Mercurial > prosody-modules
annotate mod_firewall/scripts/spam-blocking.pfw @ 5401:c8d04ac200fc
mod_http_oauth2: Reject loopback URIs as client_uri
This really should be a proper website with info, https://localhost is
not good enough. Ideally we'd validate that it's got proper DNS and is
actually reachable, but triggering HTTP or even DNS lookups seems like
it would carry abuse potential that would best to avoid.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Tue, 02 May 2023 16:20:55 +0200 |
parents | bb60db2b2cd1 |
children | af2778f4ee29 |
rev | line source |
---|---|
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
1 #### Anti-spam ruleset ########################################### |
2571
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
2 # |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
3 # This script provides some foundational anti-spam rules. It aims |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
4 # to PASS stanzas that are definitely not spam, and DROP stanzas |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
5 # that are very likely spam. |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
6 # |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
7 # It does not do any form of content filtering, |
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
8 # but this can be implemented by other scripts and |
2571
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
9 # modules as desired using the chains documented below. |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
10 # |
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
11 # |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
12 # The following chains are available as extension |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
13 # points: |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
14 # |
2571
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
15 # ::user/spam_check_custom |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
16 # Apply additional rules to all stanzas before they are checked. |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
17 # Mainly useful to PASS stanzas that you do not want to be |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
18 # filtered. |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
19 # |
2567
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
20 # ::user/spam_check_message_custom |
2571
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
21 # Apply additional rules to messages from strangers, aiming to |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
22 # PASS stanzas that are not spam and jump to ::user/spam_reject |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
23 # for stanzas that are considered spam. |
2567
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
24 # |
4148
34a2e8796cff
mod_firewall: Update chain name for consistency
Matthew Wild <mwild1@gmail.com>
parents:
4128
diff
changeset
|
25 # ::user/spam_check_message_content_custom |
2571
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
26 # Apply additional rules to messages that may be spam, based on |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
27 # message content rules. These may contain more intensive rules, |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
28 # so are executed after all other checks. Rules should jump to |
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
29 # ::user/spam_reject if a message is considered spam. |
2567
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
30 # |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
31 # ::user/spam_check_presence_custom |
2571
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
32 # Apply additional rules to presence that may be spam. |
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
33 # |
4149
bb60db2b2cd1
mod_firewall: Update another chain name for consistency
Matthew Wild <mwild1@gmail.com>
parents:
4148
diff
changeset
|
34 # ::user/spam_check_subscription_request_custom |
2571
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
35 # Apply additional rules to subscription requests. |
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
36 # |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
37 # ::user/spam_handle_unknown_custom |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
38 # Override default handling of stanzas that weren't explicitly |
2571
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
39 # passed or rejected by the anti-spam checks. |
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
40 # |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
41 # ::user/spam_reject_custom |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
42 # Override default handling of stanzas that have |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
43 # been recognised as spam (default is to bounce |
2571
a33edc07d829
mod_firewall: spam-blocking.pfw: More comments for documentation
Matthew Wild <mwild1@gmail.com>
parents:
2567
diff
changeset
|
44 # a policy-violation error). |
2567
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
45 # |
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
46 ################################################################## |
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
47 |
2567
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
48 #### Entry point for all incoming stanzas ######################## |
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
49 ::deliver |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
50 |
2567
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
51 # Override this if you want to prevent certain stanzas going through |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
52 # the normal spam_check chain |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
53 JUMP_CHAIN=user/spam_check_custom |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
54 |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
55 # Run the default spam_check chain |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
56 JUMP_CHAIN=user/spam_check |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
57 |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
58 ################################################################## |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
59 |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
60 #### General spam-checking rules (all stanzas) ################### |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
61 ::user/spam_check |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
62 |
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
63 # Pass stanzas that a user sends to their own account |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
64 TO SELF? |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
65 PASS. |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
66 |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
67 # Pass stanzas that are addressed to a valid full JID |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
68 TO FULL JID? |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
69 PASS. |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
70 |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
71 # Pass stanzas from contacts |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
72 SUBSCRIBED? |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
73 PASS. |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
74 |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
75 # Run extra rules that apply to messages only |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
76 KIND: message |
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
77 JUMP CHAIN=user/spam_check_message |
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
78 |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
79 # Run extra rules that apply to presence stanzas only |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
80 KIND: presence |
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
81 JUMP CHAIN=user/spam_check_presence |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
82 |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
83 JUMP CHAIN=user/spam_handle_unknown |
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
84 |
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
85 # Default is to allow, override this with |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
86 # the 'user/spam_handle_unknown' chain |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
87 PASS. |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
88 |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
89 #### Rules for messages ########################################## |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
90 ::user/spam_check_message |
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
91 |
2567
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
92 JUMP CHAIN=user/spam_check_message_custom |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
93 |
2605
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
94 # Type 'groupchat' messages addressed to an offline full JID are harmless, |
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
95 # and should be routed normally to handle MUC 'ghosts' correctly |
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
96 TO: <*>@<*>/<*> |
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
97 TYPE: groupchat |
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
98 PASS. |
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
99 |
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
100 # Non-chat message types often generate pop-ups in clients, |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
101 # so we won't accept them from strangers |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
102 NOT TYPE: chat |
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
103 JUMP CHAIN=user/spam_reject |
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
104 |
4148
34a2e8796cff
mod_firewall: Update chain name for consistency
Matthew Wild <mwild1@gmail.com>
parents:
4128
diff
changeset
|
105 JUMP CHAIN=user/spam_check_message_content |
34a2e8796cff
mod_firewall: Update chain name for consistency
Matthew Wild <mwild1@gmail.com>
parents:
4128
diff
changeset
|
106 |
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
107 # This chain can be used by other scripts |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
108 # and modules that analyze message content |
4148
34a2e8796cff
mod_firewall: Update chain name for consistency
Matthew Wild <mwild1@gmail.com>
parents:
4128
diff
changeset
|
109 JUMP CHAIN=user/spam_check_message_content_custom |
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
110 |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
111 ################################################################## |
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
112 |
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
113 #### Rules for presence stanzas ################################## |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
114 ::user/spam_check_presence |
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
115 |
2567
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
116 JUMP CHAIN=user/spam_check_presence_custom |
5e1fb7e6b558
mod_firewall: spam-blocking.pfw: Add more extension points
Matthew Wild <mwild1@gmail.com>
parents:
2566
diff
changeset
|
117 |
2605
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
118 # Presence to offline full JIDs is harmless, and should be routed |
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
119 # normally to handle MUC 'ghosts' correctly |
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
120 TO: <*>@<*>/<*> |
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
121 PASS. |
8908d001faf3
mod_firewall: spam-blocking.pfw: Allow groupchat messages and presence to offline full JIDs
Matthew Wild <mwild1@gmail.com>
parents:
2571
diff
changeset
|
122 |
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
123 # These may be received if rosters get out of sync and are harmless |
2557
56db2ab3b853
mod_firewall: spam-blocking.pfw: Allow unsubscribe/unsubscribed presence
Matthew Wild <mwild1@gmail.com>
parents:
2556
diff
changeset
|
124 # because they will not be routed to the client unless necessary |
56db2ab3b853
mod_firewall: spam-blocking.pfw: Allow unsubscribe/unsubscribed presence
Matthew Wild <mwild1@gmail.com>
parents:
2556
diff
changeset
|
125 TYPE: unsubscribe|unsubscribed |
56db2ab3b853
mod_firewall: spam-blocking.pfw: Allow unsubscribe/unsubscribed presence
Matthew Wild <mwild1@gmail.com>
parents:
2556
diff
changeset
|
126 PASS. |
56db2ab3b853
mod_firewall: spam-blocking.pfw: Allow unsubscribe/unsubscribed presence
Matthew Wild <mwild1@gmail.com>
parents:
2556
diff
changeset
|
127 |
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
128 # We don't want to receive presence from random strangers, |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
129 # but still allow subscription requests |
4128
879955a32a37
mod_firewall: spam-blocking.pfw: allow subscription acks through
Matthew Wild <mwild1@gmail.com>
parents:
2605
diff
changeset
|
130 NOT TYPE: subscribe|subscribed |
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
131 DROP. |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
132 |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
133 # This chain can be used by other scripts |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
134 # and modules to filter subscription requests |
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
135 JUMP CHAIN=user/spam_check_subscription_request |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
136 |
4149
bb60db2b2cd1
mod_firewall: Update another chain name for consistency
Matthew Wild <mwild1@gmail.com>
parents:
4148
diff
changeset
|
137 JUMP CHAIN=user/spam_check_subscription_request_custom |
bb60db2b2cd1
mod_firewall: Update another chain name for consistency
Matthew Wild <mwild1@gmail.com>
parents:
4148
diff
changeset
|
138 |
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
139 ################################################################## |
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
140 |
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
141 #### Stanzas reaching this chain will be rejected ################ |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
142 ::user/spam_reject |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
143 |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
144 # This chain can be used by other scripts |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
145 # and modules to override the default behaviour |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
146 # when rejecting spam stanzas |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
147 JUMP CHAIN=user/spam_reject_custom |
2556
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
148 |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
149 LOG=Rejecting suspected spam: $(stanza:top_tag()) |
cc01a5bfcf3b
mod_firewall: spam-blocking.pfw, initial anti-spam ruleset
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
150 BOUNCE=policy-violation |
2565
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
151 |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
152 ################################################################## |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
153 |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
154 #### Stanzas that may be spam, but we're not sure either way###### |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
155 ::user/spam_handle_unknown |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
156 |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
157 # This chain can be used by other scripts |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
158 # and modules to apply additional checks, or to |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
159 # override the default behaviour |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
160 JUMP CHAIN=user/spam_handle_unknown_custom |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
161 |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
162 #LOG=[debug] Spam check allowing: $(stanza:top_tag()) |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
163 |
fc53165d8afe
spam-blocking.pfw: Much improvement
Matthew Wild <mwild1@gmail.com>
parents:
2557
diff
changeset
|
164 ################################################################## |