annotate mod_firewall/scripts/spam-blocking.pfw @ 3832:0d4146cf9fbc

mod_rest: Enforce single child policy for outgoing it stanzas
author Kim Alvefur <zash@zash.se>
date Fri, 03 Jan 2020 18:29:10 +0100
parents 8908d001faf3
children 879955a32a37
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
1 #### Anti-spam ruleset ###########################################
2571
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
2 #
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
3 # This script provides some foundational anti-spam rules. It aims
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
4 # to PASS stanzas that are definitely not spam, and DROP stanzas
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
5 # that are very likely spam.
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
6 #
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
7 # It does not do any form of content filtering,
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
8 # but this can be implemented by other scripts and
2571
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
9 # modules as desired using the chains documented below.
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
10 #
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
11 #
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
12 # The following chains are available as extension
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
13 # points:
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
14 #
2571
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
15 # ::user/spam_check_custom
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
16 # Apply additional rules to all stanzas before they are checked.
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
17 # Mainly useful to PASS stanzas that you do not want to be
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
18 # filtered.
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
19 #
2567
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
20 # ::user/spam_check_message_custom
2571
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
21 # Apply additional rules to messages from strangers, aiming to
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
22 # PASS stanzas that are not spam and jump to ::user/spam_reject
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
23 # for stanzas that are considered spam.
2567
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
24 #
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
25 # ::user/spam_check_message_content
2571
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
26 # Apply additional rules to messages that may be spam, based on
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
27 # message content rules. These may contain more intensive rules,
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
28 # so are executed after all other checks. Rules should jump to
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
29 # ::user/spam_reject if a message is considered spam.
2567
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
30 #
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
31 # ::user/spam_check_presence_custom
2571
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
32 # Apply additional rules to presence that may be spam.
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
33 #
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
34 # ::user/spam_check_subscription_request
2571
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
35 # Apply additional rules to subscription requests.
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
36 #
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
37 # ::user/spam_handle_unknown_custom
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
38 # Override default handling of stanzas that weren't explicitly
2571
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
39 # passed or rejected by the anti-spam checks.
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
40 #
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
41 # ::user/spam_reject_custom
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
42 # Override default handling of stanzas that have
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
43 # been recognised as spam (default is to bounce
2571
a33edc07d829 mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents: 2567
diff changeset
44 # a policy-violation error).
2567
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
45 #
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
46 ##################################################################
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
47
2567
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
48 #### Entry point for all incoming stanzas ########################
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
49 ::deliver
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
50
2567
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
51 # Override this if you want to prevent certain stanzas going through
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
52 # the normal spam_check chain
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
53 JUMP_CHAIN=user/spam_check_custom
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
54
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
55 # Run the default spam_check chain
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
56 JUMP_CHAIN=user/spam_check
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
57
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
58 ##################################################################
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
59
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
60 #### General spam-checking rules (all stanzas) ###################
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
61 ::user/spam_check
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
62
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
63 # Pass stanzas that a user sends to their own account
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
64 TO SELF?
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
65 PASS.
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
66
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
67 # Pass stanzas that are addressed to a valid full JID
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
68 TO FULL JID?
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
69 PASS.
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
70
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
71 # Pass stanzas from contacts
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
72 SUBSCRIBED?
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
73 PASS.
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
74
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
75 # Run extra rules that apply to messages only
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
76 KIND: message
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
77 JUMP CHAIN=user/spam_check_message
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
78
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
79 # Run extra rules that apply to presence stanzas only
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
80 KIND: presence
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
81 JUMP CHAIN=user/spam_check_presence
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
82
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
83 JUMP CHAIN=user/spam_handle_unknown
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
84
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
85 # Default is to allow, override this with
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
86 # the 'user/spam_handle_unknown' chain
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
87 PASS.
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
88
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
89 #### Rules for messages ##########################################
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
90 ::user/spam_check_message
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
91
2567
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
92 JUMP CHAIN=user/spam_check_message_custom
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
93
2605
8908d001faf3 mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents: 2571
diff changeset
94 # Type 'groupchat' messages addressed to an offline full JID are harmless,
8908d001faf3 mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents: 2571
diff changeset
95 # and should be routed normally to handle MUC 'ghosts' correctly
8908d001faf3 mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents: 2571
diff changeset
96 TO: <*>@<*>/<*>
8908d001faf3 mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents: 2571
diff changeset
97 TYPE: groupchat
8908d001faf3 mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents: 2571
diff changeset
98 PASS.
8908d001faf3 mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents: 2571
diff changeset
99
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
100 # Non-chat message types often generate pop-ups in clients,
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
101 # so we won't accept them from strangers
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
102 NOT TYPE: chat
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
103 JUMP CHAIN=user/spam_reject
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
104
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
105 # This chain can be used by other scripts
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
106 # and modules that analyze message content
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
107 JUMP CHAIN=user/spam_check_message_content
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
108
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
109 ##################################################################
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
110
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
111 #### Rules for presence stanzas ##################################
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
112 ::user/spam_check_presence
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
113
2567
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
114 JUMP CHAIN=user/spam_check_presence_custom
5e1fb7e6b558 mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents: 2566
diff changeset
115
2605
8908d001faf3 mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents: 2571
diff changeset
116 # Presence to offline full JIDs is harmless, and should be routed
8908d001faf3 mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents: 2571
diff changeset
117 # normally to handle MUC 'ghosts' correctly
8908d001faf3 mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents: 2571
diff changeset
118 TO: <*>@<*>/<*>
8908d001faf3 mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents: 2571
diff changeset
119 PASS.
8908d001faf3 mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents: 2571
diff changeset
120
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
121 # These may be received if rosters get out of sync and are harmless
2557
56db2ab3b853 mod_firewall: spam-blocking.pfw: Allow unsubscribe/unsubscribed presence
Matthew Wild <mwild1@gmail.com>
parents: 2556
diff changeset
122 # because they will not be routed to the client unless necessary
56db2ab3b853 mod_firewall: spam-blocking.pfw: Allow unsubscribe/unsubscribed presence
Matthew Wild <mwild1@gmail.com>
parents: 2556
diff changeset
123 TYPE: unsubscribe|unsubscribed
56db2ab3b853 mod_firewall: spam-blocking.pfw: Allow unsubscribe/unsubscribed presence
Matthew Wild <mwild1@gmail.com>
parents: 2556
diff changeset
124 PASS.
56db2ab3b853 mod_firewall: spam-blocking.pfw: Allow unsubscribe/unsubscribed presence
Matthew Wild <mwild1@gmail.com>
parents: 2556
diff changeset
125
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
126 # We don't want to receive presence from random strangers,
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
127 # but still allow subscription requests
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
128 NOT TYPE: subscribe
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
129 DROP.
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
130
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
131 # This chain can be used by other scripts
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
132 # and modules to filter subscription requests
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
133 JUMP CHAIN=user/spam_check_subscription_request
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
134
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
135 ##################################################################
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
136
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
137 #### Stanzas reaching this chain will be rejected ################
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
138 ::user/spam_reject
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
139
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
140 # This chain can be used by other scripts
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
141 # and modules to override the default behaviour
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
142 # when rejecting spam stanzas
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
143 JUMP CHAIN=user/spam_reject_custom
2556
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
144
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
145 LOG=Rejecting suspected spam: $(stanza:top_tag())
cc01a5bfcf3b mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
146 BOUNCE=policy-violation
2565
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
147
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
148 ##################################################################
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
149
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
150 #### Stanzas that may be spam, but we're not sure either way######
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
151 ::user/spam_handle_unknown
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
152
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
153 # This chain can be used by other scripts
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
154 # and modules to apply additional checks, or to
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
155 # override the default behaviour
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
156 JUMP CHAIN=user/spam_handle_unknown_custom
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
157
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
158 #LOG=[debug] Spam check allowing: $(stanza:top_tag())
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
159
fc53165d8afe spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents: 2557
diff changeset
160 ##################################################################