message forwarding
Since [8303], gajim support thast part of xep-0146. However this one use a unspecified xep ( http://www.xmpp.org/extensions/inbox/forwarding-delivery.html ) to specify the original sender. Contrary to the xep, ofrom is not a valid attribute conforming to xep 0033.
Someone can easily send a spoofed message using this feature, as gajim do not check anything :
\<message to="misc@example.org" type="message">
\<body>Hot penguin live action on http://nude_penguin.example.org\</body>
\<addresses xmlns="http://jabber.org/protocol/address">
\<address type='ofrom' jid='gw_bush@example.com' delivered='true'/>
\</addresses>
\</message>
Since this is linked to remote client forwarding, I took a look at psi implementation ( not vulnerable from what i see ), and they check if the message comes from the same account, with a different ressources ( method PsiAccount::client_messageReceived, file src/psiaccount.cpp ).
I suggest to do the same in gajim, here is a patch ( a not very elegant one i fear , as i do not know all function in gajim )