[JDEV] is it possible to make a "trusted" relay transport in jabberd?

Nick nick at jabberstudio.org
Thu Jul 10 13:24:37 CDT 2003 

What ever floats your boat. But, instead of taking advantage of a (mis)
feature in the jabberd14 backbone, why not just send the recepient of 
the email a simple notification to IM this person? Also, what if 
someone sends an email (ie spam) that does _not_ have a jabber account 
with you? Simple enough to filter those emails out, I suppose, but if 
one gets through, then your users get spam they can't reply to, and 
have no recourse.

And maybe im being dense here, but what is the point of sending an 
email to someone on a local jabber server to intiate a jabber 
conversation, when you could just... jabber the person to begin with?

IMO this (mis)feature needs to (corrected?)enhanced to check froms so 
it's not allowed. Of course in PXR, this isn't an issue...
-- 

Nicholas Perez
Email: 	nick at jabberstudio.org
Jabber:	nickperez at jabber.org
Home:	303.759.0574




On 2003.07.10 12:05, Dov B Katz wrote:
> Nick,
> 
>  I did some testing, and it turns out that local transports on a
> server can
> spoof the from to send messages to anyone on that server... anything
> that
> needs to go via dialback will obviously not work since dialback
> prohibits
> it.
> 
> I am using this kind of relaying for several purposes. Among them is
> taking
> inbound email and routing them as jabber messages.... i.e. user A
> sends
> email to my mailpipe.. I re-route it to my jabber, but set the "from"
> of
> the jabber msg to be the User A's jabber account, not mail account.
> This
> allows externally initiated conversations, which continue in jabber...
> Additionally, I want to have people send jabber messages to local
> users via
> a web form, and I believe a transport is more efficient than having
> send
> message scripts which constantly have to log in as the user on a  per
> message basis.
> 
> I may work with joe to add such spoofability to the JGF if others see
> a use
> for it.
> 
> Think of spoofing the from, as being able to set a "Reply to:" in
> jabber.
> Since, ultimately when you reply, it goes where I wanted it to....
> ---------
> 
> To sum up. After some experimentation, it appears that  a
> gateway/transport
> can send jabber traffic as anyone it wants ONLY if the dest user is on
> the
> same server as the transport.  If messages must undergo the scrutiny
> of
> dialback, they will be blocked for obvious reasons.
> 
> Best regards, and thanks for the response.
> -Dov Katz
> 
> Nick wrote:
> 
> > Why are you attempting to do something very not appropriate? Once
> the
> > client receives that message and attempts to reply, is the return
> > address going to valid? Why not do what the other transports do and
> > have user%otherserver at transport.yourserver? In the <message/>
> <body/>
> > just prepend the message with "FROM: user at otherserver" in case you
> are
> > worried about clarity.
> > --
> >
> > Nicholas Perez
> > Email:  nick at jabberstudio.org
> > Jabber: nickperez at jabber.org
> > Home:   303.759.0574
> >
> > On 2003.07.10 09:13, Dov B Katz wrote:
> > > Is there any way (either via modification to config or to jabberd
> > > source
> > > code) in jabberd 1.4 to permit a transport to set its "from jid"
> to
> > > anything it wants?
> > >
> > > Lets say we have a server myserver, and a transport relay.
> myserver
> > >
> > > I need the transport to send jabber messages as user at myserver, or
> > > user at otherserver, etc...
> > >
> > > If you try that, I think jabberd disconnects the transport. How
> can I
> > > grant it permission to do something like that?
> > >
> > > Thanks in advance.
> > > -Dov
> > > --
> > > NOTICE: If received in error, please destroy and notify sender.
> > > Sender
> > > does not waive confidentiality or privilege, and use is
> prohibited.
> > >
> > >
> > > begin:vcard
> > > n:Katz;Dov
> > > tel;fax:+1 (212) 507-8304
> > > tel;work:+1 (212) 762-2171
> > > x-mozilla-html:FALSE
> > > url:http://www.morganstanley.com
> > > org:<img src="http://www.morganstanley.com/img/morgan.gif">
> > > ;Information Technology
> > > version:2.1
> > > email;internet:Dov.Katz at morganstanley.com
> > > adr;quoted-printable:;;750 7th Avenue=0D=0A34th Floor;New
> > > York;NY;10019;
> > > fn:Dov Katz
> > > end:vcard
> > >
> > _______________________________________________
> > jdev mailing list
> > jdev at jabber.org
> > http://mailman.jabber.org/listinfo/jdev
> 
> --
> NOTICE: If received in error, please destroy and notify sender.
> Sender
> does not waive confidentiality or privilege, and use is prohibited.
> 
> 
> begin:vcard
> n:Katz;Dov
> tel;fax:+1 (212) 507-8304
> tel;work:+1 (212) 762-2171
> x-mozilla-html:FALSE
> url:http://www.morganstanley.com
> org:<img src="http://www.morganstanley.com/img/morgan.gif">
> ;Information Technology
> version:2.1
> email;internet:Dov.Katz at morganstanley.com
> adr;quoted-printable:;;750 7th Avenue=0D=0A34th Floor;New
> York;NY;10019;
> fn:Dov Katz
> end:vcard
>

More information about the JDev mailing list