[Operators] Spammy invites

Александр sss at sss.chaoslab.ru
Fri Mar 1 17:20:51 UTC 2013 

В письме от Пятница, 01-мар-2013 16:37:33 пользователь Per Gustafsson 
написал:


We're moving around where we are doing this blocking. during next week we'll do 
something more XMPP compliant. If there are particular domains that you want us to 
whitelist we are open to doing that.


On Fri, Mar 1, 2013 at 2:56 PM, Marco Cirillo <maranda at lightwitch.org[1]> wrote:


Il 01/03/2013 13:47, Kim Alvefur ha scritto:


Hi,

On 2013-02-13 09:48, Per Gustafsson wrote:


I work with Google's chat service, and we are seeing lots of spammyinvites from users 
on various federated domains, (...),otherwise we will have to institutevery tight limits of 
invites per day being sent from federated domains.


How are you replying in this case?  We are hearing complaints fromprosody users 
about not being able to send invites, which I'm guessingis this.  It could be that the 
current rate limit is overzealous orsomething.

Something I noticed as a sever developer is that people are seeingpresence bounced 
with an error on the *outgoing* connection, which isnot valid*.

And this is the error element reported:

<error type='cancel' code='503'><service-
unavailablexmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/></error>

If this is the rate limiting then I would suggest some more appropriateerror, or at least 
some descriptive text.

* Unless bidirectional (xep-288) streams are used.

--Kim "Zash" AlvefurProsody dev



Additionally,

If the presence subscription request comes from a gmail account, mutual presence 
subscription is still impossible because the google xmpp server still rejects any 
presence of type='subscribe' with a service-unavailable error, which as stated above, is 
even sent on the wrong stream. Of course, that doesn't leave much choice but editing 
the roster directly to see the gmail account status...

Perhaps if you guys want to employ limitations at least do it accordingly and possibly in 
a way that <<speaks proper xmpp>> and doesn't violate rfcs.

Thank you.








--------
[1] mailto:maranda at lightwitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/operators/attachments/20130301/d25652a8/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.jabber.org/pipermail/operators/attachments/20130301/d25652a8/attachment-0001.pgp>

More information about the Operators mailing list