has left
  255. Guus has left
  256. SouL has joined
  257. matlag has left
  258. matlag has joined
  259. jubalh has left
  260. ralphm has joined
  261. SouL has joined
  262. pep. has left
  263. SouL has joined
  264. SouL has left
  265. SouL has left
  266. efrit has joined
  267. Holger has left
  268. SouL has left
  269. efrit has left
  270. efrit has joined
  271. ralphm has joined
  272. zinid has left
  273. sonny has left
  274. SouL has joined
  275. SouL has joined
  276. sonny has left
  277. matlag has left
  278. SouL has joined
  279. SouL has joined
  280. lskdjf has joined
  281. ralphm has joined
  282. jubalh has joined
  283. jubalh has left
  284. ralphm has left
  285. SouL has joined
  286. Guus has left
  287. Tobias has joined
  288. efrit has left
  289. SouL has joined
  290. jubalh has joined
  291. jubalh has left
  292. Guus has left
  293. SouL has left
  294. SouL has left
  295. daniel has left
  296. SouL has left
  297. SouL has joined
  298. sonny has joined
  299. daniel has left
  300. Tobias has joined
  301. daniel has left
  302. ralphm has left
  303. jubalh has joined
  304. SouL has left
  305. waqas has joined
  306. SouL has joined
  307. SouL has left
  308. pep. What's the difference between {xep 0363} and {xep 0370}? Both can do more or less the same thing, right? 0370 doesn't require a server component but it would be feasible as well I think
  309. Bunneh pep.: Multiple matches: Stanza Headers and Internet Metadata https://xmpp.org/extensions/xep-0131.html Ad-Hoc Commands https://xmpp.org/extensions/xep-0050.html Dialback Key Generation and Validation https://xmpp.org/extensions/xep-0185.html Out of Band Data https://xmpp.org/extensions/xep-0066.html Blocking Command https://xmpp.org/extensions/xep-0191.html Atomically Compare-And-Publish PubSub Items https://xmpp.org/extensions/xep-0395.html Jingle In-Band Bytestreams Transport Method https://xmpp.org/extensions/xep-0261.html A Transport for Initiating and Negotiating Sessions (TINS) https://xmpp.org/extensions/xep-0111.html In-Band Real Time Text https://xmpp.org/extensions/xep-0301.html Spim Markers and Reports https://xmpp.org/extensions/xep-0287.html Out-of-Band Stream Data https://xmpp.org/extensions/inbox/outofband.html File Repository and Sharing https://xmpp.org/extensions/xep-0214.html Jingle In-Band Bytestreams Transport https://xmpp.org/extensions/inbox/jingle-ibb.html Stanza Interception and Filtering Technology https://xmpp.org/extensions/inbox/sift.html Mandatory-to-Implement Technologies for Jingle RTP Sessions https://xmpp.org/extensions/inbox/jingle-rtp-mti.html Spim Markers and Reports https://xmpp.org/extensions/inbox/spim.html Field Standardization for Data Forms https://xmpp.org/extensions/xep-0068.html The /me Command https://xmpp.org/extensions/xep-0245.html Stanza Interception and Filtering Technology (SIFT) https://xmpp.org/extensions/xep-0273.html In-Band Bytestreams https://xmpp.org/extensions/xep-0047.html XMPP Date and Time Profiles https://xmpp.org/extensions/xep-0082.html In-Band Registration https://xmpp.org/extensions/xep-0077.html Unique and Stable Stanza IDs https://xmpp.org/extensions/xep-0359.html Best Practices for Handling Offline Messages https://xmpp.org/extensions/xep-0160.html Extensible In-Band Registration https://xmpp.org/extensions/xep-0389.html Incident Handling https://xmpp.org/extensions/xep-0268.html Impact of TLS and DNSSEC on Dialback https://xmpp.org/extensions/xep-0344.html Form Discovery and Publishing https://xmpp.org/extensions/xep-0346.html Zero Handshake Server to Server Protocol https://xmpp.org/extensions/xep-0361.html Out-of-Band Stream Data https://xmpp.org/extensions/xep-0265.html Invisible Command https://xmpp.org/extensions/xep-0186.html Best Practices for Roster and Subscription Management https://xmpp.org/extensions/xep-0162.html Atomically Compare-And-Publish PubSub Items https://xmpp.org/extensions/inbox/cap.html
  310. pep. Wat
  311. lskdjf has joined
  312. Zash Nice
  313. Zash Maybe it did a search for "0363} and {xep 0370" and thought you really wanted all XEPs with the word "and" anywhere in them
  314. jjrh has left
  315. Zash Two {} commands at the same time don't work anyways
  316. pep. :(
  317. jjrh has left
  318. pep. -xep 0363
  319. Bunneh pep.: HTTP File Upload (Standards Track, Proposed, 2017-12-03) See: https://xmpp.org/extensions/xep-0363.html
  320. pep. -xep 0370
  321. Bunneh pep.: Jingle HTTP Transport Method (Standards Track, Deferred, 2017-09-11) See: https://xmpp.org/extensions/xep-0370.html
  322. Zash pep.: compare {xep 65} and ...
  323. Bunneh pep.: SOCKS5 Bytestreams (Standards Track, Draft, 2015-09-17) See: https://xmpp.org/extensions/xep-0065.html
  324. Zash -xep 260
  325. Bunneh Zash: Jingle SOCKS5 Bytestreams Transport Method (Standards Track, Draft, 2016-05-17) See: https://xmpp.org/extensions/xep-0260.html
  326. pep. Heh
  327. jjrh has left
  328. Zash Holy carp, do we have a bazillion XEPs mentioning "jingle"
  329. pep. Is there any implementation of 0370?
  330. zinid we need no carpy jingle
  331. lumi has joined
  332. jjrh has left
  333. SouL has joined
  334. jjrh has left
  335. sonny has left
  336. ralphm has left
  337. SouL has joined
  338. SouL has left
  339. Steve Kille has left
  340. Steve Kille has left
  341. jjrh has left
  342. waqas has left
  343. SouL has joined
  344. sonny has joined
  345. Steve Kille has joined
  346. lumi has joined
  347. marc Ge0rG, what is the input field on your easy-xmpp-invitation website for?
  348. jjrh has left
  349. sonny has left
  350. sonny has joined
  351. sonny has joined
  352. SouL has joined
  353. SouL has joined
  354. zinid has left
  355. SouL has left
  356. ralphm has left
  357. la|r|ma has left
  358. SouL has joined
  359. mimi89999 has left
  360. uc has left
  361. remko has left
  362. mimi89999 has joined
  363. uc has joined
  364. mimi89999 has joined
  365. Guus has left
  366. Guus has left
  367. ralphm has left
  368. Syndace has joined
  369. lumi has joined
  370. SouL has joined
  371. vanitasvitae has left
  372. vanitasvitae has joined
  373. SouL has left
  374. SouL has joined
  375. SouL has left
  376. la|r|ma has joined
  377. ralphm has left
  378. Syndace has left
  379. Syndace has joined
  380. McKael has joined
  381. jjrh has left
  382. SouL has joined
  383. McKael has joined
  384. SouL has joined
  385. McKael has joined
  386. ralphm has joined
  387. Guus has left
  388. jjrh has left
  389. SouL has joined
  390. Guus has left
  391. jcbrand has joined
  392. ralphm has left
  393. jcbrand has left
  394. ralphm has left
  395. ralphm has joined
  396. jubalh has joined
  397. SouL has joined
  398. Tobias has joined
  399. jubalh has left
  400. goffi has left
  401. jjrh has left
  402. daniel has left
  403. jjrh has left
  404. jjrh has left
  405. daniel has left
  406. jjrh has left
  407. SouL has left
  408. jjrh has left
  409. SouL has left
  410. edhelas I think that we have to start to work on spam issues seriously
  411. jabberatdemo has joined
  412. edhelas we have to see how people are spamming XMPP today on a wider scale than just blocking a type of message
  413. Link Mauve Oh, is it a new wave?
  414. edhelas Link Mauve it basically never stopped
  415. edhelas lena2521@jabber.uznam.net.pl
  416. Alex ya, SPAM is getting horrible, in the mood of shutting down my XMPP clients :(
  417. Link Mauve Might be our anti-spam solution working great then. ^^
  418. edhelas madaline2784@i0i0.de
  419. edhelas for now
  420. Link Mauve edhelas, it brings nothing to ban individual JIDs to the network.
  421. edhelas it's super easy to create a new host on your XMPP serve, put a let's encrypt certificate on it and start spamming the others
  422. edhelas yes I know
  423. Link Mauve Alex, if you’re running Prosody, https://yaxim.org/blog/2017/12/12/spam-reduction-on-yax-dot-im/
  424. edhelas what I'd like to do is have a look at all those domains, see if they are pointing to same IPs
  425. edhelas and basically figure out from where those SPAMs are coming
  426. edhelas but we seriously have to take the problem
  427. Link Mauve edhelas, pretty sure most spammers are currently relying on insecure public infrastructure rather than using their own servers.
  428. Link Mauve edhelas, just read that blog article, that’s how we’ve been handling it at JabberFR for the past year or so.
  429. edhelas that's not exactly true
  430. edhelas I have more spam comming from new domains than known ones
  431. MattJ edhelas, can you share some example domains?
  432. edhelas well I just did
  433. MattJ There are multiple spammers, they use different techniques, and not everyone will have their JID on every spammer's list
  434. edhelas I can give you a longer list, give me a bit of time
  435. Link Mauve edhelas, blocking by domain is almost never a solution.
  436. MattJ So while Link Mauve and I receive spam from existing domains, maybe you experience it more from a spammer who uses new domains
  437. edhelas MattJ that's what i'm saying, we have different kind of spams, we have to differentiate them and see how we can block them
  438. Link Mauve I should log all of the spams I’m blocking, to get better statistics.
  439. jabberatdemo has left
  440. edhelas well hopefully I have MAM and Movim cache for that
  441. edhelas also, again, for now we have simple SPAM messages
  442. Link Mauve Ge0rG, I’m interested in your statistics module btw.
  443. edhelas I start to have roster subscriptions request from spammers
  444. edhelas and the next kind will be Pubsub publications I think
  445. edhelas so I'm already talking with ejabberd dev to put quotas and limitations on Pubsub
  446. Link Mauve Wouldn’t reach nearly as many people as plain messages.
  447. uc has left
  448. uc has joined
  449. daniel > and the next kind will be Pubsub publications I think lol that's unnecessarily complex. normal messages will reach people just fine
  450. Tobias has left
  451. edhelas I'm deleting one or two accounts of users that are publishing articles with links to weird urls and warez places :)
  452. edhelas but yes this is pretty long term
  453. Tobias has joined
  454. daniel also; while i'm not denying that spam is a problem it is not really for the average user; normal users don't publish their jid everywhere. the lists the spammers are using are (in parts) very old. while *we* see a lot of spam normal users don't
  455. edhelas yes
  456. daniel yes it creates load and servers and requires work from sys admins; but we shouldn't necessarily let this distract us from other problems
  457. daniel especially since normal users - and even we - are not the target audience of the spam
  458. daniel we don't speak russian and we don't usually buy stolen credit cards
  459. daniel ok; some of us speak russian…
  460. jjrh has left
  461. edhelas ok I've compiled a list of JID that are sending messages to Movim users without been in their roster
  462. tim@boese-ban.de has left
  463. daniel has left
  464. daniel has left
  465. jjrh has left
  466. SouL has left
  467. edhelas some statistics per server :)
  468. edhelas https://movim.eu:5280/upload/9d94237298995552fa13436420195fbca436dce7/zGvBJ61KKHv40YHUDv4obvA5SKUlfxBgfzCH3V3e/spam_servers.txt
  469. ralphm has joined
  470. matlag has left
  471. jjrh has left
  472. ralphm has joined
  473. jjrh has left
  474. Ge0rG marc: it's not an input field, it's a text selection field where you can copy the xmpp: URI from
  475. marc Ge0rG, https://projects.zapb.de/tmp/easy-xmpp-invitation/
  476. marc I can edit the xmpp URI
  477. Ge0rG Link Mauve: thank you for sharing a private link, btw.
  478. ralphm has joined
  479. Link Mauve Oh, I saw it in public somewhere today, sorry. :x
  480. Ge0rG Link Mauve: it isn't published yet, and I'm in the middle of refactoring it into a technical post on my personal blog and a high-level post on yaxim.org
  481. jubalh has joined
  482. Ge0rG which technically means I've stopped working on it for now ;)
  483. Link Mauve I didn’t see any mention that it was a draft or anything either.
  484. Ge0rG Link Mauve: I'm sure I wrote it's a draft where I posted it.
  485. Link Mauve Damn…
  486. Link Mauve Sorry. :x
  487. Link Mauve You can still yank it out probably.
  488. Ge0rG Link Mauve: I'm sure nobody will notice
  489. Ge0rG let's hope it won't get picked up. yet.
  490. Ge0rG Link Mauve: but now you made me curious, you are not a member of the places I posted it in. :P
  491. Link Mauve I’m already looking for the place I got it from. ^^
  492. debacle has joined
  493. Ge0rG Sigh. advert364@yax.im - 1600 outgoing subscription requests.
  494. Ge0rG MattJ: can we have presence blocking in mod_firewall please?
  495. MattJ "presence blocking"?
  496. MattJ KIND: presence DROP.
  497. MattJ Presence. Blocked.
  498. MattJ XMP
  499. Ge0rG MattJ: I'm sure users will love this.
  500. MattJ They'll love the simplicity, which is good for UX
  501. Ge0rG MattJ: I want to block/revert presence subscriptions from accounts that are spamming.
  502. MattJ Incoming or outgoing?
  503. Ge0rG MattJ: both
  504. Ge0rG I've deleted some 2000 spammer accounts in the last weeks
  505. Ge0rG Link Mauve: the stats for that blog non-post I gathered by grepping prosody.log for JIDs captured by mod_firewall spammer.pfw
  506. MattJ I don't think a server should allow a new account to *have* 1600 open subscription requests
  507. Ge0rG MattJ: that's a great idea.
  508. Link Mauve Oh.
  509. Ge0rG Link Mauve: not sure if this will help you much. `zgrep -ho 'spam:.*message.*' /var/log/prosody/prosody.log*|grep -ho "from='[a-z0-9._-]*@[^']*'" > 2017-12-13-alljids.txt`
  510. Ge0rG MattJ: the other spam accounts I deleted have between 10 and 200 pending subscriptions. Which is still too much.
  511. edhelas Ge0rG you have IBR ?
  512. Ge0rG MattJ: but the worst thing is that I'm getting a dozen a subscriptions a day.
  513. Ge0rG edhelas: yes
  514. edhelas well then you know where they are coming from
  515. Link Mauve Ge0rG, it’s super weird, I can’t find any mention of this blog post in my logs before I posted it. oO
  516. jjrh has left
  517. edhelas on my side I'm starting to blacklist list of domains for s2s
  518. Ge0rG edhelas: from Tor and open proxies
  519. pep. wut, is that url private? it seems awfully public to me and I've seen it around already
  520. Zash Ge0rG: Maybe it would be clearer to say you wanna retract presence subscription requests from mod_firewall
  521. Ge0rG Zash: yes, that's exactly what I want. I'm sure I asked for that already one or two times
  522. jjrh has left
  523. Ge0rG pep.: I can't imagine how it made the rounds, or where
  524. pep. the spam reduction article right?
  525. Zash I thought I saw you ask for "blocking"
  526. pep. I'm confused
  527. ralphm has joined
  528. Ge0rG Zash: to block them I need to know they are spammers before they send their spam
  529. Link Mauve Maybe it would be simpler by writing another module, that would hook into the event fired by mod_firewall on someone being flagged as a spammer, and then proceed to remove its presence subscription.
  530. Link Mauve pep., do you remember where you saw it?
  531. Link Mauve Because grep doesn’t help. :/
  532. Ge0rG Zash: ideally it should delay incoming subscriptions for a minute and just discard them if the user sends incoming spam
  533. Link Mauve Ge0rG, one second would be enough currently.
  534. Ge0rG So kind of like a bastard of mod_smacks and mod_csi_pump
  535. Zash Hm, that sounds a bit tricky for mod_firewall?
  536. Zash Or? What sayeth MattJ?
  537. SamWhited has joined
  538. SamWhited has joined
  539. MattJ Some kind of tarpit has always been on my mind for mod_firewall, but it is indeed tricky
  540. Ge0rG I'm okay with a separate module if it helps tame subscription spam
  541. pep. Ah, hmm, no I've never read it. Dec 12th 2017
  542. jjrh has left
  543. Link Mauve Ge0rG, could you have used an URL shortener?
  544. edhelas is it risky to publish publicly my list of blacklisted s2s servers ?
  545. Ge0rG edhelas: I don't think so
  546. edhelas I'd like to be transparent regarding my configuration
  547. Link Mauve edhelas, it’s a good thing, it will allow them to start the process to get un-blacklisted.
  548. pep. edhelas, might also be nice to send a message to the contact address of that server when you blacklist it
  549. Link Mauve Indeed.
  550. edhelas meh
  551. pep. why?
  552. pep. Of course you can automate that
  553. edhelas step by step :)
  554. edhelas first publish the list
  555. jjrh has left
  556. jjrh has left
  557. Ge0rG MattJ: currently I'm actively monitoring prosody.log for outgoing spam, listing all accounts registered from the same ip as the perpetrator, checking whether any of them have proper roster subscriptions and deleting all that look like spammers.
  558. jjrh has left
  559. Ge0rG I've automated most of the steps so it boils down to copying a JID and a list of user:delete commands, but the monitoring itself is tedious and in theory easy to automate
  560. MattJ To automate that, I'd fire an event from the firewall "reject spam" chain, and just handle the rest in a module
  561. zinid has left
  562. MattJ At least log the IP to a separate file
  563. Ge0rG MattJ: yes, it would help to have a quarantine flag on accounts that could be set this way
  564. MattJ Hmm
  565. Ge0rG I've pulled a number for that one recently
  566. Ge0rG MattJ: but none of this solves the incoming subscriptions problem
  567. Ge0rG It merely reduces the outgoing subscriptions problem, slightly
  568. Ge0rG As I said, I've deleted around 2k accounts so far.
  569. MattJ Automatically rejecting a pending incoming subscription should be pretty straightforward to add as an action
  570. Ge0rG And one real user, by accident. Which is why I want a quarantine flag that's less terminal than a deletion
  571. MattJ Any "hold the stanza for X seconds/minutes" is full of performance and correctness problems
  572. Ge0rG MattJ: yes, I know. But holding a stanza long enough to check the next stanza from the same JID might actually work without melting the server
  573. MattJ We had a lot of discussion about this when you first had the idea
  574. MattJ Nice idea, but the spammer only has to wait N+1 seconds
  575. MattJ and they have plenty of time on their hands
  576. Ge0rG MattJ: maybe they do, maybe not.
  577. MattJ Whatever you choose for N, they can wait longer, and as you increase N you're going to effectively open yourself up to DoS attacks
  578. debacle has left
  579. Ge0rG Greylisting has turned out to work exceptionally well for email
  580. Ge0rG MattJ: besides, even if they wait, they won't get past the spam filter, so they have no incentive to modify their code
  581. MattJ What's their incentive for sending the subscription request in the first place?
  582. MattJ btw, I don't see anything about your account quarantine flag: https://prosody.im/issues/?q=state%3Dopen+firewall
  583. Ge0rG MattJ: I suppose it's too trick dumb clients / servers to accept the following message
  584. Ge0rG MattJ: https://prosody.im/issues/1057
  585. Ge0rG MattJ: my firewall blocks all spam messages anyway, so they won't gain anything by waiting longer
  586. Alex has left
  587. Alex has joined
  588. Ge0rG MattJ: please feel free to suggest a different method to mitigate the incoming subscriptions.
  589. MattJ I think we ultimately ended up at UI changes on the clients when we last discussed this
  590. MattJ That is, a subscription request should not be "noisy"
  591. Ge0rG MattJ: I would accept a subscription denial from the firewall as a first step.
  592. MattJ Yes, that can be done
  593. Ge0rG MattJ: except that we haven't implemented anything after the discussion, and are repeating it now.
  594. MattJ I'll get you your account flagging thing, which will at least help to improve your current process
  595. MattJ and then I'll get you automated rejection/retraction of subscription requests
  596. Ge0rG MattJ: thanks, that's awesome!
  597. MattJ The tarpit thing may happen one day, or it may never happen
  598. MattJ It's a nice idea with too many practical issues
  599. Ge0rG MattJ: what about making the flagging depend on the number of roster items the user has? I.e. when pending >(to+both)
  600. MattJ Simply because you have to queue every stanza for the same destination JID following a match, and they can send to an unbounded number of destination JIDs
  601. Ge0rG MattJ: I'm sure we can also stop incoming mass subscriptions from the same JID
  602. Ge0rG Just not from the same server...
  603. MattJ Ge0rG, they'll just add bot accounts to bot accounts rosters
  604. Ge0rG MattJ: maybe
  605. Ge0rG MattJ: but yes, das things first please.
  606. Ge0rG is leaving for the night now. CU
  607. MattJ Good night
  608. Ge0rG s/das/easy/ it's too late for auto completion
  609. ralphm has joined
  610. mimi89999 has joined
  611. jjrh has left
  612. jjrh has left
  613. ralphm has joined
  614. ralphm has left
  615. ralphm has joined
  616. ralphm has left
  617. ralphm has joined
  618. jjrh has left
  619. lovetox has left
  620. peter has joined
  621. Alex has left
  622. Alex has joined
  623. Alex has left
  624. vanitasvitae has left
  625. vanitasvitae has joined
  626. vanitasvitae has left
  627. vanitasvitae has joined
  628. SamWhited has left
  629. SouL has left
  630. SamWhited has joined