On my debian stretch vps I have a xmpp server ejabberd-18.12.1-2 ~ bpo9 + 1. The anti spam precautions I took are:
registration_timeout: 2600
A captcha to protect IBR (in-bound registration) which I thought was a nuisance necessary for users who register with the server, but still necessary in order to stop spam robots. It too proved to be useless.
captcha_host: "my.ejabberd.xmpp: 5280" captcha_cmd: "/usr/share/ejabberd/captcha.sh"
A regex that forces users to register using a username format, a single point or a minus sign or a possible underscore and a two-digit number at the end and no more, this to try to somehow prevent the formation of names hexadecimal with random characters but this was also useless.
user_regexp: - "^ [a-zA-Z] + (?: [_ -]? [a-z0-9]) * $"
An ACL to stop bogons out of address ips:
bogons: ip: - "0.0.0.0/8" - "10.0.0.0/8" ....
a long black list of IPs and domain names of xmpp servers known to spread spam with another set of fake account addresses collected through the analysis of logs and via the ejabberd web administration panel.
spamhosts: server:
These are the precautions I have taken and I was not able to stop the waves of fake account creations for the propagation of spam via IM.
What am I doing wrong? Thanks for your attention.
