[Security] Addressing the XMPP <> Spam issue

Valerian Saliou valerian at valeriansaliou.name
Thu Jun 30 12:34:45 UTC 2016


Hello,

I’m on my way to start working on an open-source anti-spam backend for XMPP built in Rust (a “SpamAssassin" for XMPP). Does this interest anyone?

It’s been months that my JID is spammed on a daily basis w/ messages in Russian for some dark hacking communities coming from random/unpredictible JIDs. It’s really annoying. There’s no way I can alleviate such issue locally by blocking the incriminated servers or JID since they vary for each message. Is there anyone else in this situation? (interested to make some stats on the matter).

The high-level concept:

 - We have a spamd filter that has a dedicated protocol allowing for local (server-wide and user-wide) spam reporting, spam checking and database training.
 - Incoming messages (the ones coming from users that are not in our roster, as well as presence subscriptions) are checked via a module on the XMPP server, against the spamd filter via the dedicated protocol. Pretty much as done w/ SpamAssassin on mailservers.
 - The filtering techniques employed to process the "spamicity" of a message: local reputation of an sender server IP + sender server domain + sender JID - WITH - local user-wide Bayesian database
 - We can imagine having some “cloud”/global reputation + Bayesian databases updated daily, as SpamAssassin does by updating sa-rules; but it’s centralized so let’s stick to a local database only for now.


The recent XEP on spam are not sufficient to fix the spam issue on a network scale, this is why I think we should have that “SpamAssassin” for XMPP thing. The XEP on spam reporting may help implement this processing pipeline from the client (reporting) to the server (reporting to the spamd filter for training).

Any remark on this? Anyone already working on a similar implementation? Nothing is started yet, I thing it’s a good thing to discuss this before I/we/someone starts anything on this.

Cheers,

--

Valerian Saliou
Co-founder CTO, Crisp <https://crisp.im/> - Customer interaction for entrepreneurs.

Looking for my contact details? <https://valeriansaliou.name/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/security/attachments/20160630/44b20f9e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4210 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/security/attachments/20160630/44b20f9e/attachment.bin>


More information about the Security mailing list