[jdev] spoofing "from" attributes
Ryan Eatmon
reatmon at jabber.org
Mon Feb 21 22:23:49 CST 2005
Jabber is somewhat explicity designed NOT to allow for spoofing like
this. That kind of thing opens the door for spam that you cannot track
down.
Fabio Forno wrote:
> Hi, I'm trying to write a component allowing to send messages using
> webservices. Since I don't want to open a different xmpp stream for any
> possible caller of the service, I'd like to have a component, called
> soap, able of sending messages with arbitrary from attributes.
>
> I'm using the latest jabberd 2.x, and I try to send a stanza like this
> one from a componet bound as 'soap':
>
> <route to='user1 at serverA'
> xmlns='http://jabberd.jabberstudio.org/ns/component/1.0'
> from='soap'>
> <message to='user1 at serverA' xmlns='jabber:client'
> from='user2 at serverB'>
> <body> ciao </body>
> </message>
> </route>
>
> If this is sent to a local user (serverA==serverB) the messages is
> correctly delivered, but when it is sent to a different host I receive
> this error message:
>
> <route to='soap'
> xmlns='http://jabberd.jabberstudio.org/ns/component/1.0'
> from='s2s'>
> <message to='user2 at serverB' xmlns='jabber:client'
> from='userA at jabber.linux.it' type='error'>
> <error code='503' type='cancel'>
> <service-unavailable xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
> </error>
> <body> ciau </body>
> </message>
> </route>
>
> Any suggestion?
> Thanks
>
--
Ryan Eatmon
reatmon at jabber.org
More information about the JDev
mailing list