[Operators] spam

Georg Lukas georg at op-co.de
Sat Nov 19 11:44:41 UTC 2016


Hi,

* psjbeisler <psjbeisler at gmail.com> [2016-11-18 20:05]:
> just want to mention ive been getting spam from the following JIDs,
> all in russian, trying to get me to buy stuff.
> just as a PSA if nothing else, if youre the admin please advise, im sure
> theres more.

I've deployed the following mod_firewall rules in prosody to get rid of
the incoming spam messages and to block the backchannel to the spammer
(requires up-to-date prosody-modules to work):

------------------------------------------------------------
# default chain
::deliver

NOT TYPE: groupchat
INSPECT: body
INSPECT: body#~=forum%.benderbay%.com
JUMP_CHAIN=user/abuse

NOT TYPE: groupchat
INSPECT: body
INSPECT: body#~=gidroslonik at 0nl1ne%.at
JUMP_CHAIN=user/abuse

NOT TYPE: groupchat
INSPECT: body
INSPECT: body#~=reklama at jabme%.de
JUMP_CHAIN=user/abuse

NOT TYPE: groupchat
INSPECT: body
INSPECT: body#~=reklama at xabber%.de
JUMP_CHAIN=user/abuse

# packets from local users
::preroute

TO: gidroslonik at 0nl1ne.at
JUMP_CHAIN=user/abuse

TO: reklama at jabme.de
JUMP_CHAIN=user/abuse

TO: reklama at xabber.de
JUMP_CHAIN=user/abuse

# generic block rule
::user/abuse
BOUNCE=not-allowed (Blocked due to abuse)
------------------------------------------------------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 811 bytes
Desc: Digital signature
URL: <http://mail.jabber.org/pipermail/operators/attachments/20161119/c9a7e17e/attachment-0001.sig>


More information about the Operators mailing list