Mercurial > prosody-modules
annotate mod_firewall/scripts/spam-blocking.pfw @ 4047:36b6e3e3f9e2
mod_conversejs: Disable automatic BOSH/WS endpoint discovery
Converse.js 7.0 will enable this by default, but when using this module
the BOSH and WebSocket endpoints are provided in the generated HTML, so
automatic discovery is not needed and unlikely to work without an
additional module.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 18 Jun 2020 15:24:34 +0200 |
| parents | 8908d001faf3 |
| children | 879955a32a37 |
| rev | line source |
|---|---|
|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
1 #### Anti-spam ruleset ########################################### |
|
2571
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
2 # |
|
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
3 # This script provides some foundational anti-spam rules. It aims |
|
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
4 # to PASS stanzas that are definitely not spam, and DROP stanzas |
|
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
5 # that are very likely spam. |
|
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
6 # |
|
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
7 # It does not do any form of content filtering, |
|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
8 # but this can be implemented by other scripts and |
|
2571
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
9 # modules as desired using the chains documented below. |
|
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
10 # |
|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
11 # |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
12 # The following chains are available as extension |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
13 # points: |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
14 # |
|
2571
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
15 # ::user/spam_check_custom |
|
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
16 # Apply additional rules to all stanzas before they are checked. |
|
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
17 # Mainly useful to PASS stanzas that you do not want to be |
|
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
18 # filtered. |
|
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
19 # |
|
2567
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
20 # ::user/spam_check_message_custom |
|
2571
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
21 # Apply additional rules to messages from strangers, aiming to |
|
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
22 # PASS stanzas that are not spam and jump to ::user/spam_reject |
|
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
23 # for stanzas that are considered spam. |
|
2567
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
24 # |
|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
25 # ::user/spam_check_message_content |
|
2571
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
26 # Apply additional rules to messages that may be spam, based on |
|
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
27 # message content rules. These may contain more intensive rules, |
|
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
28 # so are executed after all other checks. Rules should jump to |
|
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
29 # ::user/spam_reject if a message is considered spam. |
|
2567
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
30 # |
|
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
31 # ::user/spam_check_presence_custom |
|
2571
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
32 # Apply additional rules to presence that may be spam. |
|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
33 # |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
34 # ::user/spam_check_subscription_request |
|
2571
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
35 # Apply additional rules to subscription requests. |
|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
36 # |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
37 # ::user/spam_handle_unknown_custom |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
38 # Override default handling of stanzas that weren't explicitly |
|
2571
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
39 # passed or rejected by the anti-spam checks. |
|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
40 # |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
41 # ::user/spam_reject_custom |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
42 # Override default handling of stanzas that have |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
43 # been recognised as spam (default is to bounce |
|
2571
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
44 # a policy-violation error). |
|
2567
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
45 # |
|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
46 ################################################################## |
|
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
47 |
|
2567
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
48 #### Entry point for all incoming stanzas ######################## |
|
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
49 ::deliver |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
50 |
|
2567
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
51 # Override this if you want to prevent certain stanzas going through |
|
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
52 # the normal spam_check chain |
|
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
53 JUMP_CHAIN=user/spam_check_custom |
|
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
54 |
|
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
55 # Run the default spam_check chain |
|
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
56 JUMP_CHAIN=user/spam_check |
|
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
57 |
|
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
58 ################################################################## |
|
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
59 |
|
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
60 #### General spam-checking rules (all stanzas) ################### |
|
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
61 ::user/spam_check |
|
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
62 |
|
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
63 # Pass stanzas that a user sends to their own account |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
64 TO SELF? |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
65 PASS. |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
66 |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
67 # Pass stanzas that are addressed to a valid full JID |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
68 TO FULL JID? |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
69 PASS. |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
70 |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
71 # Pass stanzas from contacts |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
72 SUBSCRIBED? |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
73 PASS. |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
74 |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
75 # Run extra rules that apply to messages only |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
76 KIND: message |
|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
77 JUMP CHAIN=user/spam_check_message |
|
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
78 |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
79 # Run extra rules that apply to presence stanzas only |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
80 KIND: presence |
|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
81 JUMP CHAIN=user/spam_check_presence |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
82 |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
83 JUMP CHAIN=user/spam_handle_unknown |
|
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
84 |
|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
85 # Default is to allow, override this with |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
86 # the 'user/spam_handle_unknown' chain |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
87 PASS. |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
88 |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
89 #### Rules for messages ########################################## |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
90 ::user/spam_check_message |
|
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
91 |
|
2567
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
92 JUMP CHAIN=user/spam_check_message_custom |
|
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
93 |
|
2605
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
94 # Type 'groupchat' messages addressed to an offline full JID are harmless, |
|
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
95 # and should be routed normally to handle MUC 'ghosts' correctly |
|
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
96 TO: <*>@<*>/<*> |
|
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
97 TYPE: groupchat |
|
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
98 PASS. |
|
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
99 |
|
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
100 # Non-chat message types often generate pop-ups in clients, |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
101 # so we won't accept them from strangers |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
102 NOT TYPE: chat |
|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
103 JUMP CHAIN=user/spam_reject |
|
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
104 |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
105 # This chain can be used by other scripts |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
106 # and modules that analyze message content |
|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
107 JUMP CHAIN=user/spam_check_message_content |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
108 |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
109 ################################################################## |
|
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
110 |
|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
111 #### Rules for presence stanzas ################################## |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
112 ::user/spam_check_presence |
|
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
113 |
|
2567
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
114 JUMP CHAIN=user/spam_check_presence_custom |
|
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
115 |
|
2605
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
116 # Presence to offline full JIDs is harmless, and should be routed |
|
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
117 # normally to handle MUC 'ghosts' correctly |
|
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
118 TO: <*>@<*>/<*> |
|
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
119 PASS. |
|
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
120 |
|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
121 # These may be received if rosters get out of sync and are harmless |
|
2557
56db2ab3b853
mod_firewall: spam-blocking.pfw: Allow unsubscribe/unsubscribed presence
Matthew Wild <mwild1@gmail.com>
parents:
2556
diff
changeset
|
122 # because they will not be routed to the client unless necessary |
|
56db2ab3b853
mod_firewall: spam-blocking.pfw: Allow unsubscribe/unsubscribed presence
Matthew Wild <mwild1@gmail.com>
parents:
2556
diff
changeset
|
123 TYPE: unsubscribe|unsubscribed |
|
56db2ab3b853
mod_firewall: spam-blocking.pfw: Allow unsubscribe/unsubscribed presence
Matthew Wild <mwild1@gmail.com>
parents:
2556
diff
changeset
|
124 PASS. |
|
56db2ab3b853
mod_firewall: spam-blocking.pfw: Allow unsubscribe/unsubscribed presence
Matthew Wild <mwild1@gmail.com>
parents:
2556
diff
changeset
|
125 |
|
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
126 # We don't want to receive presence from random strangers, |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
127 # but still allow subscription requests |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
128 NOT TYPE: subscribe |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
129 DROP. |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
130 |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
131 # This chain can be used by other scripts |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
132 # and modules to filter subscription requests |
|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
133 JUMP CHAIN=user/spam_check_subscription_request |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
134 |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
135 ################################################################## |
|
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
136 |
|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
137 #### Stanzas reaching this chain will be rejected ################ |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
138 ::user/spam_reject |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
139 |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
140 # This chain can be used by other scripts |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
141 # and modules to override the default behaviour |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
142 # when rejecting spam stanzas |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
143 JUMP CHAIN=user/spam_reject_custom |
|
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
144 |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
145 LOG=Rejecting suspected spam: $(stanza:top_tag()) |
|
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
146 BOUNCE=policy-violation |
|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
147 |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
148 ################################################################## |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
149 |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
150 #### Stanzas that may be spam, but we're not sure either way###### |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
151 ::user/spam_handle_unknown |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
152 |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
153 # This chain can be used by other scripts |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
154 # and modules to apply additional checks, or to |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
155 # override the default behaviour |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
156 JUMP CHAIN=user/spam_handle_unknown_custom |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
157 |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
158 #LOG=[debug] Spam check allowing: $(stanza:top_tag()) |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
159 |
|
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
160 ################################################################## |