Mercurial > prosody-modules
annotate mod_firewall/scripts/spam-blocking.pfw @ 3832:0d4146cf9fbc
mod_rest: Enforce single child policy for outgoing it stanzas
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 03 Jan 2020 18:29:10 +0100 |
parents | 8908d001faf3 |
children | 879955a32a37 |
rev | line source |
---|---|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
1 #### Anti-spam ruleset ########################################### |
2571
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
2 # |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
3 # This script provides some foundational anti-spam rules. It aims |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
4 # to PASS stanzas that are definitely not spam, and DROP stanzas |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
5 # that are very likely spam. |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
6 # |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
7 # It does not do any form of content filtering, |
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
8 # but this can be implemented by other scripts and |
2571
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
9 # modules as desired using the chains documented below. |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
10 # |
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
11 # |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
12 # The following chains are available as extension |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
13 # points: |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
14 # |
2571
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
15 # ::user/spam_check_custom |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
16 # Apply additional rules to all stanzas before they are checked. |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
17 # Mainly useful to PASS stanzas that you do not want to be |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
18 # filtered. |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
19 # |
2567
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
20 # ::user/spam_check_message_custom |
2571
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
21 # Apply additional rules to messages from strangers, aiming to |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
22 # PASS stanzas that are not spam and jump to ::user/spam_reject |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
23 # for stanzas that are considered spam. |
2567
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
24 # |
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
25 # ::user/spam_check_message_content |
2571
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
26 # Apply additional rules to messages that may be spam, based on |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
27 # message content rules. These may contain more intensive rules, |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
28 # so are executed after all other checks. Rules should jump to |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
29 # ::user/spam_reject if a message is considered spam. |
2567
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
30 # |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
31 # ::user/spam_check_presence_custom |
2571
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
32 # Apply additional rules to presence that may be spam. |
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
33 # |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
34 # ::user/spam_check_subscription_request |
2571
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
35 # Apply additional rules to subscription requests. |
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
36 # |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
37 # ::user/spam_handle_unknown_custom |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
38 # Override default handling of stanzas that weren't explicitly |
2571
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
39 # passed or rejected by the anti-spam checks. |
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
40 # |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
41 # ::user/spam_reject_custom |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
42 # Override default handling of stanzas that have |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
43 # been recognised as spam (default is to bounce |
2571
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
44 # a policy-violation error). |
2567
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
45 # |
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
46 ################################################################## |
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
47 |
2567
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
48 #### Entry point for all incoming stanzas ######################## |
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
49 ::deliver |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
50 |
2567
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
51 # Override this if you want to prevent certain stanzas going through |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
52 # the normal spam_check chain |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
53 JUMP_CHAIN=user/spam_check_custom |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
54 |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
55 # Run the default spam_check chain |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
56 JUMP_CHAIN=user/spam_check |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
57 |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
58 ################################################################## |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
59 |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
60 #### General spam-checking rules (all stanzas) ################### |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
61 ::user/spam_check |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
62 |
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
63 # Pass stanzas that a user sends to their own account |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
64 TO SELF? |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
65 PASS. |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
66 |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
67 # Pass stanzas that are addressed to a valid full JID |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
68 TO FULL JID? |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
69 PASS. |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
70 |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
71 # Pass stanzas from contacts |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
72 SUBSCRIBED? |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
73 PASS. |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
74 |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
75 # Run extra rules that apply to messages only |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
76 KIND: message |
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
77 JUMP CHAIN=user/spam_check_message |
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
78 |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
79 # Run extra rules that apply to presence stanzas only |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
80 KIND: presence |
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
81 JUMP CHAIN=user/spam_check_presence |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
82 |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
83 JUMP CHAIN=user/spam_handle_unknown |
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
84 |
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
85 # Default is to allow, override this with |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
86 # the 'user/spam_handle_unknown' chain |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
87 PASS. |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
88 |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
89 #### Rules for messages ########################################## |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
90 ::user/spam_check_message |
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
91 |
2567
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
92 JUMP CHAIN=user/spam_check_message_custom |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
93 |
2605
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
94 # Type 'groupchat' messages addressed to an offline full JID are harmless, |
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
95 # and should be routed normally to handle MUC 'ghosts' correctly |
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
96 TO: <*>@<*>/<*> |
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
97 TYPE: groupchat |
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
98 PASS. |
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
99 |
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
100 # Non-chat message types often generate pop-ups in clients, |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
101 # so we won't accept them from strangers |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
102 NOT TYPE: chat |
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
103 JUMP CHAIN=user/spam_reject |
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
104 |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
105 # This chain can be used by other scripts |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
106 # and modules that analyze message content |
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
107 JUMP CHAIN=user/spam_check_message_content |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
108 |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
109 ################################################################## |
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
110 |
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
111 #### Rules for presence stanzas ################################## |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
112 ::user/spam_check_presence |
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
113 |
2567
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
114 JUMP CHAIN=user/spam_check_presence_custom |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
115 |
2605
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
116 # Presence to offline full JIDs is harmless, and should be routed |
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
117 # normally to handle MUC 'ghosts' correctly |
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
118 TO: <*>@<*>/<*> |
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
119 PASS. |
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
120 |
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
121 # These may be received if rosters get out of sync and are harmless |
2557
56db2ab3b853
mod_firewall: spam-blocking.pfw: Allow unsubscribe/unsubscribed presence
Matthew Wild <mwild1@gmail.com>
parents:
2556
diff
changeset
|
122 # because they will not be routed to the client unless necessary |
56db2ab3b853
mod_firewall: spam-blocking.pfw: Allow unsubscribe/unsubscribed presence
Matthew Wild <mwild1@gmail.com>
parents:
2556
diff
changeset
|
123 TYPE: unsubscribe|unsubscribed |
56db2ab3b853
mod_firewall: spam-blocking.pfw: Allow unsubscribe/unsubscribed presence
Matthew Wild <mwild1@gmail.com>
parents:
2556
diff
changeset
|
124 PASS. |
56db2ab3b853
mod_firewall: spam-blocking.pfw: Allow unsubscribe/unsubscribed presence
Matthew Wild <mwild1@gmail.com>
parents:
2556
diff
changeset
|
125 |
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
126 # We don't want to receive presence from random strangers, |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
127 # but still allow subscription requests |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
128 NOT TYPE: subscribe |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
129 DROP. |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
130 |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
131 # This chain can be used by other scripts |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
132 # and modules to filter subscription requests |
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
133 JUMP CHAIN=user/spam_check_subscription_request |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
134 |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
135 ################################################################## |
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
136 |
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
137 #### Stanzas reaching this chain will be rejected ################ |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
138 ::user/spam_reject |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
139 |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
140 # This chain can be used by other scripts |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
141 # and modules to override the default behaviour |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
142 # when rejecting spam stanzas |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
143 JUMP CHAIN=user/spam_reject_custom |
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
144 |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
145 LOG=Rejecting suspected spam: $(stanza:top_tag()) |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
146 BOUNCE=policy-violation |
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
147 |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
148 ################################################################## |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
149 |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
150 #### Stanzas that may be spam, but we're not sure either way###### |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
151 ::user/spam_handle_unknown |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
152 |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
153 # This chain can be used by other scripts |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
154 # and modules to apply additional checks, or to |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
155 # override the default behaviour |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
156 JUMP CHAIN=user/spam_handle_unknown_custom |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
157 |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
158 #LOG=[debug] Spam check allowing: $(stanza:top_tag()) |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
159 |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
160 ################################################################## |